In a secure environment, network access should be evaluated on a user-by- user basis by the Security Administrator, the Application Owners and the System Manager.
Four factors can be used to control whether or not a user can access files or resources on a node remote to the one where that user is currently logged on:
Expand | Can be configured to prevent PASSTHRU access from one node to another. Refer to the section on Expand in the Gazette. |
CMON | Can be configured to control logons by IP address. Refer to the discussion on CMON later in this section. |
File Security | Security on the node where the files reside (whether configured using the Guardian or Safeguard), determine whether or not a remote user can access the files. Refer to Securing Diskfiles in Part Five. |
REMOTEPASSWORD | Entries in the user's User Record, whether maintained via RPASSWRD or Safeguard software, determine a specific user's access to remote nodes. |
REMOTEPASSWORDs are part of the User Record for each user or alias granted access to more than one node. They are among the first steps used by the Guardian operating system on each HP NonStop server to determine if users will be granted remote access to the node.
REMOTEPASSWORDs for a user must be established for each remote node the user is authorized to access remotely. For a user or alias to be able to access files or resources on a remote node, the REMOTEPASSWORD in the User's Record on both the target node and the user's current (local) node must be identical.
By default, a new user is configured as local, without access to other nodes. This default configuration makes all files on remote nodes inaccessible.
REMOTEPASSWORDs are added to a User Record with the TACL REMOTE PASSWORD command or the RPASSWRD program.
The Corporate Security Standards should dictate who is authorized to ADD, ALTER or DELETE REMOTEPASSWORDs for any userids.
By default, a new user is configured as local, without access to other nodes. This default configuration makes all files on remote nodes inaccessible.
REMOTEPASSWORDs are added to a User Record with the Safeguard ALTER USER or ALTER ALIAS commands.
The Corporate Security Standards should dictate who is authorized to ADD, ALTER or DELETE REMOTEPASSWORDs for any userids or aliases.
By default, a new user is configured as local, without access to other nodes. This default configuration makes all files available through the OSS /E directory inaccessible to OSS users.
The Corporate Security Standards should dictate who is authorized to ADD, ALTER or DELETE REMOTEPASSWORDs for any OSS userids or aliases.