HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2
Benefits
Using HP-UX 11i Security Containment to secure your system offers the following benefits:
• Integrated security
You can use HP-UX Standard Mode Security Extensions in combination with the new security
containment features to enhance the security of your HP-UX systems.
• Fewer users who need full superuser access to systems
Using HP-UX RBAC, you can give users specific administrator-level privileges on a system
without giving those users full superuser access. These users can perform only specific
administrative tasks on the system, as defined by their roles. This provides strong internal
system security.
• Isolation of system resources
Using compartments, you can isolate applications and resources on a single system. Even
if the security of one application is compromised, other resources on the system remain
secure.
• Interoperable with existing HP-UX 11i security products
You can integrate HP-UX 11i Security Containment with your existing HP-UX security
solution. HP-UX 11i Security Containment works with all other HP-UX 11i v2 security
products and features.
• No need to modify existing applications
HP-UX 11i Security Containment can be configured to be transparent at the application
layer. You do not need to modify your existing applications to use HP-UX 11i Security
Containment.
• Interoperability with HP Serviceguard
HP Serviceguard is comparable with the HP-UX 11i Security Containment default
configuration. Because Serviceguard requires communication and control between many
processes and nodes, be sure to follow all constraints described in this document if you
change the default containment configuration.
For more information about configuring HP-UX 11i Security Containment to ensure proper
cluster operation for appropriate enforcement of security policies, refer to “Fine-Grained
Privileges in HP Serviceguard Clusters” and “Compartments in HP Serviceguard Clusters”.
20 HP-UX 11i Security Containment Introduction