FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Originator & Dept:
Contributors:
Internal Reviewers:
Secure Support Role Definitions for SECURENT Build
Requirement Definition
BI3S90
The ACP requires that access to POA systems be controlled by the
use of pre defined roles to which users can be assigned. Such roles
will allow users to access only those parts of the system, with
associated tool sets, they need in order to complete the tasks
associated with that particular role. This document summarises the
requirements and defines the roles specifically engaged in support
activities, with associated objects, domains and access
requirements.
APPROVED
Tony Dolton, DU Secure Builds
Mark Ascott, Simon Fawkes, Peter Robinson, Steve Parker, Alex
Robinson
See section 0.2
External Reviewers: None
Approval Authorities:
Name Position Signature Date
Brian Pinder CS POA Security
Manager
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE Page: 1 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
0.0 Document Control
0.1 Document History
Version No. I Date Reason for Issue Associated
CP/PinICL
No.
0.1 10/01/02 First draft CP3283
0.2 19/10/02 Updated with comment received from PVCS review cycle. CP3283
0.3 04/02/03 Updated to reflect minor implementation changes to the CP3283
solution
0.4 15/07/03 Updated with new Riposte tools for counters. CP3482
1.0 08/08/03 Updated to APRROVED with appropriate comments from CP3482
PVCS review cycle addressed. from
Ld 31/12/03 Updated with new roles for ADSL CHAP Password. CP3584
Management.
Added new SAPSUP role. P3640
2.0 18/03/04 Updated to V2.0 APPROVED following PVCS Review cycle. I CP3584
CP3640
21 31/03/04 I Updated to address new Change Proposals targeted at BI3870 I CP3652
and beyond.
CP3653
2.2 01/05/04 Updated to address comments received from Mik Peach and CP3652
Steve Parker. CP3653
PC104468
3.0 22/07/04 Updated to APPROVED following PVCS review cycle. CP3652
CP3653
PC104468
3.1 10/08/04 Updated to record relaxation of Administrator access within PC105116
the PWYSAS domain. These changes were made during CP3815/S60R
release S60 live operation due to Tivoli software distribution
problems. Covers access to new standalone Signing Server.
4.0 04/12/04 Updated to APPROVED following PVCS review cycle. PC105116
CP3815/S60R
41 28/03/2006 I Updated to add Network MAN role. CP4104
5.0 25/05/2006 I Updated to APPROVED following PVCS review cycle. CP4104,
PC0135923
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 2 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
0.2 Review Details
Review Commenis by: 7A
[Review Comments to: V/A
landatory Review Authority ame
'S POA Security Manager [Brian Pinder*
ICS Systems Support Centre Manager Mik Peach*
IASS Design Authority lan Bowen*
\Optional Review/Issued for Information
IASS Systems Management TDA IGlenn Stephens
(Core Services SMC lan Cooley
‘ore Services Operational Management IWarren Welsh
PIT \Asad Sheikh
[Architect ial Finnegan
LST IGraham Jennings
MG ohn Bradley
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 3 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
0.3 Associated Documents
Reference Tag I Version I Date Title Source
PA/TEM/001 aa) This document is created from this version of PVCS
PA/TEM/001
RS/POL/003 [2] Access Control Policy PVCS
RS/FSP/001 {3] Security Functional Specification PVCS
DE/HLD/002_I [4] ‘OpenSSH Auditing and Logging Server PVCS
TD/ION/029 [6] FTMS Configurations for AP Clients at CSR+ PVCS
RS/REQIO20 ‘I [7] Implementation of Anti-Virus Requirements PVCS
RS/DES/075 [8] Communication Monitoring System DMZ Security PVCS
Overview
RS/DES/080 [9] BI3 NT Domain Design PVCS
RS/DES/081 {10} BI3 Implementation Guide for NT Platforms PVCS
RS/DES/082 (1) BI3 NT Server and Workstation Names PVCS
RS/REQ/022 [12] BI3 Secure Role Definitions for SECURENT Build PVCS
SMGDESIO! {13] }I 0.1 Terminal Server Document SMG
RS/DES/093 [14] I 0.3 HLD for CHAP Password Handling PVCS
RS/POL/002 [15] Horizon Security Policy PVCS
Unless a specific version is referred to above, reference is made to the current versions of the
documents.
0.4 Abbreviations/Definitions
Abbreviation Definition
BDC Windows NT Backup Domain Controller Server
BI3 Release Banking Increment 3
cP Change Proposal
CSR+ Core Services Release +
DCS Debit Card Services
DRS Data Reconciliation Services
ISD Abbreviation associated with Core Services staff
Local Access via the console attached directly to an NT platform
NWB Network Banking.
PDC Windows NT Primary Domain Controller Server
SAS Secure Access Server
SSE Secure Support Environment
SSH Secure Shell
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 4 of 43
Fujitsu Services Secure Support Role Definitions for SECURENT Ref:
Build
Version:
COMPANY IN CONFIDENCE Date:
FUJ00088178
FUJ00088178
RS/REQ/023
5.0
25/05/06
SSHC
Secure Shell Client
SSHD / SSH Server
Secure Shell Server
TS
Terminal Server
0.5 Changes in this Version
Version I Changes
41 Updated to add Network MAN role.
section 0.1.
5.0 Updated for comments received; added RS/POL/002 to section 0.3. Also added Peak reference to
0.6 Changes Expected
Changes
Any CP raised that affects the security configuration could result in this document being amended.
SAS access to PWYKMS and PWYCSM domains remain as To Be Designed.
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 5 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
0.7 Table of Contents
1 INTRODUCTION.
3 REQUIREMENTS.
3.1 AFFECTED SUPPORT ROLES.....co:o:osenonnennnnno sstseneinntnnnennnnnnnnnnsnse sossesntnannnnneneinennenennnnsennnneeneese 9
3.2 NEW SUPPORT ROLES.....0.00 snnininninnninnnnnnininninnninininnninininnnnnnnninnmnnnnnnnnnnnnnseee
3.3. REDUNDANT SupPoRT ROLES. sen . 10
3.4. NEW CHANGE PROPOSALS. 10
4.1 NT ADMINISTRATOR USER. i
4.2. TSADMIN ROLE.
4.3. SSHADMIN ROLE...
4.4 PWYLoaD ROLE.
5 SUPPORT ROLE USERS...
5.1 PWYDCS USERS... ssssnnnnnnenennnnnesee sesennes ae enanessesssnessesssesssen sosmsneene LB
5.2. HUTHTIP, PDRTIP Users. snenannnnnenenenanenenenens . sestnnnnnennenennnnnene 13
5.3. PWYKMS Usrrs. 13
5.4. PWYCSM Users. 13
5.5 SYSMAN Users. sustnnnnnnnnenenannnesee suotntnnnnnnntinienananeieinenenenennneinannsnsnnnnananse ne Cd
5.6 SECURE ACCESS SERVER USERS... . soonnntnnnnnennnn snes snmenernnenensennerenenseenee LA
5.7 COUNTER Access USERS. 14
5.8 NT DATA CENTRE SYSTEM ACCESS USERS. seotnsenstnnnsnnenntnnnnnnnnneenen sevstnttnenensenseees LA
6 SUPPORT AUTHENTICATION PROCESS.....
6.1 LOGON AT DESKTOP. 15
6.2 LOGON AT SAS TERMINAL SERVER. 15
6.3 LOGON TO SSH SERVER... enntennnnsennnee soeunemnennennennnnnnnnnnnanennens LS
6.4 PROCESS SUMMARY...... “ . soneennnne : . 16
7 SUPPORT ROLE DESKTOPS...
7.1 STANDARD SECURE ROLE DESKTOP......::0:snsnnnnnnnninnnnnninnnnsnnnninnnnnnnnisssnis ssenanenereennsensnsee LT.
7.1.1 SSC Apps MAN.
7.1.2 SSC Apps SUP.
7.1.3 Operational MAN.
7.1.4 Application SUP.
7.1.5 PWYLoad....
7.1.6 SAPSUP.
7.1.7 Network MAN.
7.2_ TERMINAL SERVER CLIENT DESKTOP...
7.2.1 SSC Support Group.
7.2.2. SMC Support Group.
7.2.3. MSS Support Group..
7.2.4 Operational Management Support Group.
7.2.5 Fujitsu Consulting SAP Support Group...
8 SUPPORT TOOLS.....
8.1 TooL SET LOCATION AND ACCESS...
8.2 RIPOSTE TOOLS ON COUNTERS (CP3482)..
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 6 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
8.3 ADDITIONAL RIPOSTE TOOLS ON COUNTERS (CP3652)....
8.4. ADDITIONAL TOOLS ON DATA CENTRE SERVERS (CP3652).
8.5 TOoLs AVAILABLE.
8.6 UPDATING THE TOOL SET
8.6.1 Normal Circumstances.
8.6.2 Exceptional Circumstance
8.7 INSTALLATION OF RIPOSTE ON SAS SERVERS.
9 APPENDIX A — SUPPORT TOOL SET.......ccssessessesseeseessen
10 APPENDIX B - CP3815 SECURE SIGNING SERVER ACCESS... 43
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 7 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
1 Introduction
The nature of the POA Horizon system requires that access to the counters and core
systems should be strictly controlled. [ACP] states that effective control depends on
having a clear definition of the roles and the responsibilities of all personnel who need
some form of access to the system. Users will gain access by being assigned to these
roles. This will be core to POA implementing the principles of least privilege as
described in [SFS]. POA will translate the human roles detailed in [ACP] into securely
configured roles, known as secure roles.
RS/REQ/022 defines the requirements for all POA human secure roles (except for
Support Roles) that access the POA data centre systems via an access point, which is
usually an NT workstation. These requirements are translated by IPDU Secure Builds
and IPDU PIT in order to generate a secure desktop for each role.
RS/REQ/023, this document defines the requirements of the human secure roles
involved with providing support of the POA Horizon solution. It describes for each of
the POA support groups the menus and tool sets required and the secure support
environment desktop access method used to connect to remote counters and data
centre systems.
2 Scope
This document only addresses the human user roles defined for use by the support
groups involved with supporting the POA Horizon solution systems. These support
roles are to be implemented as part of the POA central NT systems and access rights
assigned to cach role. Each support role specified within this document access
counters and the data centre NT systems through the POA NT Domain Structure
referenced in [9] and in accordance with the security configuration referenced in [10]
SMC and SMG support roles that authenticate in the SYSMAN domain are not
described in terms of their Secure Desktops. For these roles it is assumed that their
desktops include Terminal Server Client and that Terminal Server Client provides
these roles with access to the Secure Support Environment implemented within the
POA NT Domain Structure. Document reference [13] describes the configuration for
SYSMAN secure roles.
Non support roles used by SMC, SMG and Girobank are specifically excluded from
this document as they are authenticated on separate NT systems which form part of a
third party managed service. These roles are excluded from accessing the Secure
Support Environment.
This document does not describe the implementation or configuration of OpenSSH
components on the NT data centre systems or counters. This information is described
fully in reference [4].
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 8 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
3 Requirements
The requirement to implement a secure role based access control system emanates
from [ACP]. [ACP] further defines the roles that are required for access to the POA
Systems and the responsibilities of these roles.
Release BI3 Network Banking and release BI3S30 Debit Card System introduced
more stringent requirements regarding support access to counters and the data centre
NT systems. To satisfy these new requirements, a Secure Support Environment is
being introduced and as a result new user desktops and access mechanism are required
for the support groups. This document defines the new authentication processes,
desktops, and tool sets available to the support groups.
