Manualshelf

PCI-DSS Compliance for an HP-UX Host

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
11121314151617181920
16
10.4 Using time-synchronization technology, synchronize all critical
system clocks and times and ensure that the following is implemented for
acquiring, distributing, and storing time
If a malicious individual has entered the network, they often attempt to change the time stamps of their actions
within the audit logs to prevent detection of their activity. For post-incident forensics teams, the time of each
activity is critical in determining how the systems are compromised. A malicious individual might also try to directly
change the clock on a time server, if access restrictions are not appropriate, to reset the time to before the
malicious individual was in the network.
This requirement can be addressed by using Network Time Protocol (NTP), a networking protocol used for clock
synchronization between systems over the network.
For more information about NTP, see Appendix A.
10.5 Secure audit trails so they cannot be altered
Without adequate protection of audit logs, their completeness, accuracy, and integrity cannot be guaranteed, and
the audit logs can be rendered useless as an investigation tool after a compromise. Adequate protection of the audit
logs includes strong access control (limit access to logs based on “need to know” only) and to make the logs harder
to find and modify.
HP-UX Audit records are collected in audit logs or files in binary format and stored in a file system in one or more log
files that reside in the same directory. Audit trails cannot be read or written by anyone other than root. The
audomon command can be invoked to perform audit trail backup, archival, and off site transfer.
The archived files can be protected from unauthorized modifications using HP-UX Whitelisting product. Whitelisting
security features include file access policies which when assigned to a regular file prevents it from being modified,
deleted, or renamed within the parent directory.
For more information about HP-UX Audit, see Appendix A.
For more information about HP-UX Whitelisting, see Appendix A.
This requirement can also be addressed by HP enterprise security products "HP TippingPoint Intrusion Prevention
Systems (IPS) and HP ArcSight ESM Compliance Insight Package for PCI”.
For more information about HP Enterprise Security Products, see Appendix A.
For more information about HP Networking, see Appendix A.
Requirement 11: Regularly test security systems and
processes
Sub Req# Requirement Products
11.1 Test for the presence of wireless access points Not in the purview of this document
11.2 Run internal and external network
vulnerability scans
Not in the purview of this document
11.3 Perform external and internal
penetration testing
Not in the purview of this document
11.4
Use either intrusion-detection systems or intrusion-
prevention systems or both
HP-UX HIDS, HP-UX IPFilter
11.5
Deploy file-integrity monitoring tools HP-UX HIDS