FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
Document Title:
Document Type:
Release:
Abstract:
Document Status:
Originator & Dept:
Contributors:
Internal Reviewers:
Secure Support Role Definitions for SECURENT Build
Requirement Definition
TSO
The ACP requires that access to POA systems be controlled by the
use of pre defined roles to which users can be assigned. Such roles
will allow users to access only those parts of the system, with
associated tool sets, they need in order to complete the tasks
associated with that particular role. This document summarises the
requirements and defines the roles specifically engaged in support
activities, with associated objects, domains and access
requirements.
APPROVED
Tony Dolton, DU Secure Builds
Mark Ascott, Simon Fawkes, Peter Robinson, Steve Parker, Alex
Robinson
See section 0.2
External Reviewers: None
Approval Authorities:
Name Position Signature Date
Brian Pinder CS POA Security
Manager
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 1 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
0.0 Document Control
0.1 Document History
Version No. I Date Reason for Issue Associated
CP/PinICL
No.
0.1 10/01/02 First draft CP3283
0.2 19/10/02 Updated with comment received from PVCS review cycle. CP3283
0.3 04/02/03 Updated to reflect minor implementation changes to the CP3283
solution
0.4 15/07/03 Updated with new Riposte tools for counters. CP3482
1.0 08/08/03 Updated to APRROVED with appropriate comments from CP3482
PVCS review cycle addressed. from
LL 31/12/03 Updated with new roles for ADSL CHAP Password CP3584
Management.
Added new SAPSUP role. P3640
2.0 18/03/04 Updated to V2.0 APPROVED following PVCS Review cycle. I CP3584
CP3640
21 31/03/04 Updated to address new Change Proposals targeted at BI3S70 I CP3652
and beyond.
CP3653
2.2 01/05/04 Updated to address comments received from Mik Peach and CP3652
Steve Parker. CP3653
PC104468
3.0 22/07/04 Updated to APPROVED following PVCS review cycle. CP3652
CP3653
PC104468
3.1 10/08/04 Updated to record relaxation of Administrator access within PC105116
the PWYSAS domain. These changes were made during CP3815/S60R
release S60 live operation due to Tivoli software distribution
problems. Covers access to new standalone Signing Server.
4.0 04/12/04 Updated to APPROVED following PVCS review cycle. PC105116
CP3815/S60R
4.1 28/03/2006 I Updated to add Network MAN role. CP4104
5.0 25/05/2006 I Updated to APPROVED following PVCS review cycle. P4104,
PC0135923
5.1 29/03/2007 I Updated Network MAN role and added Network USER role. I CP4354
6.0 30/05/2007 I Issued for approval following updates post-implementation. CP4354,
PC145532,
PC145534,
PC145535
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 2 of 44
Fujitsu Services
COMPANY IN CONFIDENCE
Secure Support Role Definitions for SECURENT Ref:
Build
FUJ00088208
FUJ00088208
RS/REQ/023
Version: 6.0
Date: 30/05/07
0.2 Review Details
Review Comments by: NIA
Review Comments to: N/A
Mandatory Review Authority Name
CS POA Security Manager
Brian Pinder* (from Bill Membery)
CS Systems Support Centre Manager
Mik Peach*
ASS Design Authority/Systems Management TDA
Tan Bowen*
Optional Review/Issued for Information
Core Services SMC
Tan Cooley
Core Services Operational Management
Warren Welsh
PIT
Peter Rickson
Architect Chris Beddoes
LST Graham Jennings
SMG John Bradley
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 3 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
0.3 Associated Documents
Reference Tag I Version I Date Title Source
PA/TEM/001 ty This document is created from this version of PVCS
PA/TEM/001
RS/POL/003 [2] Access Control Policy PVCS
RS/FSP/001 [3] Security Functional Specification PVCS.
DE/ALDIO02 I [4] OpenSSH Auditing and Logging Server PVCS
TD/ION/029 [6] FTMS Configurations for AP Clients at CSR+ PVCS.
RS/REQIO20 I [7] Implementation of Anti-Virus Requirements PVCS
RS/DES/075 [8] Communication Monitoring System DMZ Security PVCS
Overview
RS/DES/080 [9] BI3 NT Domain Design PVCS
RS/DES/081 [10] BI3 Implementation Guide for NT Platforms PVCS
RS/DES/082 {11] BI3 NT Server and Workstation Names PVCS
RS/REQ/022 [12] BI3 Secure Role Definitions for SECURENT Build PVCS
SMGDES/OI [13] I 0.1 Terminal Server Document SMG
RS/DES/093 [14] HLD for CHAP Password Handling PVCS
RS/POL/002 [15] Horizon Security Policy PVCS
Unless a specific version is referred to above, reference is made to the current versions of the
documents.
0.4 Abbreviations/Definitions
Abbreviation Definition
BDC Windows NT Backup Domain Controller Server
BI3 Release Banking Increment 3
cP Change Proposal
CSR+ Core Services Release +
DCS Debit Card Services
DRS Data Reconciliation Services
ISD Abbreviation associated with Core Services staff
Local Access via the console attached directly to an NT platform
NWB Network Banking
PDC Windows NT Primary Domain Controller Server
SAS Secure Access Server
SSE Secure Support Environment
SSH Secure Shell
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 4 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
SSHC Secure Shell Client
SSHD / SSH Server Secure Shell Server
TS Terminal Server
0.5 Changes in this Version
Version I Changes
6.0 Updates for CP4354 post-implementation (sections 7.1.7 and 7.1.8).
0.6 Changes Expected
Changes
Any CP raised that affects the security configuration could result in this document being amended.
