Manualshelf

HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i Role-based Access Control (RBAC) Software
11121314151617181920
1 HP-UX 11i Security Containment Introduction
This chapter contains overview information about the features of HP-UX 11i Security Containment.
It addresses the following topics:
“Conceptual Overview”
“Defined Terms”
“Features and Benefits”
Conceptual Overview
HP-UX 11i Security Containment uses three core technologies: compartments, fine-grained
privileges, and role-based access control. Together, these three components provide a highly
secure operating environment without requiring existing applications to be modified. In addition,
HP-UX 11i Security Containment makes several newly enhanced trusted mode security features
available on standard mode HP-UX systems. These features are called HP-UX Standard Mode
Security Extensions (HP-UX SMSE).
With HP-UX 11i Security Containment, the HP-UX 11i v2 operating system provides a highly
secure, easy-to-maintain, and backwards-compatible environment for business applications.
HP-UX 11i Security Containment implements several important security concepts. The following
sections describe these concepts as implemented by security containment:
Authorization”
Account Policy Management”
“Privileges”
“Isolation”
Auditing”
Authorization
Authorization is the concept of limiting the actions a user is allowed to perform on a system,
often based on the user's business needs. A traditional UNIX system offers only two levels of
authorization:
regular user Limited access to system resources
superuser Unlimited access to system resources
HP-UX Role-Based Access Control (HP-UX RBAC) creates many different levels of authorization,
based on roles. You can configure roles based on business need, for a user or group of users to
perform specific actions on the system. Then you assign users to the roles you configured.
Account Policy Management
Account policy management is the concept of maintaining user and system security attributes
used for authorization. Some user and system attributes include the time of day a user is allowed
to log on, how long a user can remain inactive before being automatically logged out, and how
long a user's password remains valid.
Account policy management is implemented using HP-UX Standard Mode Security Extensions
features of HP-UX 11i Security Containment.
Privileges
Privileges are similar to authorization, except that instead of limiting the actions a user can
perform on a system, privileges limit the actions a program can perform on a system. On a
traditional UNIX system, a program can run as though owned by the invoking user or by the
file owner (for example, a setuid program). Access to certain system resources require the
Conceptual Overview 17