Manualshelf

HP-UX 11i v3 Installation and Update Guide, September 2008 (Update 3 Release)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
41424344454647484950
Figure 3-1 Install-time Security Software Dependencies
Sec20MngDMZ
Sec10Host
Sec30DMZ
Sec00Tools
IPFilter
Software
Assistant
(SWA)
HP-UX
Bastille
HP-UX
Secure
Shell
perl
Selectable security levels
Default-installed security levels
These selectable security levels
lock down your system at
cold-install- or update-time. They
depend on Sec00Tools to install the
needed software to secure your
system.
This default-installed security level
does not apply any security at
cold-install- or update-time.
The Sec00Tools security level is
installed by default and is required to
secure your system either at
cold-install- or update-time or at a
later time.
OpenSSL
Secured Services and Protocols
Each security level provides incrementally higher security by locking down various
protocols and services. HP-UX Bastille uses a series of questions to determine which
services and protocols to secure. Using one of the security levels applies a default
security profile, simplifying the lockdown process.
The following tables detail the services and protocols affected by the security levels,
listed in Table 3-2 (page 38), if you choose to apply one at cold-install- or update-time:
Table 3-3 (page 42) lists the security settings for Sec10Host. These settings also
apply to Sec20MngDMZ and Sec30DMZ.
Table 3-4 (page 44) lists the security settings applied with Sec20MngDMZ, in addition
to the settings in Table 3-3.
Table 3-5 (page 44) lists the security settings applied with Sec30DMZ, in addition
to the settings in Table 3-3 and Table 3-4.
Security Considerations 41