Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Planning System Security
Chapter 8 745
• Erase obsolete data and securely dispose of console logs and
printouts.
• Erase disks and diskettes before disposing of them.
Maintaining System Security
Maintaining system security involves:
• Identifying Users. All users must have a unique login identity (ID)
consisting of an account name and password.
• Authenticating Users. When a user logs in, the system authenticates
his/her password by checking for its existence in the password files.
• Authorizing Users. At a system level, HP-UX provides two kinds of
authorized computer use — regular and superuser. Individual users
also may be granted or restricted access to system files through
traditional file permissions, access control lists, and Restricted SAM.
It is vitally important that these tools be used correctly.
• Auditing Users. HP-UX enables you to audit computer usage by user
and event.
All users are responsible for security. A security policy is effective only if
users are informed of its contents and trained in its use. In addition,
senior management must show effective support for the security policy.
Basic Guidelines
Below are basic guidelines for a good security policy:
• Centralize security responsibilities with a clearly defined security
administrator.
• Prepare a set of security guidelines, and distribute it to all computer
users.
• Have security guidelines reviewed by management to establish
compliance at all levels.
• Review and update guidelines periodically. Distribute policy changes
promptly.
• Do not make the system any more restrictive than necessary. Poorly
chosen or excessively rigid security measures often force users to
develop loopholes to maintain productivity.