System Access Control
Locum's System Access Control (SENTRY) implementation within Safe & Secure provides Security Administrators with password change and logon control facilities for Unisys ClearPath MCP systems.
Access Control Challenges
Safe & Secure provides password change, logon, and station control facilities, that are easy to establish and which present a difficult challenge to a potential hacker.
Passwords are less likely to be compromised if they are changed on a regular basis. Safe & Secure enforces such changes by the provision of standard password aging mechanisms for both usercodes and accesscodes.
Password Change Controls
The Security Administrator can implement password aging using a variety of attributes and options. During the warning period, users are automatically presented with the password change screen. After the password expiry date, users are forced to change their password. Failure to do so at this time may result in the usercode or accesscode being suspended.
Safe & Secure provides several logon control mechanisms:
- Set the number of consecutive invalid logon attempts that will be tolerated.
- When logging on to the system, details of the last logon for the usercode and/or accesscode can be displayed and the current count of invalid consecutive logons, if any.
- When the NOLOGON attribute is set, all logon attempts for a specified usercode will be disallowed.
- Disallow logons through specified MCSs by using the LOGONFILTER attribute.
- Deny logons from superuser stations.
- Deny the use of remotespos.
The current list of offending or deactivated stations will be displayed. From the list displayed, the Security Administrator may reactivate all, or individual stations.
A list of usercodes or accesscodes currently logged on to the system is displayed. From the list displayed, the Security Administrator may terminate all or individual sessions for a particular user.
When the VIOLATIONLIMIT attribute has been assigned a value, a violation count for the usercode or accesscode will be maintained. When exceeded, the usercode or accesscode will be suspended until reactivated by the Security Administrator.
A Controlled user is a usercode which is used periodically for emergency purposes, for example, troubleshooting. Before such a user is allowed access to the system, the usercode has to be enabled either by the Security Administrator or a delegated user.