
Chapter 10 437
Tuning, Troubleshooting, Security, and Maintenance
ITO Security
Network Security
Network security involves the protection of data that is exchanged
between the management server and the managed node and is primarily
DCE related. ITO addresses the problem of network security by
controlling the authenticity of the parties, in this case the RPC client and
server, before granting a connection and ensuring the integrity of data
passed over the network during the connection.
Although ITO carries out its own, basic authorization checks when
communication between the management server and the managed nodes
is required, DCE allows the implementation of more stringent security at
process level between an RPC client and an RPC server, specifically in
the areas of authentication and privacy, or data protection.
The level of data protection is chosen by the client, although the server
has the option of deciding whether a chosen level is sufficient, and ITO
sees the concept of authentication in the context of either the RPC client
or the RPC server. For example, in the same way that an RPC server
needs to determine whether or not an incoming request is from a genuine
ITO client, an RPC client also needs to be sure that the server it is
calling really is an ITO server.
The section on network security covers the following areas:
DCE Configuration
Process names and passwords
Port security
Processes and port numbers
Basic DCE Configuration
If you want to protect communication between the ITO management
server and managed nodes using DCE’s security mechanisms, you need
to carry out some extra configuration steps. First of all, a DCE server
installation must be available in the local network. The DCE server
installation provides:
Cell Directory Service (CDS)
DCE security service
DCE Distributed Time Service (DTS)