FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Originator & Dept:
Contributors:
Internal Reviewers:
Secure Support Role Definitions for SECURENT Build
Requirement Definition
BI3S75 through to BI3S80
The ACP requires that access to POA systems be controlled by the
use of pre defined roles to which users can be assigned. Such roles
will allow users to access only those parts of the system, with
associated tool sets, they need in order to complete the tasks
associated with that particular role. This document summarises the
requirements and defines the roles specifically engaged in support
activities, with associated objects, domains and access
requirements
APPROVED
Mark Ascott, DU Secure Builds
Simon Fawkes, Peter Robinson, Steve Parker, Alex Robinson
See section 0.2
External Reviewers: None
Approval Authorities:
Name Position Signature Date
Bill Mitchell CS POA Security
Manager
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE Page: 1 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
0.0 Document Control
0.1 Document History
Version No. I Date Reason for Issue Associated
CP/PinICL
No.
0.1 10/01/02 First draft CP3283
0.2 19/10/02 Updated with comment received from PVCS review cycle. CP3283
0.3 04/02/03 Updated to reflect minor implementation changes to the CP3283
solution
0.4 15/07/03 Updated with new Riposte tools for counters. CP3482
1.0 08/08/03 I Updated to APRROVED with appropriate comments from P3482
PVCS review cycle addressed. from
Ld 31/12/03 Updated with new roles for ADSL CHAP Password. CP3584
Management.
Added new SAPSUP role. CP 3640
2.0 18/03/04 Updated to V2.0 APPROVED following PVCS Review cycle. I CP3584
CP3640
21 31/03/04 Updated to address new Change Proposals targetted at CP3652
BI3S70 and beyond.
CP3653
2.2 01/05/04 Updated to address comments received from Mik Peach and CP3652
Steve Parker. CP3653
PC104468
3.0 22/07/04 Updated to APPROVED following PVCS review cycle. CP3652
CP3653
PC104468
3.1 10/08/04 Updated to record relaxation of Adminstrator access within PC105116
the PWYSAS domain. These changes were made during CP3815/S60R
release S60 live operation due to Tivoli software distribution
problems. Covers access to new standalone Signing Server.
4.0 04/12/04 Updated to APPROVED following PVCS review cycle. PCIO5116
CP3815/S60R
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 2 of 41
Fujitsu Services Secure Support Role Definitions for SECURENT Ref:
RS/REQ/023
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
FUJ00088132
FUJ00088132
0.2 Review Details
[Review Comments by:
14/10/2004
[Review Comments to:
IMark.ascott{’
landatory Review Authority ame
'S POA Security Manager Bill Mitchell
ICS Systems Support Centre Manager [Mik Peach
IDU Design Authority Support
Simon Fawkes
\Optional Review/Issued for Information
IRASD Systems Management TDA
IGlenn Stephens
(Core Services SMC
lan Cooley
‘ore Services SMG
Mike Conneely
‘ore Services Operational Management
(Warren Welsh
TU PIT
\Asad Sheikh
'S POA Security
‘hris Billings
IRASD Nial Finnegan
ITU LST IGraham Jennings
ISMG. ohn Bradley
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 3 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
0.3 Associated Documents
Reference Tag I Version I Date Title Source
PA/TEM/001 aa) This document is created from this version of PVCS
PA/TEM/001
RS/POL/003 I [2] ‘Access Control Policy PVCS
RS/FSP/001 I [3] Security Functional Specification PVCS
DE/HLD/002_‘I {4] OpenSSH Auditing and Logging Server PVCS
TD/ION/029 [6] FTMS Configurations for AP Clients at CSR+ PVCS
RS/REQIO20 ‘I [7] Implementation of Anti-Virus Requirements PVCS
RS/DES/075 [8] Communication Monitoring System DMZ Security PVCS
Overview
RS/DES/080 [9] BI3 NT Domain Design PVCS
RS/DES/081 {10} BI3 Implementation Guide for NT Platforms PVCS
RS/DES/082 (1) BI3 NT Server and Workstation Names PVCS
RS/REQ/022 12] BI3 Secure Role Definitions for SECURENT Build PVCS
SMG/DES/OL [13] I 0.1 Terminal Server Document SMG
4] [03
RS/DES/093 HLD for CHAP Password Handling PVCS
Unless a specific version is referred to above, reference is made to the current versions of the
documents.
0.4 Abbreviations/Definitions
Abbreviation Definition
BDC Windows NT Backup Domain Controller Server
BI3 Release Banking Increment 3
cP Change Proposal
CSR+ Core Services Release +
DCs Debit Card Services
DRS Data Reconciliation Services
IsD Abbreviation associated with Core Services staff
Local Access via the console attached directly to an NT platform
NWB Network Banking
PDC Windows NT Primary Domain Controller Server
SAS Secure Access Server
SSE Secure Support Environment
SSH Secure Shell
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 4 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
COMPANY IN CONFIDENCE
Version: 4.0
Date: 04/12/04
SSHC
Secure Shell Client
SSHD / SSH Server
Secure Shell Server
TS
Terminal Server
0.5 Changes in this Version
Version I Changes
3.0 Updated to APPROVED
3.1 PWYSAS access for standard Windows NT Administrator relaxed.
0.6 Changes Expected
Changes
amended.
For BI3S80, any CP raised that affects the security configuration could result in this document being
SAS access to PWYKMS and PWYCSM domains remain as To Be Designed.
