TAPECOM System Utility


TAPECOM labels tapes and handles labeled-tape requests in a labeled-tape environment. TAPECOM processes labeled-tape requests from other utilities such as BACKCOPY, BACKUP, and RESTORE.

Caution

A tape label is a record at the beginning of a tape that identifies the tape volume.

The system operators need to use TAPECOM to:

Monitor labeled-tape messages

Display requests to mount tapes or to use tape drives

Accept or reject tape mount requests or requests to use tape drives

Display the status of tape drives

Label or relabel tapes in ANSI or IBM format

Create scratch tapes

Other users use TAPECOM to display:

The status of tape drives

The requests to mount tapes or to use tape drives

On G-series operating system, labeled-tape operations are managed via MEDIACOM, which is part of the Distributed Systems Management/Tape Catalog (DSM/TC) software system.

AP-ADVICE-TAPECOM-01 On G-series operating systems, MEDIACOM must be used for labeled-tape operations.

AP-ADVICE-TAPECOM-02 The Corporate Security Policy should detail procedures for validating requests for backup tapes and securing those tapes in a tape library.

AP-ADVICE-TAPECOM-03 Physical and procedural protection of the backup tapes is vital .

AP-ADVICE-TAPECOM-04 Access to TAPECOM should be the same as access to other tape utilities.

AP-ADVICE-TAPECOM-05 Access to TAPECOM should be restricted to users authorized to manage labeled tapes.

Securing TAPECOM

BP-FILE-TAPECOM-01 TAPECOM should be secured "UUNU".

BP-OPSYS-LICENSE-01 TAPECOM must be LICENSED.

BP-OPSYS-OWNER-01 TAPECOM should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-01 TAPECOM must reside in $SYSTEM.SYSnn.

If available, use Safeguard software or a third party object security product to grant access to TAPECOM object files to necessary personnel, and deny access to all other users.

BP-SAFE-TAPECOM-01 Add a Safeguard Protection Record to grant appropriate access to the TAPECOM object file.

TAPECOM Commands With Security Implications

TAPECOM allows users access to copy or destroy sensitive data on tape media. All of the commands in the following list manipulate tapes or the tape library.

ACCEPT

CLEAR BLPCHECK

CLEAR NLCHECK

DUMPLABELS

LABEL[IBM]

NEXTTAPE

REJECT

RELABEL[IBM]

SCRATCH

SET BLPCHECK

SET NLCHECK

UNLABEL

USETAPE

If a third party access control product is used to grant selected users access to TAPECOM, only the commands listed should be granted to privileged users. All other commands should be available for general use.

3P-ACCESS-TAPECOM-01 Use a third party access control product to allow the users responsible for using TAPECOM commands access as SUPER.SUPER.

3P-ACCESS-TAPECOM-02 Use a third party access control product to give the use of certain TAPECOM commands to a limited group of users only.

Discovery Questions

Look Here:

OPSYS-OWNER-01

Who owns the TAPECOM object file?

Fileinfo

OPSYS-LICENSE-01

Is TAPECOM licensed?

Fileinfo

FILE-POLICY

Who is allowed to execute TAPECOM, BACKUP and RESTORE on the system?

Policy

FILE-TAPECOM-01
SAFE-TAPECOM-01

Is the TAPECOM object file correctly secured with the Guardian or Safeguard system?

Fileinfo Safecom

Related Topics

BACKUP

DSM/TC

RESTORE




HP NonStop Server Security 2004
HP NonStop Server Security 2004
ISBN: 159059035X
EAN: N/A
Year: 2004
Pages: 157

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net