Application Resources
HOME | DOWNLOAD | SITEMAP | CONTACT US
home
Company Profile
serviceweoffer
our clients
our partners
contact us
Knowledge base

 

 
The SPS/VOS Security Shell
 
Audit user activities while increasing productivity
2Introduction
 

The SPS/VOS Security Shell eliminates unrestricted access to VOS and greatly enhances operators' and developers' productivity. Any operator, even with no Stratus experience, can become proficient and operate the system safely. The SPS/Security Shell is an indispensable environment for any mainframe trained personnel.

 

1Eliminates the need to register privileged users

1Allows non-privileged users to execute selected subsets of analyze_system requests and other privileged commands

1Incorporates the Security Layer shielding the system from unauthorized use

1Produces a comprehensive audit trail log of all commands executed on the system; records the time and user's identity

1Keeps track of operator's activity and allows the user to restore and reuse commands and path names used previously

during the session

1Features a standard DES-based file encryption facility

1Provides process listings (list_users) sorted by CPU utilization, I/O rate, Page faults memory usage and Interrupt rates

1Interfaces with other SPS tools: SPS/Browser, Tree, Calendar, Disk Space, SPS/Performance

1Supports user-programmable function keys for frequently used commands

....................................................................................................................................................

 
2 SPS and System Security
 
Reduce the risk of human errorRestrict Privileged users Control user access rights to sensitive data
 
SPS products utilize a robust security layer designed to satisfy the most stringent security and audit requirements. It allows any level of customization, including per-user, per-command profiles, full command level password protection, single-point data access control (ACLs)and data encryption. SPS' advanced multi-level, object oriented solution of security requirements provides more granularity and greatly improves upon the single level, all or nothing, approach to security provided with the VOS operating system.
 

1Authorizes command execution based on user's security profile

1Allows access of non-privileged users to selected privileged commands and to subsets of analyze_system requests

thereby eliminating the need for privileged users registration

1 Ensures execution of commands from the correct, designated terminals

1Ensures that commands are executed within the allowed timeframes

1Blocks access to restricted modules, systems and devices (production)

1Password protects commands and menus

1Encrypts sensitive data

1Handles security violations; posts warning messages in the system error log and terminates the violator's session

1Manages, monitors and enforces directory and file access (ACL/DCL), employing a simple to operate, system-wide

configuration
1Generates complete activity and security violations logs and reports date, time, user's identity, command executed and
relevant violation information

....................................................................................................................................................

 
2 Protecting your Audit-Trail reports
 
We are being asked time and time again by VOS security auditors how they can protect the audit-trail reports that SPScreates and whether or not it is possible at all. After all, is it really feasible to control what the SysAdmin or other "super-users" are doing on the system?
 

Here are easy to follow step by step instructions:

   
1 Remove all Write and Modify access from the start_up.cm command macros of controlled users. This should be
  done with the standard remove_access VOS command.
   
1 Make sure that only the security officer has access rights to both the SPS directories and these special
  start_up.cm macros - all other users should have null access to the SPS directories and to their own
  start_up.cm macros.
   
1 Use VOS' set_owner_access on the sps_vss.pm and on the sps_menu.pm programs as follows:
  set_owner_access sps_vss.pm person_and_group
  set_owner_access sps_menu.pm person_and_group
   
1 That's it - you are now ready. Help is a phone call (or Email) away. WriteFooter () .
  .............................................................................................................................................
Copyright (c) 2007 Application Resources, Inc.