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 5 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
0.7 Table of Contents
1 INTRODUCTION.
3 REQUIREMENTS.
3.1 AFFECTED Support ROLES. 9
3.2 NEW SUPPORT ROLES... ssnnnnnnninnnnnnninnnnnnnnnnnnninnnnnnnnnnnnnnnnnnnnnnnnnnnnned)
3.3 REDUNDANT SUPPORT ROLES. - . 10
3.4. NEW CHANGE PROPOSALS. 10
4.1 NT ADMINISTRATOR USER. i
4.2. TSADMIN ROLE. 12
4.3. SSHADMIN ROLE. 12
4.4 PWYLoaD ROLE. suntnennnenenennannnneinnenannnnnnenrnees . osseenesnanninnenernnnensesen os 12
5 SUPPORT ROLE USERS...
5.1 PWYDCS Usrrs. 13
5.2. HUTHTIP, PDRTIP Users. snenannnnnenenenanenenenens . ssenenennnnnnnnnneses 13
5.3. PWYKMS Usrrs. 13
5.4. PWYCSM Users. 13
5.5 SYSMAN Users. 14
5.6 SECURE ACCESS SERVER USERS...... . soonnntnnnnnennnn . snmenernnenensennerenenseenee LA
5.7 COUNTER Access USERS. 14
5.8 NT DATA CENTRE SYSTEM ACCESS USERS. 14
6 SUPPORT AUTHENTICATION PROCESS.....
6.1 LOGON AT DESKTOP. 15
6.2 LOGON AT SAS TERMINAL SERVER. 15
6.3 LOGON TO SSH SERVER... enntennnnsennnee os soomennennsennennnensseee LS
6.4 PROCESS SUMMARY...... “ . ese : . 16
7 SUPPORT ROLE DESKTOPS...
7.1 STANDARD SECURE ROLE DEsKTop.
7.1.1 SSC Apps MAN.
7.1.2 SSC Apps SUP.
7.1.3 Operational MAN.
7.1.4 Application SUP.
7.1.5 PWYLoad....
7.1.6 SAPSUP.
7.2 TERMINAL SERVER CLIENT DESKTOP.
7.2.1 SSC Support Group..
7.2.2. SMC Support Group.
7.2.3 MSS Support Group. .
7.2.4 Operational Management Support Group.
7.2.5 Fujitsu Consulting SAP Support Group...
8 SUPPORT TOOLS.....
8.1 TOOL SET LOCATION AND ACCESS.
8.2. RIPOSTE TOOLS ON COUNTERS (CP3482)....
8.3 ADDITIONAL RIPOSTE TOOLS ON COUNTERS (CP3652).
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 6 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
8.4 ADDITIONAL TOOLS ON DATA CENTRE SERVERS (CP3652)....
8.5 TooLs AVAILABLE sonsenennnenveni
8.6 UPDATING THE TOOL SET.
8.6.1 Normal Circumstances..
8.6.2 Exceptional Circumstances.
8.7 INSTALLATION OF RIPOSTE ON SAS SERVERS.
9 APPENDIX A - SUPPORT TOOL SET...
10 APPENDIX B - CP3815 SECURE SIGNING SERVER ACCESS...
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 7 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
1 Introduction
The nature of the POA Horizon system requires that access to the counters and core
systems should be strictly controlled. [ACP] states that effective control depends on
having a clear definition of the roles and the responsibilities of all personnel who need
some form of access to the system. Users will gain access by being assigned to these
roles. This will be core to POA implementing the principles of least privilege as
described in [SFS]. POA will translate the human roles detailed in [ACP] into securely
configured roles, known as secure roles.
RS/REQ/022 defines the requirements for all POA human secure roles (except for
Support Roles) that access the POA data centre systems via an access point, which is
usually an NT workstation. These requirements are translated by IPDU Secure Builds
and IPDU PIT in order to generate a secure desktop for each role.
RS/REQ/023, this document defines the requirements of the human secure roles
involved with providing support of the POA Horizon solution. It describes for each of
the POA support groups the menus and tool sets required and the secure support
environment desktop access method used to connect to remote counters and data
centre systems.
2 Scope
This document only addresses the human user roles defined for use by the support
groups involved with supporting the POA Horizon solution systems. These support
roles are to be implemented as part of the POA central NT systems and access rights
assigned to each role. Each support role specified within this document access
counters and the data centre NT systems through the POA NT Domain Structure
referenced in [9] and in accordance with the security configuration referenced in [10]
SMC and SMG support roles that authenticate in the SYSMAN domain are not
described in terms of their Secure Desktops. For these roles it is assumed that their
desktops include Terminal Server Client and that Terminal Server Client provides
these roles with access to the Secure Support Environment implemented within the
POA NT Domain Structure. Document reference [13] describes the configuration for
SYSMAN secure roles.
Non support roles used by SMC, SMG and Girobank are specifically excluded from
this document as they are authenticated on separate NT systems which form part of a
third party managed service. These roles are excluded from accessing the Secure
Support Environment.
This document does not describe the implementation or configuration of OpenSSH
components on the NT data centre systems or counters. This information is described
fully in reference [4].
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 8 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
3 Requirements
The requirement to implement a secure role based access control system emanates
from [ACP]. [ACP] further defines the roles that are required for access to the POA
Systems and the responsibilities of these roles.
Release BI3 Network Banking and release BI3S30 Debit Card System introduced
more stringent requirements regarding support access to counters and the data centre
NT systems. To satisfy these new requirements, a Secure Support Environment is
being introduced and as a result new user desktops and access mechanism are required
for the support groups. This document defines the new authentication processes,
desktops, and tool sets available to the support groups.
