HP Integrity BL870c Quickspecs page 14

QuickSpecs
Standard Features
Software Assistant
(SWA)
Install-time Security
Boot Authentication
Standard Mode Security
Extensions
Shadow Passwords
Strong Random Number
Generator
HP-UX 11i Internet
Express
Identity Management
Integration (IdMI)
Select Access for IdMI
Role-based Access
Control (RBAC)
DA - 12926 Worldwide QuickSpecs — Version 1 — 2.11.2008
HP-UX SWA is a command-line tool that consolidates, simplifies and
helps automate patch and security bulletin management on HP-UX
systems. The SWA tool is the HP-recommended utility to maintain
currency with HP-published security bulletins for HP-UX software.
Install-time Security (ITS) is available to customers running HP-UX 11i
v2 or later releases of the operating system, as an install option to
lockdown systems during installation. ITS makes HP-UX 11i more
secure out-of-the-box when customers select higher security levels.
There are four choices, ranging from a highly locked down (DMZ) level
with a tightly configured IPFilter firewall blocking most inbound traffic
(and many services also disabled or secured) to a maximum
compatibility level which installs security tools, but doesn't apply a
security level.
A site's security policies may require users to authenticate before they
can boot the system into single-user mode. Previously, this feature was
only available on a system that had been converted to Trusted Mode.
This product now provides secure single-user mode with root password
protection, but without the overhead of converting the system to trusted
mode.
Enhances the system security of HP-UX 11i v2 and v3. Several security
features previously available only in trusted mode are now available on
standard mode HP-UX 11i systems. Features include enhanced
password and user account security, such as password expiration on
inactivity history reuse restrictions, auditing, and much more.
Shadow Passwords enhance system security by hiding user encrypted
passwords in a shadow password file. Encrypted passwords previously
stored in the publicly readable /etc/passwd file can be optionally moved
to the /etc/shadow file, which is accessible only by a privileged user.
The Strong Random Number Generator provides a cryptographically
strong, non-reproducible source of true random numbers for
applications with strong security requirements, such as for generating
encryption keys
In addition to the fully-supported features listed above, HP packages a
number of limited-support open source products that offer additional
system security, including: Chkrootkit, PAM_passwdqc, DanteSOCKS,
Snort, Nessus, Xinetd.
Providing the most complete and integrated solution for security
management, IdMI allows administrators to enforce critical system
access and authorizations. In addition to integrated enforcement, with
the bundled version of Select Access for IdMI, customers benefit from
single-vendor support for this mission critical capability.
Select Access for IdMI is a follow-up product to the HP-UX Identity
Management Integration feature. This version of Select Access supports
complete administration of HP-UX security policy for both user
authentication and access control privileged functions within the OS.
HP-UX security policy can be centrally controlled and managed through
Select Access.
HP-UX RBAC (a component of security containment) is an alternative to
the traditional "all-or-nothing" root user model, which grants permissions
to the root user for all operations, and denies permissions to non-root
users for certain operations. HP-UX RBAC allows you to distribute
administrative responsibilities by creating roles with appropriate
authorizations and assigning them to non-root users and groups.
HP Integrity BL870c Server Blade
Page 14