Content Navigation footer

LOCUM

Software Services Limited

SAFE & SECURE's Access Controls

Link to Home Page

Link to Sitemap

Link to News

Link to Product Downloads

Link to Computer Auditing

Link to Product Information

Link to Product Release Levels

Link to Services

Link to Contacts

Link to Frequently Asked Questions

Link to Company Profile

Link to Product Resellers

Link to Escrow Agreement

 

 

SAFE & SECURE's ACCESS CONTROLS mechanisms provides Security Administrators with password change and logon control facilities on UNISYS ClearPath MCP systems.

 

Key Features

  • Password ageing for both usercodes and accesscodes
  • Password change controls
  • Logon controls
  • Station control
  • Violation limits
  • Controlled users
  • Session control

 

The Access Control Challenge

Controlling access to systems is one of the major requirements of any installation's security policy. Without proper controls, the opportunity for someone to gain unauthorised access to a system is made much easier. SAFE & SECURE overcomes these problems by providing password change, logon and station control facilities that are easy to establish and which present a difficult challenge to a potential hacker.

Password Aging

Passwords are less likely to be compromised if they are changed on a regular basis. SAFE & SECURE enforces such changes by the provision of standard password aging mechanisms for both usercodes and accesscodes. Many of the password aging values and options are maintained as global information, thus simplifying the administration of establishing password aging for users. For specific users, these global values may be changed to suit individual requirements.

Example of password aging.

Click to enlarge

 

Password Change Controls

The Security Administrator can implement password aging using a variety of attributes and options. Mechanisms are provided to maintain password dictionary items for use with system-generated passwords and to establish the list of password exceptions to be checked against self-selected passwords.

Users are allowed to change their password at any time, unless within the minimum password life period. During the warning period, users are automatically presented with the password change screen, which they may use to change their Password.

After the password expiry date, users are forced to change their password. Failure to do so at this time may result in the usercode or accesscode being suspended. All password change screens and end-user messages are displayed in English, French, German, Dutch, Spanish or Finnish; the Security Administrator may determine the preferred end-user language, which may be allocated on an individual user basis.

The Security Administrator may allocate a password at any time. Passwords may also be allocated when creating usercodes/accesscodes, establishing password aging or reactivating suspended users. SAFE & SECURE provides an option which, when set, will force users to change an allocated password at next logon. There are no restrictions on the format of passwords allocated by the Security Administrator.

 

Logon Controls

SAFE & SECURE provides several logon control mechanisms, namely:

  • The Security Administrator may select the number of consecutive invalid logon attempts that will be tolerated. In addition, a timeframe may be optionally specified. After the count has been reached, SAFE & SECURE will logically deactivate the station and ignore any further input. A deactivated station may be reactivated only via SAFE & SECURE.
  • When logging on to the system, SAFE & SECURE provides options to display details of the last logon for the usercode and/or accesscode and the current count of invalid consecutive logons, if any. This feature provides a useful check for users logging onto the system to identify any attempted fraudulent logon.
  • SAFE & SECURE introduces the NOLOGON attribute which, when set, will disallow any logon for the specified usercode. This attribute is useful to prevent any attempted logon using a production usercode.

 

Station Control

For station control, the current list of offending or deactivated stations will be displayed. From the list displayed, the Security Administrator may reactivate all or individual stations.

 

Violation Limits

When the VIOLATIONLIMIT attribute has been assigned a value, SAFE & SECURE will maintain a violation count for the usercode or accesscode. When exceeded, the usercode or accesscode will be suspended until reactivated by the Security Administrator.

 

Controlled Users

A Controlled user is a usercode, often with special privileges, which is used periodically for emergency purposes, for example, troubleshooting. A Controlled user may be established as a one-time or multi-session user and the Security Administrator may also define a time-out period. Before such a user is allowed access to the system, the usercode has to be enabled either by the Security Administrator, or optionally by another delegated user or operator. If the one-time option has been specified, after logging on with a Controlled usercode, the usercode may not be used again.

 

Session Control

For session control, a list of usercodes or accesscodes currently logged on to the system is displayed. From the list displayed, the Security Administrator may terminate all or individual sessions for a particular user.

 

Free Trial

If you would like to see how ACCESS CONTROLS can help secure your Unisys ClearPath MCP system, e-mailLocum@LocumSoftware.co.uk today to take advantage of our FREE no-risk trial offer.

 

 

The page was last updated on the 09th June 2005.