Manualshelf

XYGATE Access Control Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
11121314151617181920
XYPRO Technology Corporation xv Proprietary and Confidential
Introduction
Welcome to the XYGATE Access Control product security software from XYPRO
Technology Corporation for the HP NonStop
server.
Security on the HP NonStop Platform
System and application security on the HP NonStop platform has evolved over the
years. In 1977, when the NonStop operating system was introduced, security was
based totally on logons (with unencrypted passwords!), crude diskfile permissions and
privileges inherent in specific userids such as SUPER.SUPER and *.MGR.
In the current releases of the NonStop Kernel (NSK), security has evolved to permit
individual object control rules via Safeguard, better auditing and userid mapping
comparable with the most commonly used security software (RACF, ACF2) on the IBM
platforms. The major feature missing in the NonStop security solution is control of
actions or user interactions within a utility or application program. There are also relics
left over from the more primitive security that serves as liabilities, yet cannot be
eliminated.
Without Safeguard, your security installation has only the most basic security. Shared
logons will be common or there will be many PROGID programs that allow users to
execute programs under a different userid. Auditing and accountability are non-
existent.
With Safeguard, logons and simple object access information are now auditable. You
can tell which user executed a program, but the commands executed within the
program are still not audited. Safeguard Aliases may be used to circumvent the shared
userid problem, but there will still be a loss of accountability because Safeguard only
audits non-Safeguard objects when AUDIT-CLIENT-SERVICE is on. Unfortunately,
AUDIT-CLIENT-SERVICE consumes massive amounts of disk space and often audits
only by the underlying userid rather than ALIAS; therefore, you still have no record of
which commands were executed inside the program.
The XYGATE Access Control Solution
XAC provides full and easily administered separation of duties, individual
accountability and audibility using a variety of mechanisms. Two of these mechanisms
are command-level control based on userid and alias, and then command and
subcommand content.