Manualshelf

Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Introduction
Safeguard Administrator’s Manual—523317-029
1-3
Preliminary Security Planning
Preliminary Security Planning
Advance planning is required before you install the Safeguard software. To plan the
security for your installation, you must understand the applications used on your
system, and you must know which users should be allowed to use system resources.
The Corporate Security Officer and Security Policy
Effective security requires that you have a security officer with executive status and
with authority to establish and enforce security policy. In turn, the security officer must
also be responsible for handling breaches of security.
Before installing the Safeguard software, the security officer establishes a security
policy for the system or network. The protection mechanisms offered by the Safeguard
software can help you implement many different security schemes, such as:
1. Restrictive security, in which a security administrator controls access to system
resources, and most users can access only a few resources
2. Permissive security, in which many users control access to different system
resources, and most resources are available to all users
3. Centralized security for a network, in which the security administrator is a network
user who either owns most of the network resources or serves as the network
group manager for local security administrators
4. Decentralized security for systems in a network, in which local users restrict
access to the resources on their node
The Security Administrator
Each installation must have a designated security administrator to set up and maintain
security control. HP recommends that the individual with the super ID not be assigned
the role of security administrator. Instead, a user familiar with computer operations or a
user from a security-related group such as the auditing department might be a better
choice.
A single part-time security administrator might be adequate for a centralized security
scheme that controls only a few system objects. A more comprehensive centralized
security scheme might require one or several full-time security administrators. For a
decentralized security scheme, in which each node controls the security of at least
some local objects, a local security administrator is probably needed at each node.
Objects That Require Protection
A security administrator should set only needed restrictions for all system objects that
require protection. To do this, consider the applications that run in the system and the
security requirements for each. Access to disk files, devices, subdevices, volumes,
subvolumes, processes, and subprocesses must be provided. You must determine
exactly which users need to have access to each object or type of object.