Partnering with leading security vendors
Evolving business value
With Tru64 UNIX worry-free security features
With business-critical and customer-sensitive information at stake on the Internet and in Web-based enterprise applications, effectively managing security must be a top priority. In fact, managing every aspect of an e-business processing platform is essential to ensure peak operating efficiency. Therefore, it is important to have on hand the tools and software necessary to achieve desired levels of control over security and other system functionality.
Tru64 UNIX and AlphaServer platforms are a logical choice for securing sensitive Internet and Web-based environments. Tru64 UNIX comes with a host of security features built into the operating system that are easily configured to meet precise security requirements and business objectives:
A la carte security for maximum business flexibility
Tru64 UNIX provides an à la carte approach that lets you choose just the C2 features you require so you don't have the overhead of features you don't need or want. The enhanced security system is tightly integrated with TruCluster Server, creating a single security domain to simplify system management.
Robust authentication framework for highly secure applications
SIA (Security Integration Architecture) is an authentication framework. SIA allows customers to write new authentication mechanisms that can be plugged into the SIA framework and then be used by any SIA aware program. This includes all Tru64 UNIX utilities that require authentication services. Applications don't have to be rewritten when a new authentication mechanism (e.g. Kerberos) is added. They can take advantage of the mechanism immediately.
Best auditing tool on the market
Tru64 UNIX offers an extensive auditing subsystem that permits auditing down to the system call level if required. The completeness of the Tru64 UNIX auditing system allows users to determine who made changes to system resources and when. This is particularly useful when an administrator is trying to determine why certain changes have occurred on a system.
Auditing can generate immense amounts of data. To help bound the amount of data produced, Tru64 UNIX provides a profiling mechanism to help administrators select a subset of the auditable events they want to audit for particular users.
Ultra-secure Internet transactions
The Common Data Security Architecture (CDSA) is a standard security framework that lets applications use cryptographic services, certificate services and security policy to make Internet transactions ultra secure. Applications running on Tru64 UNIX do not have to be rewritten to take advantage of new cryptographic algorithms. CDSA is included as part of the Tru64 UNIX operating system.
IPsec is a network security mechanism that works with both IPv4 and IPv6. IPsec allows users to set up Virtual Private Networks that provide authentication and privacy for communications on the open Internet. IPsec is included as part of the Tru64 UNIX operating system.
Internet Express › (Internet Express) for Tru64 UNIX is a collection of popular Internet software and administration software developed by HP. It includes all the Internet applications (pre-tested) needed for an AlphaServer system to act as a secure Internet or intranet server. Key security features included in Internet Express are the Compaq Secure Web Server (based on the Apache Web server) with built-in support for SSL and HP's AXL200 cryptographic coprocessor, TCP Wrappers, FireScreen, SATAN, the Basic Merit AAA RADIUS Server, and Denial of Service prevention tools.
SSH Secure Shell
SSH is the de facto standard for remote logins, with millions of users around the world. SSH solves the most important security problems on the Internet: eves dropping and hackers attack. The Secure Shell applications and protocol developed by SSH Communication Security and enhanced by hp Tru64 UNIX have set the bar for Internet security technologies and created the standard for encrypted terminal connections and secure file transfers. Typical applications include terminal connections, system administration, file transfers, tunneling, and access to corporate resources over the Internet. SSH is is included as a mandatory subset with the Tru64 UNIX operating system.
Single sign-on for heterogeneous environments
Tru64 UNIX allows Windows users to authenticate to Tru64 UNIX using their Windows 2000 username and password. Secure authentication between the Tru64 UNIX system and Active Directory occurs using Kerberos technology. UNIX user account information can be stored in the LDAP-enabled Active Directory to give administrators a single user account directory spanning Tru64 UNIX and Windows 2000. Administrators can also manage the additional Tru64 UNIX attributes using the Microsoft Management Console (MMC) snap-in extensions provided with the kit. Simplified system management
Single Security Domain for Tru64 UNIX clusters
A cluster running TruCluster Server software is a single security domain. Identification and authentication, Access Control Lists (ACLs), and auditing are configured identically on each member by default, presenting a coherent interface to the user and the system administrator. Because a single copy of the authentication files is shared among all cluster members, each user account is valid on all cluster members and a user can log in to the cluster alias without concern for which cluster member accepts the connection.
Tru64 Unix supports a number of directory server products, including Netscape's iPlanet Directory Server, Novell's e-Directory, Oracle's OID, HP's X500 Enterprise Directory and Open LDAP. Directory servers can be used to store user account data and certificate information as well as information about other system resources. This means Tru64 UNIX system administrators can store and manage one single copy of the information even though it may be used by many systems.