Manuals / HP / Computer Equipment / Software

HP UX 11i Role-based Access Control (RBAC) Software HP-UX Role-Based Access Control, Overview

Models: UX 11i Role-based Access Control (RBAC) Software

1 84
Download 84 pages 13.76 Kb
Page 27
Image 27

3 HP-UX Role-Based Access Control

The information in this chapter describes HP-UX Role-Based Access Control (HP-UX RBAC). This chapter addresses the following topics:

“Overview”

“Access Control Basics”

“HP-UX RBAC Components”

“Planning the HP-UX RBAC Deployment”

“Configuring HP-UX RBAC”

“Using HP-UX RBAC”

“Troubleshooting HP-UX RBAC”

Overview

Security—especially platform security—has always been an important issue for enterprise infrastructure. Even so, many organizations often neglected or overlooked such security concepts as individual accountability and least privilege in the past. However, recently introduced legislation in the United States—including the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley—has helped to highlight the importance of these security concepts.

Most enterprise environments have systems administered by multiple users. Typically this is accomplished by providing the administrators with the password to a common, shared account, known as root. While the root account simplifies access control management by enabling administrators with the root password to perform all operations—the root account also presents several inherent obstacles for access control management, for example:

After providing administrative users with the root password, there is no easy way to further constrain those users.

In the best case, revoking access for a single administrator requires changing the common password and notifying other administrators. More realistically, simply changing the password is probably not sufficient to effectively revoke access because alternative access mechanisms might have already been implemented.

Individual accountability with a shared root account is virtually impossible to achieve. Consequently, proper analysis after a security event becomes difficult—and in some cases impossible.

The HP-UX Role-Based Access Control (RBAC) feature resolves these obstacles by providing the capability to assign sets of tasks to ordinary—but appropriately configured—user accounts. HP-UX RBAC also mitigates the management overhead associated with assigning and revoking individual authorizations on a per-user basis.

HP-UX RBAC Versus Other RBAC Solutions

HP-UX RBAC offers several advantages over other role-based access control solutions available today, including:

Predefined configuration files specific to HP-UX, for a quick and easy deployment

Flexible re-authentication via Plugable Authentication Module (PAM), to allow restrictions on a per command basis

Integration with HP-UX (C2) audit system, to produce a single, unified audit trail

Pluggable architecture for customizing access control decisions

Simplified usability through integration with the HP-UX shells

Graphical, Web-based management through HP System Management Homepage

Overview 27

Page 26 Page 28
Page 27
Image 27
HP UX 11i Role-based Access Control (RBAC) Software manual HP-UX Role-Based Access Control, Overview
Page 26 Page 28