With Tru64 UNIX worry-free security features
With business-critical and customer-sensitive information
at stake on the Internet and in Web-based enterprise
applications, effectively managing security must be a
top priority. In fact, managing every aspect of an e-business
processing platform is essential to ensure peak operating
efficiency. Therefore, it is important to have on hand
the tools and software necessary to achieve desired levels
of control over security and other system functionality.
Tru64 UNIX and AlphaServer platforms are a logical choice
for securing sensitive Internet and Web-based environments.
Tru64 UNIX comes with a host of security features built
into the operating system that are easily configured
to meet precise security requirements and business objectives:
A la carte security for maximum business flexibility
Tru64 UNIX provides an à la carte approach that lets
you choose just the C2 features you require so you don't
have the overhead of features you don't need or want.
The enhanced security system is tightly integrated with
TruCluster Server, creating a single security domain
to simplify system management.
Robust
authentication framework for highly secure applications
SIA (Security Integration Architecture) is an authentication
framework. SIA allows customers to write new authentication
mechanisms that can be plugged into the SIA framework
and then be used by any SIA aware program. This includes
all Tru64 UNIX utilities that require authentication
services. Applications don't have to be rewritten when
a new authentication mechanism (e.g. Kerberos) is added.
They can take advantage of the mechanism immediately.
Best auditing tool on the market
Tru64 UNIX offers an extensive auditing subsystem that
permits auditing down to the system call level if required.
The completeness of the Tru64 UNIX auditing system allows
users to determine who made changes to system resources
and when. This is particularly useful when an administrator
is trying to determine why certain changes have occurred
on a system.
Auditing can generate immense amounts of data. To help
bound the amount of data produced, Tru64 UNIX provides
a profiling mechanism to help administrators select a
subset of the auditable events they want to audit for
particular users.
Ultra-secure Internet transactions
CDSA
The Common Data Security Architecture (CDSA) is a standard security framework that lets applications use cryptographic services, certificate services and security policy to make Internet transactions
ultra secure. Applications running on Tru64 UNIX do not have to be rewritten to take advantage of new cryptographic algorithms. CDSA is included as part of the Tru64 UNIX operating system.
IPsec
IPsec is a network security mechanism that works with both IPv4 and IPv6. IPsec allows users to set up Virtual Private Networks that provide authentication and privacy for communications on the open
Internet. IPsec is included as part of the Tru64 UNIX operating system.
Internet Express
Internet
Express (Internet Express) for Tru64 UNIX is a
collection of popular Internet software and administration
software developed by HP. It includes all the Internet
applications (pre-tested) needed for an AlphaServer
system to act as a secure Internet or intranet server.
Key security features included in Internet Express
are the Compaq Secure Web Server (based on the Apache
Web server) with built-in support for SSL and HP's
AXL200 cryptographic coprocessor, TCP Wrappers, FireScreen,
SATAN, the Basic Merit AAA RADIUS Server, and Denial
of Service prevention tools.
SSH Secure Shell
SSH is the de facto standard for remote logins, with millions of users around the world. SSH solves the most important security problems on the Internet: eves dropping and hackers attack. The Secure
Shell applications and protocol developed by SSH Communication Security and enhanced by hp Tru64 UNIX have set the bar for Internet security technologies and created the standard for encrypted
terminal connections and secure file transfers. Typical applications include terminal connections, system administration, file transfers, tunneling, and access to corporate resources over the
Internet. SSH is is included as a mandatory subset with the Tru64 UNIX operating system.
Single sign-on for heterogeneous
environments
Tru64 UNIX allows Windows users to authenticate to Tru64
UNIX using their Windows 2000 username and password.
Secure authentication between the Tru64 UNIX system and
Active Directory occurs using Kerberos technology. UNIX
user account information can be stored in the LDAP-enabled
Active Directory to give administrators a single user
account directory spanning Tru64 UNIX and Windows 2000.
Administrators can also manage the additional Tru64 UNIX
attributes using the Microsoft Management Console (MMC)
snap-in extensions provided with the kit.
Simplified system management
Single Security Domain for Tru64 UNIX clusters
A cluster running TruCluster Server software is a single
security domain. Identification and authentication, Access
Control Lists (ACLs), and auditing are configured identically
on each member by default, presenting a coherent interface
to the user and the system administrator. Because a single
copy of the authentication files is shared among all cluster
members, each user account is valid on all cluster members
and a user can log in to the cluster alias without concern
for which cluster member accepts the connection.
Directory servers
Tru64 Unix supports a number of directory server products,
including Netscape's iPlanet Directory Server, Novell's
e-Directory, Oracle's OID, HP's X500 Enterprise Directory
and Open LDAP. Directory servers can be used to store user
account data and certificate information as well as information
about other system resources. This means Tru64 UNIX system
administrators can store and manage one single copy of
the information even though it may be used by many systems.
|