3.1 Affected Support Roles
The POA support roles affected by CP3283 are:
« PWYDCS\SSC Apps SUP
¢ PWYDCS\SSC Apps MAN
e PWYDCS\Operational MAN
e PWYDCS\Application SUP
In addition to the above two roles that authenticate in the SYSMAN third party
supplier domain are also affected. These two roles are:
e SYSMAN\SMC
e SYSMAN\MSS
3.2 New Support Roles
At Release BI3S55 a new privileged role is introduced for ADSL CHAP Password
Handling. See RS/DES/093 for more details concerning the use and procedures
associated with this new role. The role is named:
© PWYDCS\PWYLoad
At Release BI3S60 a new support role is introduced for Fujitsu Consulting staff who
will provide support for the new SAP financial system being introduced to the Horizon
data centres at BI3S60. This new will provide this group of support staff access to the
SAP Host via the SAS servers and SSH. The role is named:
e PWYDCS\SAPSUP
3.3. Redundant Support Roles
None of the existing support roles are made redundant.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 9 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
3.4 New Change Proposals
CP3652: This CP requires additional support tool subsets to be added to the following
platforms:
e Counters
© Counters and Data Centre Servers
e SAS Servers
CP3653: This CP requires that Riposte be installed onto the six SAS servers.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 10 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
4 Implementation
For the four POA support roles, each support role will be set up as a Secure Role.
Secure Roles will be mapped very tightly on to the Group concept within NT.
Individual users will be assigned to these Groups in which access to objects, domains,
servers and associated privileges will be controlled. Reference [10] describes in more
detail the rules and methods for applying Secure Roles onto the NT Group concept.
These Secure Roles are defined in Section 7.
Secure Roles use defined access points that have an accompanying Physical Platform
Design Specification (PPDS) document. Access to objects will be made available to
each role at the relevant access point. This document specifically covers the Secure
Support Roles accessing the data centres and counters
The definition of the Secure Support Roles is maintained in a spreadsheet by IPDU
Secure Builds, this spreadsheet is converted to produce automated NT command files.
These command files will be made available to ITU PIT. The command scripts will be
incorporated into the POA SECURENT build process and into the specific platform
configuration builds by ITU PIT for deployment into test and live estate environments.
Secure Support Roles, as defined in this document, will be implemented using
automated command scripts. By doing this, it will simplify the implementation and
maintenance of the roles.
Human user accounts created from the defined roles may only be members of one
Role/Group definition. This is required to ensure the user is only provided with one
appropriate tool set. Implementation of the menu structure for each Group will ensure
that users assigned to that Group will be able to access the application set necessary
for them to fulfil their duties.
4.1 NT Administrator User
The Windows NT operating system is provided with a super user known as the
‘Administrator’. This user has full administration and configuration privileges which is
exercised at both system/server and domain level. This capability cannot be removed
from Windows NT. POA recognises the power that this user has and the ability that a
human user, using the administrator user, has to interfere with the day to day operation
of the POA solution.
To address this issue, POA will limit and restrict the use of the NT Administrator User.
This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden from the
system. The account name and password will be specified by the POA Security
Manager, which will be strictly controlled and stored in a secure safe.
> Restrict full administrator privileges to the “Operational Management’ role. Use of
this role will be subject to the management and procedural controls set out in the
“POA Code of Practice’, PA/STD/010.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 11 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
4.2. TSadmin Role
CP3283 introduces a new administrator role known as TSadmin. This new role will be
responsible for day to day operations and administration of the PWYSAS domain and
the Secure Access Servers. The security configuration will be setup to prevent
PWYDCS roles from administering PWYSAS. PWYSAS\Admininistrator was
restricted from accessing the C:\ and D:\ drives in order to prevent any possibility of
tampering with the SSH log files. However this restriction has proved to be to
preventative of normal day to day system management tasks such as software
distribution and during Release BI3S60 the live estate was updated via OCPs. At
Release BI3S75 the SecureNT configuration files have been updated in line with these
OCPs. Security configuration for the TSAdmin role has not been changed and should
continue to be used for PWYSAS Domain and Server updates.
The TSadmin role will be allocated to senior Core Services NT staff and will be limited
to no more than three individuals at any one point in time. It is this role that will create
and manage the terminal server user accounts. These individual accounts will be
created from the pre-defined TS user templates. Each individual user will be mapped
to a TS profile and will have a defined user home directory. Customer Services
Security will be responsible for TSAdmin user accounts are allocated, created and
managed.
4.3. SSHadmin Role
This new role is introduced for the purpose of managing the configuration of the SSH
Client and SSH Server components. Like the TSadmin role, this new role will be
limited for use by senior Core Services NT staff and will be limited to no more than
three individuals at any one point in time. This role will only be able to administer the
Secure Shell configuration files. Only this human role will be granted access control
permissions greater than Read and Execute. Customer Services Security will be
responsible for SSHAdmin user accounts are allocated, created and managed.
4.4 PWYLoad Role
This is a special role introduced for use by the Customer Services Security
Management team. The purpose of the role is to load obfuscated passwords into the
CHAP Password database. The role accesses the CHAP Password database by logon
at Release BI3S55 at the BootLoader Server console. Once logged on, an executable
is called to provide a GUI interface that enables passwords to be loaded into the
database. At Release BI3S60 the role will also be able to logon at the ADSL Radius
Servers and FRIACO/Dialled Radius Servers console.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 12 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
5 Support Role Users
5.1. PWYDCS Users
SSC support staff and Core Services operational management staff who access the
POA Horizon systems must have an individual user account registered in the
PWYDCS domain. Each user account is created from a pre-defined user template
which is described in Section 7 of this document. Associated with each NT user
account registered in PWYDCS is a SecurID Token and four digit PIN.
