Administrative Details
Article 12/98 by Rob Larson, Lakeside Transaction Services, Inc.
In the last issue we looked at the importance of minimizing the number of privileged users on a VOS system because of their "super-powers". But how about restricting the other users? One of the keys to data security is making sure that users have the necessary level of access to do their jobs, but no more. I guess we could say there is a "need to process" as well as a "need to know" in data security. Several years ago I was at a site showing the security staff how to trace login sessions of users. When the report showed a session at 2 AM for a particular user name, one of the security officers literally ran from the room to determine why that account had been in use in the middle of the night. The VOS admin twins, login_admin and logout_admin, can help you to control how users can access the system.
The login_admin command has a set of options which can be used to restrict logins for various users. If you invoke login_admin -restrict username, then users will not be permitted to login, even though their accounts are valid. To undo this, use login_admin -unrestrict username. To see who is currently restricted, use login_admin -list_restricted. If there are times when users aren't expected to be working (such as late at night or on weekends), you can enforce your policy by using login_admin. To make this really useful, develop command macros that restrict and unrestrict the appropriate names Submit the macros for batch processing, using the -defer_until option for the appropriate day and time. You can easily close off users after work hours in the evening and turn them back on in the morning without even being there. Don't forget to put a line at the end of the macro to resubmit the job to batch for the next cycle.
The logout_admin command has options which are used to restrict access on physical lines (rather than by user name). Using logout_admin, you can determine how long a user may be logged in without doing anything. A long period of inactivity may mean that someone has walked away from the keyboard without logging out. As far as the system is concerned, that terminal user has been authenticated for the id which logged in. If someone else walks up to the unattended terminal, they have all the access that the logged in user was entitled to. Using logout_admin, you set the time for inactivity. If no CPU time is used on that terminal for the inactive interval, the user is logged out. Unfortunately, the only choices for logout_admin are to set times for all direct-connect terminals or all dialup terminals. You can't selectively set terminals for logout, and you can't select user names. However, logout_admin can still be an important part of your security policy enforcement.
Once you begin using login_admin and logout_admin to control user access, don't forget to monitor your logs to make sure your strategy has been successfully implemented.
Paying attention to administrative details is an important part of securing your system.
|
