HP Integrity BL870c Quickspecs page 13

QuickSpecs
Standard Features
Trusted Computing
Services (TCS)
Security containment
Protected Systems:
Webserver (PS-
Webserver)
Open SSL
Secure Shell
IPSec
MD5 Secure Checksum
(MD5sum)
HP-UX 11i Internet
Express
Bastille
Host IDS
Secure resource
partitions
IPFilter
DA - 12926 Worldwide QuickSpecs — Version 1 — 2.11.2008
HP-UX TCS provides software support for hardware-enforced key
management on supported HP Integrity servers. By providing a low-cost
embedded security chip option (known as a Trusted Platform Module) in
its zx2-based Integrity servers, HP has established a foundation for
strong protection of sensitive information - including cryptographic keys,
such as for EVFS.
HP-UX 11i security containment introduces three core technologies:
compartments, fine-grained privileges, and role-based access control.
Together, these three components provide a highly secure operating
environment without requiring applications to be modified. Read more
PS-Webserver is a pre-configured secure Web services platform built
on HP-UX. The secure architecture and run time environment isolates
the Internet from backend servers and isolates the Web server from the
intranet. Read more
Open SSL offers a general-purpose cryptography library and
implementation of the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols.
Secure Shell is a powerful software-based approach to encrypted
network security. It provides secured remote login. Credentials and data
sent over the network are encrypted by SSH-1 or SSH-2 protocols and
decrypted once they reach their destination
IPSec adds integrity protection and confidentiality to network
communication over the Internet and within the enterprise to
applications which lack these capabilities without modifying existing
applications.
MD5sum provides a cryptographic file integrity utility and API based on
the standard Message Digest 5 (MD5) algorithm.
In addition to the fully-supported features listed above, HP packages a
number of limited-support open source products that offer additional
data security, including: OpenSC/OpenCT, ClamAV, CyrusSASL,
GnuPG, SSLDump, Stunnel, and Tripwire.
Bastille is a very easy-to-use security hardening wizard (also known as
a lockdown wizard) that enhances the security of an HP-UX 11i host by
turning off unneeded services, tightening security configuration settings,
configuring IPFilter, etc. It accommodates the various degrees of
hardening required for web, application and database servers, and can
walk a non-security expert through the hardening decisions.
HIDS enhances host-level security with near real-time automatic
monitoring of each configured host for signs of potentially damaging
intrusions. HIDS is a standard feature of HP-UX 11i, making HP the only
systems vendor to offer its own host intrusion detection product. Read
more
Secure Resource Partitions combine kernel level security (via Security
Containment) and proven resource management to stack multiple
applications within the same operating system.
IPFilter is a stateful firewall (filters IP packets to control packet flow in or
out of the system; stateful simplifies and increases security of rule
definitions by allowing return traffic based on outbound rules without
having to define broader inbound rules). HP's unique dynamic
connection allocation provides protection from denial-of-service attacks.
IPFilter provides increased security defense by minimizing the number
of server exposure points.
HP Integrity BL870c Server Blade
Page 13