VOS Security Shell
"The Helping Hands in Telecommunications"

The SPS/VOS Security Shell eliminates unrestricted access to VOS and greatly enhances operators' and developers' productivity. Any operator, even with no Stratus experience, can become proficient and operate the system safely. The SPS/Security Shell is an indispensable environment for any mainframe trained personnel.

  - Eliminates the need to register privileged users  
  - Allows non-privileged users to execute selected subsets of analyze_system requests and other privileged commands  
  - Incorporates the Security Layer shielding the system from unauthorized use  
  - Produces a comprehensive audit trail log of all commands executed on the system; records the time and user's identity  
  - Keeps track of operator's activity and allows the user to restore and reuse commands and path names used previously during the session  
  - Features a standard DES-based file encryption facility  
  - Provides process listings (list_users) sorted by CPU utilization, I/O rate, Page faults memory usage and Interrupt rates  
  - Supports user-programmable function keys for frequently used commands  

SPS and System Security
Reduce the risk of human error
Restrict Privileged users
Control user access rights to sensitive data 
SPS products utilize a robust security layer designed to satisfy the most stringent security and audit requirements. It allows any level of customization, including per-user, per-command profiles, full command level password protection, single-point data access control (ACLs)and data encryption. SPS' advanced multi-level, object oriented solution of security requirements provides more granularity and greatly improves upon the single level, all or nothing, approach to security provided with the VOS operating system. 

  - Authorizes command execution based on user's security profile  
  - Allows access of non-privileged users to selected privileged commands and to subsets of analyze_system requests thereby eliminating the need for privileged users registration  
  - Ensures execution of commands from the correct, designated terminals  
  - Ensures that commands are executed within the allowed timeframes  
  - Blocks access to restricted modules, systems and devices (production)  
  - Password protects commands and menus  
  - Encrypts sensitive data  
  - Handles security violations; posts warning messages in the system error log and terminates the violator's session  
  - Manages, monitors and enforces directory and file access (ACL/DCL), employing a simple to operate, system-wide configuration  
  - Generates complete activity and security violations logs and reports date, time, user's identity, command executed and relevant violation information 

Protecting your Audit-Trail reports
We are being asked time and time again by VOS security auditors how they can protect the audit-trail reports that SPS creates and whether or not it is possible at all. After all, is it really feasible to control what the SysAdmin or other "super-users" are doing on the system? 
The answer is YES- all SPS reports can be easily protected and blocked from any unauthorized access. 

Here are easy to follow step by step instructions:

1.Remove all Write and Modify access from the start_up.cm command macros of controlled users. This should be done with the standard remove_access VOS command.

2.Make sure that only the security officer has access rights to both the SPS directories and these special start_up.cm macros - all other users should have null access to the SPS directories and to their own start_up.cm macros.

3.Use VOS' set_owner_access on the sps_vss.pm and on the sps_menu.pm programs as follows:
set_owner_access sps_vss.pm person_and_group
set_owner_access sps_menu.pm person_and_group

4.That's it - you are now ready. Help is a phone call (or Email) away.  

Member -National 
Minority Supplier 
Development Council
State of Florida Minority Vendor

State of Florida
Woman & Minority
Business Certified