Fujitsu Services
FUJ00088096
FUJ00088096
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Ori;
inator & Dept:
Contributors:
Internal Reviewers:
Secure Support Role Definitions for SECURENT Build
Requirement Definition
BI3S30R onward
The ACP requires that access to Pathway systems be controlled by
the use of pre defined roles to which users can be assigned. Such
roles will allow users to access only those parts of the system, with
associated tool sets, they need in order to complete the tasks
associated with that particular role. This document summarises the
requirements and defines the roles specifically engaged in support
activities, with associated objects, domains and access
requirements
APPROVED
Mark Ascott, DU Secure Builds
Simon Fawkes, Peter Robinson, Steve Parker
See section 0.2
External Reviewers: None
Approval Authorities:
Name Position Signature Date
Mik Peach SSC Manager
Andrew Gibson Core Services Operational
Manager
Tan Cooley SMC Manager
Alex Robinson Security TDA
Peter Sewell Pathway Security
Manager
Jim Stanton ITU PIT Manager
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 1 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
0.0 Document Control
0.1 Document History
Version No. I Date Reason for Issue Associated
CP/PinICL
No.
0.1 10/01/02 First draft CP3283
0.2 19/10/02 Updated with comment received from PVCS review cycle. CP3283
0.3 04/02/03 Updated to reflect minor implementation changes to the CP3283
solution
04 15/07/03 Updated with new Riposte tools for counters. CP3482
1.0 08/08/03 I Updated to APRROVED with appropriate comments from P3482
PVCS review cycle addressed. from
0.2 Review Details
[Review Comments by:
[Review Comments to: Markascou _GRO j
landatory Review Authority lame
IAPDU Delivery Unit Manager ark Taylor
PDU PIT Manager
IRASD POA Security TDA. IAlex Robinson
'S Pathway Security Manager Peter Sewell
'S Systems Support Centre Manager Mik Peach
[DU Design Authority Support Simon Fawkes
ITU PIT IAsad Sheikh
TU PIT [Brian Bradley
IDU Secure Builds Mia Brittain
IRASD Systems Management TDA Glenn Stephens
(Core Services Operational Management Steve Gardiner
\Core Services SMC lan Cooley
(Core Services SMG ike Conneely
(Core Services Operational Management IWarren Welsh
IOptional Review/Issued for Information
[DU_DCO Suzanne Gordon
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 2 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
ITU Test [Debbie Richardson
ITU LST Pete Dreweatt
ICS Pathway Security (Chris Billings
'S Migration Implementation Manager lan Morrison
ITU LST IGraham Jennings
SMG. john Bradley
0.3 Associated Documents
Reference Tag I Version I Date Title Source
PA/TEM/001 u This document is created from this version of PVCS
PA/TEM/001
RS/POL/003 2] Access Control Policy PVCS
RS/FSP/001 I [3] Security Functional Specification PVCS
DE/HLD/002_I [4] OpenSSH Auditing and Logging Server PVCS
TD/ION/029 [6] FTMS Configurations for AP Clients at CSR+ PVCS
RS/REQ/020 (7) Implementation of Anti-Virus Requirements PVCS
RS/DES/075__I [8] ‘Communication Monitoring System DMZ Security PVCS
Overview
RS/DES/080 [9] BI3 NT Domain Design PVCS
RS/DES/081 [10] BI3 Implementation Guide for NT Platforms PVCS
RS/DES/082 {11 BI3 NT Server and Workstation Names PVCS
RS/REQ/022 12] BI3 Secure Role Definitions for SECURENT Build PVCS
SMG/DES/01 I [13] I 0.1 Terminal Server Document SMG
7
Unless a specific version is referred to above, reference is made to the current versions of the
documents.
0.4 Abbreviations/Definitions
Abbreviation Definition
BDC Windows NT Backup Domain Controller Server
BI3 Release Banking Increment 3
cP Change Proposal
CSR+ Core Services Release +
DCS Debit Card Services
DRS. Data Reconciliation Services
IsD Abbreviation associated with Core Services staff
Local Access via the console attached directly to an NT platform
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 3 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
NWB Network Banking
PDC Windows NT Primary Domain Controller Server
SAS Secure Access Server
SSE Secure Support Environment
SSH Secure Shell
SSHC Secure Shell Client
SSHD / SSH Server Secure Shell Server
TS Terminal Server
0.5 Changes in this Version
Version I Changes
04 All changes are highlighted by red text and vertical bars in the margins. Section 8.2 added to
detail Riposte tools added to all counters.
1.0 Updated to APPROVED
0.6 Changes Expected
Changes
None.
Further enhancements to the SSE are being discussed for possible introduction at BI3S50. Any confirmed
enhancements for these releases will result in this document being updated. Such changes will be introduced
via a CP.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 4 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
0.7 Table of Contents
1 INTRODUCTION.
3 REQUIREMENTS.
3.1 AFFECTED Support ROLES. 8
3.2 NEW SUPPORT ROLES... sna onmnnnninnnnnnnnnnnnnnnnnnnnnn®
3.3 REDUNDANT SUPPORT ROLES. 8
4 IMPLEMENTATION...
4.1 NT ADMINISTRATOR USER noone nnn ee)
4.2 TSADMIN ROLE. 10
4.3. SSHADMIN ROLE. 10
5 SUPPORT ROLE USERS...
5.1 PWYDCS Users. ia
5.2. HUTHTIP, PDRTIP Users. 11
5.3. PWYKMS Usrrs. 11
5.4 PWYCSM USER...... sonnets . vntnneneieneeneee vow ED
5.5 SYSMAN Users. 12
5.6 SECURE ACCESS SERVER USERS. 12
5.7 COUNTER ACCESS USERS. 12
5.8 NT DaTA CENTRE SYSTEM ACCESS USERS..... sonnei sonenseseinnrenesnnnees LD
6 SUPPORT AUTHENTICATION PROCESS.....
6.1 LOGON AT DESKTOP. 12
6.2. LOGON aT SAS TERMINAL SERVER..... serene 13
6.3. LOGON To SSH SERVER. 13
6.4 PROCESS SUMMARY. 13
7 SUPPORT ROLE DESKTOPB.......
7.1 STANDARD SECURE ROLE DESKTOP. 15
7.1.1 SSC Apps MAN..
7.1.2 SSC Apps SUP...
7.1.3 Operational MAN.
7.1.4 Application SUP. on eects
7.2 TERMINAL SERVER CLIENT DrskTor. 27
7.2.1 SSC Support Grou
7.2.2 SMC Support Group.
7.2.3 MSS Support Group.
7.2.4 Operational Management Support Group.
8 SUPPORT TOOLG..........044.
8.1 TOOL SeT LOCATION AND ACCESS.
8.2 RIPOSTE TOOLS ON COUNTERS (CP3482).
8.3 TOoLs AVAILABLE... teeter
8.4 UPDATING THE TOOL SET...
8.4.1 Normal Circumstance
8.4.2. Exceptional Circumstances..
9 APPENDIX A —- SUPPORT TOOL SE’
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 5 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 6 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
1 Introduction
The nature of the Pathway Horizon system requires that access to the counters and
core systems should be strictly controlled. [ACP] states that effective control depends
on having a clear definition of the roles and the responsibilities of all personnel who
need some form of access to the system. Users will gain access by being assigned to
these roles. This will be core to Pathway implementing the principles of least privilege
as described in [SFS]. Pathway will translate the human roles detailed in [ACP] into
securely configured roles, known as secure roles.
RS/REQ/022 defines the requirements for all Pathway human secure roles (except for
Support Roles) that access the Pathway data centre systems via an access point, which
is usually an NT workstation. These requirements are translated by IPDU Secure
Builds and IPDU PIT in order to generate a secure desktop for each role.
RS/REQ/023, this document defines the requirements of the human secure roles
involved with providing support of the Pathway Horizon solution. It describes for
each of the Pathway support groups the menus and tool sets required and the secure
support environment desktop access method used to connect to remote counters and
data centre systems.
2 Scope
This document only addresses the human user roles defined for use by the support
groups involved with supporting the Pathway Horizon solution systems. These
support roles are to be implemented as part of the Pathway central NT systems and
access rights assigned to each role. Each support role specified within this document
access counters and the data centre NT systems through the Pathway NT Domain
Structure referenced in [9] and in accordance with the security configuration
referenced in [10]. SMC and SMG support roles that authenticate in the SYSMAN
domain are not described in terms of their Secure Desktops. For these roles it is
assumed that their desktops include Terminal Server Client and that Terminal Server
Client provides these roles with access to the Secure Support Environment
implemented within the Pathway NT Domain Structure. Document reference [13]
describes the configuration for SYSMAN secure roles.
Non support roles used by SMC, SMG and Girobank are specifically excluded from
this document as they are authenticated on separate NT systems which form part of a
third party managed service. These roles are excluded from accessing the Secure
Support Environment.
This document does not describe the implementation or configuration of OpenSSH
components on the NT data centre systems or counters. This information is described
fully in reference [4].
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 7 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
3 Requirements
The requirement to implement a secure role based access control system emanates
from [ACP]. [ACP] further defines the roles that are required for access to the
Pathway Systems and the responsibilities of these roles.