SAS access to PWYKMS and PWYCSM domains remain as To Be Designed.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 5 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
0.7 Table of Contents
1 INTRODUCTION.
3 REQUIREMENTS.
3.1 AFFECTED SUPPORT ROLES.....:o:oosonnnnnnnnnnnnnnntnininnnnninnnninnnnnnnaninnnnnnnnnnnnnmannnnnnnnnnsnsnsneD
3.2 NEW SUPPORT ROLES.....000:nsssnnnnnnnnnnnnnnnnn ee)
33 REDUNDANT SUPPORT ROLES. 10
3.4 NEW CHANGE PROPOSALS. 10
41 NT ADMINISTRATOR USER. i
4.2 TSADMIN ROLE.
43 SSHADMIN ROLE.
44 PWYLOoa¢D ROLE.
5 SUPPORT ROLE USERS...
5.1 PWYDCS USERS. ...ooinnnninnnninnnnnnininninnnnnnnnsnnniese ee 13
5.2 HUTHTIP, PDRTIP UsERs....... sesso . snsnnnenentntnennneanannes snenannenneneneene LB
53 PWYKMS Users. 13
54 PWYCSM Users. 13
5.6 SECURE ACCESS SERVER USERS.....0.::ssnnnnnnnnnnnnnnnnnnnnnesnsnnns . sovenseneennee LAL
5.7 COUNTER Access USERS. 14
5.8 NT DATA CENTRE SYSTEM ACCESS USERS...0..cceeceo snsnnenennnsnnnnnennsnnsen soe 14
6 SUPPORT AUTHENTICATION PROCESS.....
6.1 LOGON AT DESKTOP. 15
6.2 LOGON AT SAS TERMINAL SERVER. 15
6.3 LOGON TO SSH SERVER......o1enenenese sess oennintennnnesennnei sense 15
64 PROCESS SUMMARY... . sen so nnn 16
7 SUPPORT ROLE DESKTOPS...
71 STANDARD SECURE ROLE DESKTOP......00nennennene ere enter cece etree 17
7.1.1 SSC Apps MAN. ses 18
7.1.2 SSC Apps SUP.
7.1.3 Operational MAN.
7.1.4 Application SUP.
7.1.5 PWYLoad....
7.1.6 SAPSUP.
7.1.7 Network Ma
7.1.8 Network U
72 TERMINAL SERVER CLIENT DESKTOP.....
7.2.1 SSC Support Group..
7.2.2 ‘C Support Group.
7.2.3. MSS Support Group.. vo
7.2.4. Operational Management Support Group.
7.2.5. Fujitsu Consulting SAP Support Group...
8 SUPPORT TOOLL........
8.1 TOOL SET LOCATION AND ACCESS....0:.:csnsnennnennnee . onsen 37
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 6 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
82 RIPOSTE TOOLS ON COUNTERS (CP3482)...
8.3 ADDITIONAL RIPOSTE TOOLS ON COUNTERS (CP3652
8.4 ADDITIONAL TOOLS ON DATA CENTRE SERVERS (CP3652
8.5 TooLs AVAILABLE.
8.6 UPDATING THE TOOL SET.
8.6.1 Normal Circumstances.
8.6.2 Exceptional Circumstances.
8.7 INSTALLATION OF RIPOSTE ON SAS SERVERS.
9 APPENDIX A —- SUPPORT TOOL SET.........
10 APPENDIX B - CP3815 SECURE SIGNING SERVER ACCESS...
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 7 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
1 Introduction
The nature of the POA Horizon system requires that access to the counters and core
systems should be strictly controlled. [ACP] states that effective control depends on
having a clear definition of the roles and the responsibilities of all personnel who need
some form of access to the system. Users will gain access by being assigned to these
roles. This will be core to POA implementing the principles of least privilege as
described in [SFS]. POA will translate the human roles detailed in [ACP] into securely
configured roles, known as secure roles.
RS/REQ/022 defines the requirements for all POA human secure roles (except for
Support Roles) that access the POA data centre systems via an access point, which is
usually an NT workstation. These requirements are translated by IPDU Secure Builds
and IPDU PIT in order to generate a secure desktop for each role.
RS/REQ/023, this document defines the requirements of the human secure roles
involved with providing support of the POA Horizon solution. It describes for each of
the POA support groups the menus and tool sets required and the secure support
environment desktop access method used to connect to remote counters and data
centre systems.
2 Scope
This document only addresses the human user roles defined for use by the support
groups involved with supporting the POA Horizon solution systems. These support
roles are to be implemented as part of the POA central NT systems and access rights
assigned to cach role. Each support role specified within this document access
counters and the data centre NT systems through the POA NT Domain Structure
referenced in [9] and in accordance with the security configuration referenced in [10]
SMC and SMG support roles that authenticate in the SYSMAN domain are not
described in terms of their Secure Desktops. For these roles it is assumed that their
desktops include Terminal Server Client and that Terminal Server Client provides
these roles with access to the Secure Support Environment implemented within the
POA NT Domain Structure. Document reference [13] describes the configuration for
SYSMAN secure roles.
Non support roles used by SMC, SMG and Girobank are specifically excluded from
this document as they are authenticated on separate NT systems which form part of a
third party managed service. These roles are excluded from accessing the Secure
Support Environment.
This document does not describe the implementation or configuration of OpenSSH
components on the NT data centre systems or counters. This information is described
fully in reference [4].
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 8 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
3.1
3.2
3.3
Requirements
The requirement to implement a secure role based access control system emanates
from [ACP]. [ACP] further defines the roles that are required for access to the POA
Systems and the responsibilities of these roles.
Release BI3 Network Banking and release BI3S30 Debit Card System introduced
more stringent requirements regarding support access to counters and the data centre
NT systems. To satisfy these new requirements, a Secure Support Environment is
being introduced and as a result new user desktops and access mechanism are required
for the support groups. This document defines the new authentication processes,
desktops, and tool sets available to the support groups.
Affected Support Roles
The POA support roles affected by CP3283 are:
* PWYDCS\SSC Apps SUP
¢ PWYDCS\SSC Apps MAN
© PWYDCS\Operational MAN
e PWYDCS\Application SUP
In addition to the above two roles that authenticate in the SYSMAN third party
supplier domain are also affected. These two roles are:
e SYSMAN\SMC
e SYSMAN\MSS
New Support Roles
At Release BI3S55 a new privileged role is introduced for ADSL CHAP Password
Handling. See RS/DES/093 for more details concerning the use and procedures
associated with this new role. The role is named:
© PWYDCS\PWYLoad
At Release BI3S60 a new support role is introduced for Fujitsu Consulting staff who
will provide support for the new SAP financial system being introduced to the Horizon
data centres at BI3S60. This new will provide this group of support staff access to the
SAP Host via the SAS servers and SSH. The role is named:
e PWYDCS\SAPSUP
Redundant Support Roles
None of the existing support roles are made redundant.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 9 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
3.4
New Change Proposals
CP3652: This CP requires additional support tool subsets to be added to the following
platforms:
e Counters
© Counters and Data Centre Servers
e SAS Servers
CP3653: This CP requires that Riposte be installed onto the six SAS servers.
CP4104: This CP specifies a new platform type, the Network Management
Workstation. A new support user, described in section 7.1.7, is required to administer
these platforms.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 10 of 44
FU.