Existing support user accounts remain unchanged within the SSE. New support user
accounts will be created using the existing and current processes
User templates exist for the following support roles:
e Users assigned to SSC Apps SUP role have user accounts created from user
template ‘zzSSC Apps Sup’
e Users assigned to SSC Apps MAN role have user accounts created from user
template ‘zzSSC Apps MAN’
e Users assigned to Operational MAN role have user accounts created from user
template ‘zzOPSMAN’
e Users assigned to Application SUP role have user accounts created from user
template ‘zzAPPSUP”
e Users assigned to SAPSUP role have user accounts created from user template
‘zzSAPSUP”
5.2 HUTHTIP, PDRTIP Users
Both HUTHTIP and PDRTIP domains which contain the Remote TIP Gateway
systems at Post Office sites are authentication domains. Both are configured with
identical support roles to those described for PWYDCS Users above. Access to these
remote domains/systems using SSHD will require support staff to login and
authenticate using user accounts created in the HUTHTIP and PDRTIP domains.
5.3. PWYKMS Users
TBA following input from POA CS Security Management team.
5.4 PWYCSM Users
TBA following input from Infrastructure Design.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 13 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04,
5.5 SYSMAN Users
User accounts registered in this third party supplier managed domain must comply
with the security policies defined in [ACP].
From the requirements specified in CP3283 the following support roles from this
domain are relevant to the SSE:
e SMC
e MSS
5.6 Secure Access Server Users
Changes to the solution implementation mean that user templates and user accounts
are no longer required within the PWYSAS domain and Secure Access Servers.
5.7 Counter Access Users
CP3283 specifies that only the SSC support group will be granted access to counters
using SSE.
At the counter only a common/shared user account is required. SSH Client will
capture the logon username from the Terminal Server Client session and will record
this user name in the command log files that SSH Client generates. The user account
defined for the SSC support group is:
@ sussc
5.8 NT Data Centre System Access Users
Access to Data Centre NT systems will in the main be achieved by support staff
logging on via SSHD using their PWYDCS user account. Exceptions to this will be
HUTHTIP and PDRTIP remote TIP FTMS Gateway domains, PWYKMS and
PWYCSM domains. Access to these four domains will be achieved by using
equivalent user accounts created in these domains.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 14 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
6 Support Authentication Process
6.1 Logon at Desktop
All support users that logon with a PWYDCS user account will specify their unique
username and associated password. The system will then prompt for SECURID logon
using their assigned PIN with the token value displayed at the time of logon.
The same logon and authentication process should be followed for all support users
who authenticate in the SYSMAN domain.
Once the identification and authentication process has completed the user is presented
with their usual desktop with an array of tools as specified in Section 7. One of the
tools available from this desktop is the Terminal Server Client. Executing the Terminal
Server Client tool will result in the system opening a new window at the workstation
that results from a connection to a Secure Access Server located in PWYSAS domain.
This new Terminal server window will display a prompt for a user name and password.
At Release BI3S30, Support Users can still access counters and NT data centre
systems using their pre BI3S30 desktops and tools. However from BI3S30 the only
approved and authorised support access method to counters and NT systems in the
PWYPUB and DCSSERV resource domains is via the Terminal Server/Secure Shell
access route.
6.2 Logon at SAS Terminal Server
At the Terminal Server window login prompt the support user should re-enter their
individual terminal server user account created in PWYDCS domain and its associated
password.
Successful logon will result in the SAS desktop being made available to the user.
From this desktop the Secure Shell Client (SSHC) will be available.
6.3. Logon to SSH Server
The user can invoke the SSHC by typing:
ssh —I <user name> <target-address>
where:
<user name> will equate to the support group users individual user account name
created in PWYDCS domain or the other authentication domains referred to in section
5 for NT data centre systems or user account sussc for counters.
<target-address> will equate to the IP address of the target counter or NT system.
Execution of the above causes the SSHC to make a connection with the SSH server
running on the target system. The user account specified will be authenticated at the
target-system and if successful a SSH session will be initiated. The SSHC will log
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 15 of 41
Fujitsu Services
Build
COMPANY IN CONFIDENCE
Secure Support Role Definitions for SECURENT Ref:
FUJ00088132
FUJ00088132
RS/REQ/023
Version: 4.0
Date: 04/12/04
6.4
each command executed during the session recording the PWYDCS domain (or other
domain) logon user account name that has initiated the SSH session.
Process Summary
See diagram below.
é
CTRL + ALT + DEL
1
User ID :AscottM
Domain: PWYDCS
Logon details entered ScourlD PIN _
SecurlD Token Value
Invoke Terminal
Server Client
“4 User ID :AscottM
Domain: PWYDCS
ae a
a
Invoke Terminal SSH
Client
>
ee
\
ee
Execute required
support tools
= I
Pwypcs
authenticates user
OK
PWYSAS Terminal
Server authenticates
user account
SSH Server
authenticates SSH
Client logon
OK
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 16 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
7 Support Role Desktops
7.1. Standard Secure Role Desktop
This section describes the desktop menu and tool set provided to the four POA
Support Roles as a result of logging on with their PWYDCS, PWYKMS, (HUTHTIP,
PDRTIP) user account, password and Securid Token. This logon will be conducted at
their normal access point workstation or server.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 17 of 41
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
FUJ00088132
FUJ00088132
7.1.1 SSC Apps MAN
Group Name to be Implemented SSC Apps MAN
Last Updated
Secure Role Type Privileged Full Administrator eapable
Desk Top Type Restricted Desktop Menu
NT Servers AIINT Servers, also needs access to Post Office Outlet Counters and
access to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS, PWYHQ, PWYFIMS, HUTHTIP, PDRTIP.
