Ever had a bad dream about an upcoming audit? The one in which you’re told you must be prepared to assist the auditors? The HP NonStop Server is not familiar territory to many auditors, which can cause a lot of anxiety for them and you. Moreover, there are times when an auditor must tackle the audit of a NonStop server immediately, without adequate time to read the appropriate reference manuals: HP NonStop Security: A Practical Handbook, Securing HP NonStop Servers In An Open Systems World: TCP/IP, OSS and SQL and The Security Management Guide. You may have read them, or looked up a topic or two – but you probably don’t know them by heart, which only adds to your stress level.
You are not alone. The following is intended to help you educate your auditor, and lead you toward gathering the pertinent information that will be needed to conduct the audit—so you can say goodbye to your bad dreams!
The Basics
Security on the NonStop server starts with the operating system, Guardian. Guardian provides a basic level of security that deals with users and diskfiles and provides limits on the READ, WRITE, EXECUTE and PURGE operations. Users in system management, operations, security, and change control generally deal with Guardian environment using the TACL command interpreter program. Guardian supports the OSS ‘personality’ which is a UNIX-like extension that can be used in place of the TACL environment using a program called OSS Shell or osh.
Safeguard is the HP supported security system that can be used to manage users, object access control lists (ACLs), auditing and security event exit processes (SEEPs). XYPRO’s proven products allow for easy use of Safeguard to manage users and object ACLsand for use of SEEPs to significantly extend Safeguard functionality. Many companies in all industries around the globe use these products to not only reduce stress but to also boost security administration accuracy and productivity.
$CMON is an optional Guardian extension that allows for control of the logon operation and the program run operation. It does not require Safeguard to be used. $CMON must either exist on the NonStop server or there must be security controls to prevent its use.
Users are given access by creating Guardian or Safeguard userids. Guardian is no longer recommended because it does not support many features available in Safeguard, most important of which is Password Expiration. Userids are specified as a groupnumber, usernumber and as a groupname, username. The groupnumber is between 0 and 255 and once the first user has been assigned to a group, the groupname will be set for all userids in the group. The usernumber is between 0 and 255, and the username must be unique within the group. There is one userid that must be on the system: 255,255, which is usually called SUPER.SUPER.
For More Info:
You can view the complete article highlighting the questions and answers surrounding some of the most common problems found on the HP NonStop server by emailing lisap@xypro.com , enter “Audit NonStop Server” in the subject line.
When a more thorough audit is planned you may want to consider using a checklist where each Security Requirement is clearly identified, and the sources of such requirement are provided. You will find a complete checklist on https://www.xypro.com//. If you follow it closely and are able to “check” every item…you may find yourself PCI, SOX (Cobit), HIPAA, and SB1386 compliant and happy to invite your Auditor in. Isn’t that a dream?!
Lauren Uroff
XYPRO Technology Corporation
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment