Your Browser is not longer supported
Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...
{{viewport.spaceProperty.prod}}
SECOS (SEcurity COntrol System) comprises a product range of the following individual components: SRPM, GUARDS, GUARDDEF, GUARDCOO, SAT and SECOS-KRB. These components provide administration systems and interfaces with which an individual framework of privileges and responsibilities can be defined for each user. They cover a range of functions extending from setting up, managing and canceling user IDs through working under user IDs to monitoring for any attempts to obtain illegal access to a user ID and its data.
SRPM | (System Resources and Privileges Management).
SRPM is used by system administration (and in particular security administrators and user
administrators) to define the facilities available to a user ID when this ID is created. The user ID may be linked into a group concept and/or special
privileges can be assigned to the user ID. In this manner, system administration sets up a user structure which makes security violations highly improbable and also permits rapid localization of the sources of such violations. The group concept also permits existing project and organization forms to be mapped into the group concept of BS2000. |
GUARDS | (Generally Usable Access contRol aDministration System)
GUARDS monitors access by the users to files, libraries and other objects belonging to other object administrations. GUARDS protection can be used by object administration for all or each individual user and can be applied to their own objects. GUARDS provides particularly comprehensive and flexible facilities for protecting data against unauthorized access. |
GUARDDEF | (Default protection).
GUARDDEF is used to allocate default attribute values for files and job variables. Optionally, these values can be prespecified for the creation or modification of these objects. The settings can be made for each pubset by the system administration (TSOS) or by each user for his/her own objects under his/her user ID.
GUARDDEF uses GUARDS to store the settings. |
GUARDCOO | (Co-owner protection).
In the case of files and job variables, a more precise definition of the ownership attribution in the BS2000 (the owner is the ID under which the object is catalogued; TSOS is co-owner of all files and job variables), and which is fixed by default, is possible. It is also possible to withdraw co-ownership for different name ranges associated with the object or for the TSOS user ID or grant it to the TSOS user ID or owners of certain privileges. GUARDCOO uses GUARDS to store the settings. |
SAT | (Security Audit Trail).
SAT is the logging component of BS2000 for events relevant to security. SAT can be used to identify attempted infiltrations or determine the person at fault in the event of contraventions of the security regulations. For this purpose, SAT logs events in SAT logging files (SATLOG). These files must be evaluated at regular intervals by users who have SAT privileges. This is achieved using the evaluation program SATUT. |
Events which are particularly critical with respect to security can now be monitored without delay with the aid of the new SAT alarm function. The alarm message is displayed on the operator console and the operator can then decide which countermeasures should be implemented. |
SECOS-KRB | SECOS-KRB is the interface for handling Kerberos authentication in BS2000. |
This manual describes all SECOS components with the exception of SAT (Security Audit Trail), which is described in the “SECOS - Security Control System - Audit” [1] manual.
