Network Security Features of HP-UX 11i v1 and 11i v2
Network Security Features of HP-UX 11i
Page 21
Secure Routing
Standard routing protocols and routing configurations permit unverified sources to reconfigure routings.
Connections can be hijacked and diverted to networks where they are not intended to go. However, HP-
UX provides secure routing through the following:
• gated daemon
• ramD with RIPng
gated Daemon
gated, the routing daemon in HP-UX, provides configurable options to rank routing information sources
from most trustworthy to least trustworthy and to accept information about any particular destination from
the most trustworthy source first. It also provides a means to filter out obviously invalid routes. You can
use the
gated import and export statements to restrict and control the route information propagated
from one routing protocol to another. In addition to this,
gated has an extensive tracing facility that can
be used for auditing.
gated Daemon Features
gated supports the following routing protocols:
• Routing Information Protocol (RIP): Use RIP to specify primary and secondary authentication
methods for each interface.
• Open Shortest Path First (OSPF): Provides authentication schemes specified in RFC2178.
• Border Gateway Protocol (BGP): Use BGP routing policy to restrict the routes that can be
advertised to or accepted from each of those peer routers. You can also use an underlying IP security
protocol such as IPsec to secure communications with the peer routers.
Route Administration Manager (ramD) with Next Generation Routing Information
Protocol (RIPng)
The HP-UX Route Administration Manager (ramD) supports the Next Generation Routing Information
Protocol (RIPng). RIPng evaluates multiple routes to a destination in an IPv6 network, assigns a metric
(or cost) value to each path and will select the optimal route for expediting data transfers.
ramD with RIPng Features
HP-UX Route Administration Manager includes the following protocols:
• RIPng: Support for dynamic routing