Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Concerns for the System Administration Team

Security Management Guide — 522283-021

6 - 14

The Remote Maintenance Interface (RMI)

console logged on as a privileged ID and avoid leaving the key within reach of an

intruder. For additional security, rekey your system console with a unique key. Initially,

all system consoles use the same key.

The Remote Maintenance Interface (RMI)

For systems with an RMI, be sure the remote maintenance password is enabled and is

known only to those responsible for maintaining the system. In especially sensitive

environments, disable the RMI when you are not diagnosing the system.

The Computer Cabinet

Protect the computer cabinets from accidental damage and deliberate malicious acts.

Access to computer cabinets might allow an intruder to bring down certain processors

or peripherals. Anyone with access to the computer cabinets and the appropriate key

could perform a system load.

The Printers

Intruders can get the information they need for a break-in by examining the output of

system printers. For example, user account numbers, telephone access numbers and

codes, and even privileged passwords might be printed on publicly accessible printers.

Printed copies of electronic mail can also provide names that enable intruders to

deceive others into presuming the legitimacy of the requests intruders make for

information.

If your printers print sensitive information, make sure that each piece of output is

delivered only to its proper recipient.

You might want to have a dedicated printer for sensitive information in a specially

secured area, perhaps with card-key access required.

The Tape Units

Like all computer peripherals, protect tape units physically and procedurally from

accidental and malicious damage. Unprotected, they offer an avenue of intrusion.

With the proper timing, an intruder might remove a backup t

ape from the tape drive,

take it to another system, read it, and then return it without detection. Operators must

be vigilant when performing system backups.

Inform users of the security hazards of leaving t

apes on tape drives. A user’s tape left

on the tape drive might be read by an intruder.

The Tape Library

Similarly, monitor the on-site tape storage area closely to ensure that an intruder does

not get access to a previous backup tape. Keep audit trails for all tape-library

transactions.