First I would like to thank everyone for all the replies regarding my
question on encrypting passwords.  The related replies regarding
auditors was also very interesting.  There were quite a few responses
about using Vesoft's Security/3000 which we do use here.  We also use
Security/3000 menus to keep users from gaining access to the colon
prompt (or whatever prompt you may have changed it to :) ) out in
production.  Here in our development environment and for our internal
users we all have access to the colon prompt.

The reason I and the auditor asked about encrypting passwords is due to
the fact that even if you are securing all logons with a Security/3000
encrypted password and you restrict access to SM and PM users, if
someone is able to gain access to a terminal logged on to an 'SM' user
(i.e. like mine) and get the MPE password or if there is no MPE password
(which isn't a good idea), you can still gain access to the HP3000 while
bypassing Security/3000.  True, you would have to know how to get to and
through the backdoor but it is possible.  That is what lead to asking if
you could also encrypt the MPE password on 'SM' users (and PM too).  I
do know about disabling this function also but there may be times when
it is necessary to have this option enabled in cases of emergency.

For the most part the auditor was happy with our security procedures and
our Security/3000 setup.  We have profiles setup for every user, we use
security menus, we have many of the Security/3000 options setup such as
password expiration, obsolescence, minimum length, history file, etc.
However, with the MPE password into a 'SM' user and knowledge about the
MPE/iX operating system, this can all be bypassed.

Any suggestions???

Thanks again for the long read and your replies....

wilson


Wilson Wong
HP3000 Systems Administrator
Center for Information Services
supporting Washington State's Community and Technical Colleges
3101 Northup Way, Suite 100
Bellevue, WA  98008
(425) 803-9764
[log in to unmask]