Planning Volume 2, Control Workstation and Software Environment

Chapter 6. Planning for security

Analyzing company resources and protecting these resources is usually part of an administrator's duties. Your resources pertaining to PSSP include the following:

• System and application data, user programs, and user data.
• Communication devices and communication access methods.
• Login permissions - specifically, who can log in, when, and how much resource each user can have.
• Authentication, passwords, and credentials.

This chapter describes the choices you can make and what to prepare when planning for security before installing and configuring, or migrating to and configuring PSSP 3.4. The following are prerequisites for making educated choices for security on your SP system:

1. You ought to have a clearly expressed and understood security policy for your organization.
2. You ought to already understand security of computer systems in general and be familiar particularly with the security services that you can use on the SP system to help enforce that security policy:
   • The Distributed Computing Environment (DCE) security services.
   • The PSSP implementation of Kerberos V4.
   • The standard AIX security service.
   • |The IETF Secure Shell protocol.
3. You ought to understand the factors on which to base your choices - the degree and granularity of protection necessary across the entire SP system and within each SP system partition - and which services offer the level of protection you require.

To become familiar with security terminology and concepts as applied on the SP system, see the book PSSP: Administration Guide. The chapter called Security Features of the SP System explains terminology and basic concepts of security services on the SP system. It includes suggested reading for DCE and for a secure remote command environment.