3.1 Affected Support Roles
The POA support roles affected by CP3283 are:
* PWYDCS\SSC Apps SUP
¢ PWYDCS\SSC Apps MAN
© PWYDCS\Operational MAN
e PWYDCS\Application SUP
In addition to the above two roles that authenticate in the SYSMAN third party
supplier domain are also affected. These two roles are:
e SYSMAN\SMC
e SYSMAN\MSS
3.2 New Support Roles
At Release BI3S55 a new privileged role is introduced for ADSL CHAP Password
Handling. See RS/DES/093 for more details concerning the use and procedures
associated with this new role. The role is named:
© PWYDCS\PWYLoad
At Release BI3S60 a new support role is introduced for Fujitsu Consulting staff who
will provide support for the new SAP financial system being introduced to the Horizon
data centres at BI3S60. This new will provide this group of support staff access to the
SAP Host via the SAS servers and SSH. The role is named:
e PWYDCS\SAPSUP
3.3. Redundant Support Roles
None of the existing support roles are made redundant.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 9 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
3.4 New Change Proposals
CP3652: This CP requires additional support tool subsets to be added to the following
platforms:
e Counters
© Counters and Data Centre Servers
e SAS Servers
CP3653: This CP requires that Riposte be installed onto the six SAS servers.
CP4104: This CP specifies a new platform type, the Network Management
Workstation. A new support user, described in section 7.1.7, is required to administer
these platforms.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 10 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
4 Implementation
For the POA support roles, each support role will be set up as a Secure Role. Secure
Roles will be mapped very tightly on to the Group concept within NT. Individual
users will be assigned to these Groups in which access to objects, domains, servers and
associated privileges will be controlled. Reference [10] describes in more detail the
rules and methods for applying Secure Roles onto the NT Group concept. These
Secure Roles are defined in Section 7.
Secure Roles use defined access points that have an accompanying Physical Platform
Design Specification (PPDS) document. Access to objects will be made available to
each role at the relevant access point. This document specifically covers the Secure
Support Roles accessing the data centres and counters
The definition of the Secure Support Roles is maintained in a spreadsheet by IPDU
Secure Builds, this spreadsheet is converted to produce automated NT command files.
These command files will be made available to ITU PIT. The command scripts will be
incorporated into the POA SECURENT build process and into the specific platform
configuration builds by ITU PIT for deployment into test and live estate environments.
Secure Support Roles, as defined in this document, will be implemented using
automated command scripts. By doing this, it will simplify the implementation and
maintenance of the roles.
Human user accounts created from the defined roles may only be members of one
Role/Group definition. This is required to ensure the user is only provided with one
appropriate tool set. Implementation of the menu structure for each Group will ensure
that users assigned to that Group will be able to access the application set necessary
for them to fulfil their duties.
4.1 NT Administrator User
The Windows NT operating system is provided with a super user known as the
‘Administrator’. This user has full administration and configuration privileges which is
exercised at both system/server and domain level. This capability cannot be removed
from Windows NT. POA recognises the power that this user has and the ability that a
human user, using the administrator user, has to interfere with the day to day operation
of the POA solution.
To address this issue, POA will limit and restrict the use of the NT Administrator User.
This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden from the
system. The account name and password will be specified by the POA Security
Manager, which will be strictly controlled and stored in a secure safe.
> Restrict full administrator privileges to the “Operational Management’ role. Use of
this role will be subject to the management and procedural controls set out in the
“POA Code of Practice’, PA/STD/010.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 11 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
4.2. TSadmin Role
CP3283 introduces a new administrator role known as TSadmin. This new role will be
responsible for day to day operations and administration of the PWYSAS domain and
the Secure Access Servers. The security configuration will be setup to prevent
PWYDCS roles from administering PWYSAS. PWYSAS\Administrator was
restricted from accessing the C:\ and D:\ drives in order to prevent any possibility of
tampering with the SSH log files. However this restriction has proved to be to
preventative of normal day to day system management tasks such as software
distribution and during Release BI3S60 the live estate was updated via OCPs. At
Release BI3S75 the SecureNT configuration files have been updated in line with these
OCPs. Security configuration for the TSAdmin role has not been changed and should
continue to be used for PWYSAS Domain and Server updates.
The TSadmin role will be allocated to senior Core Services NT staff and will be limited
to no more than three individuals at any one point in time. It is this role that will create
and manage the terminal server user accounts. These individual accounts will be
created from the pre-defined TS user templates. Each individual user will be mapped
to a TS profile and will have a defined user home directory. Customer Services
Security will be responsible for TSAdmin user accounts are allocated, created and
managed.
4.3. SSHadmin Role
This new role is introduced for the purpose of managing the configuration of the SSH
Client and SSH Server components. Like the TSadmin role, this new role will be
limited for use by senior Core Services NT staff and will be limited to no more than
three individuals at any one point in time. This role will only be able to administer the
Secure Shell configuration files. Only this human role will be granted access control
permissions greater than Read and Execute. Customer Services Security will be
responsible for SSHAdmin user accounts are allocated, created and managed.
4.4 PWYLoad Role
This is a special role introduced for use by the Customer Services Security
Management team. The purpose of the role is to load obfuscated passwords into the
CHAP Password database. The role accesses the CHAP Password database by logon
at Release BI3S55 at the BootLoader Server console. Once logged on, an executable
is called to provide a GUI interface that enables passwords to be loaded into the
database. At Release BI3S60 the role will also be able to logon at the ADSL Radius
Servers and FRIACO/Dialled Radius Servers console.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 12 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
5 Support Role Users
5.1. PWYDCS Users
SSC support staff and Core Services operational management staff who access the
POA Horizon systems must have an individual user account registered in the
PWYDCS domain. Each user account is created from a pre-defined user template
which is described in Section 7 of this document. Associated with each NT user
account registered in PWYDCS is a SecurID Token and four digit PIN.
Existing support user accounts remain unchanged within the SSE. New support user
accounts will be created using the existing and current processes.
