What allows us to do this
- NIS: network information system contains things like:
- file shares: /gaia/hostname/diskname
- groups: trustedhosts, seisadm, seis-nets
- no local user accounts
- lpstat -a; queue name
- TRUSTS
- Policy Based Security Depends on:
- the host
- the user
- the process
- trustedhosts=
- the os/hardware is supported by computing staff
- there is a disater recovery plan for that systems os
- root passwd is turned over to computing staff
- the number of services on the host is limited
- all logins are logged
- eeprom is passwd protected
- only trusted hosts are allowed to make use of certain network resources:
file shares (maybe printers, maybe certain hosts)
- Logging
- Internal Logging
- External Logging
- Miscellaneous Logging