Release BI3 Network Banking and release BI3S30 Debit Card System introduced
more stringent requirements regarding support access to counters and the data centre
NT systems. To satisfy these new requirements, a Secure Support Environment is
being introduced and as a result new user desktops and access mechanism are required
for the support groups. This document defines the new authentication processes,
desktops, and tool sets available to the support groups.
3.1 Affected Support Roles
The Pathway support roles affected by CP3283 are:
« PWYDCS\SSC Apps SUP
¢ PWYDCS\SSC Apps MAN
e PWYDCS\Operational MAN
e PWYDCS\Application SUP
In addition to the above two roles that authenticate in the SYSMAN third party
supplier domain are also affected. These two roles are:
e SYSMAN\SMC
e SYSMAN\MSS
3.2 New Support Roles
At Release BI3S30 no new support roles are introduced.
3.3. Redundant Support Roles
None of the existing support roles are made redundant.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 8 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
4 Implementation
For the four Pathway support roles, each support role will be set up as a Secure Role.
Secure Roles will be mapped very tightly on to the Group concept within NT.
Individual users will be assigned to these Groups in which access to objects, domains,
servers and associated privileges will be controlled. Reference [10] describes in more
detail the rules and methods for applying Secure Roles onto the NT Group concept.
These Secure Roles are defined in Section 7.
Secure Roles use defined access points that have an accompanying Physical Platform
Design Specification (PPDS) document. Access to objects will be made available to
each role at the relevant access point. This document specifically covers the Secure
Support Roles accessing the data centres and counters
The definition of the Secure Support Roles is maintained in a spreadsheet by IPDU
Secure Builds, updates of this security configuration deliverable will be made available
to IPDU PIT. They will apply automated tools for the production of the relevant
command scripts. The resulting command scripts will be incorporated into the
Pathway SECURENT build process and into the specific platform configuration builds
for deployment into test and live estate environments.
Secure Support Roles, as defined in this document, will be implemented using
automated command scripts. By doing this, it will simplify the implementation and
maintenance of the roles.
Human user accounts created from the defined roles may only be members of one
Role/Group definition. This is required to ensure the user is only provided with one
appropriate tool set. Implementation of the menu structure for each Group will ensure
that users assigned to that Group will be able to access the application set necessary
for them to fulfil their duties.
4.1 NT Administrator User
The Windows NT operating system is provided with a super user known as the
‘Administrator’. This user has full administration and configuration privileges which is
exercised at both system/server and domain level. This capability cannot be removed
from Windows NT. Pathway recognises the power that this user has and the ability
that a human user, using the administrator user, has to interfere with the day to day
operation of the Pathway solution.
To address this issue, Pathway will limit and restrict the use of the NT Administrator
User. This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden from the
system. The account name and password will be specified by the Pathway Security
Manager, which will be strictly controlled and stored in a secure safe.
> Restrict full administrator privileges to the “Operational Management’ role. Use of
this role will be subject to the management and procedural controls set out in the
“Pathway Code of Practice’, PA/STD/010.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 9 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
4.2. TSadmin Role
CP3283 introduces a new administrator role known as TSadmin. This new role will be
responsible for day to day operations and administration of the PWYSAS domain and
the Secure Access Servers. The security configuration will be setup to prevent
PWYDCS roles from administering PWYSAS. Likewise, PWYSAS\Admininistrator
whilst not being prevented from its administration capability by security configuration
changes, sufficient monitoring capability will be added to the Security Event Auditor
and Pathway Security Manager roles to ‘watch’ the use of this user.
The TSadmin role will be allocated to senior Core Services NT staff and will be limited
to no more than three individuals at any one point in time. It is this role that will create
and manage the terminal server user accounts. These individual accounts will be
created from the pre-defined TS user templates. Each individual user will be mapped
to a TS profile and will have a defined user home directory. Customer Services
Security will be responsible for TSAdmin user accounts are allocated, created and
managed.
4.3. SSHadmin Role
This new role is introduced for the purpose of managing the configuration of the SSH
Client and SSH Server components. Like the TSadmin role, this new role will be
limited for use by senior Core Services NT staff and will be limited to no more than
three individuals at any one point in time. This role will only be able to administer the
Secure Shell configuration files. Only this human role will be granted access control
permissions greater than Read and Execute. Customer Services Security will be
responsible for SSHAdmin user accounts are allocated, created and managed.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 10 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
5 Support Role Users
5.1. PWYDCS Users
SSC support staff and Core Services operational management staff who access the
Pathway Horizon systems must have an individual user account registered in the
PWYDCS domain. Each user account is created from a pre-defined user template
which is described in Section 7 of this document. Associated with each NT user
account registered in PWYDCS is a SecurID Token and four digit PIN
Existing support user accounts remain unchanged within the SSE. New support user
accounts will be created using the existing and current processes.
User templates exist for the following support roles:
e Users assigned to SSC Apps SUP role have user accounts created from user
template ‘zzSSC Apps Sup’
e Users assigned to SSC Apps MAN role have user accounts created from user
template ‘zzSSC Apps MAN’
e Users assigned to Operational MAN role have user accounts created from user
template ‘zzOPSMAN’
e Users assigned to Application SUP role have user accounts created from user
template ‘zzAPPSUP’
5.2. HUTHTIP, PDRTIP Users
Both HUTHTIP and PDRTIP domains which contain the Remote TIP Gateway
systems at Post Office sites are authentication domains. Both are configured with
identical support roles to those described for PWYDCS Users above. Access to these
remote domains/systems using SSHD will require support staff to login and
authenticate using user accounts created in the HUTHTIP and PDRTIP domains.
5.3. PWYKMS Users
TBA following input from Graham Hooper and Geoffrey Vane.
5.4 PWYCSM Users
TBA
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 11 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
5.5 SYSMAN Users
User accounts registered in this third party supplier managed domain must comply
with the security policies defined in [ACP].
From the requirements specified in CP3283 the following support roles from this
domain are relevant to the SSE:
e SMC
e MSS
5.6 Secure Access Server Users
Changes to the solution implementation mean that user templates and user accounts
are no longer required within the PWYSAS domain and Secure Access Servers.
5.7 Counter Access Users
CP3283 specifies that only the SSC support group will be granted access to counters
using SSE.
At the counter only a common/shared user account is required. SSH Client will
capture the logon username from the Terminal Server Client session and will record
this user name in the command log files that SSH Client generates. The user account
defined for the SSC support group is:
@ sussc
5.8 NT Data Centre System Access Users
Access to Data Centre NT systems will in the main be achieved by support staff
logging on via SSHD using their PWYDCS user account. Exceptions to this will be
HUTHTIP and PDRTIP remote TIP FTMS Gateway domains, PWYKMS and
PWYCSM domains. Access to these four domains will be achieved by using
equivalent user accounts created in these domains.
6 Support Authentication Process
6.1 Logon at Desktop
All support users that logon with a PWYDCS user account will specify their unique
username and associated password. The system will then prompt for SECURID logon
using their assigned PIN with the token value displayed at the time of logon.
The same logon and authentication process should be followed for all support users
who authenticate in the SYSMAN domain.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 12 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
Once the identification and authentication process has completed the user is presented
with their usual desktop with an array of tools as specified in Section 7. One of the
tools available from this desktop is the Terminal Server Client. Executing the Terminal
Server Client tool will result in the system opening a new window at the workstation
that results from a connection to a Secure Access Server located in PWYSAS domain.
This new Terminal server window will display a prompt for a user name and password.
At Release BI3S30, Support Users can still access counters and NT data centre
systems using their pre BI3S30 desktops and tools. However from BI3S30 the only
approved and authorised support access method to counters and NT systems in the
PWYPUB and DCSSERV resource domains is via the Terminal Server/Secure Shell
access route.
6.2 Logon at SAS Terminal Server
At the Terminal Server window login prompt the support user should re-enter their
individual terminal server user account created in PWYDCS domain and its associated
password.
Successful logon will result in the SAS desktop being made available to the user.
From this desktop the Secure Shell Client (SSHC) will be available.
6.3 Logon to SSH Server
The user can invoke the SSHC by typing:
ssh -I <user name> <target-address>
where:
<user name> will equate to the support group users individual user account name
created in PWYDCS domain or the other authentication domains referred to in section
5 for NT data centre systems or user account sussc for counters.
<target-address> will equate to the IP address of the target counter or NT system.
Execution of the above causes the SSHC to make a connection with the SSH server
running on the target system. The user account specified will be authenticated at the
target-system and if successful a SSH session will be initiated. The SSHC will log
each command executed during the session recording the PWYDCS domain (or other
domain) logon user account name that has initiated the SSH session.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 13 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
6.4 Process Summary
See diagram below.
Lag ae.
CTRL + ALT + DEL te
f
y
User ID :AscottM
Domain: PWYDCS
Pwypcs
Logon details entered Seep BIN eee user
SecurlD Token Value
as
I
oie
ee
PWYSAS Terminal
os ‘Ascott Server authenticates
OK
7
Invoke Terminal SSH
Client
oe 41 susse <terget>
Invoke Terminal
Server Client
Execute required
support tools
SSH Server
authenticates SSH
Client logon
OK
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 14 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
7 Support Role Desktops
7.1. Standard Secure Role Desktop
This section describes the desktop menu and tool set provided to the four Pathway
Support Roles as a result of logging on with their PWYDCS, PWYKMS, (HUTHTIP,
PDRTIP) user account, password and Securid Token. This logon will be conducted at
their normal access point workstation or server.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 15 of 33
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Versior 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
FUJ00088096
FUJ00088096
7.1.1 SSC Apps MAN
Group Name to be Implemented SSC Apps MAN
Last Updated
Secure Role Type Privileged Full Administrator eapable
Desk Top Type Restricted Desktop Menu
NT Servers AIINT Servers, also needs access to Post Office Outlet Counters and
access to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP
Resource Domain Access ‘All resource domains and NT data centre systems via SSH Client access
method
Access Point SSC NT Client PC SD/DES/172
‘ACP Equivalent Application Support (SSC)
Change Triggers
‘Menus and Tools > Tivoli Remote Console
> Relient
[> Reonsole
[> ‘Terminal Server Client
> RiposteGetMessage.exe
> Ripostelndex exe
> RiposteNode.exe
[> RiposteObjectSecurity, Exe
> RiposteObjectexe
> RipostePing exe
[> RipostePriorityMessage.exe
> RiposteQueryUK-exe
> RiposteNextMessage exe
> RipostePutMessage exe
> RiposteScanMessage
> RiposteStatus.exe
> RODBClientexe
MD prompt
> ExCeed for Windows NT (V 6.1)
> Visual Basic LD.E.
© 2003Fujitsu Services COMPANY IN CONFIDENCE
Page: 16 of 33
Fujitsu Services
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088096
FUJ00088096
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
> Telnet
> FIP (To Host Sequent, and other POL Services)
ficrosoft Diagnostics
INT Event Viewer
inZip/Pkaip
SD Rom writing software
{Textpad
ficrosoft Word
ficrosoft Excel
ficrosoft Access
icrosoft Explorer
internet Explorer (c/w SSC default links page)
Full NT Control Panel
[Performance Monitor
egistry editor
TIP Repair
In-house Utilities
> Archive Viewer
> Expiry Reporter
> Stops Reporter
[> Formatted File Utility
> MessageStore Utility
EndOfay Reporter
> MessageStore Sort Utility
VPN Utilities
> VPNDiagClient. exe
> SVPNTSTNeexe
Athene Utilities
IAthene Analyst
Analyst
ViewDB Storage
ithene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
thene Client-Server
Client-Server
lAthene CustomDB
CustomDB
Schedule Editor
Web Log Parser
thene Explorer
Define A Report
Explore Reports
© 2003Fujitsu Services
COMPANY IN CONFIDENCE
Page: 17 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
COMPANY IN CONFIDENCE
Version: 1.0
Date: 08/08/03
thene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
[Athene Sentinel
Alert Summary
Sentinel
Requires Access to All systems
ZiSSCAPP_MAN
‘Administrators
TSSC Apps MAN
TconfineLogin
© 2003Fujitsu Services COMPANY IN CONFIDENCE
Page: 18 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Versior 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
7.1.2 SSC Apps SUP
Group Name fo be Implemented SSC Apps SUP
Last Updated
Secure Role Type Privileged Full Administrator eapable
‘Desk Top Type Restricted Desktop Menu
NI Servers AILNT Servers, also needs access to Sequent UNIX servers
‘Access Rights Read, Execute
Requires SecurID Authentication Yes
‘Authentication Domain PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP
Resouree Domain Access ‘Allresource domains and NT data centre systems via SSH Client access
method
Access Point SSC NT Client PC SD/DES/172
‘ACP Equivalent ‘Application Support (SSC)
‘Change Triggers
Menus and Tools © Tivoli Remote Console
> Relient
© Reonsole
> Terminal Server Client
& RiposteGetMessage.exe
> Riposteindex.exe
© RiposteNode exe
© RiposteObject exe
> RipostePing.exe
© RipostePriorityMessage exe
© RiposteNextMessage exe
> RiposteQueryUK exe
> RiposteScanMessage.exe
© RiposteStatus.exe
» ~RODBClient.exe
CMD prompt
» — ExCeed for Windows NT (V 6.1)
> Visual Basic LDE.