User templates exist for the following support roles:
e Users assigned to SSC Apps SUP role have user accounts created from user
template ‘zzSSC Apps Sup’
e Users assigned to SSC Apps MAN role have user accounts created from user
template ‘zzSSC Apps MAN’
e Users assigned to Operational MAN role have user accounts created from user
template ‘zzOPSMAN’
e Users assigned to Application SUP role have user accounts created from user
template ‘zzAPPSUP”
e Users assigned to SAPSUP role have user accounts created from user template
‘zzSAPSUP”
5.2 HUTHTIP, PDRTIP Users
Both HUTHTIP and PDRTIP domains which contain the Remote TIP Gateway
systems at Post Office sites are authentication domains. Both are configured with
identical support roles to those described for PWYDCS Users above. Access to these
remote domains/systems using SSHD will require support staff to login and
authenticate using user accounts created in the HUTHTIP and PDRTIP domains.
5.3. PWYKMS Users
TBA following input from POA CS Security Management team.
5.4 PWYCSM Users
TBA following input from Infrastructure Design.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 13 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
5.5 SYSMAN Users
User accounts registered in this third party supplier managed domain must comply
with the security policies defined in [ACP].
From the requirements specified in CP3283 the following support roles from this
domain are relevant to the SSE:
e SMC
e MSS
5.6 Secure Access Server Users
Changes to the solution implementation mean that user templates and user accounts
are no longer required within the PWYSAS domain and Secure Access Servers.
5.7 Counter Access Users
CP3283 specifies that only the SSC support group will be granted access to counters
using SSE.
At the counter only a common/shared user account is required. SSH Client will
capture the logon username from the Terminal Server Client session and will record
this user name in the command log files that SSH Client generates. The user account
defined for the SSC support group is:
@ sussc
5.8 NT Data Centre System Access Users
Access to Data Centre NT systems will in the main be achieved by support staff
logging on via SSHD using their PWYDCS user account. Exceptions to this will be
HUTHTIP and PDRTIP remote TIP FTMS Gateway domains, PWYKMS and
PWYCSM domains. Access to these four domains will be achieved by using
equivalent user accounts created in these domains.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 14 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
6 Support Authentication Process
6.1 Logon at Desktop
All support users that logon with a PWYDCS user account will specify their unique
username and associated password. The system will then prompt for SECURID logon
using their assigned PIN with the token value displayed at the time of logon.
The same logon and authentication process should be followed for all support users
who authenticate in the SYSMAN domain.
Once the identification and authentication process has completed the user is presented
with their usual desktop with an array of tools as specified in Section 7. One of the
tools available from this desktop is the Terminal Server Client. Executing the Terminal
Server Client tool will result in the system opening a new window at the workstation
that results from a connection to a Secure Access Server located in PWYSAS domain.
This new Terminal server window will display a prompt for a user name and password.
At Release BI3S30, Support Users can still access counters and NT data centre
systems using their pre BI3S30 desktops and tools. However from BI3S30 the only
approved and authorised support access method to counters and NT systems in the
PWYPUB and DCSSERV resource domains is via the Terminal Server/Secure Shell
access route.
6.2 Logon at SAS Terminal Server
At the Terminal Server window login prompt the support user should re-enter their
individual terminal server user account created in PWYDCS domain and its associated
password.
Successful logon will result in the SAS desktop being made available to the user.
From this desktop the Secure Shell Client (SSHC) will be available.
6.3. Logon to SSH Server
The user can invoke the SSHC by typing:
ssh —I <user name> <target-address>
where:
<user name> will equate to the support group users individual user account name
created in PWYDCS domain or the other authentication domains referred to in section
5 for NT data centre systems or user account sussc for counters.
<target-address> will equate to the IP address of the target counter or NT system.
Execution of the above causes the SSHC to make a connection with the SSH server
running on the target system. The user account specified will be authenticated at the
target-system and if successful a SSH session will be initiated. The SSHC will log
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 15 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
each command executed during the session recording the PWYDCS domain (or other
domain) logon user account name that has initiated the SSH session.
6.4 Process Summary
See diagram below.
CTRL + ALT + DEL
I
v
Logon details entered
User ID ‘AscottM
Pwyocs
Domain: PWYDCS
SecurlD PIN re > authenticates user
iS oK
ecuriD Token Value
Invoke Terminal
Server Client
a
Sg User ID :AscottM PWYSAS Terminal
Server authenticates
Domain: PWYDCS eer aoe
oK
Invoke Terminal SSH
Client
eS
AM. ssh -I suse <target>
Execute required
support tools
SSH Server
authenticates SSH
Client logon
OK
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 16 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7 Support Role Desktops
7.1 Standard Secure Role Desktop
This section describes the desktop menu and tool set provided to the four POA
Support Roles as a result of logging on with their PWYDCS, PWYKMS, (HUTHTIP,
PDRTIP) user account, password and Securid Token. This logon will be conducted at
their normal access point workstation or server.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 17 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.1.1 SSC Apps MAN
Group Name to be Implemented SSC Apps MAN,
Last Updated
‘Secure Role Type Privileged Full Administrator eapable
Desk Top Type Restricted Desktop Menu
NT Servers ‘AILNT Servers, also needs access to Post Office Outlet Counters and
access to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
‘Requires SecurlD Authentication Yes
Authentication Domain PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP-
Resouree Domain Access ‘All resource domains and NT data centre systems via SSH Client access
method
Access Point SSC NT Client PC SD/DES/172
‘ACP Equivalent “Application Support (SSC)
‘Change Triggers
‘Menus and Tools > Tivoli Remote Console
> — Relient
> Reonsole
> ‘Terminal Server Client
> RiposteGetMessage.exe
D> Ripostelndex.exe
> RiposteNode.exe
[> RiposteObjectSecurity. Exe
> RiposteObject.exe
> RipostePing exe
[> RipostePriorityMessage exe
> RiposteQueryUK.exe
D> RiposteNextMessage.exe
> RipostePutMessage.exe
I> RiposteScanMessage
> RiposteStatus.exe
)> RODBClient.exe
MD prompt
> ExCeed for Windows NT (V6.1)
)> Visual Basic I.D.E
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 18 of 43
Fujitsu Services
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088178
FUJ00088178
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
Telnet
[> FTP (To Host Sequent, and other POL Services)
fcrosoft Diagnostics
T Event Viewer
‘inZip/Pkzip
"D Rom writing software
ITextpad
ficrosoht Word
jicrosoft Excel
ficrosoft Access
fierosoft Explorer
[internet Explorer (c/w SSC default links page)
IFull NT Control Panel
[Performance Monitor
egistry editor
TIP Repair
In-house Utilities
[> Archive Viewer
> Expiry Reporter
> Stops Reporter
b> Formatted File Utility
> MessageStore Utility
> EndOmMay Reporter
> MessageStore Sort Utility
VPN Utilities
> VPNDiagClient exe
> SVPNISTNeexe
Athene Utilities
[Athene Analyst
Analyst
ViewDB Storage
‘thene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
thene Client-Server
Client-Server
[Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
‘thene Explorer
Define A Report
Explore Reports
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 19 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
JAthene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
IAthene Sentinel
Alert Summary
Sentinel
Requires Access to All systems
ZZSSCAPP_MAN
SSC Apps MAN
‘Domain Admins
‘Domain Users ‘Yes LSSC Apps MAN
es TconfineLogin
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 20 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.1.2 SSC Apps SUP
Group Name fo be Implemented SSC Apps SUP
Last Updated
‘Secure Role Type Privileged Full Administrator capable
Desk Top Type Restricted Desktop Menu
NT Servers AIINT Servers, also needs access to Sequent UNIX servers
‘Access Rights Read, Execute
Requires SecurID Authentication Yes
‘Authentication Domain.
PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP
Resource Domain Access
‘All resource domains and NT data centre systems via SSH Client access
method
‘Access Point
SSC NT Client PC SD/DES/172
‘ACP Equivalent
Application Support (SSC)
Change Triggers
‘Menus and ToolsI
} Tivoli Remote Console
> Relient
* Reonsole
> Terminal Server Client
& RiposteGetMessage.exe
> Ripostelndexexe
> RiposteNode exe
© RiposteObjectexe
> RipostePing exe
> _ RipostePriorityMessage.exe
> RiposteNextMessage.exe
© _ RiposteQueryUK. exe
> Riposte
anMessage exe
> — RiposteStatus.exe
> RODBClientexe
‘CMD prompt
> ExCeed for Windows NT (V6.1)
> Visual Basic LD.E.
> Telnet
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE Page: 21 of 43
Fujitsu Services
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
35.0
COMPANY IN CONFIDENCE Date: 25/05/06
FUJ00088178
FUJ00088178
© FIP (To Host Sequent, and other POL Services)
NE ulilities
“Microsoft Diagnostics
Event Viewer
WinZipPkzip
‘CD Rom writing software
‘Textpad
‘Microsoft Word
‘Microsoft Excel
Microsoft. Access
Microsoft Explorer
Internet Explorer (c/w SSC default links page)
Full NT Control Panel
Performance Monitor
Registry editor
TIP Repair
In-house Utilities
> Archive Viewer
> Expiry Reporter
> Stops Reporter
> Formatted File Utility
© MessageStore Utility
> EndOtay Reporter
+ MessageStore Sort Utility
VPN Uiilities ‘VPNDiagClient.exe
‘Athene Utilities lAthene Analyst
Analyst
ViewDB Storage
lAthene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
‘thene Client-Server
Client-Server
thene CustomDB
CustomDB
Schedule Editor
Web Log Parser
lAthene Explorer
Define A Report
Explore Reports
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 22 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
COMPANY IN CONFIDENCE
Version: 5.0
Date: 25/05/06
TAthene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results
IAthene Sentinel
Alert Summary
Sentinel
Requires Access to All systems
ZzSSCAPP_ SUP
SSC App SUP.
‘Domain Admins
Administrators
‘Domain Users
TSSC Apps SUP
TconfineLogin
© 2006 Fujitsu Services COMPANY IN CONFIDENCE
Page: 23 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.1.3. Operational MAN
‘Group Name to be Implemented Operational MAN
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
NT Servers AIINT Servers
Access to Sequent UNIX Servers
Access Rights Full Administrator
Requires SecurlD Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, PWYFIMS, HUTHTIP, PDRTIP
Resource Domain Access
‘All resource domains and NT data centre systems
‘Access Point
‘Core Service NT Client PC
‘Third Party Supplier PC
NT server console
‘ACP Equivalent ‘Operational Management
Core Services Role
Change Triggers
Menus and Tools > — Compaq systems reference library
> Insight Manager
> Terminal Server Client
> SQLServer Admin
> Technet
> Microsoft Office
> NT Resource Kit
> Onnnet (telnet fip)
> Patrol v3.2.05
> Legato Administrator
> nt stvtools
> Tivoli desktop
} TESS for access to Tivoli web
} NT resource kit remote console server
* PC Xware
‘CMD prompt
> VPNDiagClient.exe
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE Page: 24 of 43
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088178
FUJ00088178
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
> Notepad
> SVPNTSTN.exe (Utimaco API Function Tool)
Athene Utilities
[Athene Analyst
Analyst
ViewDB Storage
Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
lAthene Client-Server
Client-Server
[Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
‘thene Explorer
Define A Report
Explore Reports
\Athene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit baseline Model
Edit Reference Tables.
Edit Thresholds
Evaluate Model
Modify Model
‘View Results.
