Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-18

Authorization Lists

Use authorization-list software to limit dial-up access to a designated subset of the user

community. The Safeguard product provides this ability.

Additional External Passwords

Some systems demand an additional system-wide password during the dial-up logon

sequence. The system password is roughly the dial-up equivalent of allowing physical

access to the main work site. Inform legitimate users of the current system password

through some means of limited distribution. Change the password periodically to lessen

the chance of intrusion.

Callback Routine

A callback routine allows the system to authenticate a caller’s telephone location before

permitting the caller to access the system. Because the list of telephone numbers for any

particular user is limited and prearranged, the chances for intrusion are limited.

Automatic Terminal Authentication

Some terminals can be programmed to hold an answerback string of characters. An

answerback string is a set of characters that the terminal sends in answer to a computer

request. By setting a terminal’s answerback string to a value unknown to the user, you

can create an additional authentication method.

Periodic Password and Telephone Number Changes

Periodically change system passwords and phone numbers, but avoid changing them too

often or retaining them too long. You should also try to acquire telephone numbers that

are not sequential.

What Happens if the Line Is Dropped?

A phone line might disconnect (drop) before a session completes. Design your TACL

macro or application so that when a line drops before a session completes, the session

terminates automatically, closing any lingering processes. Terminating the session

prevents someone from dialing in and inheriting the session from a previous user.

Securing Network Access

Network user IDs allow users to transfer or access information across the network.

Network user IDs also allow applications to transfer or access information across the

network on behalf of users.

Managing Network User IDs

Handling network user IDs requires careful planning and cooperation among distributed

organizations. The Tandem NonStop Kernel operating system requires that network user

IDs have the same user name and user ID on all affected systems. This condition