The SPS/VOS Security Shell

Audit user activities while increasing productivity

Secure Your Operations (article)
Access Control Manager
Activity Report
User Testimonial (aol)
User's Guide
Release Notes

Introduction

The SPS/VOS Security Shell eliminates unrestricted access to VOS and greatly enhances operators' and developers' productivity. Any operator, even with no Stratus experience, can become proficient and operate the system safely. The SPS/Security Shell is an indispensable environment for any mainframe trained personnel.

Click this image to enlarge
the SPS- Security Diagram
Eliminates the need to register privileged users
Allows non-privileged users to execute selected subsets of analyze_system requests and other privileged commands
Incorporates the Security Layer shielding the system from unauthorized use
Produces a comprehensive audit trail log of all commands executed on the system; records the time and user's identity
Keeps track of operator's activity and allows the user to restore and reuse commands and path names used previously during the session
Features a standard DES-based file encryption facility
Provides process listings (list_users) sorted by CPU utilization, I/O rate, Page faults memory usage and Interrupt rates
Interfaces with other SPS tools: SPS/Browser, Tree, Calendar, Disk Space, SPS/Performance
Supports user-programmable function keys for frequently used commands

SPS and System Security

Reduce the risk of human error
Restrict Privileged users
Control user access rights to sensitive data

SPS products utilize a robust security layer designed to satisfy the most stringent security and audit requirements. It allows any level of customization, including per-user, per-command profiles, full command level password protection, single-point data access control (ACLs)and data encryption. SPS' advanced multi-level, object oriented solution of security requirements provides more granularity and greatly improves upon the single level, all or nothing, approach to security provided with the VOS operating system.

Authorizes command execution based on user's security profile
Allows access of non-privileged users to selected privileged commands and to subsets of analyze_system requests thereby eliminating the need for privileged users registration
Ensures execution of commands from the correct, designated terminals
Ensures that commands are executed within the allowed timeframes
Blocks access to restricted modules, systems and devices (production)
Password protects commands and menus
Encrypts sensitive data
Handles security violations; posts warning messages in the system error log and terminates the violator's session
Manages, monitors and enforces directory and file access (ACL/DCL), employing a simple to operate, system-wide configuration
Generates complete activity and security violations logs and reports date, time, user's identity, command executed and relevant violation information

Protecting your Audit-Trail reports

We are being asked time and time again by VOS security auditors how they can protect the audit-trail reports that SPS creates and whether or not it is possible at all. After all, is it really feasible to control what the SysAdmin or other "super-users" are doing on the system?

The answer is YES- all SPS reports can be easily protected and blocked from any unauthorized access.

Here are easy to follow step by step instructions:

  1. Remove all Write and Modify access from the start_up.cm command macros of controlled users. This should be done with the standard remove_access VOS command.

  2. Make sure that only the security officer has access rights to both the SPS directories and these special start_up.cm macros - all other users should have null access to the SPS directories and to their own start_up.cm macros.

  3. Use VOS' set_owner_access on the sps_vss.pm and on the sps_menu.pm programs as follows:

    set_owner_access sps_vss.pm person_and_group
    set_owner_access sps_menu.pm person_and_group

  4. That's it - you are now ready. Help is a phone call (or Email) away.