Manualshelf

iTP Secure WebServer System Administrators Guide (Version 7.5+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
51525354555657585960
require. For other customers, keep a backup tape in the same building as the server machine is
sufficient. For other customers, keep a backup in another location (for example, in another building)
in case the original file is destroyed and a replica is needed immediately.
Consider controlling access to the room in which backups are made and stored and the means
by which they are transported physically or electronically (if applicable).
You also must protect the server machine itself, since it contains the key database file. According
to your security requirements, consider physically protecting the room in which the server is located
and also restricting access to the server through its network connections.
Protecting the Server Password
The key database file is encrypted with a password that you specify by using the keyadmin utility.
The iTP Secure WebServer must decrypt the file at run time to gain access to the file's stored
information. Use the ServerPassword configuration directive to assign the server a password.
The iTP Secure WebServer installation requires the server password to be eight characters or
longer. In addition, the keyadmin utility also requires passwords to be either mixed case or all
uppercase.
If your password is stored in the configuration file or another file, protect that file at least as carefully
as you would the key database file itself. Consider file protection, backups, network access, physical
access, and so on (as described in “Protecting the Key Database File” (page 51)).
Protecting Core Dumps
Any server can fail and dump core, and core dumps of the iTP Secure WebServer can contain
keys and the server password.
You must protect core files as carefully as the key database file and server password files. Consider
who has physical access to them, whether the files can end up on a backup tape, what their file
protections are, and so on. If you transmit a core file for analysis, physically or electronically,
consider the safety of the transmission mechanism.
Protecting Transmission of Key Database Files and Core Dumps
If you must transmit a key database file or a core dump over the public network—for example, to
HP support services for help with troubleshooting— make sure the transmission mechanism is
appropriate for your security requirements.
HP support requests that all key database files, core files, and configuration files that contain
passwords be sent encrypted in some form.
52 Planning the iTP Secure WebServer PATHMON Environment