Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Safeguard System Security
Security Management Guide522283-008
3-8
User Configuration Issues
particular file. Again, your security policy should state whether users can control the
security of their files.
The following SAFECOM command alters the user record for PROG.DONNA by
specifying DEFAULT-PROTECTION for her files:
=ALTER USER prog.donna, DEFAULT-PROTECTION (ACCESS &
=10,200 (r,w,e); (4,*, 8,*) r, OWNER sec.admin)
The preceding command gives PROG.DONNA READ, WRITE, and EXECUTE
authority for any files she creates. It also gives anyone in group 4 and group 8 READ
authority for files created by PROG.DONNA. In this case, PROG.DONNA cannot
change the default security for her files because the authorization records are owned
by SEC.ADMIN. As this example shows, enclose all DEFAULT-PROTECTION
attributes in parentheses.
User Configuration Issues
Your security policy might require management of logon attempts and passwords. You
can use some of the Safeguard configuration attributes to help.
If a SECURITY-ADMINISTRATOR security group has been created, you must be a
member of this security group to configure the Safeguard software. Otherwise, you
must be a super-group user.
Logon Configuration
The following Safeguard configuration attributes control logon attempts (default values
enclosed in parentheses):
AUTHENTICATE-MAXIMUM-ATTEMPTS (3)
AUTHENTICATE-FAIL-TIMEOUT (60 seconds)
AUTHENTICATE-FAIL-FREEZE (OFF)
These attributes help you defend against trial-and-error attempts to log on.
AUTHENTICATE-MAXIMUM-ATTEMPTS limits the number of failed attempts before a
freeze or timeout occurs. If this number is exceeded, one of these two events occurs:
A timeout of the logon process occurs determined by the value of
AUTHENTICATE-FAIL-TIMEOUT.
The user ID is frozen if AUTHENTICATE-FAIL-FREEZE is ON.
You might want to change the value of AUTHENTICATE-FAIL-TIMEOUT to a slightly
longer period, further slowing down an intruders attempts to break in. However, avoid
unreasonably long periods. A user who accidentally exceeds AUTHENTICATE-
MAXIMUM-ATTEMPTS causes the process controlling logon at the terminal to become
locked for duration of the timeout period. The only way to recover from this situation is
to start a new process at the terminal or stop the CPU in which the process is running.