LISTSERV - HP3000-L Archives

HP3000-L Archives

December 2001, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L December 2001, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: How to Lockout Account/User After X Failed Password Attempts?
From:	Andreas Schmidt <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 13 Dec 2001 10:07:09 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (76 lines)

another option is the VESOFT's package Security/3000, together with MPEX
and VEAUDIT.

We use this since years and have passed every audit.

Best regards, Andreas Schmidt, CSC, Germany





Rick Gilligan <[log in to unmask]>@RAVEN.UTC.EDU> on 13/12/2001 04:33:02

Please respond to Rick Gilligan <[log in to unmask]>

Sent by:  HP-3000 Systems Discussion <[log in to unmask]>


To:   [log in to unmask]
cc:
Subject:  Re: [HP3000-L] How to Lockout Account/User After X Failed
      Password Attempts?


> Our corporate security auditors insist logons on the HP3000 must "lock
> out" for a period of time after a certain number of failed password
> attempts. I know of no way this is possible, so I thought I would ask if
> anyone on the list knows a way.

Purchase and install HP Security Monitor/iX from HP.

Then use SECCONF.PUB.SYS to configure the number of invalid logon attempts
before MPE will disable the user.

Warning, set it to at least four, for if a user types the return to the
password prompt, three times (very typical), it will disable the user,
resulting in many extra calls to someone who can re-enable the user (must
be MANAGER.SYS, possibly just SM, doesn't allow someone with AM to
re-enable a user in their account).

Also, though it won't disable MANAGER.SYS for sessions, it will for batch
jobs.  If you have a scheduled job (like a nightly backup/audit trail,
etc.) and someone types HELLO MANAGER.SYS and presses return enough times
to disable the user, your scheduled backup job will not log on.

You can find the complete manual for this product at:

http://www.docs.hp.com/mpeix/onlinedocs/32650-90498/32650-90498.html

The price (US) ranges from $4,000 to $7,600, depending upon processor
tier.

Support is additional.

Product number is B3175A.

Why isn't this feature a standard feature of a modern operating system?

The other very useful feature which can be configured is an additional
password for session access to a particular logical device, such as ldev
21 for the remote support modem, or any DTC connected modem ports.

Those are the two features satisfy the most common requests of security
auditors to by banking clients.

Rick Gilligan
Senior Software Specialist
Computer And Software Enterprises, Inc.
E-mail: rick AT case.net

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU