Security Management Guide (G06.24+, H06.03+)

Concerns for the System Administration Team

Security Management Guide—522283-008

7-17

Encrypting Data Between Nodes

With the standard network software, data moves between nodes without encryption.

However, you might want to consider the Atalla A-5000 High Speed Security Module

for encryption of sensitive data. For more information, see the High Performance

Security Module (HPSM) User’s Guide.

Communicating With Other System Managers

In a distributed system management environment, an intruder can obtain sensitive

information by pretending to be a member of the system administration team at

another site (for example, a system manager or a newly hired or temporary operator).

If your organization spans a large physical area, authenticate sensitive

communications. You need to authenticate communications that come by phone or by

interplant, standard, or electronic mail.

Remember that a complete authentication scheme includes ways to handle routine

operations, emergencies, and temporary personnel.

An intruder can send an electronic mail message that appears to be from a privileged

person requesting a specific action. Such a message might be sent from the privileged

person’s unattended terminal, or the message header might be altered to appear as

though the privileged person sent it. Depending on the risk involved, delay performing

the requested service until you can verify the sender.

Acknowledge sensitive requests immediately (by phone or electronic letter). It is

unlikely that the intruder can be in the right place at the right time to intercept a reply or

confirmation. Investigate an out-of-place confirmation before damage is done. For

greatest effectiveness, keep the practice of immediately acknowledging sensitive

requests itself a secret.