Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
131132133134135136137138139140
Concerns for the EDP Auditor
Security Management Guide522283-008
8-3
Dial-Up Access
Dial-Up Access
If your policy allows dial-up access to your system, check for a list of authorized dial-up
users. Make sure only these users can dial up. Also check for special security
mechanisms, such as call-back facilities, if your policy requires them.
Network Security
If your policy allows network user IDs, make sure only users who need access to the
network have network IDs (and matching remote passwords). Also make sure network
users have access only to systems they need for their work.
For more information about network users and remote passwords, see the Safeguard
Administrators Manual.
Password Management
Check if there are any user IDs or aliases without passwords. Do this by attempting to
log on as a particular user without supplying a password. If the logon is successful, the
user ID does not have a password. Perform this test on all privileged IDs, such as the
super ID, group manager IDs, and super group IDs. Find out if there is a practice of
issuing obvious initial passwords such as a person’s name.
If your policy requires a minimum password length, check if the Safeguard software is
configured to enforce a minimum length. A Safeguard configuration attribute also
allows you to specify the use of encypted passwords.
The password encryption by default is set to ON. .
To check the Safeguard configuration:
4> SAFECOM INFO SAFEGUARD, DETAIL
Check the values of PASSWORD-MINIMUM-LENGTH and PASSWORD-ENCRYPT.
If your policy requires regular password changes, check the individual user records for
the value of PASSWORD-MUST-CHANGE. Ask the owner of the user records, usually
a group manager or security administrator, to show you the individual user records with
the following command:
5> SAFECOM INFO USER user-spec, DETAIL
where user-spec is a user ID or user name.
Note. The password encryption is supported only on systems running G06.29 and later
G-series RVUs and H06.06 and later H-series RVUs.