StorageTek Storage Archive Manager and StorageTek QFS Software Security Guide Release 5.4 E51255-01 |
|
Previous |
Next |
To avoid potential security threats, customers operating a shared file system must be concerned about:
Disclosure of file system data in violation of policy
Loss of data
Undetected modification of data
These security threats can be minimized by proper configuration and by following the post-installation checklist in Appendix A, "Secure Deployment Checklist."
The critical security features that provide protections against security threats are:
Authentication – Ensures that only authorized individuals are granted access to the system and data.
Authorization – Access control to system privileges and data. This feature builds on authentication to ensure that individuals get only appropriate access.
Audit – Enables administrators to detect attempted breaches of the authentication mechanism and attempted or successful breaches of access control.
SAM-QFS uses host-based user authentication to control who can perform administration tasks. Administration using the SAM-QFS Manager is mainly controlled by roles which are assigned to various users. Administration using the command line is limited to the root user.
Access control in SAM-QFS is divided into two parts:
Administrative access control – Controls who can take administrative actions for SAM-QFS. The controls are based on roles that are assigned to users through SAM-QFS Manager. For command-line operations, controls are based on root permissions. For more information about SAM-QFS Manager, see the StorageTek Storage Archive Manager and StorageTek QFS Software Release 5.4 Customer Documentation Library at: http://www.oracle.com/technetwork/documentation/tape-storage-curr-187744.html#samqfs
File/directory access control – SAM-QFS implements a POSIX compliant file system that has a rich set of access controls. See the SAM-QFS documentation for more details.