Security
cancel
Showing results for 
Search instead for 
Did you mean: 

ISEE Security Issues?

Hanry Zhou
Super Advisor

ISEE Security Issues?

In order to get ISEE run, the server has to internet connection. That would raise up the security potential problem, in my opinion. That means that all production servers have to have internet connection. Am I right?
none
5 REPLIES
Steven E. Protter
Exalted Contributor

Re: ISEE Security Issues?

Any exposure to any network is a potential security problem.

One of your HP-UX users could bring potential problems into the box with his windows browser. He could save a file and ftp it up to the server. Her machine could get hacked while she's logged on as root.

The answer is, through a proper firewall, letting an HP-UX server have exposure on port 80(http) is not a big deal. The firewall must only allow traffic that is initiated on the HP-UX server to flow through.

If you balk at ISEE because of Internet exposure, you might be looking for perfect security. That would involve disconnecting the network cable.


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Justin Willoughby
Regular Advisor

Re: ISEE Security Issues?


We are using ISEE and are behind a firewall. The server cannot directly connect to the Internet nor can you connect to the box from the Internet. When setting up ISEE you have the option to use a http proxy to connect to HP. This is what we do and believe its safe/secure.

- Justin
Steven E. Protter
Exalted Contributor

Re: ISEE Security Issues?

Justin,

Interesting. What if you had a stateless firewall and no proxy server?

That should work shouldn't it?

I guess my earlier answer was to simple. A lot depends on the product and firewall setup.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Justin Willoughby
Regular Advisor

Re: ISEE Security Issues?


We are using the ISEE Standard Config, which loads the ISEE software on each server. If you are looking at the other product that allows HP remote access then it might be different.

The proxy server we use for ISEE is the same proxy server used for our workstations. It seems to work pretty well for us. I have an outstanding issue with the GUI (web) bit to come up in a timely manner on our L3000 but that's a whole other issue that HP does not seem to think is critical or worth fixing.

Do you not have a proxy server for access the web from your desktops?

- Justin
Martin Coule
Occasional Advisor

Re: ISEE Security Issues?

Partly right. What you are describing is the Standard Configuration for ISEE. The Advanced Configuration uses a Support Point of Presence (SPOP) within a DMZ to communicate over the internet to HP. So your servers only need to be networked so they can communicate with the SPOP.

On the other hand, you do need to have an appropriate contract level with HP before the Advanced configuration is a viable solution.