https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641183#M756258 Simon,<BR /><BR />In what ways are you trying to "secure" a already secure OS (Virtual Vault)?<BR /><BR />Just six months ago, I replaced our 15+ Virtual Vaults with Bastion hosts. A Bastion Host, in my case HPux 9000's (10.20 and 11.x) running Iplanet, is a normal HPux host, but with most services shut off. It's a lot easier to develop on a normal host, and you don't have to worry about the stupid Virtual Vault TGP (Trusted GateWay Proxy) dying!!!<BR /><BR />You can find bastion host info here (GREAT PAPER):<BR /><A href="http://people.hp.se/stevesk/bastion.html" target="_blank">http://people.hp.se/stevesk/bastion.html</A><BR /><BR />Another thing, VV is a dead product. HP doesn't even use it!!! And support for the product sucked!!!!<BR /><BR /><BR />live free or die<BR />harry Wed, 09 Jan 2002 12:54:20 GMT harry d brown jr 2002-01-09T12:54:20Z https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641181#M756256 Hello<BR /><BR /> I am working in a proyect to secure the Virtualvault web server, I'd like to know:<BR /><BR /> - If the certificates aren't used in the outside server the traffic could be encryted with the RSA keys or the traffic will be without encryt. Wed, 09 Jan 2002 08:45:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641181#M756256 Simon_13 2002-01-09T08:45:16Z https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641182#M756257 Hi,<BR /><BR />I am not sure about VirtualVault but for securing any webserver:<BR /><BR />1) use SSL-based HTTP for encrypting traffic to and fro the client and webserver.<BR /><BR />2) use SSL certificates for identification/non-repudiation of webserver and maintaining integrity of traffic transferred.<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong<BR />Brainbench MVP for Unix Admin<BR /><A href="http://www.brainbench.com" target="_blank">http://www.brainbench.com</A> Wed, 09 Jan 2002 11:05:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641182#M756257 Steven Sim Kok Leong 2002-01-09T11:05:28Z https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641183#M756258 Simon,<BR /><BR />In what ways are you trying to "secure" a already secure OS (Virtual Vault)?<BR /><BR />Just six months ago, I replaced our 15+ Virtual Vaults with Bastion hosts. A Bastion Host, in my case HPux 9000's (10.20 and 11.x) running Iplanet, is a normal HPux host, but with most services shut off. It's a lot easier to develop on a normal host, and you don't have to worry about the stupid Virtual Vault TGP (Trusted GateWay Proxy) dying!!!<BR /><BR />You can find bastion host info here (GREAT PAPER):<BR /><A href="http://people.hp.se/stevesk/bastion.html" target="_blank">http://people.hp.se/stevesk/bastion.html</A><BR /><BR />Another thing, VV is a dead product. HP doesn't even use it!!! And support for the product sucked!!!!<BR /><BR /><BR />live free or die<BR />harry Wed, 09 Jan 2002 12:54:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641183#M756258 harry d brown jr 2002-01-09T12:54:20Z https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641184#M756259 I don't agree that VirtualVault is a dead product. VV is mainly used for Banks and other strongly secured E-commerce systems. Bastion host can't be a replacement for VirtualVault. In the last year HP released latest Virtual Vault 4.5 version with Apache Web Server.<BR /><BR />I agree with Harry that support for VirtualVault is not as good as it should be. There are't many VirtualVault experts. VV is very complex to configure (especially if you use cryptographic HW accelerators) and the price is quite high. <BR /><BR />Simon, you should use SSL and certificates to secure traffic on the outside Web Servers. You can test this with trial certificates. You can get them from Verisign for free.<BR /><BR />Regards,<BR />Pete Thu, 10 Jan 2002 08:06:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-in-virtualvault/m-p/2641184#M756259 Peter Cvar 2002-01-10T08:06:23Z