Front cover -- Contents -- Figures -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. Introduction -- 1.1 Security overview -- 1.1.1 System security -- 1.1.2 Network security basics -- 1.1.3 Data transmission security -- 1.2 Cluster Systems Management security basics -- 1.2.1 Reliable Scalable Cluster Technology (RSCT) -- 1.2.2 Resource Monitoring and Control (RMC) -- 1.2.3 Resource managers (RM) -- 1.2.4 Cluster Security Services (CtSec) -- 1.2.5 Group Services and Topology Services -- Chapter 2. Security concepts and components -- 2.1 General security requirements -- 2.1.1 Authentication -- 2.1.2 Authorization -- 2.1.3 Data privacy -- 2.1.4 Data integrity -- 2.2 Security algorithms -- 2.2.1 Symmetric key encryption -- 2.2.2 Public key encryption -- 2.2.3 Secure hash functions -- 2.2.4 Public key certificate -- 2.2.5 Secure Sockets Layer and Transport Layer Security -- 2.2.6 Secure Shell (SSH) -- 2.3 Security requirements and algorithm relationship -- 2.3.1 Using encryption to ensure data privacy -- 2.3.2 Using signatures to ensure data integrity -- 2.3.3 Combining data integrity and data privacy -- 2.3.4 Use of different cryptographic techniques -- Chapter 3. Cluster Systems Management security infrastructure -- 3.1 Reliable Scalable Cluster Technology security -- 3.2 Components of Cluster Security Services (CtSec) -- 3.2.1 Mechanism abstract layer (MAL) -- 3.2.2 Mechanism pluggable module (MPM) -- 3.2.3 UNIX mechanism pluggable module -- 3.2.4 Host-based authentication with ctcasd -- 3.2.5 Identity mapping service -- 3.2.6 Resource Monitoring and Control access control list -- 3.3 Communication flow examples -- 3.3.1 Initial cluster setup -- 3.3.2 Adding a new node -- 3.3.3 Requesting access to resources -- Chapter 4. Practical security considerations.

4.1 Network considerations -- 4.2 Shell security (required parameters) -- 4.3 Configuration file manager (CFM) -- 4.4 User management -- 4.5 Security in a heterogeneous environment -- 4.6 Web-Based System Manager -- 4.6.1 Securing Web-Based System Manager -- 4.6.2 Installing WebSM Security on a remote client -- 4.7 Security considerations for hardware control -- 4.7.1 User IDs and passwords -- 4.7.2 Resource Monitoring and Control access control lists -- 4.7.3 Console server security -- 4.8 Name resolution -- Chapter 5. Securing remote command execution -- 5.1 Remote command execution software -- 5.2 OpenSSH installation on AIX -- 5.2.1 Downloading OpenSSH and prerequisite OpenSSL software -- 5.2.2 Preinstallation tasks -- 5.2.3 Installing SSH on AIX manually -- 5.2.4 Post-installation tasks -- 5.2.5 Installing OpenSSH 3.4 for AIX 5L on AIX servers using NIM -- 5.2.6 Verifying the SSH installation on the AIX nodes -- 5.3 Installing SSH on Linux nodes -- 5.4 OpenSSH configuration inside the CSM cluster -- 5.4.1 Preliminary actions -- 5.4.2 Update the Cluster Systems Management database -- 5.4.3 Checking the dsh settings -- 5.4.4 Set up OpenSSH -- 5.4.5 How the automated configuration works -- 5.4.6 Verifying the SSH configuration -- 5.5 Other remote command execution programs -- Chapter 6. Security administration -- 6.1 Administration of Cluster Security Services -- 6.1.1 Configuration files -- 6.1.2 Mechanism pluggable module configuration -- 6.1.3 The ctcasd daemon administration -- 6.1.4 The ctcasd daemon key files -- 6.1.5 Generate new keys -- 6.1.6 Changing the default key type for ctcasd -- 6.1.7 Removing entries from the trusted host list file -- 6.1.8 Verifying exchanged public host keys -- 6.2 Administration of Resource Monitoring and Control -- 6.2.1 Configuration files for Resource Monitoring and Control.

6.2.2 Allowing a non-root user to administer CSM -- Abbreviations and acronyms -- Related publications -- IBM Redbooks -- Other resources -- Referenced Web sites -- How to get IBM Redbooks -- IBM Redbooks collections -- Index -- Back cover.