Overview

This course provides information and knowledge needed to secure HP NonStop systems using NonStop operating system utilities and Safeguard. Topics covered include kernel security architecture, Safeguard administration and installation, user authentication and management, Guardian security, and securing OSS files. Hands-on labs reinforce concepts discussed and provide the opportunity to use the utilities and Safeguard. The four-day course is 70 percent lecture and 30 percent hands-on labs using HP servers.

Audience

  • Information security administrators
  • Electronic Data Processing (EDP) auditors
  • System operations management personnel in security operations
Read more

Prerequisites

  • Concepts and Facilities for HP NonStop Systems (U4147S)
  • Knowledge of TACL commands (such as STATUS, FILEINFO, and WHO) for information gathering
  • Knowledge of Guardian utilities (such as FUP, SCF,and DSAP)
  • Knowledge of basic OSS commands and utilities
  • Ability to manage user profiles using the PASSWORD and DEFAULT programs
Read more

Delegates will learn how to

  • Be familiar with the $CMON interface and TACL considerations
  • Install and configure Safeguard software
  • Create and manage user IDs Apply Access Control Lists (ACLs) on system objects
  • Describe sources of audit events
  • Use the Safecom command utility
  • Use the SAFEART utility to generate audit reports
  • Apply OSS standard security and OSS ACLs on OSS objects
Read more

Outline

Benefits to you

  • Learn how to establish a chosen level of protection selectively, without impeding application or user productivity, through authentication, authorization and auditing.
  • Gain valuable hands-on experience using Safeguard software to improve server availability by reserving resources for critical production applications, ensuring that applications are accessed only by authorized clients, and protecting critical data from unauthorized or accidental modification.

Module 1 - NonStop Kernel Security Architecture

  • Guardian and OSS application environments
  • Authentication, authorization, and audit
  • Goals of NonStop kernel standard security
  • Components of NonStop kernel security architecture
  • Memory address isolation and disk file protection
  • $CMON process
  • Licensed program files
  • Setuid setting for OSS programs
  • Lab

Module 2 - Safeguard Features

  • Relation of Safeguard to the NonStop kernel
  • Safeguard extensions to NonStop kernel security system
  • Safeguard process components and their functions
  • Safeguard disk file components and global configuration options
  • Safeguard warning mode and OSS audit options
  • Lab

Module 3 - User Authentication

  • Authentication defined
  • User profile management considerations
  • Safeguard configuration options for password management and system access control
  • Guardian user IDs and OSS UID
  • Administrative and file sharing groups
  • User profile options for Guardian and OSS
  • Network users and remote passwords
  • Create a user ID using Safecom
  • Lab

Module 4 - User Management with Safecom

  • Safecom session commands and displays
  • User IDs and aliases management
  • File sharing group(s) for OSS usage
  • User audit attributes
  • Default protection for users
  • Safeguard authentication service
  • Lab

Module 5 - Guardian Security

  • System product files and sensitive utilities
  • TACL specific considerations
  • Guardian disk file access and ownership control
  • Process and ownership control
  • Guardian disk file security
  • OSS UGO bits, umask, and .profile file
  • OSS sticky bit, SETUID, SETGID
  • OSS file ownership access and control
  • Lab

Module 6 - Securing OSS Files

  • OSS file system layout
  • File security
  • Permission modes
  • File and directory permissions
  • User and group IDs
  • Setting the sticky bit
  • OSS file change ownership and group association
  • OSS Access Control Lists (ACLs)
  • File and directory ACLs
  • Lab

Module 7 - Authorization and Object Access Control

  • Object types and their management
  • Safecom to create and manage protection records on objects
  • Apply ACLs on objects
  • Object warning mode
  • ACL persistence
  • Node names on ACLs
  • DISKFILE-PATTERN
  • Lab

Module 8 - Safeguard Audit Configuration

  • Sources of security event audit information
  • Create, manage, and activate audit pools
  • Audit pool recovery modes
  • OSS API and process audit
  • Safeguard configuration for OSS audit
  • AUDITENABLED option for OSS filesets
  • SAFEART utility
  • Lab

Module 9 - Safeguard Administration and

  • Installation
  • Safeguard security administration features
  • Assign control of Safeguard
  • Safeguard security groups
  • Safeguard installation options
  • Undeniable super ID
  • Security Event Exit Process (SEEP)
  • Learning check
Read more

Why choose QA

Frequently asked questions

See all of our FAQs

How can I create an account on myQA.com?

There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.

If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".

If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.

Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.

How do QA’s virtual classroom courses work?

Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.

We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.

Learn more about our Virtual Classrooms.

How do QA’s online courses work?

QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.

All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.

Learn more about QA’s online courses.

When will I receive my joining instructions?

Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.

When will I receive my certificate?

Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.

Contact Us

Please complete this form and we'll be in touch

Please enter a date or timescale
Please type in a preferred location or region...