Benefits
Using HP-UX 11i Security Containment to secure your system offers the following benefits:
•Integrated security
You can use HP-UX Standard Mode Security Extensions in combination with the new security containment features to enhance the security of your HP-UX systems.
•Fewer users who need full superuser access to systems
Using HP-UX RBAC, you can give users specific administrator-level privileges on a system without giving those users full superuser access. These users can perform only specific administrative tasks on the system, as defined by their roles. This provides strong internal system security.
•Isolation of system resources
Using compartments, you can isolate applications and resources on a single system. Even if the security of one application is compromised, other resources on the system remain secure.
•Interoperable with existing HP-UX 11i security products
You can integrate HP-UX 11i Security Containment with your existing HP-UX security solution. HP-UX 11i Security Containment works with all other HP-UX 11i v2 security products and features.
•No need to modify existing applications
HP-UX 11i Security Containment can be configured to be transparent at the application layer. You do not need to modify your existing applications to use HP-UX 11i Security Containment.
•Interoperability with HP Serviceguard
HP Serviceguard is comparable with the HP-UX 11i Security Containment default configuration. Because Serviceguard requires communication and control between many processes and nodes, be sure to follow all constraints described in this document if you change the default containment configuration.
For more information about configuring HP-UX 11i Security Containment to ensure proper cluster operation for appropriate enforcement of security policies, refer to “Fine-Grained Privileges in HP Serviceguard Clusters” and “Compartments in HP Serviceguard Clusters”.