Introduction to NonStop Operations Management
Security Management
Introduction to NonStop Operations Management–125507
9-9
NonStop SQL/MP
•
German Information Security Agency (GISA), F2/Q3 security-function and
F7/Q3 system-availability levels
•
Harmonized European Information Technology Security Evaluation Criteria
(ITSEC), E3 level
NonStop SQL/MP
NonStop SQL/MP, Tandem’s relational database management system, also uses the
Tandem NonStop Kernel file-security features. This security provides user authorization
for NonStop SQL/MP tables, views, indexes, and programs. In addition, two NonStop
SQL/MP features also contribute to database protection. NonStop SQL/MP allows you
to:
•
Access data only through NonStop SQL/MP commands, ensuring complete
protection of the data and its definition
•
Provide field-level security of logical views by allowing access to only those
columns of data that are authorized
$CMON
$CMON is a user-written program that monitors some command-interpreter activities.
You can use $CMON to audit and restrict attempts to:
•
Log on and log off
•
Run a program
•
Alter the priority of a process
•
Add users to the system or delete users from the system
•
Change a user’s logon password and remote passwords
The International Tandem User’s Group (ITUG) can supply you with a sample copy of
$CMON.
Physical Security
Weakness in the physical security of your computer installation can provide an easy
avenue of intrusion. The following paragraphs discuss some of the more common
vulnerabilities resulting from weak physical security.
The Computer Room
Access to the equipment in the computer room can provide ample opportunity for both
system intrusion and accidental or malicious system damage. Limiting access to the
computer room can help you prevent security problems. For example, you can limit
access to the computer room by locating frequently used devices such as printers away
Note. The suggestions in this section are based on the assumption that you use the
Safeguard product to help protect your systems. If you do not use the Safeguard product, you
should seriously consider doing so.