Manualshelf

Web Enabling Your HP 3000

ManualsBrandsHP ManualsSoftwareMPE/iX 6.5 Operating System
11121314151617181920
Secure Edition of the MPE/iX Web Server based on Apache
The MPE/iX Web Server based on Apache provides HP e3000 customers a quick, easy, powerful
and affordable way to establish an Internet and intranet presence. In addition, HP will offer the
Secure Edition of the MPE/iX Web Server based on Apache for users to conduct secure transac-
tions over the Internet. The Features include:
Full-strength 128-bit encryption
Support for SSLv2, v3 and TLS v1.0 protocols. The protocols provide protection against
eavesdropping, tampering, forgery, and ensure privacy and the integrity of data transferred
between a web browser and a web server.
Support for X.509 certificates authentication
Support for session caching for better SSL performance.
The Secure Edition of the MPE/iX Web Server based on Apache running on MPE/iX 6.0 and 6.5
will be available to order from an HP authorized reseller, or for downloading in the near future.
System Security
When your HP e3000 system connects to the Internet, it is important to tighten the security.
System security is built into the operating system to protect against unauthorized access and
data corruption. MPE/iX is designed so that user capabilities, the account structure, the file sys-
tem, and system security are all integrated. HP e3000 allows you to configure your system secu-
rity to meet your business policy requirements. There are several ways a System Manager can
administer operating system level security on a HP e3000:
A user’s identity and capabilities determine how a user is known to the system and what sys-
tems access levels or functions they are allowed to perform. System access levels range from
the lowest, available to all users, to the highest, open only to system and security manage-
ment. The system checks a user’s identity and capabilities to determine access level. As users
execute system functions and tasks, the system constantly checks their capabilities to make
sure he or she is allowed to do so.
Access to files and programs can be restricted by assigning users to accounts, issuing appro-
priate capabilities, enforcing the use of passwords, and applying file access restrictions and
lockwords.
Using access control definitions (ACDs) can also control file access. ACDs are the recom-
mended method of controlling access to files in systems that maintain a C2 level of trust. C2
is a set of security criteria defined by the U.S. Government Department of Defense.
Programs also have capabilities, which are assigned by the programmer at the time the pro-
gram is created. The capabilities assigned to a program allow it to access particular functions.
When a program that has special capabilities run, the system does not require the user to
have those capabilities. The program runs and exercises its capabilities in conjunction with
those of the user. In addition to the capabilities just described, some programs check user
capabilities before issuing certain functions.
The HP Security Monitor/iX product can be used to provide further protection against unau-
thorized access to sensitive data and system resources through stronger password protection
and stronger audit trails. Controls are also available via the Security Configuration Utility (a
tool provided by the Security Monitor) to manage system global security policies. Security
Monitor/iX complies with the U.S. Government’s “C2” security specification.
16