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
41
Implementation
For the POA support roles, each support role will be set up as a Secure Role. Secure
Roles will be mapped very tightly on to the Group concept within NT. Individual
users will be assigned to these Groups in which access to objects, domains, servers and
associated privileges will be controlled. Reference [10] describes in more detail the
rules and methods for applying Secure Roles onto the NT Group concept. These
Secure Roles are defined in Section 7.
Secure Roles use defined access points that have an accompanying Physical Platform
Design Specification (PPDS) document. Access to objects will be made available to
each role at the relevant access point. This document specifically covers the Secure
Support Roles accessing the data centres and counters
The definition of the Secure Support Roles is maintained in a spreadsheet by IPDU
Secure Builds, this spreadsheet is converted to produce automated NT command files.
These command files will be made available to ITU PIT. The command scripts will be
incorporated into the POA SECURENT build process and into the specific platform
configuration builds by ITU PIT for deployment into test and live estate environments.
Secure Support Roles, as defined in this document, will be implemented using
automated command scripts. By doing this, it will simplify the implementation and
maintenance of the roles.
Human user accounts created from the defined roles may only be members of one
Role/Group definition. This is required to ensure the user is only provided with one
appropriate tool set. Implementation of the menu structure for each Group will ensure
that users assigned to that Group will be able to access the application set necessary
for them to fulfil their duties.
NT Administrator User
The Windows NT operating system is provided with a super user known as the
‘Administrator’. This user has full administration and configuration privileges which is
exercised at both system/server and domain level. This capability cannot be removed
from Windows NT. POA recognises the power that this user has and the ability that a
human user, using the administrator user, has to interfere with the day to day operation
of the POA solution.
To address this issue, POA will limit and restrict the use of the NT Administrator User.
This will be achieved by:
> Renaming the Administrator User on all NT Servers so that it is hidden from the
system. The account name and password will be specified by the POA Security
Manager, which will be strictly controlled and stored in a secure safe.
> Restrict full administrator privileges to the “Operational Management’ role. Use of
this role will be subject to the management and procedural controls set out in the
“POA Code of Practice’, PA/STD/010.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 11 of 44
FUJ00088208
IJ00088208
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
4.2
4.3
4.4
TSadmin Role
CP3283 introduces a new administrator role known as TSadmin. This new role will be
responsible for day to day operations and administration of the PWYSAS domain and
the Secure Access Servers. The security configuration will be setup to prevent
PWYDCS roles from administering PWYSAS. PWYSAS\Administrator was
restricted from accessing the C:\ and D:\ drives in order to prevent any possibility of
tampering with the SSH log files. However this restriction has proved to be to
preventative of normal day to day system management tasks such as software
distribution and during Release BI3S60 the live estate was updated via OCPs. At
Release BI3S75 the SecureNT configuration files have been updated in line with these
OCPs. Security configuration for the TSAdmin role has not been changed and should
continue to be used for PWYSAS Domain and Server updates.
The TSadmin role will be allocated to senior Core Services NT staff and will be limited
to no more than three individuals at any one point in time. It is this role that will create
and manage the terminal server user accounts. These individual accounts will be
created from the pre-defined TS user templates. Each individual user will be mapped
to a TS profile and will have a defined user home directory. Customer Services
Security will be responsible for TSAdmin user accounts are allocated, created and
managed.
SSHadmin Role
This new role is introduced for the purpose of managing the configuration of the SSH
Client and SSH Server components. Like the TSadmin role, this new role will be
limited for use by senior Core Services NT staff and will be limited to no more than
three individuals at any one point in time. This role will only be able to administer the
Secure Shell configuration files. Only this human role will be granted access control
permissions greater than Read and Execute. Customer Services Security will be
responsible for SSHAdmin user accounts are allocated, created and managed.
PWYLoad Role
This is a special role introduced for use by the Customer Services Security
Management team. The purpose of the role is to load obfuscated passwords into the
CHAP Password database. The role accesses the CHAP Password database by logon
at Release BI3S55 at the BootLoader Server console. Once logged on, an executable
is called to provide a GUI interface that enables passwords to be loaded into the
database. At Release BI3S60 the role will also be able to logon at the ADSL Radius
Servers and FRIACO/Dialled Radius Servers console.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 12 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
5.1
5.2
5.3
5.4
Support Role Users
PWYDCS Users
SSC support staff and Core Services operational management staff who access the
POA Horizon systems must have an individual user account registered in the
PWYDCS domain. Each user account is created from a pre-defined user template
which is described in Section 7 of this document. Associated with each NT user
account registered in PWYDCS is a SecurID Token and four digit PIN.
Existing support user accounts remain unchanged within the SSE. New support user
accounts will be created using the existing and current processes.
User templates exist for the following support roles:
e Users assigned to SSC Apps SUP role have user accounts created from user
template ‘zzSSC Apps Sup’
e Users assigned to SSC Apps MAN role have user accounts created from user
template ‘zzSSC Apps MAN’
e Users assigned to Operational MAN role have user accounts created from user
template ‘zzOPSMAN’
e Users assigned to Application SUP role have user accounts created from user
template ‘zzAPPSUP”
e Users assigned to SAPSUP role have user accounts created from user template
‘zzSAPSUP”
HUTHTIP, PDRTIP Users
Both HUTHTIP and PDRTIP domains which contain the Remote TIP Gateway
systems at Post Office sites are authentication domains. Both are configured with
identical support roles to those described for PWYDCS Users above. Access to these
remote domains/systems using SSHD will require support staff to login and
authenticate using user accounts created in the HUTHTIP and PDRTIP domains.
PWYKMS Users
TBA following input from POA CS Security Management team.
PWYCSM Users
TBA following input from Infrastructure Design.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 13 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
5.5 SYSMAN Users
5.6
5.7
5.8
User accounts registered in this third party supplier managed domain must comply
with the security policies defined in [ACP].
From the requirements specified in CP3283 the following support roles from this
domain are relevant to the SSE:
e SMC
e MSS
Secure Access Server Users
Changes to the solution implementation mean that user templates and user accounts
are no longer required within the PWYSAS domain and Secure Access Servers.
Counter Access Users
CP3283 specifies that only the SSC support group will be granted access to counters
using SSE.
At the counter only a common/shared user account is required. SSH Client will
capture the logon username from the Terminal Server Client session and will record
this user name in the command log files that SSH Client generates. The user account
defined for the SSC support group is:
@ sussc
NT Data Centre System Access Users
Access to Data Centre NT systems will in the main be achieved by support staff
logging on via SSHD using their PWYDCS user account. Exceptions to this will be
HUTHTIP and PDRTIP remote TIP FTMS Gateway domains, PWYKMS and
PWYCSM domains. Access to these four domains will be achieved by using
equivalent user accounts created in these domains.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 14 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
6.1
6.2
6.3
Support Authentication Process
Logon at Desktop
All support users that logon with a PWYDCS user account will specify their unique
username and associated password. The system will then prompt for SECURID logon
using their assigned PIN with the token value displayed at the time of logon.
The same logon and authentication process should be followed for all support users
who authenticate in the SYSMAN domain.
Once the identification and authentication process has completed the user is presented
with their usual desktop with an array of tools as specified in Section 7. One of the
tools available from this desktop is the Terminal Server Client. Executing the Terminal
Server Client tool will result in the system opening a new window at the workstation
that results from a connection to a Secure Access Server located in PWYSAS domain.
This new Terminal server window will display a prompt for a user name and password.
At Release BI3S30, Support Users can still access counters and NT data centre
systems using their pre BI3S30 desktops and tools. However from BI3S30 the only
approved and authorised support access method to counters and NT systems in the
PWYPUB and DCSSERV resource domains is via the Terminal Server/Secure Shell
access route.
Logon at SAS Terminal Server
At the Terminal Server window login prompt the support user should re-enter their
individual terminal server user account created in PWYDCS domain and its associated
password.
Successful logon will result in the SAS desktop being made available to the user.
From this desktop the Secure Shell Client (SSHC) will be available.
Logon to SSH Server
The user can invoke the SSHC by typing:
ssh —I <user name> <target-address>
where:
<user name> will equate to the support group users individual user account name
created in PWYDCS domain or the other authentication domains referred to in section
5 for NT data centre systems or user account sussc for counters.
<target-address> will equate to the IP address of the target counter or NT system.
Execution of the above causes the SSHC to make a connection with the SSH server
running on the target system. The user account specified will be authenticated at the
target-system and if successful a SSH session will be initiated. The SSHC will log
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 15 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
each command executed during the session recording the PWYDCS domain (or other
domain) logon user account name that has initiated the SSH session.
6.4 Process Summary
See diagram below.
CTRL + ALT + DEL
I
v
Logon details entered
User ID ‘AscottM
Pwyocs
Domain: PWYDCS
SecurlD PIN re > authenticates user
iS oK
ecuriD Token Value
Invoke Terminal
Server Client
a
Sg User ID :AscottM PWYSAS Terminal
Server authenticates
Domain: PWYDCS eer aoe
oK
Invoke Terminal SSH
Client
eS
AM. ssh -I suse <target>
Execute required
support tools
SSH Server
authenticates SSH
Client logon
OK
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 16 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
7 Support Role Desktops
7.1 Standard Secure Role Desktop
This section describes the desktop menu and tool set provided to the four POA
Support Roles as a result of logging on with their PWYDCS, PWYKMS, (HUTHTIP,
PDRTIP) user account, password and Securid Token. This logon will be conducted at
their normal access point workstation or server.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 17 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
7.1.1. SSC Apps MAN
Group Name to be Implemented SSC Apps MAN.
Last Updated
Secure Role Type
Privileged Full Administrator eapable
Desk Top Type Restricted Desktop Menu
NT Servers AIINT Servers, also needs access to Post Office Outlet Counters and
access to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
Requires SecurlD Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP
Resource Domain Access
method
‘All resource domains and NT data centre systems via SSH Client access
‘Access Point
SSC NT Client PC SD/DES/172
‘ACP Equivalent
“Application Support (SSC)
Change Triggers
‘Menus and Tools
> Tivoli Remote Console
> Relient
> Reonsole
> Terminal Server Client
} RiposteGetMessage exe
> Ripostelndex.exe
> RiposteNode.exe
> _ RiposteObjectSecurity. Exe
© — RiposteObject.exe
© RipostePing exe
> _ RipostePriorityMessage exe
> RiposteQueryUK.exe
> — RiposteNextMessage.exe
> RipostePutMessage.exe
> RiposteScanMessage
wy
RiposteStatus.exe
> RODBClientexe
CMD prompt
> ExCeed for Windows NT (V6.1)
> Visual Basic LD.E
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page:
218 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088208
FUJ00088208
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
> Telnet
> PEP (To Host Sequent, and other POL Services)
Microsoft Diagnosties
NT Event Viewer
WinZip Pkzip
CD Rom writing software
Texipad
Microsoft Word
Microsoft Excel
Microsoft Access
Microsoft Explorer
Internet Explorer (e/w SSC default links page)
Full NT Control Panel
Performance Monitor
Registry editor
TIP Repair
In-house Utilities
> Archive Viewer
> Expiry Reporter
© Stops Reporter
> Formatted File Utility
* — MessageStore Utility
> EndOmay Reporter
> MessageStore Sort Utility
VPN Utilities
> VPNDiagClient.exe
> SVPNTSTNexe
‘Athene Utilities
Athene Analyst
‘Analyst
ViewDB Storage
‘Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
‘Athene Client-Server
Client-Server
Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
‘Athene Explorer
Define A Report
Explore Reports
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 19 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT
Build
COMPANY IN CONFIDENCE
FUJ00088208
FUJ00088208
Ref: RS/REQ/023
Version: 6.0
Date: 30/05/07
“Athene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
“Modify Model
View Results
‘Athene Sentinel
Alert Summary
Sentinel
Requires Access to ‘All systems
ZZSSCAPP_MAN :
‘Administrators
Yes TSSC Apps MAN
Yes T.Confinel.ogon
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 20 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref:
Build
Version:
COMPANY IN CONFIDENCE Date:
FUJ00088208
FUJ00088208
RS/REQ/023
6.0
30/05/07
7.1.2. SSC Apps SUP
Group Name to be Implemented
SSC Apps SUP
Last Updated
Secure Role Type Privileged Full Administrator eapable
Desk Top Type Restricted Desktop Menu
NT Servers AILNT Servers, also needs access to Sequent UNIX servers
“Access Rights Read, Execute
Requires SecuriD Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP
Resource Domain Access
‘All resource domains and NT data centre systems via SSH Client access
method
‘Access Point SSCNT Client PC SD/DES172
ACP Equivalent Application Support (SSC)
‘Change Triggers
‘Menus and Tools > Tivoli Remote Console
> Relient
* Reonsole
> Terminal Server Client
> RiposteGetMessage exe
> Ripostelndex exe
© RiposteNode.exe
© _ RiposteObject exe
> RipostePing exe
© _ RipostePriorityMessage exe
© RiposteNextMessage exe
> _ RiposteQueryUKexe
> _ RiposteScanMessage.exe
> — RiposteStatus.exe
> RODBClient.exe
‘CMD prompt
> ExCeed for Windows NT (V6.1)
> Visual Basic LD.E,
> Telnet
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 21 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
FUJ00088208
FUJ00088208
> — FTP (To Host Sequent, and other POL Services)
NE utilities
“Microsoft Diagnostics
Event Viewer
WinZip Pkzip
‘CD Rom writing software
Textpad
Microsoft Word
‘Microsoft Excel
Microsoft Access
“Microsoft Explorer
Internet Explorer (c/w SSC default links page)
Full NT Control Panel
Performance Monitor
Registry editor
TIP Repair
In-house Utilities
> Archive Viewer
> Expiry Reporter
> Stops Reporter
> Formatted File Utility
© MessageStore Utility
¥ EndOmay Reporter
MessageStore Sort Utility
VPN Utilities VPNDiagClient.exe
‘Athene Utilities Athene Analyst
Analyst
ViewDB Storage
‘Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
‘Athene Client-Server
Client-Server
‘Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
Athene Explorer
Define A Report
Explore Reports
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 22 of 44
Fujitsu Services
Secure Support Role Definitions for SECURENT Ref:
Build
COMPANY IN CONFIDENCE Date:
RS/REQ/023
Version: 6.0
30/05/07
FUJ00088208
FUJ00088208
‘Athene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit Baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
“Modify Model
View Results
‘Athene Sentinel
Alert Summary
Sentinel
Requires Access to
Allsystems
SSC App SUP.
