If your site requires a high level of security, for example, if it runs with the security option CLASS = S2, you must promote secure use of remote support.
Require remote support personnel to
-
Identify themselves to the system, just like other users.
-
Limit their system access to only what is necessary for them to carry out their jobs.
You can do so by taking the following steps:
-
Use the Station Activity screen in the COMS Utility as follows:
-
Enter N in the Super User field for the station ODT/<remote support unit number>. In place of <remote support unit number>, enter the unit number of the remote support ODT. This designation denies the station super-user rights and requires usercode and password logon for users of the station.
-
If privileged-user status is not required by remote support, designate N for the Privileged User field. This designation denies privileged-user and security administrator status to all users logged on to that station.
-
-
Create a usercode using Security Center or MAKEUSER, and define in the USERDATAFILE a usercode, a password, and other relevant information for the remote support personnel. Do not make the usercode privileged unless privileged-user status is required by remote support.
If remote support requires privileged-user status, take the steps described in the following procedure:
-
Physically power down all disk packs containing sensitive information that should not be viewed by unscreened personnel.
-
If security-administrator status is not already enabled, enable it as follows:
-
Set the system SECADMIN option to TRUE by entering ??SECAD + at an ODT.
-
Assign SECADMIN to the security administrator's usercode in the USERDATAFILE.
-
These actions serve to deny remote support the ability to modify the USERDATAFILE and system security settings by stipulating that only the security administrator can
-
Modify system security settings.
-
Interrogate and modify all user attributes or copy the USERDATAFILE.
-
Perform the following procedure:
-
Use the RESTRICT SC <unit number> form of the RESTRICT (Set Restrictions) system command to restrict the station. This command requires a user of the station to log-on.
-
Enable the link.
-
Remote Support Access to Files
To grant nonprivileged remote-support personnel access to files that are private, change the SECURITYTYPE attribute of those files to GUARDED, and attach appropriate guard files—files that grant appropriate access rights to the remote support usercode—to the files.
Access to SYSTEM/SUMLOG
If the system security option SUMLOGSECURITY is set to PRIVATE, the SYSTEM/SUMLOG is a private file. All SYSTEM/SUMLOG access is regulated by the System Data Access (SDA) support library, which grants nonprivileged users access to only some log records.
If nonprivileged remote support requires greater log access than the SDA support library permits
-
Create a guard file that specifies that the remote support usercode has read-only access.
-
Attach the guard file to the SYSTEM/SUMLOG file by changing the SECURITYTYPE of SYSTEM/SUMLOG to GUARDED and designating the guard file title.
This action enables the remote support usercode to use a log analysis tool to read from the SYSTEM/SUMLOG.
If you want to deny remote support all access to SYSTEM/SUMLOG, make the SECURITYTYPE of SYSTEM/SUMLOG PRIVATE and attach to SYSTEM/SDASUPPORT a guard file denying access for the remote support usercode.
For more information about the SDA support library and SYSTEM/SUMLOG security, refer to Accountability.
Access to Dump Files
If the system security option is CLASS = S2, all dump files are private files by default, and tape security is in effect with TAPECHECK = AUTOMATIC. This status means that access to tapes is controlled by many of the same rules that control access to files.
To create dump tapes that can be viewed by remote-support personnel who are non-privileged, do the following:
-
Use the Work Flow Language (WFL) VOLUME ADD statement to add tapes to the tape volume directory under the family name MEMORY, because the tapes are called MEMORY/DUMP. Specify appropriate values for the SECURITYTYPE and SECURITYGUARD attributes.
-
Create a guard file granting the remote-support usercode read-only access, and use the VOLUME CHANGE command to attach the guard file to the MEMORY family name.
-
During a TAPEDUMP or a DUMPTODISKMASTER process, direct the dump to be written to tapes under the MEMORY family name.
When making the decision on whether to permit remote support access to dumps, consider the fact that once a user has access to the entire dump file, he or she has access to the entire contents of memory at the time the dump occurred.
