HPE Community
Operating System - HP-UX
1832891 Members
2378 Online
110048 Solutions
New Discussion

C2 trusted systems

 
SOLVED
Go to solution
Danny Pogi
Advisor

‎05-11-2003 05:50 PM

‎05-11-2003 05:50 PM

C2 trusted systems

hi guys,

where can i find documents that explain trusted systems specifically C2 level?

thanks,

dan
0 Kudos
Reply
4 REPLIES 4
Michael Tully
Honored Contributor

‎05-11-2003 06:08 PM

‎05-11-2003 06:08 PM

Solution

Re: C2 trusted systems

These days setting up a system as trusted is equivalent to C2. This in conjunction with setting up your system as a bastion server will also assist in locking it down. See this document.
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/building_a_bastion_host.pdf
For general information about HPUX security check these documents.
http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90742/B2355-90742_top.html&con=/hpux/onlinedocs/B2355-90742/00/00/60-con.html&toc=/hpux/onlinedocs/B2355-90742/00/00/60-toc.html&searchterms=security&queryid=20030511-195741
http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90742/B2355-90742_top.html&con=/hpux/onlinedocs/B2355-90742/00/00/58-con.html&toc=/hpux/onlinedocs/B2355-90742/00/00/58-toc.html&searchterms=security&queryid=20030511-195741
http://www.hp.com/products1/unix/operating/hpux11i/infolibrary/security/index.html

The different classes of security use to be: (courtesy of Michael Steele)

D1 > C1 > C2 > B1 > B2 > B3 > A1

D1 - Minimal
C1 - Discretionary
C2 - Conrolled Access
B1 - Labeled Security
B2 - Structed Protection
B3 - Security domains
A1 - Verified Design

Regards
Michael
"When I have trouble spelling, it's called fat finger syndrome"
Anyone for a Mutiny ?
Reply
Steven E. Protter
Exalted Contributor

‎05-11-2003 06:29 PM

‎05-11-2003 06:29 PM

Re: C2 trusted systems

My standard security post.

Remember, though Windows NT was supposedly certified by the government C2 standard, that with IIS was quite a joke.

Security is more than a government label.


Here is how we keep up on these security issues.

Fist we subscribe to itrc security bulletins, which you apparently already do.

Next we use the following tools to harden security on our system and notify us of security patches.

Bastille Security hardening
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

Perl which the above needs.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL

Security Patch Check
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA

TCP Wrappers

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP

IDS/9000 (Intrusion Detection Sytstem)

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

Get all these products working you'll be quite secure.

Secure shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA


I keep a close eye on permissoins, sticky bits suid and other issues with cron scripts.

Good Luck.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
T G Manikandan
Honored Contributor

‎05-11-2003 08:00 PM

‎05-11-2003 08:00 PM

Re: C2 trusted systems

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000065774364
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.