• Perl script that performs analysis of file sets and patches installed on an HP-UX machine and generates a report of recommended security patches

• Uses a combination of highly efficient software and existing memory management hardware to protect against both known and unknown stack buffer overflow attacks. Eliminates need to modify a program’s code to get stack buffer overflow protection, unlike other products that require time consuming program modifications, recompilation, or relinking
• Provides a “trial mode” that assures application owners that it will not interfere with legitimate
  applications
• Provides a “zone bypass” feature that allows application owners to mark particular binaries as having a legitimate need to execute code located on their stack(s). Programs so marked are exempt from the HP-UX stack buffer overflow protection

• Stores a series of entries that identify specific users or groups and their access privileges for a directory or file
• Specifies detailed access permissions for multiple users and groups
• Supports Journaled File System (JFS 3.3)

• Contains all the GSS APIs in RFC 2743 and is Application Programming implemented as C programming language Interface (GSS API) interfaces
• Provides security services for client/server applications independent of various underlying security mechanisms and communication protocols, including authentication, integrity, and confidentiality services
• Enables application developers writing secure applications to write code only once, eliminating the need to change it whenever the underlying security mechanism changes

• Uses the first sendmail release to include antispam rule sets, which give mail administrators significantly more power to reduce spam
  

• HP implementations of RSA, AES, DES, and triple-DES cryptographic algorithms use advanced features of assembly language for both PA-RISC 2.0 and IPF, taking full advantage of 64-bit architectures
• Achieves almost twice the encryption speed of other leading software implementations

Bastille, a security-hardening tool, gives
administrators a question-and-answer method
to harden or lock down HP-UX server systems. It
accommodates the various degrees of hardening
required of servers used for Webs, applications,
and databases:

• Answer security questions
• Answer usability questions
• Lock-down appropriate to HP-UX server use
• Produce a profile script
• Use the script to harden many servers in the same category

• Provides secure and private communication over the Internet and within the enterprise—without modifying existing applications
• Incorporates Internet Key Exchange (IKE) as an automated protocol for dynamically negotiating the IPSec parameters. IKE provides dynamic secret key generation and exchange for IPSec and allows for scalability
• Inter operates with over 25 other IPSec implementations, including Linux and those of Cisco Systems and Microsoft®

• A stateful inspection host-based firewall system that provides filtering of selected IP traffic into or out of the system

• Provides key distribution facilities to implement the Kerberos authentication protocol in network-distributed enterprises
• Provides strong authentication for client/server applications by using secret-key cryptography
• Enables encryption of all communications to ensure privacy and data integrity
• Provides the foundation for secure single sign-on to applications and multi-platform resources

• Provides authentication, authorization, and accounting services using the RADIUS protocols
• Enables service providers or enterprises to authenticate users and then account for time and billing use of network services
• Supports EAP (Extensible Authentication Protocol) for wireless LAN security

Pluggable Authentication Module (PAM)

• Industry-standard authentication framework gives system administrators the flexibility to choose any authentication service available on the system
• Allows new authentication service modules to be plugged in and made available without modifying the applications

• Provides data integrity and authentication to applications using cryptographic digital signature
• Prevents non-authorized access to DNS and prevents tampering with name-to-address mapping over the wire
• Restricts DHCP updates to those authorized to perform them
• Guarantees the integrity of zone data using digital signatures

A powerful software-based approach to encrypted
network security:

• Provides secure remote login
• Encrypts data sent over the network using SSH-1 or SSH-2 protocols
• Decrypts data once it reaches its destination