HP Integrity BL860c Quickspecs page 17

QuickSpecs
Standard Features
Standard Mode Security
Extensions
Shadow Passwords
Strong Random Number
Generator
HP-UX 11i Internet
Express
Identity Management
Integration (IdMI)
Select Access for IdMI
Role-based Access
Control (RBAC)
AAA Server
Red Hat Directory Server
LDAP-UX Client
DA - 12671 U.S. QuickSpecs — Version 18 — 2/18/2009
Enhances the system security of HP-UX 11i v2 and v3. Several security
features previously available only in trusted mode are now available on
standard mode HP-UX 11i systems. Features include enhanced
password and user account security, such as password expiration on
inactivity history reuse restrictions, auditing, and much more.
Shadow Passwords enhance system security by hiding user encrypted
passwords in a shadow password file. Encrypted passwords previously
stored in the publicly readable /etc/passwd file can be optionally moved
to the /etc/shadow file, which is accessible only by a privileged user.
The Strong Random Number Generator provides a cryptographically
strong, non-reproducible source of true random numbers for
applications with strong security requirements, such as for generating
encryption keys
In addition to the fully-supported features listed above, HP packages a
number of limited-support open source products that offer additional
system security, including: Chkrootkit, PAM_passwdqc, DanteSOCKS,
Snort, Nessus, Xinetd.
Providing the most complete and integrated solution for security
management, IdMI allows administrators to enforce critical system
access and authorizations. In addition to integrated enforcement, with
the bundled version of Select Access for IdMI, customers benefit from
single-vendor support for this mission critical capability.
Select Access for IdMI is a follow-up product to the HP-UX Identity
Management Integration feature. This version of Select Access supports
complete administration of HP-UX security policy for both user
authentication and access control privileged functions within the OS.
HP-UX security policy can be centrally controlled and managed through
Select Access.
HP-UX RBAC (a component of security containment) is an alternative to
the traditional "all-or-nothing" root user model, which grants permissions
to the root user for all operations, and denies permissions to non-root
users for certain operations. HP-UX RBAC allows you to distribute
administrative responsibilities by creating roles with appropriate
authorizations and assigning them to non-root users and groups.
HP-UX 11i AAA Server provides authentication, authorization and
accounting services using the RADIUS and EAP protocols to
authenticate and authorize user access to network devices and software
applications. The AAA Server also generates usage logs for accounting,
auditing and billing purposes.
Red Hat Directory Server is a Lightweight Directory Access Protocol
(LDAP) compliant software server that centralizes user profiles,
application settings, group data, policies and access control information
into a network-based registry. The server is available on HP-UX 11i and
operates on both HP 9000 and HP Integrity 64-bit hardware server
platforms.
With growth, consolidation and a dynamic environment, enterprises
need new technologies to manage and verify security in their IT
environments. In a highly distributed environment, local processes,
security practices and administration methods are often inconsistent,
repetitive and difficult to audit. With LDAP-UX Enterprise IT architects
can use LDAP directories as one tool to help unify and simplify many of
the above-mentioned practices
HP Integrity BL860c Server Blade
Page 17