> Telnet
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 19 of 33
Fujitsu Services
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
FUJ00088096
FUJ00088096
© _ FIP (To Host Sequent, and other POL Services)
NT utilities
“Microsoft Diagnostics
Event Viewer
‘WinZip Pkzip
‘CD Rom writing software
Textpad
Microsoft Word
‘Microsoft Excel
Microsoft. Access
Microsoft Explorer
‘internet Explorer (c/w SSC default links page)
Full NT Control Panel
Performance Monitor
Registry editor
TIP Repair
In-house Utilities
> Archve Viewer
> Expiry Reporter
© Stops Reporter
> Formatted File Utility
3 MessageStore Utility
> EndOtDay Reporter
* MessageStore Sort Utility
VPN Uiilities
‘VPNDiagClient exe
‘Athene Utilities
lAthene Analyst
Analyst
ViewDB Storage
lAthene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
thene Client-Server
Client-Server
thene CustomDB
CustomDB
Schedule Editor
Web Log Parser
[Athene Explorer
Define A Report
Explore Reports
© 2003Fujitsu Services
COMPANY IN CONFIDENCE
Page: 20 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
COMPANY IN CONFIDENCE
Version: 1.0
Date: 08/08/03
thene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
[Athene Sentinel
Alert Summary
Sentinel
Requires Access to All systems
ZzSSCAPP_SUP
‘Adminstrators
TSSC Apps SUP
TconfineLogin
© 2003Fujitsu Services COMPANY IN CONFIDENCE
Page: 21 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Versior 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
7.1.3. Operational MAN
Group Name to be Implemented ‘Operational MAN
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
NT Servers ‘AUNT Servers
‘Access to Sequent UNIX Servers
‘Aevess Rights Full Administrator
Requires SecurID Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, PWYFIMS, HUTHTIP, PDRTIP.
Resource Domain Access
‘Allresource domains and NT data centre systems
‘Access Point Core Service NT Client PC
‘Third Party Supplier PC
NT server console
‘ACP Equivalent ‘Operational Management
Core Services Role
Change Triggers
‘Menus and Tools
> Compag systems reference library
> Insight Manager
> Terminal Server Client
® SQL Server Admin
> Technet
> Microsoft Office
> NE Resource Kit
> — Onnnet (telnet/ftp)
> Patrol v3.2.05
> Legato Administrator
> nt srvtools
> Tivoli desktop
> TESS for access to Tivoli web
} NT resource kit remote console server
PC Xware
‘CMD prompt
> VPNDiagClient.exe
© 2003Fujitsu Services
COMPANY IN CONFIDENCE Page: 22 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
> Notepad
» — SVPNTSTN.exe (Utimaco API Function Tool)
‘Athene Utilities [Athene Analyst
Analyst
ViewDB Storage
[Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
[Athene Client-Server
Client-Server
IAthene CustomDB
CustomDB
Schedule Editor
Web Log Parser
[Athene Explorer
Define A Report
Explore Reports
\Athene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
IAthene Sentinel
Alert Summary
Sentinel
Requires Access to Floppy dise drive
Locally connected printer
7Z0PS_ MAN A i
Yes ‘Operational MAN BGs We j
Yes Domain Users TOperational MAN
Yes TLeonfineLogin
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 23 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Versior 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
7.1.4 Application SUP
Group Name fo be Implemented ‘Application Sup
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
NI Servers ‘Access to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
‘Requires SecurlD Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, HUTHTIP, PDRTIP
Resource Domain Access
WSLAM, PERFMAN.
‘Access Point
‘Core Services NT Client PC
‘Third Party Supplier PC
‘ACP Equivalent “Application Support
Core Services Role
Change Triggers
Menus and Tools F Discoverer 2000
r PC Xware
Microsoft Office
‘Onnnet (telnet/ip)
Patrol v3.2.05
F Legato Administrator
FESS
F SQL Server Admin
- ‘Terminal Server Client
MD prompt
‘Athene Utilities
thene Analyst
Analyst
ViewDB Storage
[Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
lAthene Client-Server
Client-Server
© 2003Fujitsu Services
COMPANY IN CONFIDENCE Page: 24 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
‘thene CustomDB
CustomDB
Schedule Editor
‘Web Log Parser
[Athene Explorer
Define A Report
Explore Reports
lAthene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results.
[Athene Sentinel
‘Alert Summary
Sentinel
Requires Access to Floppy dise drive
Locally connected printer
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 25 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
7.2 Terminal Server Client Desktop
This section describes the desktop available to each of the Support groups
provided with Terminal Server access to the SSH Client.
7.2.1. SSC Support Group
Access provided to SSH Client. The SSH Client can be used to access
counters and data centre NT systems.
7.2.2. SMC Support Group
No access to SSH Client provided.
7.2.3. MSS Support Group
No access to SSH Client provided.
7.2.4 Operational Management Support Group
Access provided to SSH Client. The SSH Client can only be used to access
data centre NT systems.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 26 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
8 Support Tools
8.1 Tool Set Location and Access
The support tool set will be installed at the same location on all NT platforms.
