HP 3000 Manuals HP 3000 Manuals
General Defenses Against Security Threats
Some types of defenses are effective against all three types of general
security threats. The second and third types of security threats also
may require additional defenses that are specific to the form of the
threat.
A major first line of general defense is your company's security
guideline . All present users and system administrators should be
thoroughly familiar with the guideline and its implementation. All new
users should be made familiar with the guideline and its implementation
before being allowed on the system.
Defenses Against Loss of Use
Examples of defenses against loss of use include prevention of access,
fire prevention and firefighting measures, safeguards against shock and
impact in earthquake regions, and storage off site, in antimagnetic
containers, of information on magnetic media. Insurance is another form
of defense. Although it cannot prevent physical loss, it can mitigate
financial loss.
Prevention of Access
Prevention of access is the primary form of defense against theft and
vandalism. Such defenses take several forms:
* Physical prevention of access to premises, and physical prevention
of access to equipment within the premises.
* Denial of use even though the equipment can be physically
approached.
Physical prevention of access takes many forms, including:
* Perimeter defenses, such as fences with controlled access points,
intruder warning devices, remote television cameras, searchlights,
and guard dogs.
* Internal defenses, such as guarded entry points to buildings and
areas, metal detectors, identification badges, sign-in logs,
combination or magnetic card locks on laboratory and computer room
doors, and locks for desks, cabinets, workstations and personal
computers. In addition, physically attaching small equipment to
desks can help prevent theft, although not vandalism.
Denial of access even though equipment can be physically approached can
apply to machinery of many types. For computers and computer systems,
methods include:
* Key locks for workstations and personal computers.
* Passwords, password protection, limitations on the number of logon
attempts allowed, and file and device ACDs. Systems connected to
external networks and accessible by telephone present particular
problems of their own. For example, if a caller fails to log on
within the number of times allowed, that person need only hang up
and try again. The problem is aggravated by the fact that it is
possible to set up a computer to make the calls!
* One way to limit damage is to ensure that a user's access is
removed as soon as access is no longer needed. Idle accounts or
accounts of user's no longer at the company or organization should
be considered a potential security risk.
Defenses Against Loss of Performance
Although wear and tear on equipment certainly is a cause of performance
loss, it is a business problem, rather than one of security. System
administrators should be aware of it and request the replacement of worn
equipment as needed.
In the same sense, loss of performance or data due to incorrect usage
also is not a security problem. On the other hand, it is one with which
system administrators must be involved. For example, incorrect usage can
deny use of the system to other users by tying up too much of the CPU.
Solutions include:
* Limitations on access by limiting user capabilities, or giving
users access only to the resources they need to execute their
tasks.
* User training.
Defenses Against Data and Performance Loss Due to Sabotage
One type of sabotage involves access to the computer or system by
unauthorized persons. For the most part, preventative measures are the
same as those described under Prevention of Access, above. In
particular, you should be aware of the fact that anyone who can access
the System Console can execute a CTRLA, then execute any command that can
be invoked from the "=" prompt. Such commands include =ABORTJOB,
=ABORTIO, =LOGOFF, =LOGON, and =SHUTDOWN.
Another type of access available from the System Console is that provided
by executing a CTRLB. This provides access to the system hardware via the
system diagnostics. The CTRLB function can be physically disabled.
Discuss this with your Hewlett-Packard Service Engineer.
A type of sabotage much harder to prevent is sabotage from internal
sources. Examples include disgruntled employees, and accidental sabotage
resulting from the inadvertent introduction of destructive software
(Trojan horses, viruses) into the system.
Sabotage by users with otherwise legitimate access to the system can be
minimized by enforcing limitations on capabilities and access. System
logging facilities can be used to establish strict accountability for all
users. Such accountability cannot prevent sabotage, but can aid in
identifying the culprit. Even users at the highest levels can be made
accountable by such techniques as maintaining a log of all who access or
modify the system configuration.
Due to the power of the privileged mode capability (PM), System Managers
should allocate it only to accounts, groups and users with an imperative
need. As an example of the dangers inherent in the PM capability, it
permits the use of DEBUG on system files, and lets persons with the
capability place unauthorized software on the system.