‘thene Sentinel
Alert Summary
Sentinel
Requires Access to
Floppy dise drive
Locally connected printer
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 25 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 26 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.1.4 Application SUP
Group Name to be Implemented Application Sup
Last Updated
Secure Role Type Privileged
‘Desk Top Type Restricted Desktop Menu
NT Servers ‘Aceess to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
Requires SecurID Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, HUTHTIP, PDRTIP
Resource Domain Access PERFMAN
‘Access Point ‘Core Services NT Client PC
‘Third Party Supplier PC
‘ACP Equivalent “Application Support
Core Services Role
Change Triggers
‘Menus and Tools
Discoverer 2000
b PC Xware
Microsoft Office
F Onnnet (telnev/ip)
Patrol v3.2.05
F Legato Administrator
- ESS
+ SQL Server Admin
Terminal Server Client
MD prompt
Athene Utilities
‘thene Analyst
Analyst
ViewDB Storage
lAthene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
lAthene Client-Server
Client-Server
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE Page: 27 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
‘thene CustomDB
CustomDB
Schedule Editor
Web Log Parser
IAthene Explorer
Define A Report
Explore Reports
IAthene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models,
Edit baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
‘Modify Model
View Results,
[Athene Sentinel
Alert Summary
Sentinel
Requires Access to Floppy dise drive
Locally connected printer
‘Application SUP
Domain Users application SUP
‘Leonfinelogin
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 28 of 43
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088178
FUJ00088178
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.1.5 PWYLoad
Group Name to be Implemented PWYLoadGroup
Last Updated 08/01/04
Secure Role Type Privileged Administrator access capable
Desk Top Type Restricted Desktop Menu
NT Servers ‘Access to Bootloader Server , ADSL Radius Servers and FRIACODDialle:
Radius Servers
‘Access Rights Read, Write, Execute
‘Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS
Resource Domain Access BBOOT, WBOOT and PWYRAD systems via direct logon at server
console
‘Access Point Server Console for Bootloader Servers, ADSL Radius Servers and
FRIACO/Dialled Radius Servers
‘ACP Equivalent None
Change Triggers “P3584
‘Menus and Tools
IEMD prompt
ficrosoft Diagnostics
INT Event Viewer
VinZip/Pkaip
[Textpad
ficrosoft Word
ficrosoft Excel
ficrosoft Access
Vindows Explorer
IFull NT Control Panel
egistry editor
Inchouse Utilities [> Password Loader executable (maps onto
C\RADIUS_CFG\Bin\ReapPwdL oader.exe on the Bootloader server)
Requires Access to ‘All systems in BBOOT, WBOOT and PWYRAD domains. Requires
access to floppy dise drive.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 29 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 30 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.1.6 SAPSUP
Group Name to be Implemented GSAPSUP
Last Updated 26/02/04
Secure Role Type
Privileged Administrator access capable
Desk Top Type Restricted Desktop Menu
NT Servers ‘Access to SAP Host via dedicated SAS Servers MBOSAS03 or
MWISASO3
‘Access Rights Read, Write, Execute
Requires SecurID Authentication Yes
‘Authentication Domain PWYDCS
Resource Domain Access PWYSAS
‘Access Point
Fujitsu Consulting Support Workstation + SecurID ACE Agent
‘ACP Equivalent
None
Change Triggers
P3640
‘Menus and Tools
Terminal Server Client
SAP GUT Interface (maps onto an executable that needs to be supplied by
[Fujitsu Consulting staff, may require FIC to complete an installation to
‘btain this piece of information.
FTP Client. Notes: I, the SAP Host will be configured with FTP Server
\Service and the FIC SAP Support user group on the Solaris SAP Hosts must
e granted permissions to access and execute FTP. 2, the DMZ firewalls,
must be configured to allow inbound and outbound FTP traflie for this,
support group.
In-house Utilities
> None requirements specified
Requires Access to
FIP capability between SAP Hosts and FIC SAP Support Workstations.
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE Page: 31 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 32 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.1.7 Network MAN
Group Name to be Implemented Network MAN
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
Network Equipment All Routers, Switches, Firewalls (local and remote)
‘Access Rights Full Administrator
Requires SecurlD Authentication
Yes
Authentication Domain
PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP.
Resource Domain Access
All resource domains and data centre systems
‘Access Point
Core Service Network Management Workstation PC
Third Party Supplier PC
‘AGP Equivalent
Operational Management
Core Services Role
Change Triggers
‘Menus and Tools
> Terminal Server Client to SSH server
> Microsoft Office
> Tivoli desktop
> 1E6.x for access to Tivoli and HP OpenView web pages
> NT resource kit remote console server
> PC Xware
> Cygwin-X (full set including X-Windows)
> Ethereal plus Win Pcap
> HP OVO Java Console plus plug-in for HP OpenView
[> Java Runtime Environment 1.4.2_05; 1.42_08.b03
> Observer Expert Probe Software (Network Instruments)
> 3Com tip /fip server
> — Adobe acrobat reader
[> ASDM (firewall management)
> Terra Term
> Putty
> Nero (CD burning)
CMD prompt
> Notepad
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE Page: 33 of 43
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
FUJ00088178
FUJ00088178
Wordpad
telnet
fp
tracert
ping
Bd ad a a
path ping
Requires Access to
Floppy dise drive
Network connected printer
USB ports enabled
CD writer
ZzNET_MAN
Yes Network MAN
Yes Domain Users
Lnetwork MAN
es LeonfineLogin
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 34 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
7.2 Terminal Server Client Desktop
This section describes the desktop available to each of the Support groups provided
with Terminal Server access to the SSH Client.
7.2.1. SSC Support Group
Access provided to SSH Client. The SSH Client can be used to access counters and
data centre NT systems.
7.2.2 SMC Support Group
No access to SSH Client provided.
7.2.3, MSS Support Group
No access to SSH Client provided.
7.2.4 Operational Management Support Group
Access provided to SSH Client. The SSH Client can only be used to access data
centre NT systems.
7.2.5 Fujitsu Consulting SAP Support Group
Access provided to SSH Client. The SSH Client can only be used to access the SAP
Host in the data centres.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 35 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
8 Support Tools
8.1 Tool Set Location and Access
The support tool set will be installed at the same location on all NT platforms.
The ‘root’ directory is known as:
e C:\Support
Underneath this directory is the following structure:
e C:\Support\Tools\Generic
¢ C:\Support\Tools\Generic\Cygwin
e C:\Support\Tools\Generic\Ntreskit
e C:\Support\Tools\Admin (only on Secure Access Servers)
As the directory names imply, Generic means that the tools are common and available
to all support groups. The Cygwin directory holds all the GNU tools generated and
delivered into PVCS by IPDU Estate Management Development team. The Ntreskit
directory holds all Windows NT resource kit utilities. These are made available to all
support groups.