‘Domain Admins
‘Yes Administrators
Domain Users
Yes TSSC Apps SUP
Yes T.Confinel.ogon
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 23 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088208
FUJ00088208
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
7.1.3. Operational MAN
Group Name to be Implemented ‘Operational MAN
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
NT Servers AILNT Servers
Access to Sequent UNIX Servers.
Access Rights. Full Administrator
Requires SecurlD Authentication
Yes
‘Authentication Domain
PWYDCS, PWYHQ, PWYFTMS, HUTHTIP, PDRTIP
Resource Domain Access
Allresource domains and NT data centre systems
Access Point
Core Service NT Client PC
Third Party Supplier PC
NT server console
ACP Equivalent ‘Operational Management
Core Services Role
Change Triggers
‘Menus and Tools
v
‘Compaq systems reference library
> Insight Manager
> Terminal Server Client
> SQL Server Admin
> Technet
> Microsoft Office
NT Resource Kit
‘Onnnet (telnev/ftp)
> Patrol v3.2.05
> Legato Administrator
> nt stvtools
> Tivoli desktop
> TESS for access to Tivoli web
> NT resource kit remote console server
> PC Xware
‘CMD prompt
> VPNDiagClient.exe
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 24 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088208
FUJ00088208
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
> Notepad
> SVPNTSTN.exe (Utimaco API Function Tool)
‘Athene Utilities
‘Athene Analyst
Analyst
ViewDB Storage
Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
Athene Client-Server
Client-Server
Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
‘Aihene Explorer
Define A Report
Explore Reports
‘Athene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit baseline Model
lit Reference Tables.
Edit Thresholds
Evaluate Model
Modify Model
View Results
‘Aihene Sentinel
Alert Summary
Sentinel
Requires Access to
Floppy dise drive
Locally connected printer
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 25 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 26 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
7.1.4 Application SUP
Group Name to be Implemented ‘Application Sup
Last Updated
Secure Role Type Privileged
Desk Top Type Restricted Desktop Menu
NT Servers ‘Aevess to Sequent UNIX Servers
‘Access Rights Read, Write, Execute
‘Requires SecurID Authentication Yes
‘Authentication Domain PWYDCS, PWYHQ, HUTHTIP, PDRTIP
Resource Domain Access PERFMAN
‘Aecess Point Core Services NT Client PC
‘Third Party Supplier PC
‘ACP Equivalent “Application Support
Core Services Role
‘Change Triggers
‘Menus and Tools
> Discoverer 2000
> PC Xware
> Microsoft Office
> — Onnnet (telnet/ftp)
> Patrol v3.2.05
> Legato Administrator
> ISS
> SQ Sewer Admin
> Terminal Server Client
‘CMD prompt
Athene Utilities
‘Athene Analyst
Analyst
ViewDB Storage
‘Athene Automatic Reporting
Define A Report
Schedule Editor
View Processed Reports
Athene Client-Server
Client-Server
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 27 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
“Athene CustomDB
CustomDB
Schedule Editor
Web Log Parser
Athene Explorer
Define A Report
Explore Reports
‘Athene Planner
Build Baseline Model
Calibrate Baseline Model
Delete Models
Edit baseline Model
Edit Reference Tables
Edit Thresholds
Evaluate Model
Modify Model
View Results.
‘Athene Sentinel
Alert Summary
Sentinel
Requires Access to Floppy dise drive
Locally connected printer
Lapplication SUP
T.Confinelogon
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 28 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
FUJ00088208
FUJ00088208
7.1.5 PWYLoad
Group Name to be Implemented
PWYLoadGroup
Last Updated
08/01/04
Secure Role Type
Privileged Administrator access capable
Desk Top Type Restricted Desktop Menu
NT Servers ‘Access to Bootloader Server , ADSL Radius Servers and
FRIACO/Dialled Radius Servers
‘Access Rights Read, Write, Execute
Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS
Resource Domain Access
BBOOT, WBOOT and PWYRAD systems via direct logon at server
console
‘Access Point
Server Console for Bootloader Servers, ADSL Radius Servers and
FRIACO/Dialled Radius Servers
‘ACP Equivalent None
‘Change Triggers P3584
Menus and Tools
CMD prompt
Microsoft Diagnostics
NT Event Viewer
WinZip Pkzip
Texipad
Microsoft Word
Microsoft Excel
“Microsoft Access:
Windows Explorer
Full NT Control Panel
Registry editor
Password Loader executable (maps onto
CARADIUS_CFG\Bin\ReapPwdLoader.exe on the Bootloader
server)
Requires Access to
‘All systems in BBOOT, WBOOT and PWYRAD domains. Requires
access to floppy dise drive.
