Securing DCOM
BP-FILE-DCOM-01 DCOM should be secured “UUCU”.
BP-OPSYS-LICENSE-01 DCOM must be LICENSED.
BP-OPSYS-OWNER-01 DCOM should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 DCOM must reside in $SYSTEM.SYSnn.
If available, use Safeguard software or a third party object security product to grant
access to DCOM object files only to users who require access in order to do their jobs.
BP-SAFE-DCOM-01 Add a Safeguard Protection Record to grant appropri-
ate access to the DCOM object file.
Discovery Questions Look here:
OPSYS-OWNER-01 Who owns the DCOM object file? Fileinfo
OPSYS-LICENSE-01 Is the DCOM object file licensed? Fileinfo
FILE-POLICY Who is allowed to execute DCOM on the system? Policy
FILE-DCOM-01
SAFE-DCOM-01
Is the DCOM object file correctly secured with the
Guardian or Safeguard system?
Fileinfo
Safecom
Data Definition Language (DDL) Subsystem
The Data Definition Language (DDL) language enables users to define data objects in
Enscribe files and to translate these object definitions into source code definitions for
programming languages and other products on HP subsystems.
DDL performs two main functions:
Compiling statements that define data objects
Translating compiled definitions into source code for host languages and FUP
Using DDL Definitions
DDL Statements are used to define, modify, delete or display definitions in the
DDL Dictionary and to generate data definition output files for other subsystems and
compilers.
DDL Functions Description
Create a data dictionary DDL schemas are stored in one or many DDL Dictionaries.
Create a Schema Using DDL commands, record schema definitions are created and
stored into the dictionary
Part 6
Data Definition Language (DDL) Subsystem 245
DDL Functions Description
Generate Schema
Definition
Output a record schema as FUP commands
Create a database The output FUP commands are used to create the database files
Generate source code Output source code data definitions that are used directly by the
programming languages.
Create messages Define interprocess messages and store them in the dictionary. Like
record definitions, these schemas can be output to source code
format.
Maintain a dictionary Dictionary maintenance functions
Examine a dictionary Dictionary reports
Enscribe DBMS
Enscribe data files are supported by the Guardian file system as one of four structured
and one unstructured format.
Key-Sequenced
The Enscribe software uses index blocks to locate primary keys, which are stored in the
record. Alternate index files are also key-sequenced. Key-sequenced files are accessible
for random and sequential access.
Queue
The Enscribe software uses index blocks to locate primary keys, which are stored in the
record. An Enscribe queue file is a special type of key-sequenced file where processes
can queue and dequeue records.
Entry-Sequenced
The Enscribe software uses record addresses to find the physical location of a record in
a file. Entry-sequenced files are used for sequentially oriented data, such as date ori-
ented log files.
Relative
The Enscribe software uses record number to calculate the physical location of a record
in a file. Relative sequenced files are primarily used for positionally oriented data,
where the relative record number is unique.
246 Data Definition Language (DDL) Subsystem
Unstructured
The blocks of data must be programmatically managed. No record structure is
available.
Enscribe files are used extensively on HP as the basic DBMS relational structured
file. Some of the subsystems that rely upon DDL definitions are:
ENABLE
ENFORM
Programming languages
AP-ADVICE-DDL-01 Generally users should be prevented from creating
new DDL schema on secure systems. Secure system applications will contain a
pre-created data dictionary that must be secured at the same level as the secure
data files.
RISK DDL poses no direct security risk as long as the data files and applica-
tion files are secured properly, such that the output of DDL and the dictionary
schemas cannot be used to gain unauthorized access the secure data.
Enscribe Application Dictionaries
AP-ADVICE-DDL-02 DDL Dictionaries should be secured to the appropri-
ate group.
AP-ADVICE-DDL-03 DDL Dictionaries should be owned by the appropri-
ate application manager.
AP-ADVICE-DDL-04 DDL Dictionaries resides anywhere on the system.
Securing DDL Components
BP-FILE-DDL-01 DDL should be secured “UUNU”.
BP-OPSYS-OWNER-02 DDL should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 DDL must reside in $SYSTEM.SYSTEM.
BP-FILE-DDL-02 DDQUERYS should be secured “NUNU”.
BP-OPSYS-OWNER-02 DDQUERYS should be owned by
SUPER.SUPER.
BP-OPSYS-FILELOC-02 DDQUERYS must reside in $SYSTEM.SYSTEM.
BP-FILE-DDL-03 DDSCHEMA should be secured “NUNU”.
BP-OPSYS-OWNER-02 DDSCHEMA should be owned by
SUPER.SUPER.
Part 6
Data Definition Language (DDL) Subsystem 247

Get HP NonStop Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.