HP StorageWorks X5000 Technical Manual page 35

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

Member Server Default

Administrators

The Manage auditing and security log privilege allows a user to specify object access auditing options

for individual resources such as files, Active Directory objects, and registry keys. The right to manage

the security event log is a powerful user privilege that should be closely guarded. Anyone with this

user right can clear the security log, possibly erasing important evidence of unauthorized activity. The

default security groups for this user right are sufficient for the Legacy Client and Enterprise Client

environments. However, this user right is configured to enforce the default Administrators in the High

Security environment.

Member Server Default

Administrators

The Modify firmware environment values user right allows modification of system environment

variables either by a process through an API, or by a user through System Properties. Anyone with

this privilege could configure the settings of a hardware component to cause it to fail, which could

lead to data corruption or a DoS condition. The default security groups for this user right are sufficient

for the Legacy Client and Enterprise Client environments. However, this user right is configured to

enforce the default Administrators group in the High Security environment.

Member Server Default

Administrators

The Perform volume maintenance tasks user right allows a non-administrative or remote user to

manage volumes or disks. A user with this privilege could delete a volume, leading to the loss of data

or a DoS condition. The default security groups for this user right are sufficient for the Legacy Client

and Enterprise Client environments. However, this user right is configured to enforce the default

Administrators group in the High Security environment.

Member Server Default

Administrators and

Power

Users

The Profile single process user right determines which users can use performance monitoring tools to

monitor the performance of non-system processes. This is a moderate vulnerability; an attacker with

this privilege could monitor a computer's performance to help identify critical processes that he or she

might want to attack directly. The attacker may also be able to determine what processes are running

on the system so that he or she could identify countermeasures to avoid-such as antivirus software, an

intrusion-detection system, or other users logged onto a system. To better secure an environment,

remove Power Users from this user right in the High Security environment.

Manage auditing and security log

Legacy Client

Enterprise Client

Not Defined

Modify firmware environment values

Legacy Client

Enterprise Client

Not Defined

Perform volume maintenance tasks

Legacy Client

Enterprise Client

Not Defined

Profile single process

Legacy Client

Enterprise Client

Not Defined

High Security Client

Not Defined

High Security Client

Not Defined

High Security Client

Not Defined

High Security Client

Not Defined

Administrators

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

HP StorageWorks X5000 Technical Manual page 35

Related Manuals for HP StorageWorks X5000

Related Products for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents