SG24-2021-00 Managing Access from Desktop to Datacenter: Introducing TME 10 Security Management October 1997 International Technical Support Organization Austin Center International Technical Support Organization SG24-2021-00 Managing Access from Desktop to Datacenter: Introducing TME 10 Security Management October 1997 Take Note! Before using this information and the product it supports, be sure to read the general information in Appendix C, “Special Notices” on page 199. First Edition (October 1997) This edition applies to Version 3.2 of TME 10 Security Management. Discussion of the TME 10 Framework is primarily based around TME 10 Framework Version 3.1. Comments may be addressed to (see also “Comments Welcome” on page xii): IBM Corporation, International Technical Support Organization Dept. DHHB Building 045 Internal Zip 2834 11400 Burnet Road Austin, Texas 78758-3493 When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you. © Copyright International Business Machines Corporation 1997. All rights reserved Note to U.S Government Users - Documentation related to restricted rights - Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp. Contents Contents . iii Figures . vii Tables . ix Preface . xi The Team That Wrote This Redbook . xi Comments Welcome . xii Chapter 1. Introduction. 1 1.1 Why Security Management? . 1 1.2 The Protection and Administration of Assets . 2 1.3 Operating System Security . 2 1.4 Security in the TME 10 Environment . 3 1.5 TME 10 Security Management Implementation . 3 1.6 TME 10 Security Management Installation . 3 1.7 TME 10 Security Management Usage . 4 1.8 TME 10 Security Management Futures . 4 1.9 Additional Topics. 4 Chapter 2. Security Concepts and Overview. 5 2.1 Security Policy . 5 2.1.1 Security Threats . 5 2.1.2 What Should a Policy Include? . 6 2.2 Security Project Components . 8 2.2.1 Physical Security. 8 2.2.2 Logical Security. 8 2.2.3 Roles and Responsibilities in Security . 10 2.2.4 Auditing and Reporting . 11 2.2.5 Alert Management . 12 2.3 Definition of a Security Management Model . 13 2.3.1 Security Administrative Model Overview . 13 2.3.2 Implementing an Organizational Approach . 14 Chapter 3. Security Implementations on Different Platforms . 17 3.1 Security Structures . 17 3.1.1 UNIX Platforms . 17 3.1.2 Microsoft Windows NT Server . 24 3.2 Critical Operating System Resources . 28 3.2.1 UNIX Platforms . 28 3.2.2 Microsoft Windows NT Server . 29 Chapter 4. Security in the TME 10 Environment . 31 4.1 TME 10 Framework Recap . 31 4.2 Network-Level Security of the TME 10 Framework . 33 4.2.1 Security Options and TME 10 Framework Installation . 33 4.2.2 Authentication . 35 4.2.3 Authorization . 36 4.2.4 Encryption Levels on TME 10 Framework . 36 4.2.5 Kerberos . 37 4.2.6 Data Integrity. 38 © Copyright IBM Corp. 1997 iii 4.2.7 TMR Connections . 38 4.3 Resource-Level Security of the TME 10 Framework . 43 4.3.1 TME 10 Management Regions. 44 4.3.2 TME 10 Framework Administrators . 46 4.3.3 User IDs Used by the TME 10 Framework . 49 4.3.4 Policy and Policy Regions . 49 4.3.5 Tasks and Jobs . 51 4.3.6 Notices . 52 4.4 TME 10 User Administration . 52 4.4.1 Password Storage in User Profiles. 53 4.4.2 Password Population and Distribution . 53 4.4.3 TME 10 User Administration Password Commands . 53 4.4.4 Operating System Password Support. 54 Chapter 5. Understanding TME 10 Security Management . 57 5.1 Overview and Product Information . 57 5.1.1 TME 10 Security Management Architecture . 57 5.1.2 Platform Support . 59 5.2 Endpoint Support. 59 5.2.1 UNIX Endpoint . 59 5.2.2 NT Endpoint. 60 5.3 Security Profiles . 60 5.4 Role-Based Resource Access Administration . 63 5.5 TME Security Groups . 65 5.5.1 Group Name . 66 5.5.2 Member List. 66 5.5.3 Login Time Restrictions . 67 5.5.4 Audit Control . 67 5.5.5 Roles . 68 5.6 TME Security Resources . 68 5.6.1 Resource Specification . 69 5.6.2 Access Time Restrictions. 71 5.6.3 Audit Control . 71 5.6.4 Default Access. 71 5.6.5 TCP Service Access . 72 5.6.6 Role List . 72 5.7 TME Security Roles . 73 5.7.1 Security Role Name . 74 5.7.2 Resource List. 74 5.7.3 Resource Type Access Rights . 75 5.7.4 Parent Role . 75 5.7.5 Groups. 76 5.8 Examples. ..