Manualshelf

Understanding HP SIM 5.1 and 5.2 security (481362-003, January 2009)

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 6.x Linux Software
12345678910
Browser warnings
There are several types of warnings that can be displayed by the browser or by the Java plug-in on
the browser, most having to do with the SSL server certificate.
Untrusted system
This warning indicates the certificate was issued by an untrusted system. Since certificates are by
default self-signed, this is likely if you have not already imported the certificate into your browser. In
the case of CA-signed certificates, the signing root certificate must be imported. The certificate can be
imported before browsing if you have obtained the certificate by some other secure method. The
certificate can also be imported when you get the warning, but is susceptible to spoofing since the
host system is not authenticated. Do this if you can independently confirm the authenticity of the
certificate or you are comfortable that the system has not been compromised.
Invalid certificate
If the certificate is invalid because it is not yet valid or it has expired, it could be a date or time
problem, which could be resolved by correcting the system’s date and time. If the certificate is invalid
for some other reason, it might need to be regenerated.
Host name mismatch
If the name in the certificate does not match the name in the browser, you might get this warning. This
can be resolved by browsing using the system’s name as it appears in the certificate, for example,
marketing1.ca.hp.com or marketing1. The HP SIM certificate supports multiple names to help
alleviate this problem. Refer to the System link format section below for information on changing the
format of names created in links by HP SIM.
Signed applet
Previous versions of HP SIM use a Java plug-in that can additionally display a warning about trusting
a signed applet. Those previous versions of HP SIM use an applet signed by Hewlett-Packard
Company, whose certificate is signed by Verisign.
Browser session
By default, HP SIM does not time-out a user session while the browser is displaying the HP SIM
banner. This is known as monitor mode, and allows a continuous monitoring of the managed systems
without any user interaction. The session times-out after 20 minutes if the browser is closed or
navigates to another site.
An active mode is also supported where the session times out after 20 minutes if the user does not
interact with HP SIM, by clicking a menu item, link or button. You can enable active mode by editing
the globalsettings.props file and change the EnableSessionKeepAlive setting to false.
Best security practices include care when visiting other websites. You should use a new browser
window when accessing other sites; when you are finished using HP SIM you should both sign out
and close the browser window.
Internet Explorer zones
Internet Explorer supports several zones that can each be configured with different security settings.
The name used to browse to HP SIM or managed systems can affect which browser zone Internet
Explorer places the system. For example, browsing by IP address or full Domain Name System (DNS)
(for example, hpsim.mycorp.com) can place the system into the browser’s more restrictive Internet
zone, causing improper operation. Ensure systems are being placed into the correct Internet zone