Resource Domain Access ‘All resource domains and NY data centre systems via SSH Client access
method
Access Point SSC NT Client PC _SD/DES/172
‘ACP Equivalent Application Support (SSC)
Change Triggers
‘Menus and Tools > Tivoli Remote Console
> Relient
[> Reonsole
[> ‘Terminal Server Client
> RiposteGetMessage.exe
> Ripostelndex exe
> RiposteNode.exe
[> RiposteObjectSecurity, Exe
> RiposteObjectexe
> RipostePing exe
[> RipostePriorityMessage.exe
> RiposteQueryUK-exe
> RiposteNextMessage exe
> RipostePutMessage exe
> RiposteScanMessage
> RiposteStatus.exe
> RODBClientexe
MD prompt
> ExCeed for Windows NT (V 6.1)
> Visual Basic LD.E.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE
Page: 18 of 41
Fujitsu Services
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088132
FUJ00088132
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
> Telnet
> FIP (To Host Sequent, and other POL Services)
ficrosoft Diagnostics
INT Event Viewer
inZip/Pkaip
SD Rom writing software
{Textpad
ficrosoft Word
ficrosoft Excel
ficrosoft Access
icrosoft Explorer
intemet Explorer (c/w SSC default links page)
Full NT Control Panel
[Performance Monitor
egistry editor
TIP Repair
In-house Utilities
> Archive Viewer
> Expiry Reporter
> Stops Reporter
[> Formatted File Utility
> MessageStore Utility
EndOfay Reporter
> MessageStore Sort Utility
VPN Utilities
> VPNDiagClient. exe
> SVPNTSTNeexe
Athene Utilities
IAthene Analyst
Analyst
ViewDB Storage
ithene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
thene Client-Server
Client-Server
lAthene CustomDB
CustomDB
Schedule Editor
Web Log Parser
thene Explorer
Define A Report
Explore Reports
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 19 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
COMPANY IN CONFIDENCE
Version: 4.0
Date: 04/12/04
thene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
[Athene Sentinel
Alert Summary
Sentinel
Requires Access to All systems
ZiSSCAPP_MAN
‘Administrators
TSSC Apps MAN
TconfineLogin
© 2004 Fujitsu Services COMPANY IN CONFIDENCE
Page: 20 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
7.1.2. SSC Apps SUP
Group Name to be Implemented
SSC Apps SUP
Last Updated
Secure Role Type
Privileged Full Administrator eapable
Desk Top Type
Restricted Desktop Menu
NT Servers AIINT Servers, also needs access to Sequent UNIX servers
‘Access Rights Read, Execute
Requires SecurID Authentication Yes
‘Authentication Domain
PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP
Resource Domain Access
‘All resource domains and NY data centre systems via SSH Client access
method
‘Access Point
SSC NT Client PC SD/DES/172
‘ACP Equivalent
Application Support (SSC)
Change Triggers
‘Menus and Tools,
> Tivoli Remote Console
> Relient
> Reonsole
> Terminal Server Client
} RiposteGetMessage.exe
> Ripostelndex.exe
© RiposteNode.exe
> RiposteObject.exe
> RipostePing.exe
> _ RipostePriorityMessage.exe
> RiposteNextMessage.exe
> RiposteQueryUK exe
> RiposteScanMessage exe
> RiposteStatus.exe
> RODBClient.exe
‘CMD prompt
> ExCeed for Windows NT (V 6.1)
> Visual Basie LD.E.
> Telnet
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE Page: 21 of 41
Fujitsu Services
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
FUJ00088132
FUJ00088132
> — FIP (To Host Sequent, and other POL Services)
NT utilities
“Microsoft Diagnostics
Event Viewer
‘WinZip Pkzip
‘CD Rom writing software
Textpad
Microsoft Word
‘Microsoft Excel
Microsoft. Access
Microsoft Explorer
‘internet Explorer (c/w SSC default links page)
Full NT Control Panel
Performance Monitor
Registry editor
TIP Repair
In-house Utilities
> Archve Viewer
> Expiry Reporter
© Stops Reporter
> Formatted File Utility
3 MessageStore Utility
> EndOtDay Reporter
* MessageStore Sort Utility
VPN Utilities ‘VPNDiagClient exe
‘Athene Utilities lAthene Analyst
Analyst
ViewDB Storage
lAthene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
thene Client-Server
Client-Server
thene CustomDB
CustomDB
Schedule Editor
Web Log Parser
[Athene Explorer
Define A Report
Explore Reports
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 22 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
COMPANY IN CONFIDENCE
Version: 4.0
Date: 04/12/04
thene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
[Athene Sentinel
Alert Summary
Sentinel
Requires Access to All systems
ZzSSCAPP_SUP
‘Adminstrators
TSSC Apps SUP
TconfineLogin
© 2004 Fujitsu Services COMPANY IN CONFIDENCE
Page: 23 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
7.1.3. Operational MAN
Group Name to be Implemented ‘Operational MAN
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
NT Servers ‘AILNT Servers
‘Access to Sequent UNIX Servers
‘Aevess Rights Full Administrator
Requires SecurID Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, PWYFIMS, HUTHTIP, PDRTIP.
