E3/F-C2 Security Compliancy; For More Information - HP StorageWorks X5000 Technical Manual

This key determines the LDAP server (ldapagnt.lib) handling of LDAP bind command requests as
follows:
•
•
Key Path: HKLM\SYSTEM\CurrentControlSet\Services\Alerter
Key: Parameters
Value Name: AlertNames
Important: The aforementioned registry value name and registry value may need to be created. This
registry setting depends upon the Alerter service to be running on the source computer (i.e. NAS
system) and the Messenger service to be running on the target computer (i.e. Administrator
workstation).
This key enables the generation of an administrative alert when the audit log reaches a full condition.

4 E3/F-C2 Security Compliancy

This chapter depicts all of the modification steps necessary for Administrators to meet E3/F-C2
security requirements within their network and HP NAS server systems. All E3/F-C2 system
modifications within this document are based upon the Information Technology Evaluation Manual
(ITSEM) at
Criteria (ITSEC) security requirements within the United Kingdom, Germany, France, and the
Netherlands.
To meet E3/F-C2 security requirements, administrators must complete all security modification
instructions listed within Chapter 3, "C2/CC Security Compliancy".
HP's Security Enhancements (SE) for Windows Server 2003 can also be installed to further increase
NAS server system security to achieve BS7799 security compliancy. HP's SE for Windows Server
2003 can be downloaded at:
http://www.software.hp.com/portal/swdepot/displayProductsList.do?category=ISS
on HP's SE for Windows Server 2003 can be reviewed at:
http://www.hp.com/hps/security/products/info/winserv03se_wp.pdf

5 For more information

www.hp.com/go/nas
© 2004 Hewlett-Packard Development Company, L.P. The information
contained herein is subject to change without notice. The only warranties for
HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed
as constituting an additional warranty. HP shall not be liable for technical or
editorial errors or omissions contained herein.
Itanium is a trademark or registered trademark of Intel Corporation in the U.S.
and other countries and is used under license.
366514-001 05/2004
1 (default) or not defined: The AD's LDAP agent always supports LDAP client request for LDAP
traffic signing when handling a LDAP bind command request which specifies a SASL
authentication mechanism.
2: The AD's LDAP agent only supports SASL in a LDAP bind command request unless the
incoming request is already protected with TLS/SSL. It rejects the LDAP bind command request if
other types of authentication are used. If the LDAP bind command request does not come in via
TLS/SSL, it requires the LDAP traffic signing option in the client security context.
Generate An Administrative Alert When The Audit Log Is Full
http://www.boran.com/security/itsem.html
Format
REG_MULTI_SZ
to meet Information Technology Security Evaluation
.
156
Value
<Target
Username or
computername>
. Additional information