140 likes | 273 Views
Trusted OS and Appl i cat i on Secur i ty. Utku Ü nal Solution Consultant HP Consulting. reliability performance availability flexibility scalability. standard OS offers. but lacks security. application code. Why firewalls are not enough?. mail server. mail server. Firewall.
E N D
Trusted OS and Application Security Utku Ünal Solution Consultant HP Consulting
reliabilityperformanceavailabilityflexibility scalability standard OS offers but lacks security
application code Why firewalls are not enough? mail server mail server Firewall browser web server web server Database browser PointCast File Service ShockWave Network Management • Firewalls cannot detect and block security attacks that are “embedded” in unauthorized code unless the code has been anticipated • OS Security does contain damage to applications from these programs • OS Security complements firewalls that the organization already has in place
so what can you do? summary of Application & OS Security issues • Immature E-commerce applications rushed to market in “Internet time” put the back-end at risk • Off the shelf Unix & NT do not provide sufficient risk reduction for Web front-ends • Web servers, if compromised, can provide an easy conduit into your intranet and mission-critical applications • Linux was run on 41.8% of non-Microsoft sites ran Linux • January 2001 saw the first Linux “worm” – ramen • adore and lion followed • worms may deface your site and/or do other damage
so, you are concerned about security and reliability? hp secure OS software for Linux and VirtualVaultare the solutions
hp OS security proven protection • deployed by over 130 of the world’s largest banks • protected one customer from over 300,000 break-in attempts in one week • winner of Secure Computing “Best General Security Product” for three years • BITS certified – met strict criteria for financial institutions • passed rigorous tests from private organizations and government entities • hp - the first major vendor involved in Linux development and introduction
hp secure OS software security/strength of mechanisms VirtualVault trusted systems hp secure Linux HP-UX Bastille C2 HP-UX C2 layered systems HP Webenforcer base systems HP-UX, Linux Windows increase -- ease of use/administration, performance, compatibility – decrease
what is it? hp secure linux • a secure platform based on Red Hat Linux • flexible tools to configure security • applications to manage security • a wide range of services and support what does it do? what are the benefits? • provides triple-layer security TM • prevents attacks • protects against attacks in progress • contains any damage • protects a server from being: • attacked • compromised • used by others • maintains availability • isolates customers and applications • locks down system features • audits all system activities • provides file system protection • eases security administration • protects from most common attacks
how does it work? • armors standard red hat linux server with multiple layers of security • an easy to use secure server platform that protects keyserver components • includes prevention, containment and detection • includes OS and application layer sealed compartments applications web browser internal systems internet Apache data hp secure Linux
containment • file system protection • system configuration lockdown • auditing • secure administration mode review of major features
virtualvault what is it? • Commercial version of a trusted, military-grade operating system • Securely integrated, industry-leading Web server • Strictly partitioned Web runtime environment • “Vaulted” Java Virtual Machine, CGI’s and application gateways trusted os partitioned web runtime • Webserver and Intranet applications in separate compartments • Applications and their resources partitioned into classes - cannot interfere with each other • Trusted Gateway provides secure communication between the inside and outside compartments • Least privilege mechanism eliminates the “super-user” root function • Programs run only with specific privileges needed for task • Discrete set of privileges for OS system call actions • No inheritance of "power" between programs--no Trojan
how does it work? VIRTUALVAULT Event Monitoring Damage Control SYSTEM_HI Back-end Application Server OUTSIDE INSIDE JVM WEB Server cgi application Gateway Java Servlets HTML Pages Scripts & binaries SYSTEM Clients from Internet (Web browsers)