Resource Domain Access
‘Allresource domains and NT data centre systems
‘Access Point Core Service NT Client PC
‘Third Party Supplier PC
NT server console
‘ACP Equivalent ‘Operational Management
Core Services Role
Change Triggers
‘Menus and Tools
> Compag systems reference library
> Insight Manager
> Terminal Server Client
® SQL Server Admin
> Technet
> Microsoft Office
> NE Resource Kit
> — Onnnet (telnet/ftp)
> Patrol v3.2.05
> Legato Administrator
> nt srvtools
> Tivoli desktop
> TESS for access to Tivoli web
} NT resource kit remote console server
PC Xware
‘CMD prompt
> VPNDiagClient.exe
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE Page: 24 of 41
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088132
FUJ00088132
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
> Notepad
> SVPNTSTN.exe (Utimaco API Function Tool)
Athene Utilities
lAthene Analyst
Analyst
ViewDB Storage
[Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
[Athene Client-Server
Client-Server
thene CustomDB
CustomDB
Schedule Editor
Web Log Parser
‘thene Explorer
Define A Report
Explore Reports
IAthene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit baseline Model
it Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
\Athene Sentinel
Alert Summary
Sentinel
Requires Access to
Floppy dise drive
Locally connected printer
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 25 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 26 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
7.1.4 Application SUP
Group Name to be Implemented ‘Application Sup
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
NT Servers ‘Access to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
‘Requires SecurlD Authentication
‘Yes
‘Authentication Domain
PWYDCS, PWYHQ, HUTHTIP, PDRTIP
Resource Domain Access
PERFMAN
‘Access Point
‘Core Services NT Client PC
‘Third Party Supplier PC
‘ACP Equivalent “Application Support
Core Services Role
Change Triggers
Menus and Tools F Discoverer 2000
r PC Xware
Microsoft Office
‘Onnnet (telnet/ip)
Patrol v3.2.05
F Legato Administrator
FESS
F SQL Server Admin
- ‘Terminal Server Client
MD prompt
‘Athene Utilities
thene Analyst
Analyst
ViewDB Storage
[Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
lAthene Client-Server
Client-Server
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE Page: 27 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
‘thene CustomDB
CustomDB
Schedule Editor
‘Web Log Parser
[Athene Explorer
Define A Report
Explore Reports
lAthene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results.
[Athene Sentinel
‘Alert Summary
Sentinel
Requires Access to Floppy dise drive
Locally connected printer
Lapplication SUP
‘Leonfinelogin
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 28 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
7.1.5 PWYLoad
‘Group Name to be Implemented PWYLoadGroup
Last Updated 08/01/04
Secure Role Type Privileged Administrator access capable
Desk Top Type Restricted Desktop Menu
NT Servers ‘Access to Bootloader Server , ADSL Radius Servers and FRIACODDiallex
Radius Servers
‘Access Rights Read, Write, Execute
Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS:
Resouree Domain Access BBOOT, WBOOT and PWYRAD systems via direct logon at server
console
‘Access Point Server Console for Bootloader Servers, ADSL Radius Servers and
FRIACO/Dialled Radius Servers
‘ACP Equivalent None
Change Triggers P3584
‘Menus and Tools
MD prompt
Microsoft Diagnosties
INT Event Viewer
inZip/Pkaip
{Texipad
ficrosoft Word
ficrosoft Excel
ficrosoft Access
Vindows Explorer
‘ull NT Control Panel
egisiry editor
In-house Util > Password Loader executable (maps onto
CARADIUS_CFG\Bin\ReapPwal oader.exe on the Bootloader server)
Requires Access to All systems in BBOOT, WBOOT and PWYRAD domains. Requires
access to floppy disc drive.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 29 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 30 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
7.1.6 SAPSUP
‘Group Name to be Implemented ‘GSAPSUP
Last Updated 26/02/04
Secure Role Type Privileged Administrator access capable
Desk Top Type Restricted Desktop Menu
NT Servers ‘Access to SAP Host via dedicated SAS Servers MBOSAS03 or
MWISASO3
‘Access Rights Read, Write, Execute
Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS
Resouree Domain Access PWYSAS
‘Access Point Fujitsu Consulting Support Workstation + SecurlD ACE Agent
‘ACP Equivalent None
Change Triggers \cp3640
Menus and Tools
{Terminal Server Client
ISAP GUT Interface (maps onto an executable that needs to be supplied by
[Fujitsu Consulting staff, may require FIC to complete an installation to
»btain this piece of information.
IFIP Client. Notes: 1, the SAP Host will be configured with FTP Server
Service and the FIC SAP Support user group on the Solaris SAP Hosts must
e granted permissions to access and execute FTP. 2, the DMZ firewalls
must be configured to allow inbound and outbound FTP traffic for this
support group.
In-house Uiilities > None requirements specified.
Requires Access to FIP capability between SAP Hosts and FIC SAP Support Workstations.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 31 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 32 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
7.2 Terminal Server Client Desktop
This section describes the desktop available to each of the Support groups provided
with Terminal Server access to the SSH Client.
7.2.1. SSC Support Group
Access provided to SSH Client. The SSH Client can be used to access counters and
data centre NT systems.
7.2.2 SMC Support Group
No access to SSH Client provided.
7.2.3. MSS Support Group
No access to SSH Client provided.
7.2.4 Operational Management Support Group
Access provided to SSH Client. The SSH Client can only be used to access data
centre NT systems.
7.2.5 Fujitsu Consulting SAP Support Group
Access provided to SSH Client. The SSH Client can only be used to access the SAP
Host in the data centres.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 33 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
8.1
Support Tools
Tool Set Location and Access
The support tool set will be installed at the same location on all NT platforms.
The ‘root’ directory is known as:
C:\Support
Underneath this directory is the following structure:
.
C:\Support\Tools\Generic
C:\Support\Tools\Generic\Cygwin
C:\Support\Tools\Generic\Ntreskit
C:\Support\Tools\Admin (only on Secure Access Servers)
As the directory names imply, Generic means that the tools are common and available
to all support groups. The Cygwin directory holds all the GNU tools generated and
delivered into PVCS by IPDU Estate Management Development team. The Ntreskit
directory holds all Windows NT resource kit utilities. These are made available to all
support groups.
In addition to the above ‘common’ directories, each support group will have a
dedicated directory to hold bespoke developed tools. The directories are:
.
.
C:\Support\Tools\SSCSUP
C:\Support\Tools\SMCSUP
C:\Support\Tools\SYSMANSUP.
C:\Support\Tools\OPSMANSUP.
