Home page logo
/

pen-test logo Penetration Testing mailing list archives

[PEN-TEST] Tandem's
From: "Blair, Glenn" <glenn.blair () SCOTIABANK COM>
Date: Fri, 8 Sep 2000 09:47:18 -0400

I will leave the UNIX flavour (sorry for the spelling,  I'm Canadian, eh)  of
Tandem alone for now.  I have worked with the Guardian operating system since
1982.

The Guardian operating system (aka Non-Stop Kernel) can be successfully secured
with or without Safeguard.  It becomes a question of how best to "share" access
to data between applications.  Under Guardian90 it tends to folow the UNIX
security construct: owner only; everyone in group; everyone.  With Safeguard,
granularity is greatly improved thorugh the use of access control lists.

I too have utilized the E&Y book.  It is a good starting point.

From my experience, particular attention to LICENSED and PROGID (setuid for UNIX
ppl) code is critical.  Lists of programs secured with these privileges can be
easily obtained from the TACL command prompt.  Another area to watch is the
TACLLOCL ($SYSTEM.SYSTEM.TACLLOCL) and the TACLCSTM file in home directories.
These files get executed during a login sequence before control of the terminal
is handed to the user.  Nasty things can happen if anyone other than the owner
of these files can write to the TACLLOCL/TACLCSTM file (particularly for the
255,255 account (SUPERID).

If the environment utilizes PATHWAY applications, security of this environment
is also a major concern as simple utilities (FUP etc) can be added as servers in
the environment, granting privileged access for "free".

While SUPER.SUPER (255,255) can be denied access using Safeguard, this becomes a
practicality issue unless a third-party application (e.g., Onguard, CA-SESMAN
from Computer Associates) is utilized.

We developed our own "tool" here which monitors our environments, as we could
not find a third party solution that included other third party software
products.

This is only a quick two minute dump.  Specifics questions, concerns could be
addressed directly, or through this mailing list, subject to moderator
concurrence..



Glenn Blair

Sr. Security Specialist
tel. (416) 285-2498
fax (416) 288-5055
glenn.blair () scotiabank com


  By Date           By Thread  

Current thread:
  • [PEN-TEST] Tandem's Blair, Glenn (Sep 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]