The Experts below are selected from a list of 15 Experts worldwide ranked by ideXlab platform
Ellen Alvarado - One of the best experts on this subject based on the ideXlab platform.
-
Authentication; User Administration
HP NonStop Server Security, 2020Co-Authors: Terri Hill, Ellen AlvaradoAbstract:This chapter outlines the principles for securing a system. These principles include a good user schema based on the principles of least privilege, separation of duties, and individual accountability. The “Group name” or number identifies the user's administrative group. The “Member name” or number identifies the user within the group. The combination must be unique for a single system and unique over the network if the user will have access to multiple nodes. Administrative group names are made up of 1 to 8 alphanumeric characters. The first character must be a letter. Groups with numbers ranging from 0 to 255 may be used as “Administrative groups” that can be thought of as “Job function groups” because they are the primary unit that categorizes a given user's job function. Users with similar job descriptions and tasks require the same access to system resources and they should be given user IDs in the same administrative group. A secure system requires a well organized and well thought out user ID schema. Users must be given user IDs in appropriate administrative groups and uniquely identified to the system. Aliases are only available in “Safeguard” environments. The HP Nonstop Server Guardian operating system grants special privileges to several user IDs. These privileges are granted the moment the user IDs are created. The privileges can only be limited by implementing Safeguard software.
-
Gazette A to Z
HP NonStop Server Security, 2020Co-Authors: Terri Hill, Ellen AlvaradoAbstract:The Gazette consists of a chapter per program, process, or subsystem containing a discussion of the objects, security concerns, and best practice recommendations. The naming conventions are: User Program, System Program, System Utility, Configuration File, Subsystem, and Application. The ADDUSER program is used to create user IDs when Safeguard software is not in use. How this program is secured depends on the Corporate Security Policy and whether or not Safeguard is in use. AUDSERV is only used in an SQL environment. It is not an interactive program; it is invoked by the Nonstop TMF subsystem. AUDSERV makes it possible for applications to share the use of a table or index during DDL reorganization. The Accelerator (AXCEL) program transforms HP Nonstop Server compiled language object code to produce accelerated object code, which may run faster. How much faster depends on whether or not the code runs on a RISC (TNS/R) system or an older CISC (TNS) system. AXCEL is used with TNS compilers and not with native compilers. Native languages are already accelerated for performance. Programs consisting mainly of calls on system code do not get much additional performance gain by acceleration because system code has already been native-compiled. Programs consisting of large amount of user code may gain significant performance by the acceleration compilation.
-
7 – Securing Applications
HP NonStop Server Security, 2020Co-Authors: Terri Hill, Ellen AlvaradoAbstract:Publisher Summary Applications are the company's business application and they are the reason for using the HP Nonstop Server. In essence, applications are the most important entity on the machine. Everything else that runs on the system supports the application. In-house application development is the most mysterious environment of an enterprise; mysterious to everyone other than developers and their managers. Developers do not like to be bogged down with computer security. They would be happiest if they all had access to the super password and could do anything they wanted. But, the fact is that developers have to comply with the Corporate Security Policy and Standards. The security administrator must establish a dialog with the development manager early on in the development cycle to ensure that the following areas comply with the security policy—source control, application configuration source files, object release control, and application security considerations. Third-party vendor applications introduced to HP Nonstop Servers have the same issues as in-house applications. The difference is that the source code belongs to the third-party vendor. The third-party system tools, like the in-house system tools, exist to support the application. The security administrator must evaluate each tool to determine which subsystems are being utilized and the appropriate security for the tool according to the security policy. Usually, third-party tools come well documented and have easy to maintain common user interfaces.
