Secure system management

Edit online

Management of a secure computer system involves the creation and enforcement of security policies and regular system monitoring.

The following list should serve as a starting point for the development of a secure facilities management policy for your site:
  • The maximum security level in the system's accreditation range should not be greater than the maximum security level for the site in which the system is located.
  • The system hardware should be in a secure location. The most secure locations are generally interior rooms that are not on the ground floor.
  • Physical access to the system hardware should be restricted, monitored, and documented.
  • System backups and archival media should be stored in a secure location, separate from the system hardware site. Physical access to this location should be restricted in the same manner as access to the system hardware.
  • Access to operating manuals and administrative documentation should be restricted to a valid need-to-know basis.
  • System reboots, power failures, and shutdowns should be recorded. File system damage should be documented and all affected files should be analyzed for potential security policy violations.
  • Installation of new programs, whether imported or created, should be restricted and monitored. New programs should be carefully scrutinized and tested before being run.
  • Unusual or unexpected behavior of any system software should be documented and reported, and the cause of the behavior determined.
  • Whenever possible, at least two people should administer a system. One person should have the isso role and the other should have the sa role.
  • The PV_ROOT privilege should not be used. To administer the system, the execution of privileged programs by ISSO, SA, or SO users should be sufficient.
  • Audit information should be collected in logs and reviewed regularly. Irregular or unusual events should be noted and their cause investigated.
  • The number of logins with the isso, sa, and so roles should be minimized.
  • The number of setuid and setgid programs should be minimized and should only be used in protected subsystems.
  • Privileges assigned to new programs should be determined and minimized by reviewing those assigned to existing programs.
  • Security attributes of files and directories should be verified regularly with the trustchk command.
  • All passwords should contain at least 8 characters. This should be regularly verified by an ISSO user.
  • All users should have a valid default login shell. This should be regularly verified by an SA user.
  • The user IDs of normal users should not be system IDs. This should be regularly verified by an SA user. A system id is one which has a uid lesser than 128.