Configuring and Managing MPE/iX Internet Services (MPE/iX 6.5)
Chapter 10 161
HP WebWise MPE/iX Secure Web Server
Feature Set
Feature Set
HP WebWise MPE/iX Secure Web Server offers secure encrypted communications between
browser and server via the SSL and TLS protocols, as well as strong authentication of both
the server and the browsers via X.509 digital certificates. HP WebWise MPE/iX Secure
Web Server is:
• NOT a substitute for a firewall (explicitly allow acceptable connections, etc.)
• NOT a substitute for good host security practices (change default passwords, keep the
OS up-to-date, etc.)
• NOT a substitute for good application security practices (use appropriate file and user
security, carefully validate all input data, etc.)
• NOT a substitute for good human security practices (communicate the importance of
protecting sensitive or proprietary data, no password sharing, etc.)
WebWise is just one component in a secure environment and by itself does nothing to
prevent the number one cause of web server break-in events — poorly written CGI
applications. Well-written CGI applications must rigorously validate every byte of data
sent by a browser, and must refuse to process any input data containing unexpected
characters.
The security features of HP WebWise MPE/iX Secure Web Server are based on mod_ssl
which is not included in Apache for MPE/iX distributed with MPE/iX 6.0 and later.
Mod_ssl provides the following features:
SSLv2.0, SSLv3.0, and TLSv1.0 Protocols
These protocols lie between the HTTP and TCP/IP protocol layers and provide secure,
authenticated, encrypted communications between the HP WebWise MPE/iX Secure Web
Server server and browser clients.
X.509 Digital Certificates
Signed by external trusted Certificate Authorities, X.509 certificates provide
authentication for both the HP WebWise MPE/iX Secure Web Server and browser clients.
Flexible Encryption Cipher Configuration
HP WebWise MPE/iX Secure Web Server permits you to configure a wide variety of
encryption ciphers, ranging from high-grade domestic-only algorithms to algorithms
suitable for export.
Additional Log Files
Two new log files, ssl_engine_log and ssl_request_log, allow you to log various events
associated with secure web requests.