Presentation is loading. Please wait.

Presentation is loading. Please wait.

HP Consulting Israel Jacob Shaaltiel July 15, 2001 HP UX 11 Security Products.

Published byGodwin Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "HP Consulting Israel Jacob Shaaltiel July 15, 2001 HP UX 11 Security Products."— Presentation transcript:

1 HP Consulting Israel Jacob Shaaltiel July 15, 2001 HP UX 11 Security Products

2 IP Filter 9000 B9901AA IPSec 9000 J4255AA hp-UX intrusion detection J5083AA Kerbero s 5.0 J5844AA CIFS 9000 J5083AA HP Consulting Services HP UX 11i Security Features PAM And CDSA Trusted System (C2)

3 The server is the final line of defense HP-UX 11 Is The Most Secure Commercial Unix Server Industry standard security easily integrates in end-to-end security solutions High Performance Security Kerberos LDAP CDSA IPSec HP Praesideum Speedcard HP-UX software encryption acceleration Broad portfolio of security products and solutions to meet the demanding requirements of integrated OS, network and application security C2 Compliance Virtual Vault DomainGuard e-Firewall Extranet VPN Node Sentry Intrusion Detection

4 HP UX 11i Kernel Level intrusion detection

5 HP-UX 11.x Intrusion Detection Architecture Security Administration Kernel Audit Data Syslog DataOther Data IDS Agent Security Management OpenView IT/O Notification Reporting Analysis Response Misuse/Intrusion Alerts Control/Status Configuration IDS Applications Etc. Detection Pattern - Kernel - Application

6 Real-Time Detection and Alerts Intrusions detected as they occur System performance not degraded Three alert levels color coded Attacker identified Attack type identified

7 System Management Multiple hosts across the enterprise Surveillance groups for easy administration Surveillance schedules for maintenance, test

8 HP UX 11i Security IP Filter 9000

9 IPFilter/9000 is the same as the IP Filter Version 3.5 Alpha 5 from the public domain (authored by Darren Reed) with stronger quality. It contains all functionality in the public domain code including the unsupported perimeter firewall features, such as NAT and firewall stealth. The customers using the unsupported features may request for support from the public domain, at the URL: http://caligula.anu.edu.au/~avalon/ http://caligula.anu.edu.au/~avalon/ IPFilter/9000 is not supported in an MC/SG environment. IPFilter is offered for free on the application disk HP has positioned IP Filter/9000 as a system firewall and does not support the perimeter firewall features in the product.

10 IP Filter 9000 IP Filter/9000 provides the following benefits:  Protect an individual host in intranet against internal attacks · Protect a host in intranet against external attacks that breach perimeter defenses · Protect a bastion host on the perimeter (e.g. web server) · Protect a bastion host in the DMZ (e.g. web server) · Protect an application proxy firewall against attacks that target the underlying OS · Stop the security hole created by remote access workstation connected to Internet and having VPN access to intranet · Provide restricted configuration of internet services

11 IP Filter 9000 Example Filtering by Port Number object = addr [ port-comp | port-range ] port-comp = "port" compare port-num port-range = "port" port-num range port-num Only applicable with the TCP and UDP IP Protocols. Example: pass in quick proto tcp from any to 20.20.20.1/32 port = 23

12 HP UX 11i Security IPSec 9000

13 Types of VPNs Host-to-Host –End-to-End security to protect sensitive data for intra- or inter- network communications Site-to-Site –Replace expensive dedicated leased line WAN charges for site-to-site data connectivity Extranet VPN –Quick set-up of business-to-business WAN connectivity Remote Access –Replace expensive modem pools, ISDN per-minute charges HP Solution E-Firewall/VPN IPSec/9000 E-Firewall/VPN E-Firewall/VPN

14 HP IPSEC VPN Solutions E-Firewall Vendor X Firewall Corporate Intranet Encrypted IPSEC Unencrypted Data DMZ Legacy App Server Praesidium E-Firewall can function as VPN gateway for network-to- network IPSEC traffic and/or firewall filter to allow IPSEC through to the VPN Secure App Server Web Server Praesidium IPSEC/9000 Web server with IPSEC provides transparent network-level security allowing secure transfer of credit card numbers and other sensitive data. E-Firewall VPN Secure App Server Praesidium IPSEC/9000 Secure Application Server provides transparent end-to-end network- level security for legacy applications

15 HP-UX IPSec/9000 Product Overview IPSec-based standard solutions to provide interoperability and to protect customer’s investment. Scalable and flexible key management (IKE) for authentication Easy Integration with existing infrastructure- Pre-shared key support Scalable Public-key based authentication with PKI - automated certificate and CRL retrieval process Easy to adopt - allows existing applications to take advantage of IPSec services without modifications. Flexible rule-based security attribute and access control policy configurations - Allow combinations of IP addresses, subnet mask, ports, protocols and connection-based keying, security attribute configuration and packet filtering - Can be configured to filter both IPSec and clear-text packets Industry leading high-performance IPSec/VPN Crypto performance is optimized for PA-RISC architecture.

16 End-to-end IPSec to distribute cryptographic computation cycles among multiple end systems. Secure and ease-of-use Administration Tools GUI based IPSec Policy Configuration Console IPSec Policy Defaults Diagnostic and Monitoring Tool Logging and audit trail for accountability and intrusion alerts HP-UX IPSec/9000 Product Overview (Continue) Demonstrated multi-vendor interoperability at the ANX and IPSec standards bakeoffs. Both transport mode and tunnel mode are supported to facilitate flexible VPN scenarios. No cost.

17 HP UX 11i Security Trusted Mode (C2)

18 The Protected Password Database enables:  System Boot Authentication  Denial of encrypted password access by non-root users  Extending maximum password length beyond eight characters  Forcing all passwords to conform to minimum complexity requirements  Preventing reuse of password once they’ve expired  Establishing minimum and maximum password length requirements  Creation of a unique Audit ID for every user  Automatic user account expiration  Account login restrictions (time of day, day of week)  Account disabling after a number of failed login attempts  Login device restrictions (by tty) Trusted Mode also has a C2-compliant auditing system which audits system activity at a low ‘system call’ level. Trusted Mode (C2) Extensions to Security beyond Standard UNIX

19 Common Data Security Architecture

20 Thank You

Download ppt "HP Consulting Israel Jacob Shaaltiel July 15, 2001 HP UX 11 Security Products."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.

VPN: Virtual Private Network Presented by: Germaine Bacon Lizzi Beduya Betty Huang Jun Mitsuoka Juliet Polintan.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Similar presentations

Ads by Google