Securing the Adaptive Enterprise: HP-UX Security features ...


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • 04/22/10
  • Securing the Adaptive Enterprise: HP-UX Security features ...

    1. 1. Securing the Adaptive Enterprise
    2. 2. Agenda <ul><li>Security – high priority for business today </li></ul><ul><li>Securing the adaptive enterprise </li></ul><ul><li>HP-UX Adaptive Enterprise technologies and solutions </li></ul><ul><li>Building a secure environment: client studies </li></ul>
    3. 3. today’s business and IT challenges
    4. 4. The increasing importance of security 1986 1990 1992 1994 1996 1998 2000 2002 73,359 The number of security incidents is increasing exponentially time Incidents 1988 <ul><li>Your business and customers under threat: </li></ul><ul><li>85% of large organizations attacked in 2002 </li></ul><ul><li>70% of attacks are internal </li></ul><ul><li>“ Love Bug” virus cost businesses $8.75 Bn </li></ul><ul><li>900,000 victims of identity theft every year </li></ul><ul><li>January, 2003: SQL/Slammer hits the internet </li></ul>Sources: CSI – FBI Computer Crime Survey, 2002 10000 20000 30000 40000 50000 60000
    5. 5. The consequences of an attack can be catastrophic <ul><li>Direct losses: </li></ul><ul><ul><li>lost orders </li></ul></ul><ul><ul><li>loss of immediate revenues </li></ul></ul><ul><ul><li>lost IP or confidential info </li></ul></ul><ul><ul><li>liabilities from lost employee or customer data </li></ul></ul><ul><ul><li>theft/ fraud </li></ul></ul><ul><li>Indirect losses: </li></ul><ul><ul><li>recovery costs </li></ul></ul><ul><ul><li>damaged competitiveness </li></ul></ul><ul><ul><li>damaged brand image </li></ul></ul>downtime is a key contributor to business losses Major security incidents lead to serious business impacts Average Utilities Banking Retail Finance Teleco Average of all industries: $1,010,536 per hour, or $16,842 per minute Source: Network Computing, April 2002 “Downtime Costs Money”
    6. 6. HP Adaptive Enterprise
    7. 7. business agility: the added dimension increase quality improve agility manage costs mitigate risk
    8. 8. building the foundation of an adaptive enterprise react to change anticipate changes pro-actively change use change to compete IT adaptability business agility stable dynamic managed / integrated manage and integrated resources <ul><li>enterprise integration </li></ul><ul><li>IT consolidation </li></ul><ul><li>Management </li></ul>dynamic and automated <ul><li>virtualization </li></ul><ul><li>on demand </li></ul><ul><li>managed services </li></ul><ul><li>integrated support </li></ul><ul><li>financing </li></ul>provide a stable, extensible foundation <ul><li>business continuity </li></ul><ul><li>security </li></ul>
    9. 9. Enterprise Integration IT consolidation Management Virtualization Business Continuity Security Managed Services Integrated Support Financing Adaptive Infrastructure and Management Solutions sourcing solutions cross-industry business solutions vertical industries others... CRM supply chain/ERP On Demand HP Adaptive Enterprise Solutions meet today’s challenges, build for tomorrow
    10. 10. Hp-ux11i security agility
    11. 11. D.H. Brown ranks HP-UX the leading UNIX ranked #1 in all five categories #1 scalability #1 reliability, availability and serviceability #1 systems management #1 internet and web application services #1 directory and security services
    12. 12. HP-UX11i Security Infrastructure Netscape Directory Server AAA Server Mobile AAA Server Kerberos Server Database Server App Server Host IDS IPFilter Security Patch Check Bastille LDAP UX Integration
    13. 13. Agile LDAP architectures Netscape Directory Server Kerberos Server LDAP UX Integration Unified Windows log-in Central repository for people, resources Access ticket based on LDAP rights Role-based changes for millions of users Network Security White Paper AAA Servers