-
the hp Nonstop Server architecture and environment
HP NonStop Server Security#R##N#A Practical Handbook, 2004Co-Authors: Terri Hill, Ellen AlvaradoAbstract:This chapter provides a brief overview of the HP Nonstop Server architecture, which is unique in both hardware and software components. The HP Nonstop Server platform is a scalable, shared nothing, multiple processor, multiprocessing environment equipped with both hardware and software configured to provide continuously available service. It is a computing environment where failures can be tolerated without eliminating the services provided. At the heart of the Nonstop platform is the multiple processor, multiple interprocessor-bus, multiple controller and multiple disk hardware configuration. No single hardware failure should eliminate processing—all paths are configured as redundant by default. Since the hardware is scalable, additional resources such as CPUs and disks can be added as necessary without requiring systems engineering to redesign the machine. The software, both operating system and application, is designed to support the fault-tolerant hardware. The operating system continually monitors the status of all components, switching control as necessary to maintain operations.
-
authentication granting access to the hp Nonstop Server
HP NonStop Server Security#R##N#A Practical Handbook, 2004Co-Authors: Terri Hill, Ellen AlvaradoAbstract:After creating the user IDs, control must be established over their access to individual nodes and the expanded network. The authentication sequence depends on four parameters—the access batch or interactive, the communication medium being used, the Safeguard TERMINAL controls being used, and the personality of the HP Nonstop Server being used. The combinations of these parameters determine which path the user will take through the process of authenticating the user's identity. The Guardian system requires that users must logon to the system with a valid user ID or alias and a password. TACL is the command interpreter used with the Guardian system. The logging on process calls the USER_AUTHENTICATE_ routine. During this system call a PRELOGON message is sent to CMON, if it is running. If the PRELOGON request passes the CMON rules, a LOGON request is sent to CMON, if it is running. The USER_AUTHENTICATE_ procedure will utilize the Safeguard facility, SZSMP, if Safeguard software is on the system. SZSMP evaluates both the Safeguard configuration and the User Record attributes to determine if the access will be granted. Based on the Safeguard configuration, SZSMP also determines whether or not the logon will be audited. If the USER_AUTHENTICATE_ procedure does not exist in the system library, TACL calls the VERIFYUSER system procedure.
Terri Hill - One of the best experts on this subject based on the ideXlab platform.
-
Authentication; User Administration
HP NonStop Server Security, 2020Co-Authors: Terri Hill, Ellen AlvaradoAbstract:This chapter outlines the principles for securing a system. These principles include a good user schema based on the principles of least privilege, separation of duties, and individual accountability. The “Group name” or number identifies the user's administrative group. The “Member name” or number identifies the user within the group. The combination must be unique for a single system and unique over the network if the user will have access to multiple nodes. Administrative group names are made up of 1 to 8 alphanumeric characters. The first character must be a letter. Groups with numbers ranging from 0 to 255 may be used as “Administrative groups” that can be thought of as “Job function groups” because they are the primary unit that categorizes a given user's job function. Users with similar job descriptions and tasks require the same access to system resources and they should be given user IDs in the same administrative group. A secure system requires a well organized and well thought out user ID schema. Users must be given user IDs in appropriate administrative groups and uniquely identified to the system. Aliases are only available in “Safeguard” environments. The HP Nonstop Server Guardian operating system grants special privileges to several user IDs. These privileges are granted the moment the user IDs are created. The privileges can only be limited by implementing Safeguard software.
-
Gazette A to Z
HP NonStop Server Security, 2020Co-Authors: Terri Hill, Ellen AlvaradoAbstract:The Gazette consists of a chapter per program, process, or subsystem containing a discussion of the objects, security concerns, and best practice recommendations. The naming conventions are: User Program, System Program, System Utility, Configuration File, Subsystem, and Application. The ADDUSER program is used to create user IDs when Safeguard software is not in use. How this program is secured depends on the Corporate Security Policy and whether or not Safeguard is in use. AUDSERV is only used in an SQL environment. It is not an interactive program; it is invoked by the Nonstop TMF subsystem. AUDSERV makes it possible for applications to share the use of a table or index during DDL reorganization. The Accelerator (AXCEL) program transforms HP Nonstop Server compiled language object code to produce accelerated object code, which may run faster. How much faster depends on whether or not the code runs on a RISC (TNS/R) system or an older CISC (TNS) system. AXCEL is used with TNS compilers and not with native compilers. Native languages are already accelerated for performance. Programs consisting mainly of calls on system code do not get much additional performance gain by acceleration because system code has already been native-compiled. Programs consisting of large amount of user code may gain significant performance by the acceleration compilation.
