|
|
HP Security Monitor/iX Manager's Guide: HP 3000 MPE/iX Computer Systems > Chapter 2 Overview of Security on the MPE/iX Computer SystemGeneral Defenses Against Security Threats |
|
Some types of defenses are effective against all three types of general security threats. The second and third types of security threats also may require additional defenses that are specific to the form of the threat. A major first line of general defense is your company's security guideline. All present users and system administrators should be thoroughly familiar with the guideline and its implementation. All new users should be made familiar with the guideline and its implementation before being allowed on the system. Examples of defenses against loss of use include prevention of access, fire prevention and firefighting measures, safeguards against shock and impact in earthquake regions, and storage off site, in antimagnetic containers, of information on magnetic media. Insurance is another form of defense. Although it cannot prevent physical loss, it can mitigate financial loss. Prevention of access is the primary form of defense against theft and vandalism. Such defenses take several forms:
Physical prevention of access takes many forms, including:
Denial of access even though equipment can be physically approached can apply to machinery of many types. For computers and computer systems, methods include:
Although wear and tear on equipment certainly is a cause of performance loss, it is a business problem, rather than one of security. System administrators should be aware of it and request the replacement of worn equipment as needed. In the same sense, loss of performance or data due to incorrect usage also is not a security problem. On the other hand, it is one with which system administrators must be involved. For example, incorrect usage can deny use of the system to other users by tying up too much of the CPU. Solutions include:
One type of sabotage involves access to the computer or system by unauthorized persons. For the most part, preventative measures are the same as those described under Prevention of Access, above. In particular, you should be aware of the fact that anyone who can access the System Console can execute a CTRLA, then execute any command that can be invoked from the "=" prompt. Such commands include =ABORTJOB, =ABORTIO, =LOGOFF, =LOGON, and =SHUTDOWN. Another type of access available from the System Console is that provided by executing a CTRLB. This provides access to the system hardware via the system diagnostics. The CTRLB function can be physically disabled. Discuss this with your Hewlett-Packard Service Engineer. A type of sabotage much harder to prevent is sabotage from internal sources. Examples include disgruntled employees, and accidental sabotage resulting from the inadvertent introduction of destructive software (Trojan horses, viruses) into the system. Sabotage by users with otherwise legitimate access to the system can be minimized by enforcing limitations on capabilities and access. System logging facilities can be used to establish strict accountability for all users. Such accountability cannot prevent sabotage, but can aid in identifying the culprit. Even users at the highest levels can be made accountable by such techniques as maintaining a log of all who access or modify the system configuration. Due to the power of the privileged mode capability (PM), System Managers should allocate it only to accounts, groups and users with an imperative need. As an example of the dangers inherent in the PM capability, it permits the use of DEBUG on system files, and lets persons with the capability place unauthorized software on the system. Prevention of accidental sabotage from destructive software can be minimized or prevented by education, strict rules against using unauthorized software, and well publicized penalties for doing so. Establishment of accountability can, again, aid in identifying the offender in such incidents. Total prevention of accidental information disclosure is rarely possible. Employee education and appeals to employees' sense of company or national loyalty can help mitigate the problem, but not prevent it. Another technique is to disseminate vital information strictly on a need-to-know basis. Deliberate theft of information in physical form, such as on disk, tape, and paper, can be minimized using the same techniques as those for preventing theft of equipment: prevention of access. Techniques for preventing access include locking desks, cabinets, and files. Store media in locked cabinets rather than open racks, and enforce strict control over the distribution of sensitive documents. When the information on media is no longer needed, the media is often reused by simply writing over the existing data. Depending on the medium, the data may be readable until it is overwritten, even if the medium have been reformatted. This is an easily overlooked breach of security. Before returning disk, disk packs, and tapes to reuse, all labels should be removed in order to prevent a thief from easily picking out the tapes that may contain important information. Each disk or tape should be carefuly erased with a degausser type bulk tape eraser. Techniques for protecting information in the system itself include locking computers, enforcing the use of passwords, prohibiting embedded passwords, and clearing computer screens and screen buffers. Avoid storing files containing sensitive information in accounts to which all or many users have access, such as PUB.SYS and system libraries. Be particularly aware of the sensitivity of the PUB.SYS account and NL.PUB.SYS. Only System and Account Managers should ever have the capability to change the accessibility level of the account. Also be sensitive to the fact that programs stored in XL.PUB.SYS" are executable by any user, and that a virus-infected program stored there is in a particularly advantageous place to damage your system. Finally, use ACDs with all files and devices, and share files only with those who have a need to know. Table 2-4 Synopsis of Possible Security Threats and Defenses
|
|