HPlogo HP Security Monitor/iX Manager's Guide: HP 3000 MPE/iX Computer Systems > Chapter 2 Overview of Security on the MPE/iX Computer System

General Defenses Against Security Threats
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Some types of defenses are effective against all three types of general security threats. The second and third types of security threats also may require additional defenses that are specific to the form of the threat.

A major first line of general defense is your company's security guideline. All present users and system administrators should be thoroughly familiar with the guideline and its implementation. All new users should be made familiar with the guideline and its implementation before being allowed on the system.

Defenses Against Loss of Use

Examples of defenses against loss of use include prevention of access, fire prevention and firefighting measures, safeguards against shock and impact in earthquake regions, and storage off site, in antimagnetic containers, of information on magnetic media. Insurance is another form of defense. Although it cannot prevent physical loss, it can mitigate financial loss.

Prevention of Access

Prevention of access is the primary form of defense against theft and vandalism. Such defenses take several forms:

  • Physical prevention of access to premises, and physical prevention of access to equipment within the premises.

  • Denial of use even though the equipment can be physically approached.

Physical prevention of access takes many forms, including:

  • Perimeter defenses, such as fences with controlled access points, intruder warning devices, remote television cameras, searchlights, and guard dogs.

  • Internal defenses, such as guarded entry points to buildings and areas, metal detectors, identification badges, sign-in logs, combination or magnetic card locks on laboratory and computer room doors, and locks for desks, cabinets, workstations and personal computers. In addition, physically attaching small equipment to desks can help prevent theft, although not vandalism.

Denial of access even though equipment can be physically approached can apply to machinery of many types. For computers and computer systems, methods include:

  • Key locks for workstations and personal computers.

  • Passwords, password protection, limitations on the number of logon attempts allowed, and file and device ACDs. Systems connected to external networks and accessible by telephone present particular problems of their own. For example, if a caller fails to log on within the number of times allowed, that person need only hang up and try again. The problem is aggravated by the fact that it is possible to set up a computer to make the calls!

  • One way to limit damage is to ensure that a user's access is removed as soon as access is no longer needed. Idle accounts or accounts of user's no longer at the company or organization should be considered a potential security risk.

Defenses Against Loss of Performance

Although wear and tear on equipment certainly is a cause of performance loss, it is a business problem, rather than one of security. System administrators should be aware of it and request the replacement of worn equipment as needed.

In the same sense, loss of performance or data due to incorrect usage also is not a security problem. On the other hand, it is one with which system administrators must be involved. For example, incorrect usage can deny use of the system to other users by tying up too much of the CPU. Solutions include:

  • Limitations on access by limiting user capabilities, or giving users access only to the resources they need to execute their tasks.

  • User training.

Defenses Against Data and Performance Loss Due to Sabotage

One type of sabotage involves access to the computer or system by unauthorized persons. For the most part, preventative measures are the same as those described under Prevention of Access, above. In particular, you should be aware of the fact that anyone who can access the System Console can execute a CTRLA, then execute any command that can be invoked from the "=" prompt. Such commands include =ABORTJOB, =ABORTIO, =LOGOFF, =LOGON, and =SHUTDOWN.

Another type of access available from the System Console is that provided by executing a CTRLB. This provides access to the system hardware via the system diagnostics. The CTRLB function can be physically disabled. Discuss this with your Hewlett-Packard Service Engineer.

A type of sabotage much harder to prevent is sabotage from internal sources. Examples include disgruntled employees, and accidental sabotage resulting from the inadvertent introduction of destructive software (Trojan horses, viruses) into the system.

Sabotage by users with otherwise legitimate access to the system can be minimized by enforcing limitations on capabilities and access. System logging facilities can be used to establish strict accountability for all users. Such accountability cannot prevent sabotage, but can aid in identifying the culprit. Even users at the highest levels can be made accountable by such techniques as maintaining a log of all who access or modify the system configuration.

Due to the power of the privileged mode capability (PM), System Managers should allocate it only to accounts, groups and users with an imperative need. As an example of the dangers inherent in the PM capability, it permits the use of DEBUG on system files, and lets persons with the capability place unauthorized software on the system.

Prevention of accidental sabotage from destructive software can be minimized or prevented by education, strict rules against using unauthorized software, and well publicized penalties for doing so. Establishment of accountability can, again, aid in identifying the offender in such incidents.

Defenses Against Information Disclosure

Total prevention of accidental information disclosure is rarely possible. Employee education and appeals to employees' sense of company or national loyalty can help mitigate the problem, but not prevent it. Another technique is to disseminate vital information strictly on a need-to-know basis.

Deliberate theft of information in physical form, such as on disk, tape, and paper, can be minimized using the same techniques as those for preventing theft of equipment: prevention of access.

Techniques for preventing access include locking desks, cabinets, and files. Store media in locked cabinets rather than open racks, and enforce strict control over the distribution of sensitive documents.

When the information on media is no longer needed, the media is often reused by simply writing over the existing data. Depending on the medium, the data may be readable until it is overwritten, even if the medium have been reformatted. This is an easily overlooked breach of security.

Before returning disk, disk packs, and tapes to reuse, all labels should be removed in order to prevent a thief from easily picking out the tapes that may contain important information. Each disk or tape should be carefuly erased with a degausser type bulk tape eraser.

Techniques for protecting information in the system itself include locking computers, enforcing the use of passwords, prohibiting embedded passwords, and clearing computer screens and screen buffers.

Avoid storing files containing sensitive information in accounts to which all or many users have access, such as PUB.SYS and system libraries. Be particularly aware of the sensitivity of the PUB.SYS account and NL.PUB.SYS. Only System and Account Managers should ever have the capability to change the accessibility level of the account. Also be sensitive to the fact that programs stored in XL.PUB.SYS" are executable by any user, and that a virus-infected program stored there is in a particularly advantageous place to damage your system.

Finally, use ACDs with all files and devices, and share files only with those who have a need to know.

Table 2-4 Synopsis of Possible Security Threats and Defenses

Possible ThreatsPossible Defenses
Loss of use.

Prevent access.

Perimeter defenses.

Fences.

Guarded entries.

Lighting.

Intruder warning devices.

Surveillance devices.

Guard dogs.

Internal defenses.

Guarded entries.

Metal detectors.

Identification badges.

Sign-in logs.

Door locks.

Locks - desk, storage, computers.

Physical restraints on equipment.

Denial of use.

Mandatory passwords.

No embedded passwords.

Logon limitations.

Restrictions on use of modems.

Fire prevention.

Shock and impact prevention.

Offsite storage.

Antimagnetic storage.

Insurance.

Loss of performance due to incorrect usage.

Limit user access.

Limit user capabilities.

User training.

Sabotage.

Prevent access.

Limit user access.

Limit user capabilities.

Prohibit unauthorized software.

Accountability.

Log operator commands.

Maintain system configuration log.

Disclosure of information.

Prevent access.

Limit document distribution.

Limit knowledge distribution.

Lock desks, cabinets, computers.

Store media in locked cabinets.

Degauss media to erase data.

Use and maintain passwords.

Clear screens and screen buffers.

Limit information stored in PUB and library accounts.

Provide information on a need-to-know basis.

Protect all files with ACDs.

 



Recognizing Security Incursions
  		 


Chapter 3 Managing System Users with Passwords and Logon Restrictons  
Feedback to webmaster