Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Concerns for the System Administration Team

Security Management Guide — 522283-021

6 - 15

Off-Site Storage

Protect the off-site storage area from intruders. Consider carefully who can request

vault materials, and allow access to approved persons only. Create clear hand-over

procedures between the vault staff (especially contracted vault services) and your staff.

Dial-Up Access and Security

This subsection discusses the following considerations for protecting dial-up access.

Among the ways to protect your dial-up facility:



Authorization lists



Additional external passwords



Call-back systems



Automatic terminal authentication

Authorization Lists

Consider limiting who can use dial-up facilities by installing authorization-list software,

which limits dial-up access to a designated subset of the user community. Standard

Guardian software does not provide this ability. However, $CMON process monitoring

can confirm or deny logon messages from TACL.

You can tailor your system’s $CMON to limit dial-up access to an approved list of user

IDs. However, $CMON is consulted only for logon attempts occurring through

cooperating processes, such as TACL. An application (such as a security front-end for

dial-up users) can call USER_AUTHENTICATE_ without consulting $CMON and thus

deny $CMON the opportunity to provide additional authentication or auditing.

Additional External Passwords

Some systems demand an additional systemwide password during the dial-up logon

sequence. The system password is roughly the dial-up equivalent of allowing physical

access to the main work site. Inform legitimate users of the current system password

through some means of limited distribution. Change the password periodically to

lessen the chance of intrusion.

Call-Back Routine

A call-back routine allows the system to authenticate a caller’s telephone location

before permitting the caller to access the system. The steps in a typical dial-up

procedure are:

1. The user phones the computer

2. The computer (or call-back authentication device) answers.

3. The user enters authentication information that uniquely identifies the user