The SPS/VOS Security Shell

Audit user activities while increasing productivity

Secure Your Operations (article)
Access Control Manager
Activity Report
User Testimonial (AOL)

Introduction

The SPS/VOS Security Shell eliminates unrestricted access to VOS and greatly enhances operators' and developers' productivity. Any operator, even with no Stratus experience, can become proficient and operate the system safely. The SPS/Security Shell is an indispensable environment for any mainframe trained personnel.

Click this image to enlarge
the SPS- Security Diagram

Eliminates the need to register privileged users
Allows non-privileged users to execute selected subsets of analyze_system requests and other privileged commands
Incorporates the Security Layer shielding the system from unauthorized use
Produces a comprehensive audit trail log of all commands executed on the system; records the time and user's identity
Keeps track of operator's activity and allows the user to restore and reuse commands and path names used previously during the session
Features a standard DES-based file encryption facility
Provides process listings (list_users) sorted by CPU utilization, I/O rate, Page faults memory usage and Interrupt rates
Supports user-programmable function keys for frequently used commands


SPS and System Security

Reduce the risk of human error
Restrict Privileged users
Control user access rights to sensitive data

SPS products utilize a robust security layer designed to satisfy the most stringent security and audit requirements. It allows any level of customization, including per-user, per-command profiles, single-point data access control (ACLs)and data encryption. SPS' advanced multi-level, object oriented solution of security requirements provides more granularity and greatly improves upon the single level, all or nothing, approach to security provided with the VOS operating system.

Authorizes command execution based on user's security profile
Allows access of non-privileged users to selected privileged commands and to subsets of analyze_system requests thereby eliminating the need for privileged users registration
Ensures execution of commands from the correct, designated terminals
Ensures that commands are executed within the allowed timeframes
Blocks access to restricted modules, systems and devices (production)
Handles security violations; posts warning messages in the system error log and terminates the violator's session
Manages, monitors and enforces directory and file access (ACL/DCL), employing a simple to operate, system-wide configuration
Generates complete activity and security violations logs and reports date, time, user's identity, command executed and relevant violation information