Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-16

Reusing User IDs

•

Evaluating the risk to an unencrypted password database, and, if necessary, changing

all passwords to an unencrypted password database the user had access to.

•

Changing the guest-user ID if your system has guest-user IDs. If the person is

merely moving to a different group and the members of the group are still allowed to

use your guest-user ID, this change might be unnecessary.

•

Removing references to the user ID from Safeguard access-control lists. Once this

step is taken, the user ID should be unfrozen and then deleted.

•

Removing the user’s remote passwords and informing the managers of remote

systems that the user’s ID has been removed.

Reusing User IDs

Once you remove a user ID from the system, don’t reuse it immediately, especially if

user IDs that have never been used are available. A new user might inherit a previous

user’s privileges if the following items remain in the system:

•

The old user ID set up for network access, complete with matching remote

passwords

•

Files owned by the previous user

•

References to the old user ID in Safeguard access-control lists

•

References to the old user ID in automated procedures

Managing Passwords

A password prevents an intruder from using the system and allows the system to verify

that someone claiming to be a user is really that user. When establishing your security

policy, consider:

•

Requiring strong passwords (for example, passwords that are five or more characters

long)

•

Setting unexpected initial passwords

•

Enforcing routine password changes

•

Educating users on how to protect passwords

Requiring Strong Passwords

A password’s length and the choice of characters in it significantly influence the time

necessary to discover a password through an exhaustive automated search. The longer

the password and the more varied the choice of characters, the more difficult it is to

discover. You can use the Safeguard product to specify a minimum password length.

The best password is one that cannot be found in any dictionary. Such a password would

have a mix of uppercase and lowercase letters and include numbers, but still be relatively

easy to memorize.