HPE Community
Operating System - HP-UX
1754359 Members
4725 Online
108813 Solutions
New Discussion юеВ

Security Products on HP-UX

 
SOLVED
Go to solution
Swetha
New Member

тАО05-05-2004 07:23 PM

тАО05-05-2004 07:23 PM

Security Products on HP-UX

Hi,

I need info on how/why HP-UX is a better OS compared to AIX, Solaris etc, especially in the security space.

I have seen a couple of whitepapers about the security offerings on HP-UX but none containing a competitive analysis.

Any pointers would be of great help.

Regards,
Swetha.
0 Kudos
Reply
15 REPLIES 15
generic_1
Respected Contributor

тАО05-05-2004 07:37 PM

тАО05-05-2004 07:37 PM

Re: Security Products on HP-UX

I think HP is pretty good at alerting Customers on Security patches.

Also this thread might be interesting to you:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=426710

0 Kudos
Reply
Robert-Jan Goossens
Honored Contributor

тАО05-05-2004 07:43 PM

тАО05-05-2004 07:43 PM

Re: Security Products on HP-UX

Hi,

Below you find some security products. Docs can be found at http://www.docs.hp.com/hpux/internet/index.html

HP Bastille
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Secure Shell
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

More,
http://www.software.hp.com/portal/swdepot/displayProductsList.do?category=ISS

Hope this helps,
Robert-Jan
0 Kudos
Reply
Joseph Loo
Honored Contributor

тАО05-05-2004 07:50 PM

тАО05-05-2004 07:50 PM

Re: Security Products on HP-UX

hi,

are you asking about how secure the platform, HP-UX compares against the other platform, e.g. AIX, Solaris, LINUX?

regards.
what you do not see does not mean you should not believe
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО05-05-2004 07:54 PM

тАО05-05-2004 07:54 PM

Re: Security Products on HP-UX

Intrusion Detection:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA

IpSec
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J4256AA

Security Patch Check(comes with Bastille)
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

Strong really random number generator
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I

Don't forget two education offerings:

Practical Network & Unix SEcurity

Internet Security

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

тАО05-05-2004 08:14 PM

тАО05-05-2004 08:14 PM

Solution

Re: Security Products on HP-UX

Take a look at this;

http://www.boran.com/security/it15-os-overview.html

This has a nice summary of security levels (eg, c1, c2, b1 and b2 - in increasing order of more secure) against which OS can do them. Then you need to investigate which level SunOS, AIX and HPUX can do. Basically all can do C2, Sun and HP have a variant which can do the much more secure B1, cant see AIX on there (above C2).

Cheers,

Stefan



Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
V.Tamilvanan
Honored Contributor

тАО05-05-2004 08:15 PM

тАО05-05-2004 08:15 PM

Re: Security Products on HP-UX

Hi,

This link may help you.

http://www.hp.com/products1/unix/operating/security/index.html#hpux11i_system
0 Kudos
Reply
Stefan Farrelly
Honored Contributor

тАО05-05-2004 08:22 PM

тАО05-05-2004 08:22 PM

Re: Security Products on HP-UX

Further to my last reply the source document for this was;

NSA (National Security Agency)
document: Information Systems Security: Product and Services Catalog

But the one I posted is old - 1995. There is surely updated versions but you must purchase them from the NSA (thats why theyre not freely available on the web) - theyre cheap though. Check it out here;

http://www.boran.com/security/nsapubs.txt

Unless someone has an updated version they can post here ?

Obviously this sort of Unix security comparison requries a lot of work thats why the NSA charge for the results.


Im from Palmerston North, New Zealand, but somehow ended up in London...
Reply
John Diamant
Occasional Advisor

тАО05-06-2004 09:22 AM

тАО05-06-2004 09:22 AM

Re: Security Products on HP-UX

How about this for a competitive analysis?
http://h71028.www7.hp.com/enterprise/downloads/unix_ranking.pdf
and
http://whitepapers.zdnet.co.uk/0,39025945,60044220p-39000571q,00.htm

DH Brown evaluated OSes including Solaris, AIX, and HP-UX against 5 categories, including Security Services, and gave HP-UX top scores in all categories.

The report's a bit dated, but I believe it's DH Brown's most recent UNIX Function review.

HP-UX has added a number of security features since that evaluation, further strengthening our offering (Security Patch Check, Bastille, Install Time Security, executable stack protection and more were added after the DH Brown evaluation, and many other security features were enhanced since then as well, including even more LDAP integration, improvements to IPFilter and Host Intrusion Detection and others mentioned in the HP URLs listed in earlier messages).

John
0 Kudos
Reply
Colin Topliss
Esteemed Contributor

тАО05-06-2004 10:58 AM

тАО05-06-2004 10:58 AM

Re: Security Products on HP-UX

TCP wrappers is also available.

But, on the downside (sorry):

C2 is a great idea, but not that many applications support it. System calls to get/set the password entry change from getpwent to getprpwent - not many applications take this into account, and so fail authentication. Caution is advised.

By default, there is no shadow password file, so it is possible to extract the encoded passwords. This is a *real* pain. HP did bring this functionality out as a patch, but last time I looked at it it didn't support NIS (cringe) or LDAP. Again, a bit of a pain if you use those services.

IDS is sort of OK, but I personally found it a bit cumbersome, and the more systems you had the more cumbersome it became to try and keep on top of it all. There are other alternatives to system monitoring out there (tripwire, Axent ESM etc etc) that may be more useful.

Some of the default ndd settings are a little odd, and need to be modified to circumvent not only malicious attacks but mis-behaving applications too.

Any system, when it comes to security, is only as good as its configuration. Some of the extra tools can be dangerous to your security if you are not careful (ie sudo - great to log who does what as root rather than log in as root themselves, but a slight mis-configuration can grant anyone root access without a password).
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.