Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

Guardian System Security

Security Management Guide — 522283-021

2 - 7

Sanitizing a NonStop System

Guardian Network Security

Users can be granted access to more than one node and can have access authority for

remote objects. A user who can access objects on one or more remote nodes is called

a network user.

Defining a network user requires that the user be given the same user name, user ID,

and remote p

assword at both nodes. After a network user has been given the ability to

access a remote node, that ability can be revoked at either the user’s local node or at

the remote node.

For more information, see the Guardian User

’s Guide or the Safeguard Administrator’s

Manual.

Sanitizing a NonStop System

The term sanitize means to secure a system that has not been secure and to

institute procedures to keep the system secure as it evolves. Follow these procedures

from the moment the NonStop software is installed and while applications are being

developed, tested, and put into production:



The security administrator, working with the system manager and operating as the

super ID, should sanitize the system.



Assume that any newly delivered system is not adequately secure, and do not

grant access to it until it is sanitized. Failure to sanitize a new system can make it

easy for an intruder to introduce security holes that might not be detected later.



Be sure to set up your user community properly. For example, you might want put

users who need to share certain files in the same administrative group. You might

also choose to make use of file-sharing groups. Be especially careful when adding

users to the super group (group 255). Limit this group to a small set of trusted

users who need to perform the privileged tasks associated with the super group.



After a system is in use, check its security periodically. Also, sanitize it again just

before application programs are put into production.

HP Trusted Software

A principal security concern is the protection of the software that HP distributes (the

operating system, utilities, compilers, libraries, and so forth). This mass of distributed

software is referred to as trusted.

Your organization’s security policy can specify how to secure HP trusted sof

tware. If

your security policy does not cover the trusted software, use the default security

recommendations for system files as summarized in Table

2-4.

For most files, set O (for owner) in three positions of each security setting so that only

the owner has access.