C:\Support\Tools\SAPSUP
Each support group will be able to access tools located in their directory. They will
not be able to access the directories of the other support groups. All support group
access will be configured as Read and Execute. Only administrator privileged users
will be able to update the above directories and add further tools to the tool set.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 34 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04,
8.2 Riposte Tools on Counters (CP3482)
The following tools are added to all counters via the PIT build at Release BI3S40R as
aresult of CP3482. The tools are located in directory C:\Counters\Bin.
RiposteConfig.exe
RiposteGetMessage.exe
RiposteListen.exe
RiposteNextMessage.exe
RiposteNode.exe
RiposteObject.exe
RipostePutMessage.exe
RiposteScanMessage.exe
RiposteStatus.exe
8.3 Additional Riposte Tools on Counters (CP3652)
The following tools are added to all counters via the PIT build at Release BI3S70 as a
result of CP3652. The Riposte tools are located in directory
C:\Support\Tools\SSCSUP. Note: this directory has been mandated by POA CS
Security Manager. Access to these tools is specifically restricted to SSC Support staff.
RiposteGroups.exe
RiposteConfigurationSecurity.exe
RiposteIndex.exe
RipostePriorityMessage.exe
RiposteVolume.exe
The following tools are added for all support groups to use. These tools will be located
in directory C:\Support\Tools\Generic\Cygwin\Bin.
Stty.exe
Split.exe
Tr.exe
Strings.exe
Getopt.exe
Xargs.exe
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 35 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04,
Vim.exe
FTP Client only
8.4 Additional Tools on Data Centre Servers (CP3652)
The following tools are added to all Data Centre servers via the PIT build at Release
BI3S70 as a result of CP3652. The tools are located in directory
C:\Support\Tools\Generic\Cygwin\Bin.
Stty.exe
Split.exe
Tr.exe
Strings.exe
Getopt.exe
Xargs.exe
Vim.exe
FTP Client only
The above tools will be installed onto all SAS servers. In addition to the above tools,
the following tool will be added to all SAS servers. This tool will not be available on
Counters or other Data Centre servers. This tool is located in directory
C:\Support\Tools\Generic\Cygwin\Bin.
Rxvt.exe
8.5 Tools Available
A full list of the tools available is given in a table in Appendix A. This appendix will be
kept update as further tools are added in the future.
8.6 Updating the Tool Set
There are two situations in which the support tool set can be updated. These are
‘normal’ and ‘exceptional’ circumstances.
8.6.1 Normal Circumstances
This section gives a brief overview of the process that should be followed in normal
circumstances in order to add new tools to the tool set.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 36 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
e The Support group identifies new tool(s).
e The Support group subject the tool(s) to local testing to ensure the tool(s) is/are fit
for purpose.
e The Support group raise a CP to introduce the new tool(s), indicating whether it
is/they are generic tool(s) or specific to the support group and identifying the
target release.
e POA development impacts the CP. If the CP is approved
e IPDU Secure Build update this document [RS/REQ/023] and publish on PVCS
review cycle.
e The Security TDA and POA Security Manager are both Approval Authorities. In
addition each Support group will also have an Approval Authority for this
document. The IPDU PIT Manager will also be an Approval Authority.
e Once this document has gained the necessary approval signatures, the IPDU PIT
Manager will authorise IPDU PIT to progress the updates necessary to add the
tool(s) to the tool set directories. IPDU Secure Build will adjust the security
configuration as necessary.
e The work packages are subjected to testing by IPDU System Test and on
completion of testing the new work packages are added to the SUPPORT TOOLS
platform configuration build for release to the live estate systems.
e The new tools are delivered and installed onto the NT platforms using Tivoli.
8.6.2 Exceptional Circumstances
There will always be emergency situations that will require new tools to be made
available urgently. At this point in time, no process for handling exceptional
circumstances has been identified. Simon Fawkes is leading the investigation into how
this situation will be dealt with and will identify the proposed solution once known.
8.7 Installation of Riposte on SAS Servers
CP3653 calls for the installation of Riposte and only installation onto all SAS servers.
Riposte will be installed in directory D:\RTOOLS.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 37 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
9 Appendix A —- Support Tool Set
This appendix lists the GNU tools available as part of the Support Tools platform
Configuration SPBV. This SPBV is known as COMSECNT.
The following detail is associated with the table on the next page.
The tools identified in the table are located in directory:
C:\Support\Tools\Generic\Cygwin (on all platforms)
A ‘Yes’ in the following column indicates that the program is to be executable by
members of the support group, while ‘No’ indicates that permission to execute the
commands is not to be granted.
The commands shown in the table do not have the ‘.exe’ suffix. The ‘.exe’ suffix will
be present for all executables when delivered to PVCS and installed on the platform.
Selected and where required, security approved NT Resource kit utilities provided by
Microsoft at Release Supplement 4 are made available in directory:
C:\Support\Tools\Generic\NTreskit (on all platforms)
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 38 of 41
FUJ00088132
FUJ00088132
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
Table 1
Support groups at Data Centre iser groups at Counters
(Commands SSC ISD. MISS. ‘ivoli laestro jssC SD ISS. {Tivoli laestro
pbasename es [Yes lo lo es. es ‘o io io es.
ash es es lo lo es ‘es io 0. jo [Yes
at es__Wves__No__INo es es io io io es
‘herp lYes es io io es eS io io io ‘es
zhmod es es lo lo es es io o. oO. es.
