Security

AIX Version 6.1 provides many significant new security technologies and security enhancements. The purpose of this IBM Redbooks publication is to highlight and explain the security features at the conceptual level, as well as provide practical examples of how they may be implemented. Some features are extensions of features made available in prior AIX releases, and some are new features introduced with AIX V6.

From firewalls to operating system hardening, this redbook illustrates additional tools and techniques that you can use to enhance the security environment of your IBM pSeries, IBM RS/6000 workstation, SP, or Cluster. The approach taken is from outside to inside and from top to bottom. We move from the servers on the far reaches of your network that are visible to the outside world to those in the innermost recesses of your intranet containing your most confidential data. As we move through these servers, we work from the application layer at the top to the network layer at the bottom. Along the way, we cover third-party software that is readily available, modifications to the standard software that comes with AIX and PSSP, and assorted techniques that can all be used to provide enhanced security in your environment.

Open Secure Shell (OpenSSH) is an open source version of the SSH protocol suite of network connectivity tools. The tools provide shell functions that are authenticated and encrypted. OpenSSH is reliable and secure and is widely accepted in the IT industry.

Open Source TripwireŽ software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.

This document describes the use of Kerberos as an alternative authentication mechanism to AIX using Windows 2000/2003 Server Kerberos Service.

This document describes the use of Kerberos as an alternative authentication mechanism to AIX. Kerberos technology combined with LDAP user/group management provides a robust, centralized and scalable authentication and identification mechanism for AIX.