LISTSERV - HP3000-L Archives

HP3000-L Archives

July 1998, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 1998, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Encrypting Passwords - Part II
From:	Michael L Gueterman <[log in to unmask]>
Reply To:	[log in to unmask][log in to unmask]
Date:	Sat, 18 Jul 1998 09:08:31 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (62 lines)

  Although you are correct for "some" of the older security packages,
SAFE/3000 "kicks in" prior to the normal MPE logon, and Security/3000
can be used this way as well (or setup in the older, more traditional
way that you described).  Security Monitor/iX sits somewhat in the
middle since it is tied in with the regular logon process (I do not
know the details of how Security Monitor/iX links itself in, but it
is probably similar to the method used by SAFE/3000 in that regards).

  The one caveat I have for people using either SAFE/3000 or
Security/3000 in this manner is to retain your MPE passwords on
your SM/PM users regardless.  That is because both packages must
have a background job started prior to this "pre-logon" process
to take effect.  That means that if that job doesn't get started
for some reason, your system would be vulnerable without MPE passwords
as a backup.

  Both are great products, and each have their own strengths and
weaknesses.  SAFE/3000 (as the name applies "Security and Audit
Facility") allows you to restrict and audit access to the files once
you've logged on, whereas Security/3000 brings the power of MPEX
to a menuing system, and "smart" job streams.  Both products can
adequately security your box from the standpoint of "logging on",
but its what they provide AFTER that point which stands them apart
from each other.

Regards,
Michael L Gueterman
Easy Does It Technologies
Allaire Alliance Partner
email: [log in to unmask]
http://www.editcorp.com
voice: (888) 858-EDIT -or- (509) 943-5108
fax:   (509) 946-1170
--



> -----Original Message-----
> From: HP-3000 Systems Discussion [mailto:[log in to unmask]]On
> Behalf Of Tom Madigan
> Sent: Saturday, July 18, 1998 4:05 AM
> To: [log in to unmask]
> Subject: Re: [HP3000-L] Encrypting Passwords - Part II
>
>
> Wilson:
>
<snip
> Security/3000 (and all security packages I've used) kick in AFTER a
> successful MPE logon.  While depending upon a third-party security
> add-on for "normal" MPE users is fine, anyone with SM capability can
> bypass the whole shebang by signing on:
>
>         :HELLO smuser.smaccount;PARM=-1
>
> which bypasses all UDC files and takes the "smuser" directly
> to the MPE
> prompt.  Once on the system, "smuser" has your system by the
> you-know-what if that person has a malicious intent.
>
<snip>

ATOM RSS1 RSS2

RAVEN.UTC.EDU