Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Introduction
Security Management Guide522283-008
1-3
System Access Control
System Access Control
Four major components of system access control:
Reasons to Use Safeguard Features
Although Guardian tools provide basic authentication and authorization services,
Safeguard features add auditing services and also extend the authentication and
authorization capabilities. Safeguard features also allow you to segregate
administration tasks.
In addition, if you are using the HP NonStop Open System Services (OSS)
environment, you can use the Safeguard software to define users for your system.
In particular, the Safeguard software provides these extra capabilities:
It provides a trusted mechanism for auditing system activity, including logon
attempts, object access attempts, and attempts to change or examine security
attributes.
Safeguard access control lists (ACLs) allow you to specify access to a much
greater level of detail.
More objects can be protected. You can protect disk volumes, subvolumes, files,
nondisk devices, subdevices, processes, and subprocesses.
Control of an object’s security attributes can be granted to more than one user.
System objects can be temporarily frozen to prevent most users from accessing
them.
OBJECTTYPE control allows you to specify who can secure objects of a given
type.
Users can be assigned aliases, which are alternate names that they can use to log
on to the system.
Authentication The process of ensuring accurate user identification. Authentication
might involve the use of passwords or more advanced measures such
as biometrics or the Atalla Challenge-Response unit.
Authorization The process of controlling access to resources on the system.
Authorization consists of controlling who might access, create, or
change information and who has access to programs and devices.
Auditing The process of monitoring user activity and access to objects.
Auditing also includes determining that access and activity on the
system is consistent with management policies.
Administration Defining access rights to system resources and translating policy into
enforceable access rules. Administration also includes adding,
changing, and deleting users and aliases, and maintaining file-sharing
groups on the system.