Introduction
"To have the same number of takeoffs and landings and never have my name in the paper".
I received that well-practiced answer when I asked a commercial wide-body pilot nearing retirement what his goals had been during his nearly 30 years flying.
I thought ” vendors of key IT infrastructure should have the same goals ”no major crashes and staying out of the headlines. My pilot friend understood implicitly that he was part of the transportation infrastructure and that "boring was beautiful." Every element of the aircraft, the flight procedures and even personnel assignment, were centered on maximizing reliability and thus safety. IT infrastructure vendors need to be thinking the same way.
By Kevin Tolly
Network World, 02/03/03
If a company's software applications are the 'castle', then access control is the moat or first level of defense. Logon controls are the outer gate and dial up and FTP access are the postern gates, CMON and HP Safeguard software are the gatekeepers, lookouts and tattletales. Safeguard Protection Records and HP Guardian Security vectors are the bricks in the castle wall encircling all the application objects files, source files and data files. Other subsystems such as NonStop TMF software and SCF and the operating system in general are the underpinnings or foundation that support the applications and also 'live' within the walls. Application databases and reports , proprietary corporate data and personal employee data are the treasures that must be protected.
Application users are the tenants of the castle. The security, operations and technical support groups are the staff that assist the tenants and keep the castle's systems functioning.
Security's mission is to protect the castle, its tenants and its contents. Their job is four-fold. First, to minimize the likelihood of damaging mistakes by the tenants or staff. Second, to prevent plots, intrigues and pilfering by the castle's tenants and staff. Third, to prevent invasion by outsiders. Fourth, to mitigate the damage possible in the event of mistakes or breaches.
The Auditor 's job is both to monitor the Security Department's effectiveness and to provide the ' hammer ' that enables the Security Department to change company procedures and culture, when necessary, to effectively secure the castle.
About This Handbook
This handbook seeks to familiarize auditors and those responsible for security configurations and monitoring, with the aspects of the HP NonStop server operating system that make the NonStop server unique, the security risks these aspects create, and the best ways to mitigate these risks.
Disclaimer
This handbook represents the efforts of many individuals, who collectively have over 200 years of experience, in an effort to provide a practical handbook for security administrators, system resource personnel, auditors and the general HP NonStop server community.
A lot of hard work has gone into this handbook to ensure that the information presented herein is accurate, but errors and omissions may be found.
Please remember that the needs of the corporation, computer center, applications and customers must always take precedence over our recommended Best Practices in the environment. Use this handbook as a guideline, not a rule.
How this handbook is organized
The HP NonStop server's subsystems have been presented in a logical manner, beginning with the subsystems that make up the Operating System itself, native Guardian security, and Safeguard subsystem and continuing through user administration, how users are authenticated when attempting to access the HP NonStop server and how each user is granted access to information and programs as appropriate to job function.
Because securing the information on an HP NonStop server is primarily implemented via the principles of access control, the handbook is organized based on these principles.
Access Control is the overall term for the set of manual and automated procedures designed to provide individual accountability by:
User authentication to ensure that only authorized users access the system
Object-centric access control that maps the subject user and operation to the object resource
Auditing that records when who did what to which object
This section provides an overview of these principles.
For detailed information regarding Authentication procedures on the HP Non- Stop server, see this handbook's Parts Two and Three , Administering Users and Granting Access to the HP NonStop Server .
For detailed information regarding Authorization procedures on the HP NonStop server, see Parts Four and Five , Controlling Access to Objects and Controlling Access to Utilities .
Parts of the handbook
This handbook has been organized to address topics as units. This is particularly true for discussions about the Safeguard subsystem. Safeguard configuration is discussed separately from the discussion on User Management with Safeguard.
Part Six is the Gazette: an alphabetical series of sections addressing specific utility programs or subsystem's software security. The Gazette is more "how to secure the components of a subsystem," not "how to use a subsystem."
Each section also includes Discovery, Best Practices, and Recommendations.
Discovery
Each Discovery subsection includes a list of questions that, when answered , provides the information necessary for evaluating the risk posed by the particular subsystem in the environment. Each question is 'numbered'; the numbers correspond with the Risk Identifiers and the Best Practice recommendations.
In the Discovery tables, each question also has a reference to the kind of method used to gather the data needed to respond to the question. The data-collection methods are detailed in Appendix A: Gathering the Information .
Best Practice
Each Best Practice identification discusses the recommended methods of mitigating each risk present in the particular subsystem. Each Best Practice item is numbered; the numbers correspond with those in the Discovery tables.
About the Numbering Convention
The Best Practice (BP) numbering convention is designed to uniquely identify each Best Practice item.
To provide a shorthand means of referring to a practice and to support a checklist for security review summaries, there is an identifier associated with each item in every Best Practice subsection throughout the handbook. The identifiers are based on the Best Practice points for each subsystem or subsystem component. The Best Practice numbers correspond with the stipulated risks and the discovery questions.
The identifiers are made up of four parts:
| Part 1 | BP (this part is dropped in the Discovery listings) |
| Part 2 | The subsystem identifier. Each section has a Subsystem Identifier. For example, the Safeguard Subsystem is abbreviated to SAFE. |
| Part 3 | The category identifier within each subsystem. In general, each subsection has a category identifier. For example, OBJT is the category for the Safeguard OBJECTTYPE related items. For example, BP-SAFE-OBJT |
| Part 4 | A number identifying each particular question. Within each subsystem (Section), the primary numbers begin with 01. For example, BP-SAFE-OBJT-01. |
 |
BP-FILE-DELUSER-01 DELUSER should be secured "- - - -".
| |
Advice and Policy Suggestions
Advice and policy recommendations are noted throughout the handbook. These are ideas or suggestions that may or may not be important to a specific company.
Some advice topics may recommend the use of third party products to enhance the 'native' security provided by HP's Guardian and Safeguard security mechanisms.
About the Numbering Convention
Policy, advice and recommendations are uniquely identified throughout the handbook.
The identifiers are made up of four parts:
| Part 1 | AP for advice or recommendations or 3P for a recommendation that is best supported by a third party tool (this part is dropped in the Discovery listings) |
| Part 2 | The subsystem identifier or ADVICE. |
| Part 3 | The category identifier within each subsystem. In general, each subsection has a category identifier. For example, PASSWORD is the category for the User Password related items. For example, AP- ADVICE-PASSWORD |
| Part 4 | A number identifying each particular question. Within each subsystem (Section), the primary numbers begin with 01. For example AP-ADVICE-PASSWORD-01. |
| |
AP-ADVICE-CMON-03 Put procedures in place to keep CMON up-to-date with new Operating System releases.
| |
RISK Identification
Risks are addressed throughout the handbook. To bring these to the reader's attention, they are italicized.
RISK Adding users to the system is a primary gateway through which unauthorized users could gain access.
