Manualshelf

A.05.70 HP Insight Remote Support Advanced and Remote Device Access Security Overview (October 2011, 5900-1735)

ManualsBrandsHP ManualsSoftwareHP Insight Remote Support Advanced Software
31323334353637383940
2.13.5 Data Collection Scripts
If creating operating system accounts exclusively for HP Systems Insight Manager accounts, give users the
most limited set of operating system privileges necessary to accomplish the required function. Any root or
administrator accounts should be properly guarded. Configure all password restrictions, lock-out policies,
and user profiles, in the operating system.
2.13.6 Background Processes and Daemons
On Windows, HP Systems Insight Manager and Insight Remote Support Advanced are installed and run as
a Windows service. By default, they run using the administrator account used during product installation.
The HP-UX Advanced Configuration Collector does not run as a daemon on HP-UX systems, but instead
executes a series of collection commands with restricted root access when invoked via the HP System
Management Homepage during data collection periods.
2.13.7 Security Auditing
The HP Systems Insight Manager and Insight Remote Support Advanced security audit logs contain entries
for important system activities, such as executed tasks, authorization modifications, and user sign in and
sign out, and so on. Tools by default are configured to log results in the windows system audit log. Proper
security precautions should be taken to prevent users from modifying the tool definition files to defeat the
default security auditing.
2.13.8 Command-line Interface
Much of HP Systems Insight Manager and Insight Remote Support Advanced functionality can be accessed
through the command line. To access the command-line interface, you must be logged on to the CMS using
a valid HP Systems Insight Manager user account. That account’s authorizations and privileges within HP
Systems Insight Manager apply to the command line interface as well.
NOTE: On a Windows system, the HP SIM administrator system account must be a member of the
Administrators group on the CMS for all of the commands to work properly.
2.13 Browser security 35