The ‘root’ directory is known as:
e C:\Support
Underneath this directory is the following structure:
e C:\Support\Tools\Generic
¢ C:\Support\Tools\Generic\Cygwin
e C:\Support\Tools\Generic\Ntreskit
e C:\Support\Tools\Admin (only on Secure Access Servers)
As the directory names imply, Generic means that the tools are common and available
to all support groups. The Cygwin directory holds all the GNU tools generated and
delivered into PVCS by IPDU Estate Management Development team. The Ntreskit
directory holds all Windows NT resource kit utilities. These are made available to all
support groups.
In addition to the above ‘common’ directories, each support group will have a
dedicated directory to hold bespoke developed tools. The directories are:
e (C:\Support\Tools\SSCSUP
e C:\Support\Tools\SMCSUP
e C:\Support\Tools\SYSMANSUP.
e C:\Support\Tools\OPSMANSUP.
Each support group will be able to access tools located in their directory. They will
not be able to access the directories of the other support groups. All support group
access will be configured as Read and Execute. Only administrator privileged users
will be able to update the above directories and add further tools to the tool set.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 27 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
8.2 Riposte Tools on Counters (CP3482)
The following tools are added to all counters via the PIT build at Release BI3S40R as
aresult of CP3482. The tools are located in directory C:\Counters\Bin.
RiposteConfig.exe
RiposteGetMessage.exe
RiposteListen.exe
RiposteNextMessage.exe
RiposteNode.exe
RiposteObject.exe
RipostePutMessage.exe
RiposteScanMessage.exe
RiposteStatus.exe
8.3 Tools Available
A full list of the tools available is given in a table in Appendix A. This appendix will be
kept update as further tools are added in the future.
8.4 Updating the Tool Set
There are two situations in which the support tool set can be updated. These are
‘normal’ and ‘exceptional’ circumstances.
8.4.1 Normal Circumstances
This section gives a brief overview of the process that should be followed in normal
circumstances in order to add new tools to the tool set.
e The Support group identifies new tool(s).
e The Support group subject the tool(s) to local testing to ensure the tool(s) is/are fit
for purpose.
e¢ The Support group raise a CP to introduce the new tool(s), indicating whether it
is/they are generic tool(s) or specific to the support group and identifying the
target release.
e Pathway development impacts the CP. If the CP is approved
e IPDU Secure Build update this document [RS/REQ/023] and publish on PVCS
review cycle.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 28 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
e The Security TDA and Pathway Security Manager are both Approval Authorities.
In addition each Support group will also have an Approval Authority for this
document. The IPDU PIT Manager will also be an Approval Authority.
e¢ Once this document has gained the necessary approval signatures, the IPDU PIT
Manager will authorise IPDU PIT to progress the updates necessary to add the
tool(s) to the tool set directories. IPDU Secure Build will adjust the security
configuration as necessary.
e The work packages are subjected to testing by IPDU System Test and on
completion of testing the new work packages are added to the SUPPORT TOOLS
platform configuration build for release to the live estate systems.
e The new tools are delivered and installed onto the NT platforms using Tivoli.
8.1.2 Exceptional Circumstances
There will always be emergency situations that will require new tools to be made
available urgently. At this point in time, no process for handling exceptional
circumstances has been identified. Simon Fawkes is leading the investigation into how
this situation will be dealt with and will identify the proposed solution once known.
9 Appendix A —- Support Tool Set
This appendix lists the GNU tools available as part of the Support Tools platform
Configuration SPBV
The following detail is associated with the table on the next page.
The tools identified in the table are located in directory:
C:\Support\Tools\Generic\Cygwin (on all platforms)
A ‘Yes’ in the following column indicates that the program is to be executable by
members of the support group, while ‘No’ indicates that permission to execute the
commands is not to be granted.
The commands shown in the table do not have the ‘.exe’ suffix. The ‘.exe’ suffix will
be present for all executables when delivered to PVCS and installed on the platform.
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 29 of 33
FUJ00088096
FUJ00088096
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
Selected and where required, security approved NT Resource kit utilities provided by
Microsoft at Release Supplement 4 are made available in directory:
C:\Support\Tools\Generic\NTreskit (on all platforms)
© 2003Fujitsu Services COMPANY IN CONFIDENCE Page: 30 of 33
FUJ00088096
FUJ00088096
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 1.0
COMPANY IN CONFIDENCE Date: 08/08/03
Table 1
Support groups at Data Centre iser groups at Counters
(Commands SSC ISD. MISS. ‘ivoli laestro jssC SD ISS. {Tivoli laestro
pbasename es [Yes lo lo es. es ‘o io io es.
ash es es lo lo es ‘es io 0. jo [Yes
at es__Wves__No__INo es es io io io es
‘herp lYes es io io es eS io io io ‘es
zhmod es es lo lo es es io o. oO. es.