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 29 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
GPWYLoadGroup
Domain Users
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 30 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
FUJ00088208
FUJ00088208
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
7.1.6 SAPSUP
Group Name to be Implemented GSAPSUP
Last Updated 26/02/04
Secure Role Type
Privileged Administrator access capable
Desk Top Type Restricted Desktop Menu
NT Servers ‘Access to SAP Host via dedicated SAS Servers MBOSASO3 or
MWISASO3
‘Access Rights Read, Write, Execute
Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS
Resource Domain Access PWYSAS
‘Access Point
Fujitsu Consulting Support Workstation + SecurID ACE Agent
ACP Equivalent
None
Change Triggers
P3640
‘Menus and Tools
Terminal Server Client
SAP GUI Interface (maps onto an executable that needs to be supplied by
Fujitsu Consulting staff, may require FC to complete an installation to
obtain this piece of information.
PIP Client. Notes: 1, the SAP Host will be configured with FTP Server
Service and the FIC SAP Support user group on the Solaris SAP Hosts
must be granted permissions to access and execute FTP. 2, the DMZ
firewalls must be configured to allow inbound and outbound FTP traffic
for this support group.
In-house Utilities
> None requirements specified.
Requires Access to
FIP capability between SAP Hosts and FIC SAP Support
Workstations.
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 31 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 32 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref:
Build
RS/REQ/023
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
FUJ00088208
FUJ00088208
7.1.7 Network Man
Note: This role has access to a full menu. The tools listed below have not been
explicitly created within the role’s menu — they are available via the menu entries
created when installing the relevant packages.
Group Name to be Implemented Network Man
Last Updated 30/05/07
Secure Role Type Privileged
Desk Top Type Full Menu
Network Equipment
All Routers, Switches, Firewalls (local and remote)
‘Access Rights Full Administrator
Requires SecurlD Authentication Yes
‘Authentication Domain PWYDCS
Resource Domain Access
‘Allresouree domains and data centre systems
‘Access Point
‘Core Service Network Management Workstation PC
‘Third Party Supplier PC
ACP Equivalent ‘Operational Management
Core Services Role
‘Change Triggers
‘Menus and Tools
> Terminal Server Client to SSH server
> — Microsoft Office
> Tivoli desktop
> _ IE6x for access to Tivoli and HP OpenView web pages
> NF resource kit remote console server
> PC Xware
> Cygwin-xX (full set including X-Windows)
> Ethereal plus Win Peap
> HP OVO Java Console plus plug-in for HIP OpenView
> Java Runtime Environment 1.4.2 05; 1.42_08.b03
© Observer Expert Probe Software (Network Instruments)
3Com tip /fip server
> Adobe acrobat reader
> _ ASDM (firewall management)
> Tera Term
> Putty
> Nero (CD burning)
‘CMD prompt
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 33 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
‘Notepad
Wordpad
telnet
ip
tracert
ping
path ping
‘Requires Access to Floppy dise drive
vi vivi vy vi viv
‘Network connected printer
USB ports enabled
CD writer
zzNET_ MAN ‘Yes ‘Network Man ‘Yes LNetworkMAN
Yes ‘Domain Users ‘Yes LConfineLogon
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 34 of 44
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
FUJ00088208
FUJ00088208
7.1.8 Network USER
Network support role for SMC users, with readonly access.
‘Group Name to be Implemented ‘Network USER
Last Updated 30/05/07
Secure Role Type Unprivileged
Desk Top Type Restricted Desktop Menu
Network Equipment ‘All Routers, Switches, Firewalls (local and remote)
‘Access Rights Read
Requires SecurID Authentication Yes
‘Authentication Domain PWYDCS
Resource Domain Access “All resource domains and data centre systems
‘Access Point ‘Core Service Network Management Workstation PC
‘Third Party Supplier PC
ACP Equivalent ‘Operational Management
Core Services Role
Change Triggers
‘Menus and Tools
> _ HP OpenView (readonly mode)
> — Shorteut to ADSL Reports on HP OpenView server Diablo
> Shorteut to ADSL Reports on HP OpenView server TableTop
} Shorteut to Cisco Works on Cisco Works server Columbus
® — Shorteut to Cisco Works on Cisco Works server MarcoPolo
Shortcut to Home Base on HP OpenView server Diablo
} — Shortcut to Home Base on HP OpenView server TableTop
> Cygwin
> Putty
Requires Access to NA
7 7
ZNET_USER—*I_Yes
Network USER
LNetworkUSER
Domain Users Yes T.ConfineLogon
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 35 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
7.2 Terminal Server Client Desktop
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
This section describes the desktop available to each of the Support groups provided
with Terminal Server access to the SSH Client.
SSC Support Group
Access provided to SSH Client. The SSH Client can be used to access counters and
data centre NT systems.
SMC Support Group
No access to SSH Client provided.
MSS Support Group
No access to SSH Client provided.
Operational Management Support Group
Access provided to SSH Client. The SSH Client can only be used to access data
centre NT systems.
Fujitsu Consulting SAP Support Group
Access provided to SSH Client. The SSH Client can only be used to access the SAP
Host in the data centres.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 36 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
8.1
Support Tools
Tool Set Location and Access
The support tool set will be installed at the same location on all NT platforms.
The ‘root’ directory is known as:
e C:\Support
Underneath this directory is the following structure:
e C:\Support\Tools\Generic
¢ C:\Support\Tools\Generic\Cygwin
e C:\Support\Tools\Generic\Ntreskit
e C:\Support\Tools\Admin (only on Secure Access Servers)
As the directory names imply, Generic means that the tools are common and available
to all support groups. The Cygwin directory holds all the GNU tools generated and
delivered into PVCS by IPDU Estate Management Development team. The Ntreskit
directory holds all Windows NT resource kit utilities. These are made available to all
support groups.
In addition to the above ‘common’ directories, each support group will have a
dedicated directory to hold bespoke developed tools. The directories are:
e (C:\Support\Tools\SSCSUP
e C:\Support\Tools\SMCSUP
e C:\Support\Tools\SYSMANSUP.
e C:\Support\Tools\OPSMANSUP.
e C:\Support\Tools\SAPSUP
Each support group will be able to access tools located in their directory. They will
not be able to access the directories of the other support groups. All support group
access will be configured as Read and Execute. Only administrator privileged users
will be able to update the above directories and add further tools to the tool set.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 37 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
8.2 Riposte Tools on Counters (CP3482)
8.3
The following tools are added to all counters via the PIT build at Release BI3S40R as
aresult of CP3482. The tools are located in directory C:\Counters\Bin.