Shown [Yes es lo lo es. ‘es. io io. o ‘es
hhroot es__f¥es__INo__\No es es io 0 io es
emp es__f¥es__INo___No es es 0 0 0 es
D es l¥es__INo__No es 8 io io io es
ut es__f¥es__No__No 5 8 a 0 0 8
yepath a es io io es es io io io eS
te es_[¥es__No__No es es io 0 0 es
bid es__es__No__No es a io io io es
if [Yes [Yes lo io es. ‘es io o. lo es.
wif es lYes__INo__No es es io a 0 es
dirname [Yes [Yes lo lo es. ‘es io 0 io ‘es
liu es__f¥es__No__No es 8 io io io es
cho es es lo lo es. es io 10. lo es.
rep es__l¥es__INo__No es es 0 io ao es
pr es__f¥es__INo__No 8 a 0 0 0 es
false es fYes__[No__No es a io 0 i es
ind es__[¥es__No__No es eS io a 0 es
fold es l¥es__INo__No 8 es io io io es
nzip es__f¥es__No__No es a io 0 io es
ip es__f¥es__No__No es eS io 0 io es
ead es. es. lo lo. es es. io 10 10. es.
siname es__f¥es__INo__No es es io io io es
ill es es lo lo es. es lo io. oO es.
ess es_f¥es__INo__No es res 0 io 0 es
in es__f¥es__No_No aa 5 io 0 0 es
login es f¥es__INo No es es 0 0 io es
is es__I¥es__No__No es 8 io 0 0 es
indSsum es__[¥es__No__No 8 es 0 0 0 es
mkdir es. es. lo. lo. cS es. 0. oO oO. es.
fount es__fYes__No__No es es io io 0 es
inv. es__es__No__No es es io io io es
hawk es__f¥es__No__No es 8 io io 0 es
hice es__[¥es__No__No es 8 io a io es
qi Ives [es [No No a eS 0 io 0 Ives
7 es__[¥es__No___No es a a a 0 es
aste [Yes [Yes lo lo es. es. o Oo. ‘o es.
int es__f¥es__No__No es es io io 0 es
8 es__f¥es__No__No es 8 io io 0 es
yw Cy es lo. lo es. es. o 0. oO es
eztool es__f¥es__No__No 8 es a 0 0 es
km es__[Yes__No__No es es io io 0 es
mir es__[¥es__No___No a a io io io es
sed es es lo lo es. ‘es. lo. io. oO es.
sleep es__[¥es__[No__No es 8 io 0 io es
rt es__f¥es__No___No as es io io 0 es
tail es [Yes lo oF es. es o 1 oO es
ar es f¥es__INo__No es es io io io es
ee es__f¥es__No__No es 8 io 0 0 es
est es__l¥es__No___No es es io io a es
joueh es__[¥es__No__No 8 es io 0 ‘a es
iput es Yes __No___[No es es io 0 io es
rue es__f¥es__No___No os a io 0 io es
set es__f¥es__INo__No es es fo io a es
jount ‘es es lo lo es. ‘es lo. io. 1o [Yes
a es f¥es__No No es a io io 0 es
Table 2
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 39 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
ISupport groups at Data Centre User groups at Counters:
(Commands ssc ISD. ISS [Tivoli laestro: jssc ISD ISS. {Vivoli laestro.
tty [No No No 0 es 0 0 0 io
split es io io io io 8 io io io io
r No No No 0 a 0 0 0 0
ring = [Noo No 0 a io 0 io 0
keetopt Noo No 0 a 0 io 0 a
args es No No No 0 a 0 0 o 0
im es No_No No io a a 0 o io
ip client only No No No 0 a io 0 o 0
compreg Yes Noo 5 5 0 0 0 es
lisksave s__f¥es__INo__No a a io a io eS
liumpel es Wes No No es es io io io es
getmac es__f¥es__No__No es <8 io a io es
jgetsid es. es. lo lo. cS es. o 0 10. es.
ill es__[¥es__No___No a es io io 0 es
yulist es es lo lo es. es lo 0. lo cS
rkill es__[¥es__[No__No a 8 a 0 io re
obocopy es__[¥es__No__No a a 0 0 i es
c es [Yes lo fo es. es io io oO es.
Seanreg es l¥es__No__No es es io io io es
list es__[¥es__[No__No es 8 io 0 io es
Scop) es Wes No No es es 0 io a es
iowaels es__f¥es__No__No es es io a 0 es
howdisk es Cy lo. lo es es. 0. 0. 10 es.
howexps es__[¥es__No___No es 5 io 0 io es
1owmbrs_ es, es. lo. oO. es. es, io oO 10. es.
Shutdown es__[¥es__INo__\No es es io 0 io es
sleep es__f¥es__[No__No es 8 0 io io es
list [Yes es 1o lo es es io o. o es.
copy es Yes No No es es io io a es
© 2004 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 40 of 41
FUJ00088132
FUJ00088132
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 4.0
COMPANY IN CONFIDENCE Date: 04/12/04
10 Appendix B — CP3815 Secure Signing Server Access
CP3815 introduces a standalone Signing Server for the purposes of signing PinPad Software
Updates. The new server will be introduced during Release BI3S60R. This server will be
located within the Secure Room at FELO1 operated by the POA CS Security Management
Team. After the relocation to BRAOI in 2005 the server will be located in an equivalent or
more secure environment. RS/DES/082 has been updated to define the new Server Name.
As the new Signing Server will be a standalone work group server, the usual Secure NT roles
will not be effective. Neither will SecurID authentication. The proposed solution for user and
support access is to create standard Windows NT user accounts for each individual who will
require access.
Users of the Signing Server will automatically be created and added to the Users built-in
group. These users will be provided with access to the floppy disc drive and CD-ROM/DVD-
ROM drive, having read and write access to all drive types. Therefore the floppylocker
service will not be required for the standalone server build.
Support access will be limited to Core Services Operational Management staff. User accounts
created for this group of staff will be added to the local machine administrators group and
therefore will be granted full administrator capability.
The audit policy must be configured to record all user log-on and log-off event records and
the Security Event Auditor will need to review the Security Event Log maintained by the
server on a regular basis following existing processes.
© 2004 Fujitsu Services COMPANY IN CONFIDENCE Page: 41 of 41