The BACKUP utility copies data stored in disk files to magnetic tape for archival purposes. BACKUP is the primary method used to preserve the system's data files and programs. BACKUP is the archival method; RESTORE performs the complementary function to copy the data from tape to disk.
The Corporate Security Policy should detail procedures for physically securing tapes in a tape library.
RISK Tapes can contain sensitive data. Therefore, access to tapes must be controlled physically to ensure security. Copies should only be made by authorized personnel.
RISK BACKUP only requires READ access to perform the file read function. If the BACKUP program is accessible to general users, files containing sensitive data could be backed up and restored under their userid .
BACKUP is a privileged program and must be LICENSED to be runnable. Only SUPER.SUPER can run the program if it isn't licensed.
RISK If BACKUP isn't licensed, SQL tables cannot be backed up by anyone (including SUPER.SUPER).
BP-FILE-BACKUP-01 BACKUP should be secured "UUNU".
BP-OPSYS-LICENSE-01 BACKUP must be LICENSED.
BP-OPSYS-OWNER-01 BACKUP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 BACKUP must reside in $SYSTEM.SYSnn.
If available, use Safeguard software or a third party object security product to grant access to the BACKUP only to users who require access in order to perform their jobs.
BP-SAFE-BACKUP-01 Add a Safeguard Protection Record to grant appropriate access to the BACKUP object file.
Because operators frequently 'run' the backups and because, ideally , operators do not have userids in the SUPER Group, the Corporate Security Policy should mandate how operators will be granted the ability to backup every file on the system. There are two basic choices: with a third party access control product and without one.
With a third party access control product:
3P-ACCESS-BACKUP-01 Use a third-party access control product to allow the users responsible for creating backups the ability to run BACKUP as SUPER.SUPER.
Without a third party access control product:
AP-ADVICE-BACKUP-01 Give those users responsible for running backups EXECUTE access to a PROGID'd copy of the BACKUP utility owned by SUPER.SUPER.
RISK Object files PROGID'd to SUPER.SUPER are a security risk.
AP-ADVICE-BACKUP-01A The PROGID copy of BACKUP should not reside in $SYSTEM.SYSTEM, $SYSTEM.SYSnn or any subvolume in the PMSEARCHLIST that is shared by all users.
AP-ADVICE-BACKUP-01B The PROGID copy of BACKUP should be secured so that only users authorized to create backup tapes can execute it.
AP-ADVICE-BACKUP-02 Create a job function userid (such as SUPER.BACKUP) that is used only for running BACKUP. Create Safeguard Protection Records to give SUPER.BACKUP READ-only access to all files. Give those users responsible for running backups EXECUTE access to a PROGID copy of the BACKUP utility owned by SUPER.BACKUP.
RISK Anyone logged on as SUPER.BACKUP has read access to every file on the system.
AP-ADVICE-BACKUP-02A SUPER.BACKUP must be treated as a privileged userid. Users should not be allowed to logon as SUPER.BACKUP.
RISK This method requires a great deal of Safeguard maintenance.
AP-ADVICE-BACKUP-02B To reduce the maintenance overhead, Safeguard Protection Records granting READ access to SUPER.BACKUP should be applied at the VOLUME or SUBVOLUME, rather than the DISKFILE level.
Who owns the BACKUP object file?
Is the BACKUP object file licensed?
Who is allowed to initiate tape backups on the system?
Is the BACKUP object file correctly secured with the Guardian or Safeguard system?