HP WBEM Services for HP-UX and Linux System Administrator's Guide
HP WBEM Services Configuration Options Security Disclaimer
Default Security
Appendix C102
Default Security
For ease-of-manageability, HP WBEM Services 2.0 defaults to
'functional' out-of-the-box, but provides several configuration options to
the customer so that security risks may be minimized.
• The HP WBEM Services CIM Server can be configured to only accept
connections from local UNIX domain sockets. This is appropriate if
you have untrusted users on your network and you do not plan to use
HP WBEM Services for remote management.
• HP WBEM Services can be configured to only allow access from a
trusted subset of system users (e.g. "root") and application users (e.g.
"oracle") using a UNIX group. Setting up this user group is
recommended if you intend to use WBEM in an environment where
local users are untrusted, or as a second line of defense against
break-ins.
NOTE If an application fails to authenticate after creating this group, you
may need to add its application or associated system users
• HP WBEM Services supports the use of other protective measures
for high-threat environments. For example, IPSEC, HP-UX Secure
Shell, or hardware solutions may be used to create a VPN to increase
security. A VPN is recommended if you intend to use WBEM for
management across an untrusted network such as an exposed DMZ
or the public Internet.