HP Instant Capacity User's Guide for Versions 8.x
Security Related Issues
Customer protections which iCAP assumes to be in place
iCAP commands provide system status information and facilitate system configuration
modification, and are therefore executable only by personnel with root level access. An assumption
is made that there exist administrative policies which exercise the appropriate degree of control
over root level access.
Disabling the iCAP daemon (HP-UX)
The iCAP daemon (icapd) can be disabled on a system with full usage rights (no iCAP
components) by commenting out its entry in the /etc/inittab system file, resetting the init
task (init -q), and killing icapd via kill -9 or kill -s SIGTERM.
Note that disabling the daemon in this way on an iCAP or GiCAP system is a violation of the
iCAP contract with HP. It will have the effect that after 12 to 24 hours, the system will go out of
compliance and an exception notification email will be sent. It will also have the effect that other
partition management software will not be able to determine if the system contains iCAP
components and will, as a result, refuse to manage any components that are present.
Customer Security Requirements
The Instant Capacity software is designed to provide maximum protection for sensitive customer
information, and follows these customer security requirements:
• Sensitive customer data (names, phone numbers, e-mail addresses, hostnames, IP addresses)
is not transmitted to HP.
• There are no transmissions of authentication credentials in clear (non-encrypted) text.
• Non-superuser access to iCAP commands and data is not allowed.
• Confidential information is encrypted when transmission is required.
• Appropriate protections are accorded to confidential data and authentication credentials.
Security Tuning Options
iCAP asset reporting (via e-mail to HP) is optional, and is turned off by default. Customers can
enable asset reporting by executing the icapnotify -a on command.
Security Related Issues 191