RiposteConfig.exe
RiposteGetMessage.exe
RiposteListen.exe
RiposteNextMessage.exe
RiposteNode.exe
RiposteObject.exe
RipostePutMessage.exe
RiposteScanMessage.exe
RiposteStatus.exe
Additional Riposte Tools on Counters (CP3652)
The following tools are added to all counters via the PIT build at Release BI3S70 as a
result of CP3652. The Riposte tools are located in directory
C:\Support\Tools\SSCSUP. Note: this directory has been mandated by POA CS
Security Manager. Access to these tools is specifically restricted to SSC Support staff.
RiposteGroups.exe
RiposteConfigurationSecurity.exe
RiposteIndex.exe
RipostePriorityMessage.exe
RiposteVolume.exe
The following tools are added for all support groups to use. These tools will be located
in directory C:\Support\Tools\Generic\Cygwin\Bin.
Stty.exe
Split.exe
Tr.exe
Strings.exe
Getopt.exe
Xargs.exe
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 38 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
Vim.exe
FTP Client only
8.4 Additional Tools on Data Centre Servers (CP3652)
The following tools are added to all Data Centre servers via the PIT build at Release
BI3S70 as a result of CP3652. The tools are located in directory
C:\Support\Tools\Generic\Cygwin\Bin.
Stty.exe
Split.exe
Tr.exe
Strings.exe
Getopt.exe
Xargs.exe
Vim.exe
FTP Client only
The above tools will be installed onto all SAS servers. In addition to the above tools,
the following tool will be added to all SAS servers. This tool will not be available on
Counters or other Data Centre servers. This tool is located in directory
C:\Support\Tools\Generic\Cygwin\Bin.
Rxvt.exe
8.5 Tools Available
A full list of the tools available is given in a table in Appendix A. This appendix will be
kept update as further tools are added in the future.
8.6 Updating the Tool Set
There are two situations in which the support tool set can be updated. These are
‘normal’ and ‘exceptional’ circumstances.
8.6.1 Normal Circumstances
This section gives a brief overview of the process that should be followed in normal
circumstances in order to add new tools to the tool set.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 39 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
8.6.2
8.7
The Support group identifies new tool(s).
The Support group subject the tool(s) to local testing to ensure the tool(s) is/are fit
for purpose.
The Support group raise a CP to introduce the new tool(s), indicating whether it
is/they are generic tool(s) or specific to the support group and identifying the
target release.
POA development impacts the CP. Ifthe CP is approved
IPDU Secure Build update this document [RS/REQ/023] and publish on PVCS
review cycle.
The Security TDA and POA Security Manager are both Approval Authorities. In
addition each Support group will also have an Approval Authority for this
document. The IPDU PIT Manager will also be an Approval Authority.
Once this document has gained the necessary approval signatures, the IPDU PIT
Manager will authorise IPDU PIT to progress the updates necessary to add the
tool(s) to the tool set directories. IPDU Secure Build will adjust the security
configuration as necessary.
The work packages are subjected to testing by IPDU System Test and on
completion of testing the new work packages are added to the SUPPORT TOOLS
platform configuration build for release to the live estate systems.
The new tools are delivered and installed onto the NT platforms using Tivoli.
Exceptional Circumstances
There will always be emergency situations that will require new tools to be made
available urgently. At this point in time, no process for handling exceptional
circumstances has been identified. Simon Fawkes is leading the investigation into how
this situation will be dealt with and will identify the proposed solution once known.
Installation of Riposte on SAS Servers
CP3653 calls for the installation of Riposte and only installation onto all SAS servers.
Riposte will be installed in directory D:\RTOOLS.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 40 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
9 Appendix A —- Support Tool Set
This appendix lists the GNU tools available as part of the Support Tools platform
Configuration SPBV. This SPBV is known as COMSECNT.
The following detail is associated with the table on the next page.
The tools identified in the table are located in directory:
C:\Support\Tools\Generic\Cygwin (on all platforms)
A ‘Yes’ in the following column indicates that the program is to be executable by
members of the support group, while ‘No’ indicates that permission to execute the
commands is not to be granted.
The commands shown in the table do not have the ‘.exe’ suffix. The ‘.exe’ suffix will
be present for all executables when delivered to PVCS and installed on the platform.
Selected and where required, security approved NT Resource kit utilities provided by
Microsoft at Release Supplement 4 are made available in directory:
C:\Support\Tools\Generic\NTreskit (on all platforms)
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 41 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
Table 1
‘Support groups at Data Centre User groups at Counters
Commands SSC_I ISD _I MSS I Tivoli Maestro ssc IsD MSS. Tivol Maestro
‘basename Yes I Yes [No I No Yes Yes No [No I No Yes
bash Yes I Yes [No [No Yes Yes [No [No [No Yes
cat Yes Yes No No Yes Yes No No No Yes
cherp Yes I Yes [No I No Yes Yes No No. No. Yes
chmod Yes Yes No No Yes Yes No No No Yes
chown Yes Yes No No Yes Yes No No No Yes
chroot Yes_I Yes I No_I No Yes Yes [I No [No I No Yes
emp Yes_I Yes I No I No Yes Yes [No [No I No Yes
op Yes_I Yes I No I No Yes Yes I No I No_I No Yes
cut ‘Yes_I Yes [No [No Yes Yes [No _[ No I No Yes
eygpath Yes_[ Yes I No _I No Yes Yes I No I No__I No ‘Yes.
date Yes Yes No No Yes Yes No No No Yes
dd Yes Yes No No Yes Yes No No No Yes.
