Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-19

Security Precautions

requires advance network-wide planning. As part of your planning effort, you should

consider:

•

Reserving a range of group numbers (for example, 200 to 254) for network user IDs,

and assigning network user IDs from these groups.

•

Deciding on the network-wide names for the groups on an as-needed basis, maybe

even reserving a particular initial letter (like N) for network groups.

Security Precautions

Guard the ID for a network application such as the Transfer product. If an intruder

accesses the network-application ID, the intruder gains access to virtually any network-

secured file on the network, rather than just the network-secured files on the systems for

which the user has matching remote passwords.

Encrypting Data Between Systems

With the standard network software, data moves between systems without encryption.

However, you might want to consider installing encryption devices for link-level or bulk

encryption of sensitive data.

Communication With Other Operations Groups

In a distributed system management environment, an intruder can obtain sensitive

information by pretending to be a member of an operations group at another site (for

example, a newly hired or temporary operator).

If your organization spans a large physical area, authenticate all sensitive

communications: telephone calls, interoffice mail, standard mail, electronic mail, and

any other communications. The security policy should indicate the steps required for

authenticating urgent and nonurgent requests.

Securing Client/Server Environments

Client/server environments have become increasingly popular because they provide the

flexibility to integrate heterogeneous hardware and software. The “client” portion of the

application or program usually resides on a PC or workstation and makes requests, over

a local area network (LAN) or wide area network (WAN), to the “server” portion of the

application, which usually resides on a host. The variety of platforms, software, and

networks involved in a client/server environment offers many opportunities for a security

breach. To secure a client/server environment, consider the following guidelines:

•

Every user should be assigned a personal ID and password. Because client/server

applications use a LAN, you might want to consider installing encryption devices

for link-level or bulk encryption of sensitive data.

•

You might want to authenticate the user at the client workstation by installing a

smart card device in the workstation. A smart card is a small computer in the shape

of a credit card used to identify and authenticate its bearer.

•

In the client/server design, the client: