Securing HPE NonStop Servers using SafeguardU4196SHPHPHP-U4196S1.0<h5>At the conclusion of this course, you should be able to: </h5><ul>
<li>Be familiar with the $CMON interface and TACL considerations</li><li>Install and configure Safeguard software</li><li>Create and manage user IDs</li><li>Apply Access Control Lists (ACLs) on system objects</li><li>Describe sources of audit events</li><li>Use the Safecom command utility</li><li>Use the SAFEART utility to generate audit reports</li><li>Apply OSS standard security and OSS ACLs on OSS objects</li></ul><ul>
<li>Concepts and Facilities for HPE NonStop Systems (U4147S)</li><li>Knowledge of TACL commands (such as STATUS, FILEINFO, and WHO) for information gathering</li><li>Knowledge of Guardian utilities (such as FUP, SCF, and DSAP)</li><li>Knowledge of basic OSS commands and utilities</li><li>Ability to manage user profiles using the PASSWORD and DEFAULT programs</li></ul><ul>
<li>Information security administrators •Electronic Data Processing (EDP) auditors •System operations management personnel in security operations</li></ul><h5>Module 1: NonStop Kernel Security Architecture </h5><ul>
<li>Guardian and OSS application environments</li><li>Authentication, authorization, and audit</li><li>Goals of NonStop kernel standard security</li><li>Components of NonStop kernel security architecture</li><li>Memory address isolation and disk file protection</li><li>$CMON process</li><li>Licensed program files</li><li>Setuid setting for OSS programs</li><li>Lab</li></ul>
<h5>Module 2: Safeguard Features</h5>
<ul>
<li>Relation of Safeguard to the NonStop kernel</li><li>Safeguard extensions to NonStop kernel security system</li><li>Safeguard process components and their functions</li><li>Safeguard disk file components and global configuration options</li><li>Safeguard warning mode and OSS audit options</li><li>Lab</li></ul><h5>Module 3: User Authentication</h5>
<ul>
<li>Authentication defined</li><li>User profile management considerations</li><li>Safeguard configuration options for password management and system access control</li><li>Guardian user IDs and OSS UID</li><li>Administrative and file sharing groups</li><li>User profile options for Guardian and OSS</li><li>Network users and remote passwords</li><li>Create a user ID using Safecom</li><li>Lab</li></ul><h5>Module 4: User Management with Safecom</h5><ul>
<li>Safecom session commands and displays</li><li>User IDs and aliases management</li><li>File sharing group(s) for OSS usage</li><li>User audit attributes</li><li>Default protection for users</li><li>Safeguard authentication service</li><li>Lab</li></ul>
<h5>Module 5: Guardian Security </h5><ul>
<li>System product files and sensitive utilities</li><li>TACL specific considerations</li><li>Guardian disk file access and ownership control</li><li>Process and ownership control</li><li>Guardian disk file security</li><li>OSS UGO bits, umask, and profile file</li><li>OSS sticky bit, SETUID, SETGID</li><li>OSS file ownership access and control</li><li>Lab</li></ul><h5>Module 6: Securing OSS Files </h5><ul>
<li>OSS file system layout</li><li>File security</li><li>Permission modes</li><li>File and directory permissions</li><li>User and group IDs</li><li>Setting the sticky bit</li><li>OSS file change ownership and group association</li><li>OSS Access Control Lists (ACLs)</li><li>File and directory ACLs</li><li>Lab</li></ul><h5>Module 7: Authorization and Object Access Control </h5><ul>
<li>Object types and their management</li><li>Safecom to create and manage protection records on objects</li><li>Apply ACLs on objects</li><li>Object warning mode</li><li>ACL persistence</li><li>Node names on ACLs</li><li>DISKFILE-PATTERN</li><li>Lab</li></ul>
<h5>Module 8: Safeguard Audit Configuration </h5><ul>
<li>Sources of security event audit information</li><li>Create, manage, and activate audit pools</li><li>Audit pool recovery modes</li><li>OSS API and process audit</li><li>Safeguard configuration for OSS audit</li><li>AUDITENABLED option for OSS filesets</li><li>SAFEART utility</li><li>Lab</li></ul><h5>Module 9: Safeguard Administration and Installation </h5><ul>
<li>Safeguard security administration features</li><li>Assign control of Safeguard</li><li>Safeguard security groups</li><li>Safeguard installation options</li><li>Undeniable super ID</li><li>Security Event Exit Process (SEEP)</li><li>Learning check</li></ul>
<h5>Onsite Delivery Equipment Requirements </h5><ul>
<li>Workstation with terminal emulator to access lab host system</li></ul>At the conclusion of this course, you should be able to:
- Be familiar with the $CMON interface and TACL considerations
- Install and configure Safeguard software
- Create and manage user IDs
- Apply Access Control Lists (ACLs) on system objects
- Describe sources of audit events
- Use the Safecom command utility
- Use the SAFEART utility to generate audit reports
- Apply OSS standard security and OSS ACLs on OSS objects- Concepts and Facilities for HPE NonStop Systems (U4147S)
- Knowledge of TACL commands (such as STATUS, FILEINFO, and WHO) for information gathering
- Knowledge of Guardian utilities (such as FUP, SCF, and DSAP)
- Knowledge of basic OSS commands and utilities
- Ability to manage user profiles using the PASSWORD and DEFAULT programs- Information security administrators •Electronic Data Processing (EDP) auditors •System operations management personnel in security operationsModule 1: NonStop Kernel Security Architecture
- Guardian and OSS application environments
- Authentication, authorization, and audit
- Goals of NonStop kernel standard security
- Components of NonStop kernel security architecture
- Memory address isolation and disk file protection
- $CMON process
- Licensed program files
- Setuid setting for OSS programs
- Lab
Module 2: Safeguard Features
- Relation of Safeguard to the NonStop kernel
- Safeguard extensions to NonStop kernel security system
- Safeguard process components and their functions
- Safeguard disk file components and global configuration options
- Safeguard warning mode and OSS audit options
- Lab
Module 3: User Authentication
- Authentication defined
- User profile management considerations
- Safeguard configuration options for password management and system access control
- Guardian user IDs and OSS UID
- Administrative and file sharing groups
- User profile options for Guardian and OSS
- Network users and remote passwords
- Create a user ID using Safecom
- Lab
Module 4: User Management with Safecom
- Safecom session commands and displays
- User IDs and aliases management
- File sharing group(s) for OSS usage
- User audit attributes
- Default protection for users
- Safeguard authentication service
- Lab
Module 5: Guardian Security
- System product files and sensitive utilities
- TACL specific considerations
- Guardian disk file access and ownership control
- Process and ownership control
- Guardian disk file security
- OSS UGO bits, umask, and profile file
- OSS sticky bit, SETUID, SETGID
- OSS file ownership access and control
- Lab
Module 6: Securing OSS Files
- OSS file system layout
- File security
- Permission modes
- File and directory permissions
- User and group IDs
- Setting the sticky bit
- OSS file change ownership and group association
- OSS Access Control Lists (ACLs)
- File and directory ACLs
- Lab
Module 7: Authorization and Object Access Control
- Object types and their management
- Safecom to create and manage protection records on objects
- Apply ACLs on objects
- Object warning mode
- ACL persistence
- Node names on ACLs
- DISKFILE-PATTERN
- Lab
Module 8: Safeguard Audit Configuration
- Sources of security event audit information
- Create, manage, and activate audit pools
- Audit pool recovery modes
- OSS API and process audit
- Safeguard configuration for OSS audit
- AUDITENABLED option for OSS filesets
- SAFEART utility
- Lab
Module 9: Safeguard Administration and Installation
- Safeguard security administration features
- Assign control of Safeguard
- Safeguard security groups
- Safeguard installation options
- Undeniable super ID
- Security Event Exit Process (SEEP)
- Learning check
Onsite Delivery Equipment Requirements
- Workstation with terminal emulator to access lab host system4 jours3000.003600.003000.00