HPE Community
Operating System - HP-UX
1753497 Members
4629 Online
108794 Solutions
New Discussion юеВ

HP-UX C2 Trusted

 
Angel_15
Occasional Advisor

тАО06-25-2003 12:12 AM

тАО06-25-2003 12:12 AM

HP-UX C2 Trusted

Hello:
I have HP-UX 10.20 whit Oracle 7.3 and I'm going to convert this system to C2 Trusted.

Must I to do anything with Oracle?

Thanks.
angel0
0 Kudos
Reply
8 REPLIES 8
Yogeeraj_1
Honored Contributor

тАО06-25-2003 12:26 AM

тАО06-25-2003 12:26 AM

Re: HP-UX C2 Trusted

hi,

Have a look at Trusted Oracle7 MLS RDBMS, a
state-of-the-art product built to support a strict multilevel security (MLS) policy on trusted operating systems.

today this is called "Oracle Label Security"


hope this helps!

regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

тАО06-25-2003 12:50 AM

тАО06-25-2003 12:50 AM

Re: HP-UX C2 Trusted

Hi,
AFAIK, there are no problem, since this affect only the way users are authenticated.

However, you should pay attention to the secutiry polivi on the user, the oracle owner shuold ve allowed to login at every hour, and that its password never expires ans so on, to prevent startup/shutdown problem suddenly.

I had two C2 systems, one 7.3 and one 8.0.5, and they had no particular problem, keeping in mind my previous notice.


BTW, you know that 10.20 and 7.3 are praticallly out of support ?


HTH,
Massimo

0 Kudos
Reply
Jairo Campana
Trusted Contributor

тАО06-25-2003 03:16 PM

тАО06-25-2003 03:16 PM

Re: HP-UX C2 Trusted

I had problems with an application HPIA HPinternet Activator with oracle 8 in HPUX 11.0 .
I had to return in mode no trusted.
legionx
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО06-25-2003 03:18 PM

тАО06-25-2003 03:18 PM

Re: HP-UX C2 Trusted

No you do not need to do anything with Oracle. It will run just fine on a trusted system. We have a range of databased from 7.3.3 up to 9i and all are on trusted systems with no special setup and no problems.
0 Kudos
Reply
Jim Mallett
Honored Contributor

тАО06-25-2003 03:24 PM

тАО06-25-2003 03:24 PM

Re: HP-UX C2 Trusted

Angel,

I just converted our Oracle development machine(on 11.00) to a Trusted System and had no issues. I was concerned myself about any Oracle ramifications and was not able to find anything, and haven't had issues this week.
The only thing I'll need to keep my eye on are the Oracle system admin accounts, historically I haven't made them change that password and I am now. We'll find out if they have any scripts with the pass hardcoded I guess.

Good luck,
Jim
Hindsight is 20/20
0 Kudos
Reply
Donny Jekels
Respected Contributor

тАО06-27-2003 12:34 PM

тАО06-27-2003 12:34 PM

Re: HP-UX C2 Trusted

trusted systems has no relevance with oracle and you don't have to do anything on the oracle side of the fence.

sit back and relax!!
Donny
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
Caesar_3
Esteemed Contributor

тАО06-27-2003 12:39 PM

тАО06-27-2003 12:39 PM

Re: HP-UX C2 Trusted

Hello!

No need to do something with Oracle,
the convert to trusted affect the OS (users/passwords) but it still work the
same way.

Caesar
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-27-2003 12:59 PM

тАО06-27-2003 12:59 PM

Re: HP-UX C2 Trusted

Though you are not required to do anything with Oracle, you might want to upgrade because the 7.x products are approaching the end of their life cycle.

When that happens, if a security flaw comes up, Oracle won't fix it.

C2 is a nice term, but you need to think also about whether the system is actually secure.

Are you using the Berkely Protocols, rcp, et al. I don't care whether C2 permits that or not, they are not a good idea to run due to their authentication methodology.

Does C2 let you run telnetd and ftpd, both of which transmit passwords back and fortth to the user in clear text? I don't know, but if you truly want a secure system they should be replaced by Secure Shell.

Does C2 certification require you to run Bastille on the machine? That is a good idea.

C2 certification should not be mistaken for true security. That is part of a broader plan that means keeping up on security patches, running the right tools and getting down for some good olf fashioned sysetms adminitration by looking at umask, default permissions and such.

C2 is a requirement for certain government computer systems that is a good start, but it hasn't stopped penetration of secure systems at the Pentagon has it?

Food for thought.

Sumamry: C2, a good start, but not the ending.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.