Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Concerns for the System Administration Team

Security Management Guide — 522283-021

6 - 20

Managing the Network User IDs

Handling network user IDs requires careful planning and cooperation among (possibly)

geographically separated organizations. The Guardian environment requires that

network user IDs have the same user name and user ID on all affected nodes. This

condition requires advance networkwide planning.

You might reserve a range of group numbers (for example, 200 to 255) for network

user IDs, and assign network user IDs from these administrative groups. Then decide

on the networkwide names for those groups on an as-needed basis, maybe even

reserving a particular initial letter (such as N) for network groups. Also, you might

designate a particular organization to own each group name and group ID and make

that organization responsible for controlling the allocation of user IDs within its group.

Security Precautions

Treat a network user ID like a privileged ID because the network user has more access

than users confined to local nodes. If an intruder can access the ID, the intruder gains

access to virtually any N-secured file on the network, not just the N-secured files on the

nodes for which the user has matching remote passwords.

Encrypting Data Between Nodes

With the standard network software, data moves between nodes without encryption.

However, you might want to consider the Atalla A-5000 High Speed Security Module

for encryption of sensitive data. For more information, see the High Performance

Security Module (HPSM) User’s Guide.

Communicating With Other System Managers

In a distributed system management environment, an intruder can obtain sensitive

information by pretending to be a member of the system administration team at

another site (for example, a system manager or a newly hired or temporary operator).

If your organization spans a large physical area, authenticate sensitive

communications. Y

ou need to authenticate communications that come by phone or by

interplant, standard, or electronic mail.

Remember that a complete authentication scheme includes ways to handle routine

operations, emergencies, and temporary personnel.

An intruder can send an electronic mail message that appears to be from a privileged

person requesting a specific action. Such a message might be sent from the privileged

person’s unattended terminal, or the message header might be altered to appear as

though the privileged person sent it. Depending on the risk involved, delay performing

the requested service until you can verify the sender.

Acknowledge sensitive requests immediately (by phone or electronic letter). It is

unlikely that the intruder can be in the right place at the right time to intercept a reply or

confirmation. Investigate an out-of-place confirmation before damage is done. For