ClearPath OS 2200 Security Explained
Author(s): Dr. Glen E. Newton, Posted on December 7th, 2016
A previous blog described some of the highlights of new security features incorporated into software products that are part of ClearPath OS 2200 Release 17. This blog is about another enhancement in Release 17 that is not a product feature but a high-level explanation of the security philosophy, goals, and features in OS 2200. Why does this contribute to enhanced security? It’s because security is most powerful when it’s understood and used in a way that matches your enterprise security goals.
The new OS 2200 Security Overview book included in Release 17 describes OS 2200 security concepts, goals, and features. It consolidates security overview information from multiple books and help files and introduces the secure computing capabilities of ClearPath OS 2200 Release 17.0. Most of the features described in this book are also in previous ClearPath OS 2200 releases, so you’ll find it a good way to organize your understanding of OS 2200 security, even if you are running an older system level.
The overall organization and much of the content parallels that of the corresponding MCP Security Overview. Each of the ClearPath systems has its own unique security strengths, and this is the book that tells you about OS 2200 security.
Section 1, the Introduction, includes OS 2200 security goals.
Section 2, The Secure OS 2200 Environment, includes topics that set the stage for the more focused overviews in later sections. It includes subsections on Defense in Depth, mandatory and discretionary access controls, OS 2200 Security Levels and other basics.
Section 3, Identification and Authentication, explains how OS 2200 verifies who you are. It includes an overview of your authentication choices, such as single sign-on and configured password profiles. It also introduces the concepts of hacker frustration, helping thwart brute force attacks, and impersonation, which lets an application have the right security attributes to act on behalf of a caller.
Section 4, Access Control, gives an overview of the ways you can control access to systems, files, transactions, database records, and other system entities. It also talks about the roles of the various levels of administrators who assign processing rights and set up automatic resource control.
Section 5, Cryptography, introduces the tools OS 2200 provides to protect your data by encrypting it.
Section 6. Network Security, provides an overview of the network security protocols supported in the OS 2200 environment—protocols designed to ensure the integrity and security of data being transferred to or from the ClearPath OS 2200 environment.
Section 7. Audit and Assessment, gives an overview of tools for verifying compliance with security policies and regulations. They include the system log file, which contains the records of events and actions on the system, and the log monitoring and reporting programs, such as Apex, that help you use the data in the system log to monitor the security of your system.
This book gives you an easy way to review and expand your OS 2200 security knowledge and put it into a coherent context. And if you sometimes have to explain parts of OS 2200 security to someone else, it gives you words and phrases to help you make your point.