Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
121122123124125126127128129130
Concerns for the System Administration Team
Security Management Guide522283-008
7-13
Automatic Terminal Authentication
that is heavily audited and alarmed, or have a method by which an operator can
connect to a requested phone number.
Automatic Terminal Authentication
Some terminals can be programmed to hold an answer-back string of characters. By
setting a terminal’s answer-back string to a value unknown to the user, you can create
an additional authentication method.
Upon request from the computer, the terminal transmits this string automatically. For
example, if all remote terminals are programmed with unique strings, the dial-up logon
sequence can query the terminal to verify that the terminal is correct. If the terminal
can be remotely programmed, the logon procedure can also update the terminal with a
newly selected value for the next logon, attempt providing a handshake, or initial
interchange, that an intruder would find hard to imitate.
Supplement such authentication with other mechanisms in a secure environment.
Screening Dial-Up Users
Give dial-up access to users who really need it and who will take extra care in
protecting your organization’s resources. Your policy and procedures regarding dial-up
lines should include special criteria for screening requests for dial-up access. Users of
dial-up systems are sometimes required to accept legal and financial liability for
intrusions carried out using their access codes.
Periodic Password and Phone Number Changes
Periodically change system passwords and phone numbers, but avoid both changing
them too often and retaining them too long. Also try to acquire phone numbers that are
not sequential. A password or phone number that is changed too often tends to get
written down in easy-to-see places. A password or phone number that is retained too
long becomes a security liability.
Action If the Line Is Dropped
A phone line might disconnect (drop) before a session completes. Design your TACL
or application so that when a line drops before session completion, the session
terminates automatically. Failure to terminate the session provides an avenue of
intrusion.
Installation Controls
Be sure procedures exist to prevent the installation of all software except the legitimate
software.