    14. 14. Netscape Directory Server 6.1 <ul><li>Centralizes management of people and resources </li></ul><ul><li>Central repository for user profiles and preferences enabling personalization </li></ul><ul><li>Allows replication of data across the enterprise providing a centralized, consistent data source available to applications </li></ul><ul><li>Enables single sign-on access with a partner solution </li></ul><ul><li>Provides scalability for massive numbers of users </li></ul>
    15. 15. LDAP UX Integration <ul><li>Integrates with W2K ADS </li></ul><ul><li>Ldap general purpose directory </li></ul><ul><ul><ul><li>Store any type of object info and then query </li></ul></ul></ul><ul><ul><ul><li>NIS stores simple database… limits the query </li></ul></ul></ul><ul><ul><li>Ldap greater security </li></ul></ul><ul><ul><ul><li>SSL communication </li></ul></ul></ul><ul><ul><ul><li>Fine grained access control </li></ul></ul></ul><ul><ul><li>More manageable </li></ul></ul><ul><ul><ul><li>Delegated or central </li></ul></ul></ul><ul><ul><li>Greater application integration </li></ul></ul><ul><li>A strategic direction whitepaper </li></ul>
    16. 16. Kerberos Server <ul><li>Key Distribution Center (KDC) </li></ul><ul><ul><li>Centralized authentication with robust encryption </li></ul></ul><ul><ul><li>A single repository for enterprise authentication information </li></ul></ul><ul><ul><li>Single sign-on capabilities </li></ul></ul><ul><ul><li>GSS API programming </li></ul></ul><ul><ul><li>Built-in support for secure FTP, telnet, and r* commands </li></ul></ul><ul><ul><li>HP-UX Integration support </li></ul></ul><ul><li>Product Brief </li></ul>
    17. 17. HP-UX AAA Servers <ul><li>Authentication, authorization, and accounting (AAA) </li></ul><ul><li>RADIUS protocol </li></ul><ul><ul><li>Authenticates land or mobile users </li></ul></ul><ul><ul><li>Authorizes access from access point </li></ul></ul><ul><ul><li>Provides session control and billing information </li></ul></ul><ul><li>Diameter white paper supports wireless internet connections </li></ul><ul><li>How to secure wireless LANs </li></ul><ul><li>Solution brochure </li></ul>
    18. 18. Accountable Host Security Host IDS Security Patch Check IPFilter HP-UX Bastille
    19. 19. Real-time host intrusion detection <ul><li>Detection Template </li></ul><ul><ul><ul><li>kernel audit data </li></ul></ul></ul><ul><ul><ul><li>high quality detection </li></ul></ul></ul><ul><ul><ul><li>not just audit log detection </li></ul></ul></ul><ul><ul><ul><li>five patents on technology </li></ul></ul></ul><ul><li>Real-time alerts </li></ul><ul><ul><ul><li>agents on hosts </li></ul></ul></ul><ul><ul><ul><li>alerts to management console … or to… </li></ul></ul></ul><ul><ul><ul><li>OpenView VPO management </li></ul></ul></ul><ul><li>Management </li></ul><ul><ul><ul><li>GUI browser for configuration </li></ul></ul></ul><ul><ul><ul><li>OpenView reporting </li></ul></ul></ul><ul><li>H-IDS presentation available </li></ul>
    20. 20. HP-UX IPFilter System Firewall <ul><li>Protects hosts on the perimeter such as a web server. </li></ul><ul><ul><li>Stateful packet inspection remembers history and filters IP packets and streaming UDP traffic </li></ul></ul><ul><ul><li>Application proxy firewall against attacks that target the underlying OS. </li></ul></ul><ul><ul><li>Configurable filter, proxy and rules </li></ul></ul><ul><li>Dynamic connection allocation controls number of incoming connections to mitigate a flood of TCP in a DOS attack </li></ul><ul><ul><li>Useful to protect mail servers </li></ul></ul><ul><ul><li>Protect LDAP servers from bogus SSL connections </li></ul></ul><ul><li>IPFilter Solution brief </li></ul>