df Yes Yes No No Yes Yes No No No Yes
ditt Yes I Yes I No _[ No Yes Yes [No [No [No Yes
dimame Yes I Yes [No [No Yes Yes__INo_I No I No Yes
du Yes_I Yes [No I No Yes Yes I No [No I No Yes
echo Yes_I Yes [No_I No Yes Yes No [I No__I No Yes
egrep Yes_I Yes I No I No Yes Yes No [No I No. Yes
expr Yes Yes No No Yes Yes No No No Yes
false Yes_I Yes _[No__I No Yes Yes [No I No I No Yes
find Yes Yes No No Yes Yes No No No Yes
fold Yes Yes No No Yes Yes No No No Yes
gunzip Yes I Yes I No [No Yes Yes No No No. ‘Yes
sip Yes I Yes I No _[ No Yes Yes I No [No I No Yes
head Yes Yes No No Yes Yes No No No Yes
hostname Yes_I Yes I No I No Yes Yes [No [No _I No Yes
kill Yes Yes No No Yes Yes No No No Yes
Tess Yes_[ Yes [No I No Yes Yes [No [No [No Yes
In Yes Yes No No Yes Yes No No No Yes
login Yes_I Yes [No [No Yes Yes I No [No _I No Yes
Is Yes Yes No No Yes Yes No No No Yes
mdSsum Yes_I Yes I No I No Yes Yes No I No I No. Yes
mkdir Yes Yes No No Yes Yes No. No No Yes
‘mount Yes_[ Yes [No [No Yes Yes [No [No I No ‘Yes
mv Yes Yes No No Yes Yes No No No Yes
nawk Yes_I Yes [No I No Yes Yes No I No [No Yes
nice Yes Yes No No Yes Yes No No No Yes
al Yes_I Yes [No I No Yes Yes [No [No I No Yes
od Yes Yes No No Yes Yes No No No Yes
paste Yes I Yes [No I No Yes Yes ‘No No No. Yes
printf Yes Yes No No Yes Yes No No No Yes
Ds ‘Yes [Yes [No I No Yes Yes No [No [No Yes
pwd Yes_I Yes I No I No Yes Yes I No I No I No ‘Yes
regtool ‘Yes_I Yes [No [No Yes Yes [No [No I No Yes
™m Yes Yes No No Yes Yes No No No Yes
rmdir Yes I Yes [No [No Yes Yes [No [No I No Yes
sed Yes Yes No No Yes Yes No No No Yes
sleep Yes Yes No No Yes Yes No No No Yes
sort Yes Yes No. No Yes Yes No No No. Yes
tail Yes Yes No No Yes Yes No No No Yes
tar Yes_I Yes [No I No Yes Yes [No I No I No Yes
tee Yes_I Yes I No_[ No Yes Yes [I No__[ No I No Yes
test Yes_I Yes_[ No I No Yes Yes I No I No__I No Yes
touch Yes I Yes [No [No Yes Yes No [No [No Yes
tput Yes Yes No No Yes Yes No No No Yes
true Yes Yes No No Yes Yes No No No Yes
tset Yes Yes No No Yes Yes No No No Yes.
umount Yes Yes No No Yes Yes No No No Yes
we Yes [Yes [No [No Yes ‘Yes No [No [No Yes
Table 2
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 42 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
‘Support groups at Data Centre User groups at Counters
Commands SSC_I ISD _I MSS I Tivoli Maestro SSC IsD MSS. Tivoli Maestro
sty ‘Yes No No No No ‘Yes No No No No
split ‘Yes No No No No ‘Yes No No No No
ir Yer [No I No I No No Ye [No I No I No No
string Yes No No ‘No No ‘Yes No No No No
getopt Yes [No I No [No No Yes [No I No I No No
xargs Yes No No ‘No No ‘Yes No No No No
vim Yes [No I No I No No Yer [No [No I No No
fip client only Yes [No I No I No No Ye [No [No I No No
‘compres Yes_I Yes [No I No Yes Ye [No INo I No Yes
disksave Yes_I Yes I No__I No Yes Yes [No [No I No Yes
dumpel Yes_I Yes_I No [No Yes Yes I No I No_I No Yes
getmac Yes_I Yes_[ No I No Yes Yes [No I No__I No Yes
getsid Yes Yes No No Yes Yes No No No Yes
kill Yes_[-Yes_I No I No Yes Yes I No I No__I No Yes
pulist Yes Yes No No Yes Yes No No No Yes
kill Yes Yes No No Yes Yes No No No Yes
robocopy ‘Yes {I Yes I No I No Yes Yes ‘No ‘No No Yes
sc Yes Yes No No Yes Yes No No No Yes
scanreg Yes Yes No No Yes Yes No No No Yes
sclist Yes_I Yes I No__I No Yes Yes___I No__I No_I No Yes
Scop) Yes_I Yes I No__I No Yes Yes I No I No_I No ‘Yes
showaels Yes_I Yes_I No I No Yes Yes [I_No_ I No I No Yes
showdisk Yes_I Yes I No I No Yes Yes I No I No__I No ‘Yes
showgrps Yes Yes No No Yes Yes No No No Yes
showmbrs Yes Yes No No Yes Yes No No No Yes.
shutdown Yes Yes No No Yes Yes No No No Yes
sleep Yes Yes No No Yes Yes No No No. Yes.
tlist Yes Yes No No Yes Yes No No No Yes
xcop) Yes_[ Yes I No [No Yes Yes [No I No I No Yes
© 2007 Fujitsu Services
COMPANY IN CONFIDENCE
Page: 43 of 44
FUJ00088208
FUJ00088208
Fujitsu Services Secure Support Role Definitions for SECURENT Ref: RS/REQ/023
Build
Version: 6.0
COMPANY IN CONFIDENCE Date: 30/05/07
10 Appendix B — CP3815 Secure Signing Server Access
CP3815 introduces a standalone Signing Server for the purposes of signing PinPad Software
Updates. The new server will be introduced during Release BI3S60R. This server will be
located within the Secure Room at FELO1 operated by the POA CS Security Management
Team. After the relocation to BRAOI in 2005 the server will be located in an equivalent or
more secure environment. RS/DES/082 has been updated to define the new Server Name.
As the new Signing Server will be a standalone work group server, the usual Secure NT roles
will not be effective. Neither will SecurID authentication. The proposed solution for user and
support access is to create standard Windows NT user accounts for each individual who will
require access.
Users of the Signing Server will automatically be created and added to the Users built-in
group. These users will be provided with access to the floppy disc drive and CD-ROM/DVD-
ROM drive, having read and write access to all drive types. Therefore the floppylocker
service will not be required for the standalone server build.
Support access will be limited to Core Services Operational Management staff. User accounts
created for this group of staff will be added to the local machine administrators group and
therefore will be granted full administrator capability.
The audit policy must be configured to record all user log-on and log-off event records and
the Security Event Auditor will need to review the Security Event Log maintained by the
server on a regular basis following existing processes.
© 2007 Fujitsu Services COMPANY IN CONFIDENCE Page: 44 of 44