Granting Access to the Remote Nodes

Previous page
Table of content
Next page

In a secure environment, network access should be evaluated on a user-by- user basis by the Security Administrator, the Application Owners and the System Manager.

Four factors can be used to control whether or not a user can access files or resources on a node remote to the one where that user is currently logged on:

Expand

Can be configured to prevent PASSTHRU access from one node to another. Refer to the section on Expand in the Gazette.

CMON

Can be configured to control logons by IP address.

Refer to the discussion on CMON later in this section.

File Security

Security on the node where the files reside (whether configured using the Guardian or Safeguard), determine whether or not a remote user can access the files. Refer to Securing Diskfiles in Part Five.

REMOTEPASSWORD

Entries in the user's User Record, whether maintained via RPASSWRD or Safeguard software, determine a specific user's access to remote nodes.

REMOTEPASSWORDs

REMOTEPASSWORDs are part of the User Record for each user or alias granted access to more than one node. They are among the first steps used by the Guardian operating system on each HP NonStop server to determine if users will be granted remote access to the node.

REMOTEPASSWORDs for a user must be established for each remote node the user is authorized to access remotely. For a user or alias to be able to access files or resources on a remote node, the REMOTEPASSWORD in the User's Record on both the target node and the user's current (local) node must be identical.

Without the Safeguard Subsystem

By default, a new user is configured as local, without access to other nodes. This default configuration makes all files on remote nodes inaccessible.

REMOTEPASSWORDs are added to a User Record with the TACL REMOTE PASSWORD command or the RPASSWRD program.

The Corporate Security Standards should dictate who is authorized to ADD, ALTER or DELETE REMOTEPASSWORDs for any userids.

With the Safeguard Subsystem

By default, a new user is configured as local, without access to other nodes. This default configuration makes all files on remote nodes inaccessible.

REMOTEPASSWORDs are added to a User Record with the Safeguard ALTER USER or ALTER ALIAS commands.

The Corporate Security Standards should dictate who is authorized to ADD, ALTER or DELETE REMOTEPASSWORDs for any userids or aliases.

With OSS

By default, a new user is configured as local, without access to other nodes. This default configuration makes all files available through the OSS /E directory inaccessible to OSS users.

The Corporate Security Standards should dictate who is authorized to ADD, ALTER or DELETE REMOTEPASSWORDs for any OSS userids or aliases.



Previous page
Table of content
Next page
HP NonStop Server Security 2004
HP NonStop Server Security 2004
ISBN: 159059035X
EAN: N/A
Year: 2004
Pages: 157
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
Lotus Notes and Domino 6 Development (2nd Edition)
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Developing Tablet PC Applications (Charles River Media Programming)
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
MySQL Clustering
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy