HP 3000 Manuals HP 3000 Manuals
HP 3000 Security Monitor/iX
by Leona DeBauge
Commercial Systems Division
Overview
HP 3000 Security Monitor/iX, a new subsystem product, is now available
with this MPE/iX release. It provides added protection in areas such as
logon access, password management, command access, file access, batch
submission and security audit. All of these features can be configured
through the Security Configurator, which can only be executed by users
with SM capability. With these new features, system managers are able to
evaluate potential security concerns and maintain control over the
integrity of their computer systems more effectively.
Logon Access.
Logon access features help to prevent unauthorized users from gaining
access to the system. These features include:
* Required password prompt.
To minimize password exposure, system managers can disallow
embedded passwords during interactive logon. Users are prompted
for passwords with echo suppressed.
* Maximum invalid logon attempts.
The maximum number of invalid logon attempts can be assigned to a
userid or a fixed terminal device. If the maximum number of
attempts is reached, the userid or the device will be disabled.
* Minimum assistance logon interface.
A generic logon error message is displayed when any error occurs
during the logon process. The friendly MPE/iX logon error
messages are not generated to guide users through the logon
process.
* Terminal logon password.
A device password can be assigned to any fixed terminal device.
Once the terminal is assigned a device password, access to that
terminal is not granted unless the valid device password is
provided.
* UDC initiation failure.
If the system fails to initialize any system or account level UDC,
the logon process terminates.
Password Management.
With the password management features, system managers can have greater
control of managing user passwords and maintaining password policy for
their systems.
* Password privacy.
This allows individual users to set and alter their own passwords
without the account or system managers' involvment.
* Password encryption.
The user, group, and account passwords can be encrypted to ensure
password security. Device passwords are always encrypted.
* Required user password.
Account managers and system managers can specify whether all users
in that account are required to have user level passwords.
* Global password expiration.
System managers can expire all user passwords in the system,
forcing users to alter their passwords.
* Minimum password length.
A system manager can determine the minimum length for passwords.
Any passwords that do not meet the minimum length are rejected.
* User password aging.
This allows system managers to implement a password life cycle for
their systems. User passwords are expired at the specified time
and are required to be changed.
Command Access.
Access to any CI commands can be disabled, and users who have no SM
capability are not allowed to use these commands from the CI or to invoke
them from a program. In addition, log records, which provide detailed
audit trail information, can be obtained from the system log files.
* Disable general access to commands.
Any CI command can be disabled, and users without SM capability
are denied access to these commands from the MPE/iX CI interface.
* Disable programmatic access to commands.
Any CI command can be disabled, and users without SM capability
are denied access to these commands if invoked programmatically.
* Warning level for command disabling.
This option allows the CI command to be executed normally, but at
the same time, a record is logged in the system log file. With
this feature, system managers can evaluate the impact if the CI
command disabling option is used.
* Idle session termination.
System managers can globally configure the length of time that a
session is allowed to be idle. If the session is idle beyond the
allowed length of time, the session will be terminated.
File Access.
Files can be made more secure by implementing the Access Control
Definitions (ACDs) mechanism. Although ACDs have been supported since
MPE/XL Release 3.0, they have not been mandated for all files. The
maximum file protection feature allows system managers to enforce ACDs on
all new files.
* Maximum file protection.
If a new file is created without a specified ACD, a default ACD is
attached to the file. This ACD only allows the creator, account
manager, and system manager access to the file.
Batch Submission.
This function eliminates the password exposure in job files while
maintaining a friendly and secure environment for processing batch jobs.
* Disallow embedded passwords.
The STREAM command will not accept embedded passwords in the job
file regardless of their validity.
* Cross streaming restriction.
This prevents users without SM or AM capabilities from streaming
jobs that log on as another user.
* Stream privilege.
This allows an authorized user other than SM, AM, and job owner to
stream another user's job file without verification.
Security Audit.
In addition to the existing logging events, three new auditing features
are added to the system logging facility. They are:
* File open logging.
Log records are generated for all FOPEN calls to any files.
* Security configuration logging.
Changes to the security configuration through the SECCONF utility
are logged.
* Command logging.
A system manager can specify any CI commands to be logged. This
provides an audit trail of the commands that are being accessed.
Comparison to MPE/V Security Monitor
This product offers the equivalent features that are provided by the
MPE/V Security Monitor product. In addition, two new features, user
level password aging and userid disabling during maximum logon attempts,
are included with the HP 3000 Security Monitor/iX. Access Control
Definitions (ACDs) and the PASSWORD command are features provided in the
MPE/V product but not in the MPE/iX product. However, these features are
already supported as MPE/iX FOS features and have been available to all
customers since MPE/XL Release 3.0.