Manualshelf

Safe and Powerful: Security in HP-UX System Management Homepage (SMH)

ManualsBrandsHP ManualsSoftwareHP-UX System Administration
12345678910
4
SMH offers auto-start and time-out features that the user can configure by using the
hpsmh(1M) and smhstartconfi g(1M) commands.
SMH supports the Mozilla, Firefox, and Internet Explorer web browsers.
SMH provides the command preview feature that enables the user to view the commands
that will be run for a task before executing that task. This feature facilitates training and
usage in scripts.
A majority of the SMH applications are localized. Online help for some of the
applications are available in nine languages: English, French, German, Italian,
Japanese, Korean, Simplified Chinese, Spanish, and Traditional Chinese.
All the key administrative actions are recorded in samlog, which can be viewed through
the Samlog Viewer in SMH.
SMH creating a secure product
HP takes the security of its products very seriously and wants to protect customers against
vulnerabilities. The following security related items have been included in the development of
SMH to ensure security:
SMH undergoes a periodic security analysis known as CATA (Commercial Application
Threat Analysis). The various management utilities that plug-in to SMH also undergo this
analysis. Anything found during this analysis that is of concern is added back into the
next development/release cycle of the product. If it is an urgent item, a patch is
developed and released.
SMH uses the secure http protocol (https).
SMH validates user inputs. SMH has a limited number of user input fields and the fields
that are available are validated. This reduces the chances of SQL Injection, or other
scripting techniques being used against the SMH product.
SMH takes care of cross-site scripting vulnerabilities.
The Apache instance for SMH runs as a non-privileged user (hpsmh). In addition, SMH
runs its own Apache instance, with its own built-in security controls, separate from any
other Apache instance that may be running on a system.
The SMH development team follows industry standard Apache security best practices as
part of the SMH configuration (see the ‘For more information’ section at the end of this
paper for links to Apache Security resources).
The SMH team works closely with the HP team that builds and supports Apache for
HP-UX. Any vulnerability that is announced in Apache in the industry is mitigated in the
HP-UX version of Apache.
A team within HP, known as the Software Security Response Team (SSRT), is dedicated to
addressing any and all potential security vulnerabilities with software and firmware
products sold and supported by the Hewlett-Packard Company. SMH team works closely
with the SSRT team to fix any reported vulnerabilities.
SMH security features
SMH provides the following enhanced security and streamlined operations:
Browser access using operating system-based SSL-secure authentication.