Lessons learned from a safety review last year are combined with some new ideas on how to protect NonStop applications against malware and spyware - presented at the International GTUG/Connect Conference April 2014
2. Summary
Lessons learned from a safety review
last year are combined
with some new ideas on
how to protect NonStop applications
against malware and spyware.
3. “Safety Review of a NonStop Data Center”
„NonStop Data Center“
„Review“
„Safety“
Review Procedure
Review Checklist
Audit Trail Analysis
Risk: Denial of Service
Risk: Malware
Risk: Spyware
References
4. NonStop Data Center
Unit with several NonStop Systems
Guardian, Pathway, TMF, Enscribe, SQL/MP
Operated by an infrastructue-as-a-service supplier
5. Review
Part of an Audit on a banking application
Control of outsourced data processing
8 Items to control according to German Law
Access control on building and rooms
Access control on hardware and operating system
Access rights
Data transmission and transport
Data entry
Contractor
Availability
Data Separation
6. Safety
Availability
NonStop and RDF
Replication tools for non-audited files
Emergency planning
The Denial-of-Service problem
Integrity
TMF and audited files
Audit trail analysis
Confidentiality
Guardian Security and SAFEGUARD
SECOM
ID mapping and command level security
Protection against Malware and Spyware
7. Review Procedures
Project Management
Before Start of Review
Guidelines for Documentation
Tools for Checking and Auditing
Checklists and Standards
Start of Review
Charts of involved organisations
Available Documentation
Past issues / Special risks
Review
Design
Operation
8. Review Checklists
Availability Integrity Confidentiality Emergency
Planning
Inventory HW, SW,
Subsystems,
Data files
SW version,
Data Dictionary
PROGID, LICENSE,
system interfaces
Planning
Monitoring HW, SW,
critical events
Audited DB,
Audit Trail Analysis,
Runtime Lib,
ENSCRIBE data
Session log, 4-eyes,
SAFEGUARD audit,
SECOM log
Tests and
Training
Control Performance
and Tuning,
DoS Risk
System and
subsystem
configuration,
Malware Risk
Deleted data files,
Backup data,
Users: super.* and *.super,
Spyware Risk
Confidential
data
9. Audit Trail Analysis
Find Long-running transactions
Find transactions that have damaged a database
Locate specific data field/column changes
Detect bugs in applications
Search for unauthorized transactions
10. Risk: Denial of Service
Compiler, Binder, Debugger on Production System
TAL examples:
corrupting a cpu
?Source $system.system.extdecs0 (alter_priority_)
Proc Test Main;
Begin While 1 do begin alter_priority_(199); End;
corrupting a volume
?Source $system.system.extdecs0 (file_create_)
Proc Test Main;
Begin String .system[0:35] := „$system“; Int Len := 7;
While 1 do begin file_Create_(SYSTEM:36,Len); End
But, same effects possible by TACL programming
11. Risk: Malware
Security for files belonging to functional user
Data and program files
Especially: *CSTM and *LOCL and *CTL files
Default: no echo from FUP
Command „Password“ in TACLCSTM deletes current password
User and security setting
for PATHWAY Management
SET PATHWAY OWNER <group>, <user>
SET PATHWAY SECURITY “<O or U>"
12. Risk: Spyware
LINKMON server class access security
SET SERVER OWNER <group>, <user>
SET SERVER SECURITY “<O or U>"
But, access to server processes is still possible.
Default:
Any process can open a process and send a message.
Possible Solutions
Adding logic to server program for checking requestors
SAFEGUARD ACLs on the process name
SAFEGUARD active and tool PS-Shell
13. References
Product CS-TP-SPY (Audit Trail Analysis) of
CS-Software Gmbh
Dr. Werner Alexi
Schiersteiner Straße 31, 65187 Wiesbaden, Germany
E-Mail: info@cs-software-gmbh.de
Ideas and Tools of
GreenHouse Software & Consulting
Ingenieurbuero Karl-Heinz Weber
Heinrichstrasse 12, 45711 Datteln-Horneburg, Germany
E-Mail: info@greenhouse.de
My list of 117 Greenhouse Tools as a give-away
14. Peter Haase
Peter Haase
Programmer, Trainer, Consultant for HP NonStop since 1981
D-56820 Mesenich/Moselle , Kirchstr. 12
+49-2673-98600
+49-171-8442242
info@peterhaase.de
www.peterhaase.de