Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-15

Guest-User IDs

You can provide a guest-user ID on your system. A guest-user ID makes your system

temporarily available to people who must have physical access to your system, but who

do not need long-term access.

Before providing a guest-user ID, consider these points:

•

Keep the user ID as unprivileged as possible. For example, the guest-user ID should

not have access to any sensitive files or system resources. You can limit guest-user

ID access by using Safeguard access-control lists or by keeping the guest-user ID in

a distinct group so that the guest user cannot access files in other groups. The guest-

user ID should not be super-group user (255,

n), or group manager (n,255).

•

Because outside intruders often look for guest-user IDs as an easy way to access a

system, be sure that the guest-user ID does not have an obvious user name and

password (for example, a group and user name of GUEST.GUEST with a password

of GUEST).

Unused User IDs

To manage unused user IDs:

•

Institute a procedure for keeping the system current. For example, have the

Safeguard product enforce user expiration dates on all user IDs. Then, from time to

time, obtain a list of current authorized users from other department managers. Use

this list to extend the expiration dates for current users, and allow unreported user

IDs to expire.

•

Automatically assign a three-month or six-month expiration date to each new user

ID, and issue a periodic report notifying users when they need to request an

extension of their expiration date.

In both schemes, a user who is not specifically verified as current is automatically

denied access to the system once the expiration date is passed.

Deleting Users IDs

When a user leaves the organization, the user’s ID should be removed from the system.

If a user has any aliases, the aliases must be deleted before the user ID can be deleted.

Provide procedures for:

•

Freezing the person’s user ID. You might want to freeze the ID while the actions

listed below are completed. Once the actions are completed, the ID should be

unfrozen and then deleted.

•

Checking the system for files owned by the deleted user and disposing of the user’s

files by giving them to another user, or deleting them by transferring them to backup

media. If you can’t decide what to do with files you want to keep, consider giving

them temporarily to some unused user ID until you know who the new owner should

be.

•

Changing the passwords for other IDs the person could access.