Forwarded msg from Chris Bartram:
In <[log in to unmask]> Jeff Vance <[log in to unmask]
P.HP.COM> writes:
> HP (CSY) is currently investigating how to enhance the HP 3000 to improve the
> visibility of TCP/IP incoming and outgoing connections. With the increase
> in client/server applications, it is very difficult for system managers to
> know who really is logged onto their system(s). The traditional methods such
> as SHOWJOB, LDEV, HPDTCPORTID, and user.acct names do not work well in this
> environment.
My top priorities are:
USER: System Manager
GOAL: Preventing unauthorized system access
(proactively as well as after the fact)
TASK: Add IP/other network address information to console
messages relating to logons (LOGON: Missing password,
incorrect password, missing group, etc.)
-we want to be able to identify the IP address or hostname
where logons/logon attempts originate from
-we can monitor the system console, or review the console
log file after the fact
FREQUENCY: As needed, reviewed daily
IMPACT OF TASK:If we can't provide a secured environment we jeopardize
our current business and make it less likely to be able
to bring new customers/applications to use our in-house
systems
TODAY: Not possible for connections initiated from outside our
offices
TOMORROW: Modified console messages include originating IP address
(and maybe hostname if resolvable, MAC address or equivalent
if on local lan)
OTHER:
USER: System Manager/Operator
GOAL: Identify users of system resources so they can be logged
off for backup, priority/queue adjusted if causing performance
problems, logged off if hung/locked up or if they aren't an
authorized user
TASK: New command(?) SHOWCONN - similar to showjob but lists
(for VT connections:)
- --------------------------------------------------------------------------
ORIGINATING IP SOCKET JOBNUM JIN INTRODUCED JOB NAME
015 001.002.092 ppppp #Snnnnn ##### mm/dd/yy@hh:mm SESSNAME,USERNAME.ACCTNAME
(hostname.domain.org)
015 001.002.103 12331 #S64 61 03/22/95@12:33 MANAGER.SYS
(ws431.mayfield.hp.com)
- --------------------------------------------------------------------------
(and for Image/SQL accessors, a section something like this:)
- --------------------------------------------------------------------------
ORIGINATING IP SOCKET JOBNUM PIN INTRODUCED DBE NAME
015 001.002.093 ppppp #Jnnnnn ##### mm/dd/yy@hh:mm DBNAME.GROUPNAM.ACCTNAME
([log in to unmask])
015 001.002.099 2112 #J1411 82 03/22/95@12:31 CUSTDB.IMAGE.ADMIN
([log in to unmask])
- --------------------------------------------------------------------------
(and maybe for other network connections - even from user programs, or for
ftp or e-mail servers[like ours] an additional section that listed network
connections to the system other than VT or Image/SQL:)
- --------------------------------------------------------------------------
ORIGINATING IP SOCKET JOBNUM PIN INTRODUCED Server Program
015 001.002.093 ppppp #Jnnnnn ##### mm/dd/yy@hh:mm program.groupnam.acctname
(hostname.domain.org)
198.151.172 033 25 #J461 211 03/22/95@12:31 SMTPSERV.SYS.THREEK
(picard.3k.com)
- --------------------------------------------------------------------------
FREQUENCY: As needed throughout the day
IMPACT OF TASK:Provides an immediate verification of who is using system
resources - SHOWJOB is effectively useless in a networked
environment
TODAY: Not possible
TOMORROW: New command (as above) would allow admin users to know at
any instance WHO is REALLY using the system and from WHERE
OTHER: SOCKET(or tcp port#) might be useful in identifying multiple
connections from a single station
A consolidated command that showed you ALL the users using
your system would be highly desirable, and would aid managers
and operators alike.
> -Since we (and all our customers) run background jobs which
> also accept network connections (email,gopher,pop,etc) the
> third part (other program connections) would be useful to
> us and our customers. The ability to easily see who is
> connected to our WWW server, anonymous FTP server, gopher
> server, and email servers also would help system managers
> decide when it was "ok" to shut down for backup/whatever.
Since the system already maintains this information (available
via sockinfo, though not in a very friendly format) it should
not be difficult to add this information as well.
USER: System Manager
GOAL: Preventing unauthorized system access
TASK: Set HP Var's identifying origination of connection so security
programs (or even simple scripts) can restrict logons to
certain logons or applications
FREQUENCY: At every logon
IMPACT OF TASK:relatively easy to implement (for HP), would give users and
3rd party vendors the tools they need to allow an HP3000 to
be secure in a network environment
TODAY: Not possible for connections initiated from outside our
office or local network
TOMORROW: Simple logon scripts to check originating hostnames/ip
addresses for sensitive user.accounts could greatly improve
the security of an HP3000 in a networked environment
OTHER: It would also be desirable to have the ability to configure
lists of "allowed" originating IP addresses, where a VT ":"
prompt wouldn't even be presented to a network connection
unless it was on the "allowed" list.
Hope this helps...
-Chris Bartram
______________________/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_
Chris Bartram Sales (US): 800 Net-Mail Fax:+1 916 622-0738
______ -or- +1 916 622-0630 E-Mail: [log in to unmask]
/__ | \__________ Sales (Europe):+44(0480)414131 Fax:+44(0480)414134
/ / | / ________ Sales (Pacific Rim):+61 3 489 8216 (same for fax)
| /_ |< ______ Tech Support:+1 703 569-9189 Fax:+1 703 451-3720
\ __)| \ ___ E-mail: [log in to unmask] Personal(me): [log in to unmask]
\______/ Associates 6901 Old Keene Mill Rd Suite 205 Springfield VA 22150
______________________/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_
Gopher: gopher.3k.com Anon-FTP: ftp.3k.com WWW: http://www.3k.com/
------- End of Forwarded Message
|