HP Tightens Security on HP-UX Operating System

By Brian Turner

HP has upgraded security on its HP-UX 11i operating system with new encrypted volume and file system support for “data-at-rest,” which describes an embedded-trusted computing chip for HP’s Integrity servers.

The new encryption is included in HP-UX11i v2 tie in with HP’s Integrity servers which use the Intel Itanium processor. Itanium allows HP-UX 11i to do host-based encryption with low-performance overhead.

The encrypted volume support allows users to keep their existing storage hardware. The system is a host-based key management, which means that encryption keys are located on the platform itself. To further protect the encryption keys, Trusted Computing chips are included on some Integrity servers.

Security configuration has also been upgraded in HP-UX 11i v2. A new version of HP’s open source Bastille platform hardening application is now available. Bastille helps administrators setup and configure a secure posture for an operating system and is widely available for Linux. A drift management reporting feature has been included which will report if settings have been changed from a security standpoint.

Access to HP-UX systems has been improved with an update to HP-UX’s AAA (Authentication, Authorization, and Accounting) server. The new version includes an ODBC database plugin that enables the server to go to a database to make more sophisticated policy decisions.

HP is expected to distribute its version 3 of HP-UX 11i in 2007, which will support the Open Group’s UNIX 2003 specification. The version make it easier to write and deploy applications across Unix 03 compliant platforms.

Unix 03 compliance may also make it easier for users to migrate from one compliant system to another.