Manualshelf

Network Security Features of HP-UX 11i v1 and 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
12345678910
Page 2
Introduction
Hewlett-Packard is a recognized leader in network security. The 11i v1 and 11i v2 releases of HP-UX
contain a rich set of standards-based and directory-enabled network security features that enable
companies to build their e-business without compromising corporate security.
HP products in the security area leverage its other core competencies, including superior performance,
high availability, HP-UX/ Windows
®
interoperability, HP-UX/Linux interoperability, and network
management, in order to provide the industry’s best security solutions for HP customers.
HP-UX servers and workstations equipped with these network security features and products enhance the
overall security of heterogeneous networks, where they can interoperate with a broad variety of other
platforms such as Windows 2000 servers, Linux servers, and other UNIX
®
systems.
As the Internet expands, more companies are using it to grow their businesses. Companies can broaden
their enterprise network to include remote employees and business partners through the Internet. Through
the Internet, corporations can exchange information, services, and goods on a global basis. Companies are
no longer confined by their physical boundaries. Instead, efficient and secure network communication is
becoming vital to meet their fast-growing business needs.
In the new environment, the Internet is a shared network infrastructure—one that is open to public
attacks. In addition to external threats, companies are also vulnerable to internal security breaches.
According to the FBI, the overwhelming majority (80 percent) of security breaches occur as the result of
internal attacks rather than external attacks. Therefore, a company needs strong and cost-effective security
mechanisms to safeguard every aspect of its business network environment.
The goal of a network attack falls into one of the following three general categories:
1. Theft of confidential information (eavesdropping)
2. Disrupting the legitimate use of the network or data (Denial of Service or DoS)
3. Theft of services (stealing network access)
There are a wide variety of techniques used to attack systems and networks, including man-in-the-middle
attacks, spoofing attacks, replicating virus DoS attacks, and many more. However, the fundamental
purpose of any attack is one of the three listed above.
Real-World Networking Security Example
A company requires that wireless clients contact and transmit data to and from a web server. The
company relies on HTTPS (secure web access) to safely transmit data from wireless clients to the web
server, creating security against threats described by attack goal number 1 above. However, HTTPS does
not eliminate the need to control access to the network through the wireless access point, in order to
prevent flooding the network with unauthorized requests—as described by attack goal number 2 above.
To secure the network against all three categories of attacks described above, protection must be provided
at and between the following layers of a network:
External Network Edge (LAN switches, WLAN Access points)
Internal or intra-network boundaries (Firewalls, routers, VPN Gateways)