HP Instant Capacity User's Guide for versions 8.x > Appendix A Special Considerations

Security Related Issues

  Table of Contents

  Index

Customer protections which iCAP assumes to be in place

iCAP commands provide system status information and facilitate system configuration modification, and are therefore executable only by personnel with root level access. An assumption is made that there exist administrative policies which exercise the appropriate degree of control over root level access.

Disabling the iCAP daemon (HP-UX)

The iCAP daemon (icapd) can be disabled by commenting out its entry in the /etc/inittab system file, resetting the init task (init -q), and killing icapd via kill -9 or kill -s SIGTERM.

Note that disabling the daemon in this way will have the effect that other partition management software will not be able to determine if the system contains iCAP components and will, as a result, refuse to manage any components that are present.

Customer Security Requirements

The Instant Capacity software is designed to provide maximum protection for sensitive customer information, and follows these customer security requirements:

  • Sensitive customer data (names, phone numbers, e-mail addresses, hostnames, IP addresses) is not transmitted to HP.

  • There are no transmissions of authentication credentials in clear (non-encrypted) text.

  • Non-superuser access to iCAP commands and data is not allowed.

  • Confidential information is encrypted when transmission is required.

  • Appropriate protections are accorded to confidential data and authentication credentials.

Security Tuning Options

iCAP asset reporting (via e-mail to HP) is optional, but is turned on by default. Customers can disable asset reporting by executing the icapnotify -a off command.