    21. 21. HP-UX Bastille <ul><li>Security lockdown tool </li></ul><ul><li>Various hardening required of servers used for web-servers, applications, and databases. </li></ul><ul><li>70 configurations presented as security/usability tradeoff questions </li></ul><ul><li>Configures or disables: daemons, system settings, and IPFilter, password shadowing, inetd audit </li></ul><ul><li>Turns off unauthenticated services such as pwgrd and printing, rcp, and rlogin </li></ul>
    22. 22. Security Patch Check for HP-UX <ul><li>Semi-automatic patch administration </li></ul><ul><li>Analyzes installed file sets and patches </li></ul><ul><li>Recommends patches to be added to a system to cover all security defects </li></ul><ul><li>Warns about recalled patches </li></ul><ul><li>From a report Admin downloads patches from HP library </li></ul><ul><li>Integrates with HP ServiceControl Manager </li></ul>
    23. 23. HP-UX Core Security Features HP-UX 11iv2
    24. 24. Core HP-UX 11i Security <ul><li>Trusted mode is Common Criteria Certified EAL4-CAPP </li></ul><ul><li>Stack buffer overflow protect </li></ul><ul><li>Access control-file permissions </li></ul><ul><li>Object reuse- prevention </li></ul><ul><li>Managers-SAM, ServiceControl </li></ul><ul><li>Pluggable authentication (PAM) </li></ul><ul><li>Passwords-long, checking </li></ul><ul><ul><li>Shadow-encrypted </li></ul></ul><ul><li>Audit –trusted and IDS </li></ul><ul><li>Encryption-random number generator, benchmarks </li></ul><ul><li>Secure Shell encrypted log-on </li></ul><ul><li>Install-time security on v2 </li></ul><ul><li>HP-UX 11iv2 White Paper </li></ul>
    25. 25. Customer Solution
    26. 26. ABN AMRO Bank – the need <ul><li>Provide new secure services to the wholesale banking client base through an integrated business-to-business web portal: </li></ul><ul><li>Increase the total customer experience </li></ul><ul><li>Improve daily operational tasks such as retrieving customer information </li></ul><ul><li>Ensure high levels of security in the new environment </li></ul>One of the Top 20 worldwide banking groups
    27. 27. ABN AMRO Bank – the solution Enable new B2B portal <ul><li>consulting services </li></ul><ul><li>Security Review across multiple sites </li></ul><ul><li>Security Architecture Design </li></ul><ul><li>Technology Selection </li></ul><ul><li>Secure Infrastructure Services </li></ul><ul><li>Netegrity SiteMinder customization and integration </li></ul><ul><li>education & training </li></ul><ul><li>Secure Application Development </li></ul><ul><li>User Training for 7,500 employees </li></ul><ul><li>technology solutions </li></ul><ul><li>Single Sign-On </li></ul><ul><li>HP UNIX Servers </li></ul><ul><li>HP High Availability </li></ul><ul><li>HP Data Storage Protection Software </li></ul><ul><li>Troubleshooting and support services </li></ul>Access tier SwitchesGateways Wireless and DNS Application Servers Disk System SAN Solutions Application tier PCs Notebooks PDAs Printers Access devices Data-base Servers High-end Arrays Backup Solutions Non-Stop High Activity Solutions Database tier VPN/ Firewall Web tier NAS Server Blades SSL Accelerators Load Balancers Web Servers Switches Firewall HP UNIX Servers MC/ServiceGuard MirrorDisk-UX Single Sign-On Netegrity SiteMinder
    28. 28. ABN AMRO Bank – the benefits <ul><li>Internal and external business applications available through the secure portal, resulting in better customer satisfaction, better customer service and reduced costs. </li></ul><ul><li>7,500 customer and employees accessing 25 integrated applications </li></ul><ul><li>Reduced transaction costs </li></ul><ul><li>Reduced opportunity for fraud </li></ul><ul><li>Reduced administrative effort </li></ul>“ ABN Amro is now better positioned to react quickly to new developments in the rapidly evolving financial services industry.” ABN Amro spokesman
    29. 29. HP delivers more <ul><li>more accountability </li></ul><ul><li>more agility </li></ul><ul><li>greater return on IT </li></ul>