topic Re: trusted system in Operating System - HP-UX

trusted system

Roberto Severo — Mon, 24 Jun 2002 23:11:24 GMT

We'll migrate our system (UX 11.11) from "d" level to "c2" (trusted) level of security, but i have to expose how the security will be increased doing that to my boss. Can anybody help me listing the benefits of the "c2" level?

Tks. in advance,

-roberto

Re: trusted system

Michael Tully — Mon, 24 Jun 2002 23:31:18 GMT

Hi,

The security measures what come with the standard operating system basically, only create a password database as opposed to anything else. It will remove the encrypted password entries from the /etc/passwd file and create a database under /tcb

You can use 'sam' to convert it or the '/usr/lbin/tsconvert' command.

Have a look at this document, and use 'trusted' in the search box. It will provide everything you need to know. Be aware that changing a system to 'trusted' will require all users to change their passwords afterwards.

http://www.docs.hp.com/hpux/onlinedocs/B2355-90742/B2355-90742.html

Michael

Re: trusted system

Arockia Jegan — Mon, 24 Jun 2002 23:55:39 GMT

Here are some security changes that will happen when you will migrate your system to c2 level security,

1) In standard unix the encrypted passwords stored in the world readable file /etc/passwd. So anyone having valid password in the system can gain other's password(even password of root) by using passwd cracker softwares. Converting your system to a trusted one will move all user's encrypted passwords to a secure location under /tcb
2) It also provides a flexible password aging mechanism
3) It will automatically disables user accounts after repeated failed logins.
4) Because of the password history system has good protection against poorly chosen passwords

Re: trusted system

Bill Hassell — Tue, 25 Jun 2002 01:14:06 GMT

There are many additional controls you can put on passwords such as minimum/maximum length, content limits (upper/lower case, numbers), and even login controls on the time of day a login is permitted.

The best documentation is found at: http://docs.hp.com then search for: Trusted System, and print the first section of "Administering Your Trusted System" found at:

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90121/B2355-90121_top.html&con=/hpux/onlinedocs/B2355-90121/00/00/8-con.html&toc=/hpux/onlinedocs/B2355-90121/00/00/8-toc.html&searchterms=trusted%7csystem&queryid=20020624-191925