Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Concerns for the System Administration Team

Security Management Guide — 522283-021

6 - 13

Password Change Periods

With the PASSWORD-MUST-CHANGE attribute in each Safeguard user authentication

record, you can force a user’s password to expire after a specified period of time. This

Safeguard feature motivates people to change their passwords before the expiration

date. After a password is changed, a new expiration date is automatically set, and the

new password remains valid until that date.

However, requiring that passwords change too often can be counterproductive

because:



A clever user might set up a mechanism to change the password through a

predictable series (paswrd1, paswrd2, ...) or even to change the password to itself.

(You can use proper Safeguard settings to discourage this behavior.)



A user might change a password correctly but write it down in an obvious place to

remember it.

Your security policy should guide you in determining the proper period for password

expiration. For more information on Password Change Events, see the Safeguard

Audit Service Manual.

Password Expiration Warning

If the Safeguard software is running, a user is given advance warning of password

expiration during the logon procedure. This warning occurs during the period specified

by the PASSWORD-MAY-CHANGE configuration attribute. For more information, see

the Safeguard Administrator’s Manual.

Physical Security

Weakness in the physical security of your computer installation can provide an easy

avenue of intrusion. The following paragraphs discuss some of the more common

areas where you should be concerned about physical security.

The Computer Room

Access to the equipment in the computer room can provide ample opportunity for both

system intrusion and accidental or malicious system damage. Limit access to the

computer room according to the guidelines of your security policy.

The System Console

If your system has an system console, protect it by leaving it locked. An intruder can

use an unlocked system console to bring the system down or change values through

the debugger. A locked system console is no more threatening to system security than

any other terminal, so it can be used as a user terminal. Like other user terminals,

however, the system console can display sensitive information, so precautions that

apply to user terminals also apply to the system console. Avoid leaving the system