Table of Contents

Server Security

Server-Imposed Security
System Administrator-Imposed Security

Application Security

Security

The Y2K Compliance Assessment Tool provides two levels of security:

• Server security that is partially implemented by the server components of the Y2K Compliance Assessment Tool and by the system administrator.

• Application security implemented by the client and server components of the Y2K Compliance Assessment Tool applications

This appendix describes both of these security levels.

Server Security

There are two aspects of the Y2K Compliance Assessment Tool server security:

• Security imposed by the server components

• Security imposed by the system administrator

The Y2K Compliance Assessment Tool uses the security mechanisms of the UNIX system to protect the code and data files that reside on the server.

Server-Imposed Security

The Y2K Compliance Assessment Tool server provides the following security mechanisms:

• Files, File Ownership, and Permissions---The Y2K Compliance Assessment Tool must be installed by a user with root privilege and is installed as the user bin. All files and directories are owned by bin with group also equal to bin. Temporary files are created as the user bin with permissions set to read-write for the user bin and read for members of group bin. The only exception to this rule is the log files created by the Y2K Compliance Assessment Tool web server. The Y2K Compliance Assessment Tool web server must be started as root; therefore, its log files are owned by the user root with group equal to other.

All back-end processes are executed with a umask value of 027, which means that all files created by these programs are created with permissions equal to rwxr-x, with an owner and group of the user ID and group of the program that created it. Typically this will be bin and bin.

• Runtime---Typically the Y2K Compliance Assessment Tool backends are executed with permissions set to the user ID of the binary file (for example, if an executable file is owned by user "Joe," it will be executed by the Y2K Compliance Assessment Tool daemon manager under the user ID of "Joe"). The exception is the root user ID. To prevent a potentially harmful program from being executed by the Daemon Manager with root permissions, the Daemon Manager will execute only a limited set of Y2K Compliance Assessment Tool programs that need root privilege. This list is not documented to preclude any users trying to impersonate these programs.

• Off-machine connectivity---The Y2K Compliance Assessment Tool Daemon Manager will not respond to requests to start, stop, register, or show status for Y2K Compliance Assessment Tool back-end processes from computers other than the Y2K Compliance Assessment Tool server.

Because the UNIX user bin is not a user ID that is typically enabled for login, the UNIX system administrator can more easily protect the Y2K Compliance Assessment Tool data and program files.

System Administrator-Imposed Security

To maximize Y2K Compliance Assessment Tool server security, follow these system administration guidelines:

• Do not allow users who are not responsible for managing the network to have a login on the Y2K Compliance Assessment Tool server.

• Do not allow the Y2K Compliance Assessment Tool server file systems to be mounted remotely with NFS or any other file-sharing protocol.

• Limit remote access (for example, FTP, RCP, RSH) to the Y2K Compliance Assessment Tool server to those users who are permitted to log in to the Y2K Compliance Assessment Tool server.

Application Security

The Y2K Compliance Assessment Tool provides application-level security that allows the Y2K Compliance Assessment Tool administrator to dictate which applications a Y2K Compliance Assessment Tool user can access. The Y2K Compliance Assessment Tool provides this security through a set of five built-in roles:

• Help Desk

• Approver

• Network Operations

• Network Administration

• System Administration

Each role allows access to a predetermined set of applications, tools, and product features. Refer to the "Getting Started" section of the Y2K Compliance Assessment Tool online help for a detailed chart showing the relationship of user role to application functionality.

When you create a Y2K Compliance Assessment Tool login (every Y2K Compliance Assessment Tool user must log in to the application to use its features), you assign one or more roles to the login. The role or combination of roles dictates which Y2K Compliance Assessment Tool applications are available to the user in the Y2K Compliance Assessment Tool navigation tree (refer to the "Setting Up the Y2K Compliance Assessment Tool" chapter for an explanation of the navigation tree).

Only the system administrator user can assign roles to Y2K Compliance Assessment Tool logins. Y2K Compliance Assessment Tool users can use the administrative tools to change their own password or other aspects of their login.

The Y2K Compliance Assessment Tool comes with two predefined logins:

• guest (no password required, user role = Help Desk)

• admin (password = admin, user role = super user)

We recommended that you change the passwords for these predefined logins immediately after installation. Unless you want to allow everyone read-only access to the Y2K Compliance Assessment Tool, change the guest login password to something other than the default null string.

To prevent anyone from typing a full path to a Y2K Compliance Assessment Tool URL to avoid the security system, Y2K Compliance Assessment Tool applications will run only in the presence of an authenticated session between the server and client. The session is authenticated as a part of the login process so attempting to avoid the login by entering a URL will fail and the user will be returned to the Y2K Compliance Assessment Tool Login Manager dialog box. The Y2K Compliance Assessment Tool desktop terminates a login session after a period of no use. After termination, attempting to perform any operation returns the user to the Login Manager dialog box.

Posted: Thu Sep 30 16:08:24 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.