In addition to the above ‘common’ directories, each support group will have a
dedicated directory to hold bespoke developed tools. The directories are:
e (C:\Support\Tools\SSCSUP
e C:\Support\Tools\SMCSUP
e C:\Support\Tools\SYSMANSUP.
e C:\Support\Tools\OPSMANSUP.
e C:\Support\Tools\SAPSUP
Each support group will be able to access tools located in their directory. They will
not be able to access the directories of the other support groups. All support group
access will be configured as Read and Execute. Only administrator privileged users
will be able to update the above directories and add further tools to the tool set.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 36 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
8.2 Riposte Tools on Counters (CP3482)
The following tools are added to all counters via the PIT build at Release BI3S40R as
aresult of CP3482. The tools are located in directory C:\Counters\Bin.
RiposteConfig.exe
RiposteGetMessage.exe
RiposteListen.exe
RiposteNextMessage.exe
RiposteNode.exe
RiposteObject.exe
RipostePutMessage.exe
RiposteScanMessage.exe
RiposteStatus.exe
8.3 Additional Riposte Tools on Counters (CP3652)
The following tools are added to all counters via the PIT build at Release BI3S70 as a
result of CP3652. The Riposte tools are located in directory
C:\Support\Tools\SSCSUP. Note: this directory has been mandated by POA CS
Security Manager. Access to these tools is specifically restricted to SSC Support staff.
RiposteGroups.exe
RiposteConfigurationSecurity.exe
RiposteIndex.exe
RipostePriorityMessage.exe
RiposteVolume.exe
The following tools are added for all support groups to use. These tools will be located
in directory C:\Support\Tools\Generic\Cygwin\Bin.
Stty.exe
Split.exe
Tr.exe
Strings.exe
Getopt.exe
Xargs.exe
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 37 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
Vim.exe
FTP Client only
8.4 Additional Tools on Data Centre Servers (CP3652)
The following tools are added to all Data Centre servers via the PIT build at Release
BI3S70 as a result of CP3652. The tools are located in directory
C:\Support\Tools\Generic\Cygwin\Bin.
Stty.exe
Split.exe
Tr.exe
Strings.exe
Getopt.exe
Xargs.exe
Vim.exe
FTP Client only
The above tools will be installed onto all SAS servers. In addition to the above tools,
the following tool will be added to all SAS servers. This tool will not be available on
Counters or other Data Centre servers. This tool is located in directory
C:\Support\Tools\Generic\Cygwin\Bin.
Rxvt.exe
8.5 Tools Available
A full list of the tools available is given in a table in Appendix A. This appendix will be
kept update as further tools are added in the future.
8.6 Updating the Tool Set
There are two situations in which the support tool set can be updated. These are
‘normal’ and ‘exceptional’ circumstances.
8.6.1 Normal Circumstances
This section gives a brief overview of the process that should be followed in normal
circumstances in order to add new tools to the tool set.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 38 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
e The Support group identifies new tool(s).
e The Support group subject the tool(s) to local testing to ensure the tool(s) is/are fit
for purpose.
e The Support group raise a CP to introduce the new tool(s), indicating whether it
is/they are generic tool(s) or specific to the support group and identifying the
target release.
e POA development impacts the CP. If the CP is approved
e IPDU Secure Build update this document [RS/REQ/023] and publish on PVCS
review cycle.
e The Security TDA and POA Security Manager are both Approval Authorities. In
addition each Support group will also have an Approval Authority for this
document. The IPDU PIT Manager will also be an Approval Authority.
© Once this document has gained the necessary approval signatures, the IPDU PIT
Manager will authorise IPDU PIT to progress the updates necessary to add the
tool(s) to the tool set directories. IPDU Secure Build will adjust the security
configuration as necessary.
e The work packages are subjected to testing by IPDU System Test and on
completion of testing the new work packages are added to the SUPPORT TOOLS
platform configuration build for release to the live estate systems.
e The new tools are delivered and installed onto the NT platforms using Tivoli.
8.6.2 Exceptional Circumstances
There will always be emergency situations that will require new tools to be made
available urgently. At this point in time, no process for handling exceptional
circumstances has been identified. Simon Fawkes is leading the investigation into how
this situation will be dealt with and will identify the proposed solution once known.
8.7 Installation of Riposte on SAS Servers
CP3653 calls for the installation of Riposte and only installation onto all SAS servers.
Riposte will be installed in directory D:\RTOOLS.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 39 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
9 Appendix A —- Support Tool Set
This appendix lists the GNU tools available as part of the Support Tools platform
Configuration SPBV. This SPBV is known as COMSECNT.
The following detail is associated with the table on the next page.
The tools identified in the table are located in directory:
C:\Support\Tools\Generic\Cygwin (on all platforms)
A ‘Yes’ in the following column indicates that the program is to be executable by
members of the support group, while ‘No’ indicates that permission to execute the
commands is not to be granted.
The commands shown in the table do not have the ‘.exe’ suffix. The ‘.exe’ suffix will
be present for all executables when delivered to PVCS and installed on the platform.
Selected and where required, security approved NT Resource kit utilities provided by
Microsoft at Release Supplement 4 are made available in directory:
C:\Support\Tools\Generic\NTreskit (on all platforms)
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 40 of 43
FUJ00088178
FUJ00088178
Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
Table 1
Support groups at Data Centre [User groups at Counters
(Commands sSC ISD ISS [Tivoli Vlaestro: jSSC ISD ISS. {Tivoli laestro
jbasename Yes es lo lo es. es io 0. io es.
bash e_f¥es__No No a as io 0 a a
at es__Wes__No___No es es io 0 0 es
‘herp Yes Yes io io es eS io io io es,
shmod es es lo lo es es. io io. 10 es.
