1 / 14

Trusted OS and Appl i cat i on Secur i ty

Trusted OS and Appl i cat i on Secur i ty. Utku Ü nal Solution Consultant HP Consulting. reliability performance availability flexibility scalability. standard OS offers. but lacks security. application code. Why firewalls are not enough?. mail server. mail server. Firewall.

randi
Download Presentation

Trusted OS and Appl i cat i on Secur i ty

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trusted OS and Application Security Utku Ünal Solution Consultant HP Consulting

  2. reliabilityperformanceavailabilityflexibility scalability standard OS offers but lacks security

  3. application code Why firewalls are not enough? mail server mail server Firewall browser web server web server Database browser PointCast File Service ShockWave Network Management • Firewalls cannot detect and block security attacks that are “embedded” in unauthorized code unless the code has been anticipated • OS Security does contain damage to applications from these programs • OS Security complements firewalls that the organization already has in place

  4. so what can you do? summary of Application & OS Security issues • Immature E-commerce applications rushed to market in “Internet time” put the back-end at risk • Off the shelf Unix & NT do not provide sufficient risk reduction for Web front-ends • Web servers, if compromised, can provide an easy conduit into your intranet and mission-critical applications • Linux was run on 41.8% of non-Microsoft sites ran Linux • January 2001 saw the first Linux “worm” – ramen • adore and lion followed • worms may deface your site and/or do other damage

  5. so, you are concerned about security and reliability? hp secure OS software for Linux and VirtualVaultare the solutions

  6. hp OS security proven protection • deployed by over 130 of the world’s largest banks • protected one customer from over 300,000 break-in attempts in one week • winner of Secure Computing “Best General Security Product” for three years • BITS certified – met strict criteria for financial institutions • passed rigorous tests from private organizations and government entities • hp - the first major vendor involved in Linux development and introduction

  7. hp secure OS software security/strength of mechanisms VirtualVault trusted systems hp secure Linux HP-UX Bastille C2 HP-UX C2 layered systems HP Webenforcer base systems HP-UX, Linux Windows increase -- ease of use/administration, performance, compatibility – decrease

  8. what is it? hp secure linux • a secure platform based on Red Hat Linux • flexible tools to configure security • applications to manage security • a wide range of services and support what does it do? what are the benefits? • provides triple-layer security TM • prevents attacks • protects against attacks in progress • contains any damage • protects a server from being: • attacked • compromised • used by others • maintains availability • isolates customers and applications • locks down system features • audits all system activities • provides file system protection • eases security administration • protects from most common attacks

  9. how does it work? • armors standard red hat linux server with multiple layers of security • an easy to use secure server platform that protects keyserver components • includes prevention, containment and detection • includes OS and application layer sealed compartments applications web browser internal systems internet Apache data hp secure Linux

  10. containment • file system protection • system configuration lockdown • auditing • secure administration mode review of major features

  11. virtualvault what is it? • Commercial version of a trusted, military-grade operating system • Securely integrated, industry-leading Web server • Strictly partitioned Web runtime environment • “Vaulted” Java Virtual Machine, CGI’s and application gateways trusted os partitioned web runtime • Webserver and Intranet applications in separate compartments • Applications and their resources partitioned into classes - cannot interfere with each other • Trusted Gateway provides secure communication between the inside and outside compartments • Least privilege mechanism eliminates the “super-user” root function • Programs run only with specific privileges needed for task • Discrete set of privileges for OS system call actions • No inheritance of "power" between programs--no Trojan

  12. how does it work? VIRTUALVAULT Event Monitoring Damage Control SYSTEM_HI Back-end Application Server OUTSIDE INSIDE JVM WEB Server cgi application Gateway Java Servlets HTML Pages Scripts & binaries SYSTEM Clients from Internet (Web browsers)

  13. review of major features

More Related