Manualshelf

PCI-DSS Compliance for an HP-UX Host

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
12345678910
9
mechanisms on NFS filesystems, ranging from enhanced user authentication to full data encryption. OpenSSH can
be used in heterogeneous systems environment to encrypt card holder data.
Internet Protocol Security (IPSec) is a protocol suite operating at Network Layer for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a communication session.
You can choose one of the three basic protocols of IPSec:
Authentication Header (AH)
Encapsulating Security Payload (ESP)
Internet Key Exchange (IKE)
The Authentication Header (AH) provides data or packet integrity. It also prevents address spoofing and replay
attacks. It authenticates the entire IP datagram using cryptographic hash algorithms.
Encapsulating Security Payload (ESP) provides confidentiality via encryption. It can optionally provide the same
authentication services that AH provides.
Typical encryption algorithms: 3DES, AES
Internet Key Exchange (IKE) generates and distributes crypto keys, data, and parameters necessary to operate the
either AH or ESP or both operations. IKE also authenticates the identity of the remote system. Creates a Security
association (security session) where the two systems agree on the type of authentication and encryption.
See HP-UX IPSec Administrator’s guide for configuring IPSec.
For more information about HP-UX IPSec, see Appendix A.
In cardholder data environment, administrators want to ensure their data is safe on the networks and are not
tampered with between sending and receiving systems. In environments where data security is critical, customers
want the ability to encrypt data before it is sent across their networks to guard against anyone collecting sensitive
data by examining NFS packets.
Secure Network File System (NFS) is an industry standard method of sharing file system data on a network. Secure
NFS allows customers to implement different security mechanisms on NFS file systems, ranging from enhanced
user authentication to full data encryption.
Secure shell can be used in heterogeneous systems environment to encrypt cardholder data. Secure Shell provides
encrypted communication sessions over a computer network in heterogeneous system environment using
the SSH protocol.
For more information about HP-UX Secure Shell, see Appendix A.
4.2 Never send unprotected PANs by end-user messaging technologies
(for example, e-mail, instant messaging, chat, and so on)
The HP-UX Security products can encrypt the cardholder data transmitted through the corporate network or over
the internet through OpenSSL or HP-UX IPSec.
As discussed in 4.1, cardholder data can be encrypted using HP-UX IPSec.