Benefits to you
- Learn how to establish a chosen level of protection selectively, without impeding application or user productivity, through authentication, authorization and auditing.
- Gain valuable hands-on experience using Safeguard software to improve server availability by reserving resources for critical production applications, ensuring that applications are accessed only by authorized clients, and protecting critical data from unauthorized or accidental modification.
Module 1 - NonStop Kernel Security Architecture
- Guardian and OSS application environments
- Authentication, authorization, and audit
- Goals of NonStop kernel standard security
- Components of NonStop kernel security architecture
- Memory address isolation and disk file protection
- $CMON process
- Licensed program files
- Setuid setting for OSS programs
- Lab
Module 2 - Safeguard Features
- Relation of Safeguard to the NonStop kernel
- Safeguard extensions to NonStop kernel security system
- Safeguard process components and their functions
- Safeguard disk file components and global configuration options
- Safeguard warning mode and OSS audit options
- Lab
Module 3 - User Authentication
- Authentication defined
- User profile management considerations
- Safeguard configuration options for password management and system access control
- Guardian user IDs and OSS UID
- Administrative and file sharing groups
- User profile options for Guardian and OSS
- Network users and remote passwords
- Create a user ID using Safecom
- Lab
Module 4 - User Management with Safecom
- Safecom session commands and displays
- User IDs and aliases management
- File sharing group(s) for OSS usage
- User audit attributes
- Default protection for users
- Safeguard authentication service
- Lab
Module 5 - Guardian Security
- System product files and sensitive utilities
- TACL specific considerations
- Guardian disk file access and ownership control
- Process and ownership control
- Guardian disk file security
- OSS UGO bits, umask, and .profile file
- OSS sticky bit, SETUID, SETGID
- OSS file ownership access and control
- Lab
Module 6 - Securing OSS Files
- OSS file system layout
- File security
- Permission modes
- File and directory permissions
- User and group IDs
- Setting the sticky bit
- OSS file change ownership and group association
- OSS Access Control Lists (ACLs)
- File and directory ACLs
- Lab
Module 7 - Authorization and Object Access Control
- Object types and their management
- Safecom to create and manage protection records on objects
- Apply ACLs on objects
- Object warning mode
- ACL persistence
- Node names on ACLs
- DISKFILE-PATTERN
- Lab
Module 8 - Safeguard Audit Configuration
- Sources of security event audit information
- Create, manage, and activate audit pools
- Audit pool recovery modes
- OSS API and process audit
- Safeguard configuration for OSS audit
- AUDITENABLED option for OSS filesets
- SAFEART utility
- Lab
Module 9 - Safeguard Administration and
- Installation
- Safeguard security administration features
- Assign control of Safeguard
- Safeguard security groups
- Safeguard installation options
- Undeniable super ID
- Security Event Exit Process (SEEP)
- Learning check