Security Management Guide (G06.24+, H06.03+)
Concerns for the System Administration Team
Security Management Guide—522283-008
7-11
The Tape Units
You might want to have a dedicated printer for sensitive information in a specially
secured area, perhaps with card-key access required.
The Tape Units
Like all computer peripherals, protect tape units physically and procedurally from
accidental and malicious damage. Unprotected, they offer an avenue of intrusion.
With the proper timing, an intruder might remove a backup tape from the tape drive,
take it to another system, read it, and then return it without detection. Operators must
be vigilant when performing system backups.
Inform users of the security hazards of leaving tapes on tape drives. A user’s tape left
on the tape drive might be read by an intruder.
The Tape Library
Similarly, monitor the on-site tape storage area closely to ensure that an intruder does
not get access to a previous backup tape. Keep audit trails for all tape-library
transactions.
Off-Site Storage
Protect the off-site storage area from intruders. Consider carefully who can request
vault materials, and allow access to approved persons only. Create clear hand-over
procedures between the vault staff (especially contracted vault services) and your staff.
Dial-Up Access and Security
This subsection discusses the following considerations for protecting dial-up access.
Among the ways to protect your dial-up facility:
•
Authorization lists
•
Additional external passwords
•
Call-back systems
•
Automatic terminal authentication
Authorization Lists
Consider limiting who can use dial-up facilities by installing authorization-list software,
which limits dial-up access to a designated subset of the user community. Standard
Guardian software does not provide this ability. However, $CMON process monitoring
can confirm or deny logon messages from TACL.
You can tailor your system’s $CMON to limit dial-up access to an approved list of user
IDs. However, $CMON is consulted only for logon attempts occurring through
cooperating processes, such as TACL. An application (such as a security front-end for