HPE Community
Operating System - HP-UX
1849786 Members
2359 Online
104044 Solutions
New Discussion

Security Level Associated with Traditional HPUX installation

 
SOLVED
Go to solution
Abdul Salam H S_1
Frequent Advisor

‎05-28-2002 05:02 AM

‎05-28-2002 05:02 AM

Security Level Associated with Traditional HPUX installation

Hi,

Can someone tell me what is the security level associated with Traditional HP UX installation? Is there any utility for assessing the security levels of HPUX systems?
With trusted system, the level is known as C2 level.Is there any level or standard like this for normal HPUX installation?


Thanks and Regds,

Abdul Salam
0 Kudos
Reply
7 REPLIES 7
Sebastian Galeski_1
Trusted Contributor

‎05-28-2002 05:10 AM

‎05-28-2002 05:10 AM

Re: Security Level Associated with Traditional HPUX installation

Standard UNIX is C1
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

‎05-28-2002 05:14 AM

‎05-28-2002 05:14 AM

Re: Security Level Associated with Traditional HPUX installation

I dont think there is any security level associated with a default HP-UX installation. Its basically not very secure at all.

If you convert to a trusted system it does NOT make your server C2 security compliant. All youve done is adopt part of the C2 security requirements - only those for password control. A truly C2 compliant server would have encrypted network connections and lots of other goodies (ssh, nfs over ssh etc.)
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-28-2002 05:18 AM

‎05-28-2002 05:18 AM

Re: Security Level Associated with Traditional HPUX installation

Most security experts would define a cold install of HP-UX as un-secure. There are several missing features (like umask), almost every service is turned on by default and many directories and files have open permissions. These will not be fixed by converting to C2 (Trusted). You still need to shutdown the majority of network services and ideally install IDS/9000 (for 11.0 and higher). Also get a copy of the book "HP-UX 11i Security" by Chris Wong.


Bill Hassell, sysadmin
Reply
Steven Sim Kok Leong
Honored Contributor

‎05-28-2002 06:05 AM

‎05-28-2002 06:05 AM

Re: Security Level Associated with Traditional HPUX installation

Hi,

Center for Internet Security has a level 1 (not TCSEC) security benchmark for HP-UX 10.20, 11.00 and 11.11:

http://www.cisecurity.org/bench_HPUX.html

To comply with TCSEC Orange Book C2 security, you need to convert your server to trusted (TCB).

To comply to TCSEC B-level security, you should be looking at HP's VirtualVault.

"Virtualvault trusted Web server platform is built upon a trusted operating system that incorporates tough B-level Department of Defense Trusted Computer System Standards (TCSEC) features."

http://www.hp.com/security/products/virtualvault/papers/brief_4.0/

Hope this helps. Regards.

Steven Sim Kok Leong
Reply
Wodisch
Honored Contributor

‎05-28-2002 10:02 AM

‎05-28-2002 10:02 AM

Re: Security Level Associated with Traditional HPUX installation

Salam,

actually as long as HP-UX stores the (encrypted) passwords visible for everybody in "/etc/passwd" it belongs to the TCSEC category "D" (="minimal security", read: none!)!
For that reason do so many other vendors make use of the not-public-readable "/etc/shadow" store for passwords...

Just my $0.02,
Wodisch
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎05-28-2002 03:07 PM

‎05-28-2002 03:07 PM

Solution

Re: Security Level Associated with Traditional HPUX installation

Hi,

Standard HP-UX is not at TCSEC level D. It is at TCSEC level C1 because it complies with security features such as "Identification and Authentication" as well as "Discretionary Access Controls" etc.

An example of an OS at TCSEC level D is MS-DOS i.e. it is an OS with no knowledge of "user identity" and "access control" etc.

Btw, the following is an excellent whitepaper on the security differences between standard and trusted HP-UX:

http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/sec9906.pdf

Some of the B1 special releases include HP-UX 10.09 and 10.16 etc.

Hope this helps. Regards.

Steven Sim Kok Leong
Reply
Glenn L. Stewart
Frequent Advisor

‎05-29-2002 05:14 AM

‎05-29-2002 05:14 AM

Re: Security Level Associated with Traditional HPUX installation

Hi,

The easiest variation from vanilla HP-UX is of course the move to trusted system.

But many more changes may be made to ensure a greater security.

This document clearly highlights obvious changes.
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/building_a_bastion_host.pdf
Excellent read!

Glenn
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.