HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide
Figure 1-1 SRP Compartments Example
Securing SRP Compartments
SRP provides a framework for managing compartment and networking security. This framework
is primarily enforced with Security Containment compartment file access rules. The default set
of compartment access rules delivered with SRP has been developed to favor functional isolation,
application compatibility, and user session functionality over strong security containment. To
meet the specific security requirements of your environment, you might need to replace these
rules with security configuration to meet your application usage and local security policy as
described in “Securing SRP Compartments with Compartment Rule Include Files” (page 83).
To secure the network packets for an SRP compartment, you can use the HP-UX IPFilter or
HP-UX IPSec products. SRP can manage the configuration data for both these products and you
can use the SRP srp_setup utility to include these products in the default set of products
configured by SRP.
You can also use HP-UX Encrypted Volume and File system (EVFS) to protect disk data at rest,
or disk data that is not in use, such as when a disk device is physically transported. For more
information on EVFS, see the HP-UX Encrypted Volume and File system (EVFS) Administrator's
Guide.
Subsystems Configured by SRP
SRP can configure the following subsystems and HP-UX features:
• HP-UX Security Containment
• HP Process Resource Manager (PRM)
• IP interfaces
• Initialization and Shutdown Services
• HP-UX IPFilter
• HP-UX IPSec
HP-UX Security Containment
HP-UX Security Containment is a set of features that enhance system security. HP-UX Security
Containment consists of the following components:
14 Introduction