Discovery Questions Look here:
OPSYS-OWNER-01 Who owns the PASSWORD object file? Fileinfo
OPSYS-LICENSE-01 Is the PASSWORD object file licensed? Fileinfo
FILE-POLICY Is Safeguard software installed on the system? Policy
FILE-PASSWORD-01
SAFE-PASSWORD-01
Is the PASSWORD object file correctly secured
with the Guardian or Safeguard system?
Fileinfo
Safecom
PASSWORD-CONFIG-01 Is the BLINDPASSWORD parameter bound
into the PASSWORD program?
Bind
PASSWORD-CONFIG-02 Is the ENCRYPTPASSWORD parameter bound
into the PASSWORD program?
Bind
PASSWORD-CONFIG-03 Is the MINPASSWORDLEN parameter bound
into the PASSWORD program?
Bind
PASSWORD-CONFIG-04 Is the PROMPTPASSWORD parameter bound
into the PASSWORD program?
Bind
SAFEGARD-GLOBAL-06 Is Safeguard global PASSWORD-ENCRYPT =
ON
Safecom
SAFEGARD-GLOBAL-07 Is Safeguard global
PASSWORD-MINIMUM-LENGTH=6or
greater
Safecom
SAFEGARD-GLOBAL-53 Is Safeguard global BLINDLOGON = ON Safecom
Related Topics:
Password Administration
User Administration
BINDER
LICENSE
PROGID
Pathway Subsystem
This section describes securing the components of the Pathway Subsystem itself. Please
refer to the chapters on Application Security for a discussion on securing Pathway
Applications.
Pathway is an application platform, under which many NonStop server applica-
tions run. It is often the pivotal production platform, therefore requiring a wide range
of access throughout a company’s enterprise.
Pathway Subsystem 371
Part 6
The Pathway application is the gateway to many production applications, which:
Provides the interface to the company’s database
Is the foundation for the availability of the company’s enterprise applications
Determines the security methodology for the enterprise databases
Provides multi-threading and configurable components based upon the
application
Pathway is a client-server application model. The Pathway monitor provides the
interface for the communication layer and the management layer between the client
and server. A Pathway application has two major components:
Requestors A screen program or GUI client component that interacts directly
with the terminal. The screen part of the application is written in SCOBOLX or
in a GUI language.
Servers The user program running on the host system that interacts with the
databases and performs user calculations, etc. The server part of the application
can be written in any available language that functions on the HP NonStop
server.
The Pathway subsystem components are:
PATHCOM
PATHMON
PATHTCP2
PATHCTL
PATHTCPL
LINKMON
Components of each Pathway Application:
PATHCTL
POBJDIR/POBJCOD
Server Programs
Assigned files and Databases
PATHCOM
PATHCOM is the interactive interface into a Pathway environment for starting, stop-
ping, and modifying the environment. The designated Pathway owner and security
372 Pathway Subsystem
controls the ability to perform commands, via PATHCOM or programmatically to
affect the environment.
The owner can perform management commands; start and stop the Pathway
objects, alter configuration settings, freeze and thaw terminals, etc.
The designated security attribute specifies the users, relative to the Pathway owner,
who can perform management commands. Set the SECURITY parameter using the
Guardian security values A, G, O, -, N, C, and U. The internal security attribute does
not control the security at which the requestor or server programs run. For instance:
Setting the value to “C”, allows anyone in the owner’s network group to alter the
Pathway or start and stop servers.
Setting the value to “O”, allows only the local owner to alter the Pathway or start
and stop servers.
Non-dedicated terminals are started via the PATHCOM interface, therefore users
responsible for stopping and starting Pathway terminals need
EXECUTE access to the
PATHCOM object file.
AP-FILE-PATHCOM-01 Starting a terminal through the PATHCOM inter-
face is the method used for non-dedicated terminals, therefore users need
EXE-
CUTE
access to the PATHCOM object file.
RISK The PROGRAM security of “N” allows anyone in the network to start
the program. Likewise, the security of “A” allows any local user these privileges.
BP-PATHWAY-CONFIG-01 Pathway security should not allow general
access or “N” or “A”.
3P-ACCESS-PATHWAY-01 Access to PATHCOM commands can be con-
trolled via a third party product that can secure at the command level.
PATHMON
A Pathway monitor program process pair is started for each Pathway system. A Path-
way application is started and then configured with the PATHCOM program.
PATHCOM commands are used to configure the Pathway application. Each Pathway
Monitor has a unique process name, which has been defined during the start of the
PATHMON process.
RISK The Pathway owner is set to the user who starts the Pathway, unless
otherwise explicitly set during configuration. Allowing the internal Pathway
owner to be defaulted upon startup can configure a Pathway environment to the
wrong user.
Pathway Subsystem 373
Part 6

Get HP NonStop Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.