HP3000-L Archives

September 2001, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Help!! Auditors
From:
Mike <[log in to unmask]>
Reply To:
Mike <[log in to unmask]>
Date:
Sat, 8 Sep 2001 03:15:22 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (64 lines) 
If the auditor is any good, he or she will be able to find the standards for
MPE.  It was (and for MANY still is) a very popular operating system.  Since
many banks, credit unions, and airlines are still using MPE, auditors are
still auditing them.

Regarding Manager.Sys, just don't use MANAGER and SYS as the passwords or
other similar, easily crackable passwords.

There are password cracker programs for MPE that will check account, group,
and user passwords.  You should get one and run it against your system
periodically.  If you aren't, you will probably get an audit comment for
that alone.

If you don't have a password cracker program, try getting in touch with hp.
There is still an active MPE user group and I'm sure you would be able to
pick one up there.  You could also probably get some pointers on regular
self audits you should run.

Good Luck on your audit!


"Dave" <[log in to unmask]> wrote in message
news:03CBDD3BAC932AE0.E9B91B3508CE3A63.9E8675E6F9ECABB8@lp.airnews.net...
> Hey all I need some help with auditors.  First let me state that I do not
love
> auditors.  Necessary?? Yes.  Evil?? Maybe.  Here is how it has unfolded so
far.
> A - Auditor
> M - Me
> A: Could you send me the /etc/password file?
> M: No
> A: Why not?
> M: It doesn't have one.
> A: How is that possible? Isn't it UNIX?
> M: No.
> A: Well what is it?
> M: MPE.
> A: NT?
> M: No MPE.
> A: What's that?
> M: The operating system.
> A: Who makes it?
> M: HP
> A: Who?
> M: Hewlett Packard.
> A: Oh. Let me get back to you.
>
> So I have held the wolves at bay for a while longer.  But how do I
> dispose of them?  They are going to say "You do not comply to standard
> practices".  The fact that the practices were developed for UNIX and NT
will
> not hold water.  So how do I handle questions about password aging?
Hacking
> attempts.  I feel I can get away with saying that they are immune to
viruses,
> since none exist.  How do y'all handle MANAGER.SYS passwords.  I have 200
> systems to manage.  Also the fact that nobody has penetrated our system in
4000
> accumulated years is not relevent.  What think folks.
>

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2