HPE Community
Operating System - HP-UX
1833017 Members
2205 Online
110048 Solutions
New Discussion

SOX and HP Unix Security

 
wip
Frequent Advisor

‎07-23-2006 10:49 PM

‎07-23-2006 10:49 PM

SOX and HP Unix Security

A hot subject and hope all of you are one way or the other affected by SOX.What software or scripts/utilities you use to scan/remediate and collect evidences for SOX /RCSA and TRAM.

Highly appreciate any replay
Wip
0 Kudos
Reply
3 REPLIES 3
Arunvijai_4
Honored Contributor

‎07-23-2006 10:53 PM

‎07-23-2006 10:53 PM

Re: SOX and HP Unix Security

Hi Wip,

Here are some threads worth reading,

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=959648
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=999091

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎07-24-2006 12:30 AM

‎07-24-2006 12:30 AM

Re: SOX and HP Unix Security

Shalom wip,

SOX, Sarbanes-Oxley is really a moving target. How A Corporate governance law applies to computer security was not envisioned by the laws authors.

That being said, your systems must be secure and have audit records for two reasons:
1) A major security breach could cause corporate problems, hammer your stock price and hurt shareholders.
2) Record keeping requirements of SOX having to do with Corporate governance.

From the Security Standpoint, you will get many answers.

If feel the following are a must.
1) Regular installation of quarterly HP-UX security updates. The name varies with the OS version.
2) Hardening your system with Bastille.
3) Regular patch assessments (itrc.hp.com)
4) Regular run and installation of results from security_patch_check which ships separately as a patch and is part of Bastille.

Long term, I think compliance requires the following:
1) Abandoning use of all clear text authentication protocols, such as ftpd,telnet,rsh etc.
2) Migrate from NIS top LDAP or ADS integration(see 3)
3) Go to trusted system, which does not work with NIS.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
dirk dierickx
Honored Contributor

‎07-24-2006 06:27 PM

‎07-24-2006 06:27 PM

Re: SOX and HP Unix Security

'A hot subject and hope all of you are one way or the other affected by SOX.'

how nice of you to wish something like that to all of us :(

system security should be a standard subject in an admins tasks, unfortunatly SOX is more then just security and brings a lot of burocracy to the table which is something i can do without.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.