Access to the sensitive data and the computers where it resides is limited by both physical controls and logical controls.
Sensitive information and computers must be stored in locked areas with restricted access, controlled by electronic card readers, escorts, or security guards . Users should be granted access only if they have a genuine need to access information. Keep a database of authorized people, including what each user is allowed to access. Also, keep a log of the time and date that each person enters secure areas.
Physical security includes more than just user access. The following subjects must also be considered :
Physical protection of equipment and personnel
Fire protection and prevention
Proximity to water hazard
Detection of leaks
Continuity of power supplies
Detection of loss
Continuity of service
Detection of taps
Physical security generally falls outside the scope of an audit of the HP NonStop server and is therefore not covered in this handbook. For more information, refer to the commercially available texts about physical security.
Computer-based protections consist of:
Access control software
User authentication methods
Access Control is the whole array of tools and procedures used to limit, control, and monitor access to information and utilities. Access control is based on a user's identity and membership in predefined groups. Access control makes it possible to control the use, availability, integrity, and confidentiality of objects and information on the HP NonStop server.
Access Control has four major components :
This section provides an overview of these principles.
For detailed information regarding Authentication procedures on the HP Non- Stop server, see Parts Three and Four , Authentication; User Administeration and Granting Access to the HP NonStop Server .
For detailed information regarding Authorization procedures on the HP NonStop Server, see Parts Four and Five , Authentication, Granting Access to the HP NonStop Server and Authorization; Object Security.
Accountability means ensuring that only a specific user can perform a specific action and being able to prove that a specific user performed a specific action. It also ensures that the user will not later be able to claim that they never made the action. This is called nonrepudiation .
In order to provide individual accountability, user authentication is required. Without reliable authentication, there can be no accountability.
In order to provide individual accountability, auditing is also required. Every authentication and every attempted access must be recorded and not modifiable.
Authentication is the process of ensuring accurate user identification. Users must be given userids in appropriate administrative groups and be uniquely identified to the system.
On the HP NonStop server, there are two types of user groups:
Administrative Groups The group that is part of the userid . This group is the primary unit that categorizes a given user's job function.
File-sharing Groups Groups created in Safeguard software to grant access to diskfiles and other objects on the system. File-sharing groups are primarily relevant in the OSS environment.
A personal, unique userid identifies the user to the system. When combined with a strong password, it enables the system to authenticate the user's identity.
Authorization is the process of controlling access to system resources. See Part Five, Authorization; Object Security , for audit procedures relating to Authorization.
Access to system resources is based on individual userids and group memberships. Therefore, userids must be carefully assigned based on the principles of Least Privilege and Separation of Duties.
User access to system OBJECTS (files, processes and devices) should be granted based on job function, mediated by the principles of Least Privilege and Separation of Duties.
Monitoring complements the three previously described controls by showing how the controls have controlled the system. Without monitoring, individual accountability, authentication and authorization cannot be shown to have worked.
Monitoring must discover all occurrences of unusual authorized activities such as changing the security implementation or adding a user and all occurrences of unauthorized activity such as a bad logon or a denied file access.