Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Guardian System Security
Security Management Guide522283-008
2-8
HP Trusted Software
The security administrator, working with the system manager and operating as the
super ID, should sanitize the system.
Assume that any newly delivered system is not adequately secure, and do not
grant access to it until it is sanitized. Failure to sanitize a new system can make it
easy for an intruder to introduce security holes that might not be detected later.
Be sure to set up your user community properly. For example, you might want put
users who need to share certain files in the same administrative group. You might
also choose to make use of file-sharing groups. Be especially careful when adding
users to the super group (group 255). Limit this group to a small set of trusted
users who need to perform the privileged tasks associated with the super group.
After a system is in use, check its security periodically. Also, sanitize it again just
before application programs are put into production.
HP Trusted Software
A principal security concern is the protection of the software that HP distributes (the
operating system, utilities, compilers, libraries, and so forth). This mass of distributed
software is referred to as trusted.
Your organization’s security policy can specify how to secure HP trusted software. If
your security policy does not cover the trusted software, use the default security
recommendations for system files as summarized in Table 2-4.
For most files, set O (for owner) in three positions of each security setting so that only
the owner has access.
Referring to the recommended settings in the first column of Table 2-4, set the position
marked x to A, N, G, or C:
A All local users can access the file.
N All network users can access the file.
G Only local group members can access the file.
C Only network group members can access the file.
Table 2-4. Recommended Security of System Files
Security Description
xOOO General libraries (including runtime libraries, source files, error message files)
OOxO User tools (including editors and compilers)
OOxO System tools (including FUP, NETMON, DSAP, TACL, BACKUP, RESTORE,
PATHWAY, TMFCOM, TRANSFER, MAIL)
xOOO Microcode files
---- Special files (including TANDUMP, DIVER, USERID, and USERIDAK)