Detaillierter Kursinhalt
Module 1: NonStop Kernel Security Architecture
- Guardian and OSS application environments
- Authentication, authorization, and audit
- Goals of NonStop kernel standard security
- Components of NonStop kernel security architecture
- Memory address isolation and disk file protection
- $CMON process
- Licensed program files
- Setuid setting for OSS programs
- Lab
Module 2: Safeguard Features
- Relation of Safeguard to the NonStop kernel
- Safeguard extensions to NonStop kernel security system
- Safeguard process components and their functions
- Safeguard disk file components and global configuration options
- Safeguard warning mode and OSS audit options
- Lab
Module 3: User Authentication
- Authentication defined
- User profile management considerations
- Safeguard configuration options for password management and system access control
- Guardian user IDs and OSS UID
- Administrative and file sharing groups
- User profile options for Guardian and OSS
- Network users and remote passwords
- Create a user ID using Safecom
- Lab
Module 4: User Management with Safecom
- Safecom session commands and displays
- User IDs and aliases management
- File sharing group(s) for OSS usage
- User audit attributes
- Default protection for users
- Safeguard authentication service
- Lab
Module 5: Guardian Security
- System product files and sensitive utilities
- TACL specific considerations
- Guardian disk file access and ownership control
- Process and ownership control
- Guardian disk file security
- OSS UGO bits, umask, and profile file
- OSS sticky bit, SETUID, SETGID
- OSS file ownership access and control
- Lab
Module 6: Securing OSS Files
- OSS file system layout
- File security
- Permission modes
- File and directory permissions
- User and group IDs
- Setting the sticky bit
- OSS file change ownership and group association
- OSS Access Control Lists (ACLs)
- File and directory ACLs
- Lab
Module 7: Authorization and Object Access Control
- Object types and their management
- Safecom to create and manage protection records on objects
- Apply ACLs on objects
- Object warning mode
- ACL persistence
- Node names on ACLs
- DISKFILE-PATTERN
- Lab
Module 8: Safeguard Audit Configuration
- Sources of security event audit information
- Create, manage, and activate audit pools
- Audit pool recovery modes
- OSS API and process audit
- Safeguard configuration for OSS audit
- AUDITENABLED option for OSS filesets
- SAFEART utility
- Lab
Module 9: Safeguard Administration and Installation
- Safeguard security administration features
- Assign control of Safeguard
- Safeguard security groups
- Safeguard installation options
- Undeniable super ID
- Security Event Exit Process (SEEP)
- Learning check
Onsite Delivery Equipment Requirements
- Workstation with terminal emulator to access lab host system