HP OSMS white paper: Security of Open Source Middleware Stacks
Introduction
Executive Summary
Deployed Linux-based HP Open Source Middleware Stacks (OSMS) is an individual system composed
of various components, configurations, and services. OSMS are a viable alternative to proprietary computer
systems. When deployed, each system faces unique vulnerabilities and threats. Therefore, security cannot
be applied to every system in the same way. No single security solution applies to all systems. To achieve
an acceptable level of protection, you must understand your system and its environment.
Security is not static so a secure solution today may not be secure tomorrow. Therefore, security is a process
rather than a single component, device, or practice. This process includes performing a continual analysis
of effectiveness, making appropriate adjustments, and balancing trade-offs within a particular system.
This paper provides an overview of the security environment for OSMS in the system, network, and
components areas. In addition, concise descriptions of important security considerations are included to
enable you to choose an appropriate security strategy for your environment.
Intended Audience
The intended audience for this document is all customers interested in learning about Linux security
specific to OSMS.
Scope and Purpose
This white paper is not a tutorial or a “how-to” document, and it does not describe how to secure OSMS.
Rather, it provides a foundation for understanding the OSMS security environment and presents issues
and options related to securing OSMS. You must choose the correct set of solutions for a particular system.
Each OSMS environment has a unique configuration, unique threats, and unique security goals. Therefore,
each OSMS environment requires a unique security solution. Various open source tools and techniques
for securing an OSMS environment are described in this paper and shown in Figure 1. In addition,
background information for each topic is provided.
Introduction 5