Prevention of accidental sabotage from destructive software can be
minimized or prevented by education, strict rules against using
unauthorized software, and well publicized penalties for doing so.
Establishment of accountability can, again, aid in identifying the
offender in such incidents.
Defenses Against Information Disclosure
Total prevention of accidental information disclosure is rarely possible.
Employee education and appeals to employees' sense of company or national
loyalty can help mitigate the problem, but not prevent it. Another
technique is to disseminate vital information strictly on a need-to-know
basis.
Deliberate theft of information in physical form, such as on disk, tape,
and paper, can be minimized using the same techniques as those for
preventing theft of equipment: prevention of access.
Techniques for preventing access include locking desks, cabinets, and
files. Store media in locked cabinets rather than open racks, and
enforce strict control over the distribution of sensitive documents.
When the information on media is no longer needed, the media is often
reused by simply writing over the existing data. Depending on the
medium, the data may be readable until it is overwritten, even if the
medium have been reformatted. This is an easily overlooked breach of
security.
Before returning disk, disk packs, and tapes to reuse, all labels should
be removed in order to prevent a thief from easily picking out the tapes
that may contain important information. Each disk or tape should be
carefuly erased with a degausser type bulk tape eraser.
Techniques for protecting information in the system itself include
locking computers, enforcing the use of passwords, prohibiting embedded
passwords, and clearing computer screens and screen buffers.
Avoid storing files containing sensitive information in accounts to which
all or many users have access, such as PUB.SYS and system libraries. Be
particularly aware of the sensitivity of the PUB.SYS account and
NL.PUB.SYS. Only System and Account Managers should ever have the
capability to change the accessibility level of the account. Also be
sensitive to the fact that programs stored in XL.PUB.SYS'' are executable
by any user, and that a virus-infected program stored there is in a
particularly advantageous place to damage your system.
Finally, use ACDs with all files and devices, and share files only with
those who have a need to know.
Table 2-4. Synopsis of Possible Security Threats and Defenses
---------------------------------------------------------------------------------------------
| | |
| Possible Threats | Possible Defenses |
| | |
---------------------------------------------------------------------------------------------
| | |
| Loss of use. | Prevent access. |
| | Perimeter defenses. |
| | Fences. |
| | Guarded entries. |
| | Lighting. |
| | Intruder warning devices. |
| | Surveillance devices. |
| | Guard dogs. |
| | Internal defenses. |
| | Guarded entries. |
| | Metal detectors. |
| | Identification badges. |
| | Sign-in logs. |
| | Door locks. |
| | Locks - desk, storage, computers. |
| | Physical restraints on equipment. |
| | Denial of use. |
| | Mandatory passwords. |
| | No embedded passwords. |
| | Logon limitations. |
| | Restrictions on use of modems. |
| | Fire prevention. |
| | Shock and impact prevention. |
| | Offsite storage. |
| | Antimagnetic storage. |
| | Insurance. |
| | |
---------------------------------------------------------------------------------------------
| | |
| Loss of performance due to incorrect usage. | Limit user access. |
| | Limit user capabilities. |
| | User training. |
| | |
| Sabotage. | Prevent access. |
| | Limit user access. |
| | Limit user capabilities. |
| | Prohibit unauthorized software. |
| | Accountability. |
| | Log operator commands. |
| | Maintain system configuration log. |
| | |
---------------------------------------------------------------------------------------------
Table 2-4. Synopsis of Possible Security Threats and Defenses (cont.)
---------------------------------------------------------------------------------------------
| | |
| Possible Threats | Possible Defenses |
| | |
---------------------------------------------------------------------------------------------
| | |
| Disclosure of information. | Prevent access. |
| | Limit document distribution. |
| | Limit knowledge distribution. |
| | Lock desks, cabinets, computers. |
| | Store media in locked cabinets. |
| | Degauss media to erase data. |
| | Use and maintain passwords. |
| | Clear screens and screen buffers. |
| | Limit information stored in PUB |
| | and library accounts. |
| | Provide information on a |
| | need-to-know basis. |
| | Protect all files with ACDs. |
| | |
---------------------------------------------------------------------------------------------