Shown [Yes es lo lo es. ‘es. io io. o ‘es
hhroot es__f¥es__INo__\No es es io 0 io es
emp es__f¥es__INo___No es es 0 0 0 es
D es l¥es__INo__No es 8 io io io es
ut es__f¥es__No__No 5 8 a 0 0 8
yepath a es io io es es io io io eS
te es_[¥es__No__No es es io 0 0 es
bid es__es__No__No es a io io io es
if [Yes [Yes lo io es. ‘es io o. lo es.
wif es lYes__INo__No es es io a 0 es
dirname [Yes [Yes lo lo es. ‘es io 0 io ‘es
liu es__f¥es__No__No es 8 io io io es
cho es es lo lo es. es io 10. lo es.
rep es__l¥es__INo__No es es 0 io ao es
pr es__f¥es__INo__No 8 a 0 0 0 es
false es fYes__[No__No es a io 0 i es
ind es__[¥es__No__No es eS io a 0 es
fold es l¥es__INo__No 8 es io io io es
nzip es__f¥es__No__No es a io 0 io es
ip es__f¥es__No__No es eS io 0 io es
ead es. es. lo lo. es es. io 10 10. es.
siname es__f¥es__INo__No es es io io io es
ill es es lo lo es. es lo io. oO es.
ess es_f¥es__INo__No es res 0 io 0 es
in es__f¥es__No_No aa 5 io 0 0 es
login es f¥es__INo No es es 0 0 io es
is es__I¥es__No__No es 8 io 0 0 es
indSsum es__[¥es__No__No 8 es 0 0 0 es
mkdir es. es. lo. lo. cS es. 0. oO oO. es.
fount es__fYes__No__No es es io io 0 es
inv. es__es__No__No es es io io io es
hawk es__f¥es__No__No es 8 io io 0 es
hice es__[¥es__No__No es 8 io a io es
qi Ives [es [No No a eS 0 io 0 Ives
7 es__[¥es__No___No es a a a 0 es
aste [Yes [Yes lo lo es. es. o Oo. ‘o es.
int es__f¥es__No__No es es io io 0 es
8 es__f¥es__No__No es 8 io io 0 es
yw Cy es lo. lo es. es. o 0. oO es
eztool es__f¥es__No__No 8 es a 0 0 es
km es__[Yes__No__No es es io io 0 es
mir es__[¥es__No___No a a io io io es
sed es es lo lo es. ‘es. lo. io. oO es.
sleep es__[¥es__[No__No es 8 io 0 io es
rt es__f¥es__No___No as es io io 0 es
tail es [Yes lo oF es. es o 1 oO es
ar es f¥es__INo__No es es io io io es
ee es__f¥es__No__No es 8 io 0 0 es
est es__l¥es__No___No es es io io a es
joueh es__[¥es__No__No 8 es io 0 ‘a es
iput es Yes __No___[No es es io 0 io es
rue es__f¥es__No___No os a io 0 io es
set es__f¥es__INo__No es es fo io a es
jount ‘es es lo lo es. ‘es lo. io. 1o [Yes
a es f¥es__No No es a io io 0 es
Table 2
© 2003Fujitsu Services
COMPANY IN CONFIDENCE
Page: 31 of 33
Fujitsu Services Secure Support Role Definitions for SECURENT Ref:
Build
COMPANY IN CONFIDENCE
Versior
Date:
FUJ00088096
FUJ00088096
RS/REQ/023
1.0
08/08/03
Support groups at Data Centre
ser groups at Counters
(Commands
sc
ISD
SS.
[Tivoli
sc
lisb
[Mss
[Tivoli
Maestro
sompreg
es
es
0
0
e8
lisksave
es
es
es
jumpel
es
es
es
jetmac
es
es
es
getsid
les
Ives
es
ill
es
es
es
yulist
es
es
es
ill
es
es
es
bocopy
es
es
es
es
es
canreg
es
es
list
es
es
=
Ives
es
showacls
es
es
showdisk
les
8
showers.
es
es
showmbrs
Ives
8
Shutdown
es
es
sleep
es
es
list
es
es
COP}
es
EISISIFIFISISISISISIS ISIE IE IEF F168 [F
Ea a a a a
BES FIESISIFISISIS IE ISIS (F125 1218 [I &
BISISIEISIEISIEISISISISIEIS (FE /F 12188] &
BSS S SISSIES ISIS ISISIE IE IS [516/55
es
© 2003Fujitsu Services
COMPANY IN CONFIDENCE
Page: 32 of 33