HP-UX Security Features - OpenMPE

More documents

Recommendations

Info

Authorization with PAM_AUTHZ • With PAM_UNIX and NIS, system access control can be achieved using a special +/- syntax in the local /etc/passwd file − Only supported when using PAM_UNIX − Provides “deny” functionality by hiding a users password field. • A module called PAM_AUTHZ, delivered with LDAP-UX, can be used to restrict login access to systems − Can be used with any PAM authentication module − Uses same /etc/passwd syntax traditionally used with NIS − Supports netgroups Network Security – Products and Features August 26, 2004 98
Network Security on HP-UX 11i Products and Features HP-UX IPSec HP-UX IPFilter HP-UX Secure Shell Internet Services Directory Enabled Computing − Netscape Directory Server − OpenLDAP (Internet Express) − LDAP-UX Tools • LDAP SDK • OpenSSL • GSS-API • SNORT (Internet Express) • Ethereal (Internet Express) • Nessus (Internet Express) August 26, 2004 99
Page 1 and 2:
HP-UX Security Features Doug Lamour
Page 3 and 4:
Motivation: The increasing importan
Page 5 and 6:
Motivation: Regulations ! ! "
Page 7 and 8:
Security: Big Picture Service Provi
Page 9 and 10:
Future Features To learn more about
Page 11 and 12:
HP-UX Install-Time Security • Dep
Page 13 and 14:
Four Ways to Use HP-UX Install- Tim
Page 15 and 16:
ITS “Under the Hood” “Sec10Ho
Page 17 and 18:
HP-UX Bastille • An open source (
Page 19 and 20:
Bastille Screenshot Host Security -
Page 21 and 22:
HP-UX Bastille’s IPFilter Module
Page 23 and 24:
Host Security on HP-UX 11i Products
Page 25 and 26:
Network-based vs. Host-based Intrus
Page 27 and 28:
Vulnerabilities Monitored by Host I
Page 29 and 30:
Performance • Factors: − Type a
Page 31 and 32:
HP-UX Standard Mode Security • Pr
Page 33 and 34:
HP-UX Standard Mode Security Standa
Page 35 and 36:
HP-UX Trusted Mode Security • Boo
Page 37 and 38:
HP-UX Trusted Mode Security Trusted
Page 39 and 40:
HP-UX Stack Buffer Overflow Protect
Page 41 and 42:
EAL4-CAPP Certification • Trusted
Page 43 and 44:
HP Security Patch Check • Support
Page 45 and 46:
HP Security Patch Check (cont.) WAR
Page 47 and 48: Host Security on HP-UX 11i Products
Page 49 and 50: HP-UX Strong Random Number Generato
Page 53 and 54: HP-UX MD5 Secure Checksum • Compa
Page 57 and 58: Network Security on HP-UX 11i Produ
Page 59 and 60: Where does IPSec fit? Application T
Page 61 and 62: HP-UX IPSec Features (continued)
Page 63 and 64: IPSec: Authentication Header • Si
Page 65 and 66: IPSec Scenario 1: End-to-end secure
Page 67 and 68: HP-UX IPFilter What is IPFilter: A
Page 69 and 70: HP-UX IPFilter: Features (cont.)
Page 71 and 72: HP-UX IPFilter Dynamic Connection A
Page 73 and 74: An example of HP-UX IPFilter DCA Co
Page 75 and 76: DCA Filtering Rule 2 Connection lim
Page 77 and 78: More.. Session #3545 (Wed 8am): IPF
Page 79 and 80: HP-UX Secure Shell (SSH) What is HP
Page 81 and 82: More.. Session #3611 (Fri 9:30): SS
Page 83 and 84: Internet Services • Bind 9.2.0
Page 85 and 86: Internet Services • TCP Wrappers
Page 89 and 90: Directory-Enabled Computing: Values
Page 91 and 92: Netscape Directory Server Features
Page 93 and 94: Features of LDAP-UX Integration •
Page 95 and 96: Schemas • Network Information Ser
Page 97: More… Session #3202 (Wed 4pm): In
Page 103 and 104: OpenSSL on HP-UX • OpenSSL has be
Page 105 and 106: Generic Security Service API (GSSAP
Page 109 and 110: Authentication on HP-UX • Typical
Page 111 and 112: PAM Architecture Applications (logi
Page 113 and 114: NSS Architecture Applications getXb
Page 115 and 116: Kerberos Is •A network authentica
Page 117 and 118: HP Kerberos Server • The Trusted
Page 119 and 120: HP Kerberos Server • Supports RFC
Page 121 and 122: Authentication Services on HP-UX 11
Page 123 and 124: HP AAA (Authentication Authorizatio
Page 125 and 126: RADIUS Server Features • Scalabil
Page 127 and 128: Authentication Services on HP-UX 11
Page 129 and 130: Shadow Password • Encrypted passw
Page 131 and 132: Shadow != Trusted Systems Shadow Is
Page 133 and 134: HP Internet Express for HP-UX 11i
Page 135 and 136: SNORT • Network Intrusion Detecti
Page 137 and 138: Ethereal • Packet Sniffer and Vie
Page 139 and 140: Ethereal Example August 26, 2004 13
Page 141 and 142: SUDO - Example $ grep admin /opt/ie
Page 143 and 144: Stunnel • Used as an SSL wrapper
Page 145 and 146: Stunnel Example Client stunnel conf
Page 147 and 148: Stunnel Example # grep example /etc
Page 149 and 150:
Nessus • Open source network scan
Page 151 and 152:
Developing a Security Solution •
Page 153 and 154:
Start with a Solid Base • A Secur
Page 155 and 156:
Secure the Network • Do you consi
Page 157 and 158:
Authentication • What type of aut
Page 159 and 160:
Authorization • Restrict network
Page 161 and 162:
More.. Session #3626 (Wed 8am): SIG
Page 163 and 164:
Documentation HP-UX 11i Security: h
Page 165 and 166:
Questions? August 26, 2004 165
show all

HP-UX Security Features - OpenMPE

Create successful ePaper yourself

Delete template?

Save as template?