IPSec
IPSec adds integrity protection and confidentiality to network
communication over the Internet and within the enterprise to
applications which lack these capabilities without modifying existing
applications.
MD5 Secure Checksum
(MD5sum)
MD5sum provides a cryptographic file integrity utility and API based on
the standard Message Digest 5 (MD5) algorithm.
HP-UX 11i Internet
Express
In addition to the fully-supported features listed above, HP packages a
number of limited-support open source products that offer additional
data security, including: OpenSC/OpenCT, ClamAV, CyrusSASL,
GnuPG, SSLDump, Stunnel, and Tripwire.
Bastille
Bastille is a very easy-to-use security hardening wizard (also known as
a lockdown wizard) that enhances the security of an HP-UX 11i host by
turning off unneeded services, tightening security configuration settings,
configuring IPFilter, etc. It accommodates the various degrees of
hardening required for web, application and database servers, and can
walk a non-security expert through the hardening decisions.
Host IDS
HIDS enhances host-level security with near real-time automatic
monitoring of each configured host for signs of potentially damaging
intrusions. HIDS is a standard feature of HP-UX 11i, making HP the only
systems vendor to offer its own host intrusion detection product. Read
more
Secure resource
partitions
Secure Resource Partitions combine kernel level security (via Security
Containment) and proven resource management to stack multiple
applications within the same operating system.
IPFilter
IPFilter is a stateful firewall (filters IP packets to control packet flow in or
out of the system; stateful simplifies and increases security of rule
definitions by allowing return traffic based on outbound rules without
having to define broader inbound rules). HP's unique dynamic
connection allocation provides protection from denial-of-service attacks.
IPFilter provides increased security defense by minimizing the number
of server exposure points.
Software Assistant
(SWA)
HP-UX SWA is a command-line tool that consolidates, simplifies and
helps automate patch and security bulletin management on HP-UX
systems. The SWA tool is the HP-recommended utility to maintain
currency with HP-published security bulletins for HP-UX software.
Install-time Security
Install-time Security (ITS) is available to customers running HP-UX 11i
v2 or later releases of the operating system, as an install option to
lockdown systems during installation. ITS makes HP-UX 11i more
secure out-of-the-box when customers select higher security levels.
There are four choices, ranging from a highly locked down (DMZ) level
with a tightly configured IPFilter firewall blocking most inbound traffic
(and many services also disabled or secured) to a maximum
compatibility level which installs security tools, but doesn't apply a
security level.
Boot Authentication
A site's security policies may require users to authenticate before they
can boot the system into single-user mode. Previously, this feature was
only available on a system that had been converted to Trusted Mode.
This product now provides secure single-user mode with root password
protection, but without the overhead of converting the system to trusted
mode.
QuickSpecs
HP Integrity BL860c Server Blade
Standard Features
DA - 12671 U.S. QuickSpecs — Version 18 — 2/18/2009
Page 16