chown Ives lYes__INo__No es 8 io io 0 es
root es__f¥es_No__No es es io io io es
cmp es__f¥es__[No__No es es io io io es
p es__lYes__No__No es es io io 0 es
cut es__f¥es__[No__No es 8 io 0 io es
jgpath es. es lo. io. cS es. o 0. 10. es
te es__f¥es__No No es eS io io 0 es
dd es es lo. lo. es es, o 0. oO es,
if es__[¥es__(No__No a aa io a io es
with es f¥es__No__No es es io 0 a es
limame [Yes es lo lo es. fes. ‘o ‘o oO es.
lau es__l¥es No No es es io io 0 es
lecho lves__[¥es__INo__INo 8 a 0 0 0 Ives
rep es__[Yes__No__No es es io io a es
xpr es__[¥es__No___No 5 8 a 0 a es
ifalse es es, lo. o cS es, o 0 10. cy
find es__f¥es__No___No a <8 a 0 a es
fold es es. lo. lo. cS es, 0 0 10. es.
wnzip es [Yes io io es 5 io io io es,
ip es__lYes__No__No 8 es io 0 ns es
hhead ves [Yes _INo__No 8 8 0 0 0 es
hostname es__f¥es__No__No es 8 io 0 io es
Kill es ‘es lo lo es es io io io es.
ess es f¥es__No__No es 8 0 0 0 es
in es__[¥es__No__No es a 0 0 0 8
login es es__No___ No es es a io 0 es
is es_f¥es__INo__No es es io 0 0 es
IndSsum Ives les__[No___No es es io 0 0 es
ir [Yes es lo lo es. es io (o io es
Imount es__f¥es__No__No 8 es io a io a
inv es__l¥es _No__No es a io 0 io es
hawk es__[¥es__No__No es es io io io es
hice es__I¥es__No__No 8 a 0 0 0 es
q es_f¥es__No__No es es io io 0 es
d es__[¥es__No__No 8 a io 0 0 es
Aste [Yes [Yes lo lo es ‘es. o o oO cy
int es__f¥es__[No__No es a 0 0 io es
5 es__[¥es__INo__No es 8 io io 5 es
wd es. es lo oO cS es o. o 10. es.
sztool es__l¥es__INo__No es es io io io es
im es__Yes__No__No es es io io io es
mdi es__f¥es__No__No es es 0 0 0 es
sed ‘es es lo lo es ‘es io 0. jo. es.
sleep es__f¥es__No__No es es io io io es
Gort es__[¥es__No___No es 8 a a 0 es
ail es__[¥es__INo__No es es io 0 o es
ar es fYes__No__No es es io io 0 es
ee es__l¥es__INo___No es es io 0 0 es
est s__Yes__No__No es es io io io es
joueh es__f¥es__No___No es eS 0 io 0 es
put es (Yes. io io es es io io io. es
rue es__[¥es__No__No a a io io io es
set es__[¥es__No___No es es io i 0 es
umount es [Yes lo lo es es io (o. 10 es.
a es l¥es__No No es a io io 0 es
Table 2
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 41 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
Support groups at Data Centre Jser groups at Counters
(Commands {ssc ISD ISS [Tivoli Maestro: ssc ISD. ISS. {Tivoli laestro.
tty es No No_No 0 es 0 0 0 io
Split [No No No io a i 0 5 0
tr es No_No No 0 8 0 0 a 0
‘ring [No No No 0 a io 0 5 0
kzetopt es No No No 0 a 0 0 o 0
args es No No No io es io 0 io io
im No _No No 0 s i o 0
ip client only es NoNo No 0 a io 0 0 a
compreg (Yes No No 5 es i 7 a es
isksave es__l¥es__INo__No es a io a io es
kiumpel es__lYes__INo No es es io io io es
etmac es__[¥es__INo__No es 8 io io 0 es
ketsid es__[¥es__No__No es 8 io io 0 es
i es__f¥es__[No__No es 8 0 0 0 es
yulist es es lo lo es. es lo 10. lo cs
rill es__f¥es__No__No 5 as io 0 a es
obocopy es__[¥es__No__No 8 a a 0 0 es
es__f¥es__INo_No a <8 io io io es
anreg es__[¥es__No___No es es 0 0 0 es
clist es__[¥es__INo__No es es io 0 i a
Scop) es__l¥es__No_No es es io 0 o es
howacls es__f¥es__No__No es eS 0 0 io es
howdisk es. es. lo o es. Cy 0. 10 1o es.
Ghowerps es__[¥es__No__No a a io 0 io es
jowmbrs ex fves__No___No es es io 0 0 es
shutdown es es lo lo es. es io io lo ‘es
sleep es ‘es [No io es es io io io es.
list [Yes cS lo lo es ‘es io o oO es.
copy es Yes No No es es io io a es
© 2006 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 42 of 43
FUJ00088178
FUJ00088178
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 5.0
COMPANY IN CONFIDENCE Date: 25/05/06
10 Appendix B — CP3815 Secure Signing Server Access
CP3815 introduces a standalone Signing Server for the purposes of signing PinPad Software
Updates. The new server will be introduced during Release BI3S60R. This server will be
located within the Secure Room at FELO1 operated by the POA CS Security Management
Team. After the relocation to BRAOI in 2005 the server will be located in an equivalent or
more secure environment. RS/DES/082 has been updated to define the new Server Name.
As the new Signing Server will be a standalone work group server, the usual Secure NT roles
will not be effective. Neither will SecurID authentication. The proposed solution for user and
support access is to create standard Windows NT user accounts for each individual who will
require access.
Users of the Signing Server will automatically be created and added to the Users built-in
group. These users will be provided with access to the floppy disc drive and CD-ROM/DVD-
ROM drive, having read and write access to all drive types. Therefore the floppylocker
service will not be required for the standalone server build.
Support access will be limited to Core Services Operational Management staff. User accounts
created for this group of staff will be added to the local machine administrators group and
therefore will be granted full administrator capability.
The audit policy must be configured to record all user log-on and log-off event records and
the Security Event Auditor will need to review the Security Event Log maintained by the
server on a regular basis following existing processes.
© 2006 Fujitsu Services COMPANY IN CONFIDENCE Page: 43 of 43