Assessing ClearPath OS 2200 System
Security with Apex

Security auditing and assessment is an integral part of a secure ClearPath® OS 2200 system.

This includes both proactive and reactive activities, all of which are typically carried out by your security officer and his or her team.

For instance, they’ll proactively verify that your users and the system objects they control – files, subsystems, etc. – comply with the relevant security policies, including government regulations, industry standards, and corporate or departmental guidelines. Part of this effort is confirming that actions are taken when required, such as updating passwords or disabling inactive user-ids, and that security parameters for systems, software, and users are set to values within acceptable ranges.

Additionally, they’ll audit security-relevant events to detect intrusion and unauthorized data access attempts, and take steps to prevent them from succeeding. The reaction to this assessment depends in part on the event details available to the security officer.

Typically, your primary tool for auditing and assessing security is the system log file, which contains the records of events and actions on the system, as well as log monitoring and reporting programs.

But there’s another tool your security team can rely on to make their audits and assessments more complete, comprehensive, and easier: Apex.

With Apex, your administrators can perform a variety of tasks with greater speed and accuracy. Because Apex reports information from system logs and internal data structures upon request, it streamlines investigations. And it provides visibility into system security settings and security-related events – while providing the tools your team needs to take action when a threat appears.

In particular, Apex provides robust reporting in two areas that are vital to your organization’s ability to audit and assess its security posture.

Defense in Depth

With the defense-in-depth reports in Apex, your security officer will be better positioned to discover – and mitigate – potential attacks.

Key reports include:

• The Login Failures Report: Indicates attempts by hackers to infiltrate your systems.
  
• The Modified Access Control Records Report: Shows who modified a record, as well as the values that record had before and after modification, helping your security officer identify and investigate possible unauthorized access modifications.
  
• The Modified Users Report: Identifies possible unauthorized changes to a user’s security attributes and notes who made the modification, providing a convenient way for your administrators to revert the properties as needed.
  
• The Privilege Escalations Report: Helps your security officer identify and investigate instances
  of privilege escalation.
  
• The File Assigns Report: Shows who accessed a file and when, making it easier to detect
  suspicious activity.

Compliance

With the compliance information provided by Apex, your security officer will be able to keep a sharp eye on how well the organization is adhering to established security policies.

Key reports include:

• The Passwords Report: Flags user-ids that violate site password security policies – including user-ids with expired passwords, passwords with unchanged initial values, passwords set to expire within a specified number of days, and passwords with age limits that don’t match system defaults.
  
• The Users Report: Identifies users with specified authentication types, privileges, and other attributes, as well as unexpected new users, so your security officer can verify that these individuals have the appropriate privileges. And by showing inactive user-ids, your team will be able to identify and eliminate a common situation hackers exploit when attempting to penetrate a system.
  

Frequent audits of your system security protect against undetected intrusions and unauthorized security modifications. With the powerful, flexible reports and information displays in Apex, you’ll make it easy for your security officer to assess key areas of OS 2200 system security.

If you’d like to learn more about the reports described in this article, please check out the “New and Enhanced Apex Reports” video on the support site or YouTube. Be sure to check out the “Apex 4.0 New Features Overview” video on the support site and YouTube, as well.