-
7 – Securing Applications
HP NonStop Server Security, 2020Co-Authors: Terri Hill, Ellen AlvaradoAbstract:Publisher Summary Applications are the company's business application and they are the reason for using the HP Nonstop Server. In essence, applications are the most important entity on the machine. Everything else that runs on the system supports the application. In-house application development is the most mysterious environment of an enterprise; mysterious to everyone other than developers and their managers. Developers do not like to be bogged down with computer security. They would be happiest if they all had access to the super password and could do anything they wanted. But, the fact is that developers have to comply with the Corporate Security Policy and Standards. The security administrator must establish a dialog with the development manager early on in the development cycle to ensure that the following areas comply with the security policy—source control, application configuration source files, object release control, and application security considerations. Third-party vendor applications introduced to HP Nonstop Servers have the same issues as in-house applications. The difference is that the source code belongs to the third-party vendor. The third-party system tools, like the in-house system tools, exist to support the application. The security administrator must evaluate each tool to determine which subsystems are being utilized and the appropriate security for the tool according to the security policy. Usually, third-party tools come well documented and have easy to maintain common user interfaces.
-
the hp Nonstop Server architecture and environment
HP NonStop Server Security#R##N#A Practical Handbook, 2004Co-Authors: Terri Hill, Ellen AlvaradoAbstract:This chapter provides a brief overview of the HP Nonstop Server architecture, which is unique in both hardware and software components. The HP Nonstop Server platform is a scalable, shared nothing, multiple processor, multiprocessing environment equipped with both hardware and software configured to provide continuously available service. It is a computing environment where failures can be tolerated without eliminating the services provided. At the heart of the Nonstop platform is the multiple processor, multiple interprocessor-bus, multiple controller and multiple disk hardware configuration. No single hardware failure should eliminate processing—all paths are configured as redundant by default. Since the hardware is scalable, additional resources such as CPUs and disks can be added as necessary without requiring systems engineering to redesign the machine. The software, both operating system and application, is designed to support the fault-tolerant hardware. The operating system continually monitors the status of all components, switching control as necessary to maintain operations.
-
authentication granting access to the hp Nonstop Server
HP NonStop Server Security#R##N#A Practical Handbook, 2004Co-Authors: Terri Hill, Ellen AlvaradoAbstract:After creating the user IDs, control must be established over their access to individual nodes and the expanded network. The authentication sequence depends on four parameters—the access batch or interactive, the communication medium being used, the Safeguard TERMINAL controls being used, and the personality of the HP Nonstop Server being used. The combinations of these parameters determine which path the user will take through the process of authenticating the user's identity. The Guardian system requires that users must logon to the system with a valid user ID or alias and a password. TACL is the command interpreter used with the Guardian system. The logging on process calls the USER_AUTHENTICATE_ routine. During this system call a PRELOGON message is sent to CMON, if it is running. If the PRELOGON request passes the CMON rules, a LOGON request is sent to CMON, if it is running. The USER_AUTHENTICATE_ procedure will utilize the Safeguard facility, SZSMP, if Safeguard software is on the system. SZSMP evaluates both the Safeguard configuration and the User Record attributes to determine if the access will be granted. Based on the Safeguard configuration, SZSMP also determines whether or not the logon will be audited. If the USER_AUTHENTICATE_ procedure does not exist in the system library, TACL calls the VERIFYUSER system procedure.
