HP-UX Security Whitepaper

By Mike Jerbic
email:mjerbic@cup.hp
phone:408-447-6299

Version 3.0
May 2000

Overview

This document describes the security-related features and benefits of the HP-UX core operating system.Releases described in this document include HP-UX 10.20, 11.0, 11.10, and11.i.The special, high-security OS releases such as 10.09, 10.16, 10.26, and the Virtual Vault operating systems are not described here.

This document is organized as follows:

Section 1 contains the overall purpose and organization of this paper.

Section 2 contains OS security concepts that define the terms used and scope of Operating System Security.

Section 3 contains a description of available security features in the two modes (Standard and Trusted), how security is managed through ServiceControl Manager, SAM, NIS, and NIS+.At the end of the section is a table of HP-UX features and their associated customer benefits

Section 4 is a summary of security features available by release (10.20, 11.0…)

Section 5 provides additional reference information for further study.

Appendix A provides the specifications and availability of the CDSA Cryptography.

Appendix B discusses the risks of viruses on HP-UX systems.

Security Programs Not Covered in This Document
Hewlett Packard has numerous activities in security outside of core operating systems.Some of these include:

Praesidium, the HP program and brand name for security infrastructure middlewarermation on these products can be found in:

http://www.hp/go/security

HP-UX add-on products that are available on the HP-UX Application Release CD.Some specific security products that are beyond the scope of this paper include:
IPSEC / VPN
Kerberos
LDAP
CIFS/9000
Intrusion Detection
Java

Table of Contents

OVERVIEW 2
Security Programs Not Covered in This Document 2
OS SECURITY CONCEPTS 6
Identification and Authentication 6
Authorization 6
Access Control 6
Audit / Accountability 6
Object Reuse 7
Intrusion Resistance 7
Assurance 7
US Government Security Specifications and Levels 7
European Security Specifications and Levels 8
Extensions to Security Specifications 8
HP-UX 11.X OPERATING SYSTEM SECURITY FUNCTIONALITY 9
Two Modes of Security in HP-UX 9
Standard HP-UX Security 9
Identification and Authentication 9
Authorization 10
Access Control 10
Audit / Accountability 10
Object Reuse 11
Intrusion Resistance 11
Assurance 11
Security Criteria Compliance 11
Documentation 11
Trusted Mode (C2) Extensions to Security beyond Standard UNIX 11
System Boot Authentication 12
Identification and Authentication 12
Login Controls 13
Audit / Accountability 13
Assurance, Formal Certification to Standards 14
Trusted Mode Interoperability with other Applications 14
HP-UX Security Manageability 14
System Administrator (SAM) 14
ServiceControl Manager 14
NIS 15
NIS+ 15
LDAP 15
Kerberos 15
Cryptographic APIs 16
HP-UX Security Feature Summary 17
Field Support and Patches 18
FEATURE COMPARISON BY HP-UX RELEASE 20
REFERENCES 21
HP Security Product Web Site 21
HP-UX Security White Papers 21
HP Electronic Support Center 21
Managing Systems and Workgroups (HP-UX 11.x) 21
Systems Administration Tasks Manual (HP-UX 10.x) 21
Administering Your HP-UX Trusted System 21
Trusted Mode Application Compatibility White Paper 21
HP’s Internet & Security Solutions Documentation Web Site 21
Trusted Computer Systems Evaluation Criteria 22
Security Survival 22
X-Open Baseline Security Specification 22
Practical UNIX and Internet Security 22
Web Security and Commerce 22
Bugtraq Security Vulnerability Website 22