Filter
Top Products
Choosing a Migration Path
Install-time Security Considerations
Chapter 2 45
Secured Services and Protocols
Each security configuration bundle provides incrementally higher
security by locking down various protocols and services. HP-UX Bastille
uses a series of questions to determine which services and protocols to
secure. Using one of the Install-time Security Configuration bundles
applies a default security profile, simplifying the lockdown process.
The following tables detail the services and protocols affected by the
security bundles, listed in Table 2-2, if you choose to apply one at install-
or update-time.
• Table 2-3 lists the security settings for Sec10Host. These settings
also apply to Sec20MngDMZ and Sec30DMZ
• Table 2-4 lists the security settings applied with Sec20MngDMZ,
additional to the settings in Table 2-3
• Table 2-5 lists the security settings applied with Sec30DMZ. These
settings are additional to the settings applied in Table 2-3 and
Table 2-4
IMPORTANT Review these tables carefully. Some of the locked down services and
protocols may be used by other applications, and may have adverse
effects on the behavior or functionality of these applications. For
example, ServiceControl Manager and ParMgr rely on WBEM for part of
their functionality; Sec30DMZ blocks all incoming WBEM connections via
IPFilter.
You can change the security settings configured at install-time by
running HP-UX Bastille after installing or updating your system. For
more information about using HP-UX Bastille, see the Managing
Systems and Workgroups manual, or the HP-UX Bastille User’s Guide,
located on your system at
/opt/sec_mgmt/bastille/docs/user_guide.txt