6 security problems – HP System Management Homepage-Software User Manual

NOTE:

You might need to change the Microsoft Internet Information Server (IIS)

configuration after you rename a system.

This is a security feature added by Microsoft security patch MS01-055 for Internet
Explorer 5.5 or 6.0 that prevents systems with improper name syntax from setting
cookie names. Domains that use cookies must use only alphanumeric characters (-
or .) in the domain name and the system name. Internet Explorer blocks cookies
from a system if the system name contains other characters, such as an underscore
character (_).

13.6 Security Problems

13.13.6.1

After updating my Windows XP system with Service Pack 2, I cannot access HP SIM
or HP Version Control Repository Manager. What happened?
Windows XP Service Pack 2 implements a software firewall that prevents browsers
from accessing the ports required for HP SIM and HP Version Control Repository
Manager access. To resolve this issue, configure the firewall with exceptions to allow
browsers to access the ports used by HP SIM and HP Version Control Repository
Manager.

HP recommends the following actions:
1.

Select Start

→Settings Control Panel.

2.

Double-click Windows Firewall to configure the firewall settings.

3.

Select Exceptions.

4.

Click Add Port.

5.

Enter the product name and the port number.

Add the following exceptions to the firewall protection:

Table 9 Firewall protection exceptions

Port Number

Product

2301

HP SMH Insecure Port:

2381

HP SMH Secure Port:

280

HP SIM Insecure Port:

50000

HP SIM Secure Port:

6.

Click OK to save your settings and close the Add a Port dialog box.

7.

Click OK to save your settings and close the Windows Firewall dialog box.

This configuration leaves the default SP2 security enhancements intact, but allows
traffic over the ports previously indicated. These ports are required for HP SIM and
HP Version Control Repository Manager to run. Ports 2301 and 2381 are required
for the HP Version Control Repository Manager and ports 280 and 50000 are
required by HP SIM. The secure and insecure ports must be added for each product
to enable communication with the applications.

13.13.6.2

Why can't I import X.509 certificates directly into HP SMH?
HP SMH generates Certificate Request in Base64-encoded PKCS #10 format. This
certificate request should be supplied to the certificate authority. Most CAs return
Base64-encoded PKCS #7 certificate data that you can import directly into HP SMH
by selecting Settings

→HP System Management Homepage→Security→Local Server

Certificate.

75