Security Administration

2,291 views
2,216 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,291
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
71
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Security Administration

  1. 1. Teradata Database Security Administration Release V2R5.1 B035-1100-083A November 2003
  2. 2. The product described in this book is a licensed product of NCR Corporation. BYNET is an NCR trademark registered in the U.S. Patent and Trademark Office. CICS, CICS/400, CICS/600, CICS/ESA, CICS/MVS, CICSPLEX, CICSVIEW, CICS/VSE, DB2, DFSMS/MVS, DFSMS/ VM, IBM, NQS/MVS, OPERATING SYSTEM/2, OS/2, PS/2, MVS, QMS, RACF, SQL/400, VM/ESA, and VTAM are trademarks or registered trademarks of International Business Machines Corporation in the U. S. and other countries. DEC, DECNET, MICROVAX, VAX and VMS are registered trademarks of Digital Equipment Corporation. HEWLETT-PACKARD, HP, HP BRIO, HP BRIO PC, and HP-UX are registered trademarks of Hewlett-Packard Co. KBMS is a trademark of Trinzic Corporation. INTERTEST is a registered trademark of Computer Associates International, Inc. MICROSOFT, MS-DOS, MSN, The Microsoft Network, MULTIPLAN, SQLWINDOWS, WIN32, WINDOWS, WINDOWS 2000, and WINDOWS NT are trademarks or registered trademarks of Microsoft Corporation. SAS, SAS/C, SAS/CALC, SAS/CONNECT, and SAS/CPE are registered trademarks of SAS Institute Inc. SOLARIS, SPARC, SUN and SUN OS are trademarks of Sun Microsystems, Inc. TCP/IP protocol is a United States Department of Defense Standard ARPANET protocol. TERADATA and DBC/1012 are registered trademarks of NCR International, Inc. UNICODE is a trademark of Unicode, Inc. UNIX is a registered trademark of The Open Group. X and X/OPEN are registered trademarks of X/Open Company Limited. YNET is a trademark of NCR Corporation. THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED ON AN “AS-IS” BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. IN NO EVENT WILL NCR CORPORATION (NCR) BE LIABLE FOR ANY INDIRECT, DIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS OR LOST SAVINGS, EVEN IF EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. The information contained in this document may contain references or cross references to features, functions, products, or services that are not announced or available in your country. Such references do not imply that NCR intends to announce such features, functions, products, or services in your country. Please consult your local NCR representative for those features, functions, products, or services available in your country. Information contained in this document may contain technical inaccuracies or typographical errors. Information may be changed or updated without notice. NCR may also make improvements or changes in the products or services described in this information at any time without notice. To maintain the quality of our products and services, we would like your comments on the accuracy, clarity, organization, and value of this document. Please e-mail: teradata-books@lists.ncr.com or write: Information Engineering NCR Corporation 100 North Sepulveda Boulevard El Segundo, CA 90245-4361 U.S.A. Any comments or materials (collectively referred to as “Feedback”) sent to NCR will be deemed non-confidential. NCR will have no obligation of any kind with respect to Feedback and will be free to use, reproduce, disclose, exhibit, display, transform, create derivative works of and distribute the Feedback and derivative works thereof without limitation on a royalty-free basis. Further, NCR will be free to use any ideas, concepts, know-how or techniques contained in such Feedback for any purpose whatsoever, including developing, manufacturing, or marketing products or services incorporating Feedback. Copyright © 2002–2003, NCR Corporation All Rights Reserved
  3. 3. Preface Supported Software Release This book supports Teradata® Database V2R5.1. Changes to This Book This book includes the following changes to support the current release: Date Description November 2003 • Added network data encryption and logon encryption in Chapter 2. December 2002 • Added information on Roles and Profiles under “Roles” on page 3-15 and “Profiles” on page 3-17. • Added information on user level security control. • Added information on maximum lockout duration of a user. June 2001 • Added information on new Single Sign On feature under “Logon Policy” on page 2-3. • Added information about USER DBC lock out under “Maximum Logon Attempts” on page 2-16. June 2000 • In Chapter 4: “Monitoring Access to Teradata Database,” END LOGGING statement has been updated to reflect that frequency cannot be included. • In Chapter 2: “Controlling Access to Teradata Database,” information has been added about setting passwords and temporary passwords. • Added stored procedures information in applicable chapters. December 1998 • All references to syntax and usage information for Teradata Structured Query Language (SQL) were moved to Teradata RDBMS SQL Reference. • All references to syntax and usage information for Data Definition Language (DDL) were moved to Teradata RDBMS SQL Reference. • Detailed description of Account String Expansion (ASE) was moved to Teradata RDBMS SQL Reference. Security Administration i
  4. 4. Preface About This Book About This Book Purpose The purpose of this book is to assist security and system administrators in formulating, implementing, and auditing a security policy for a Teradata Database system. This book provides information and guidelines to help the administrator define a level of protection appropriate for the uses of the system. Scope This book contains subjects related to Teradata Database security but does not address disaster recovery and the larger issues of general system administration. This book covers the following subjects: • Establishing a security policy • Determining the need for user access privileges and assigning those privileges • Available security features • Databases and tables requiring protection and how to protect them • Parts of the physical system requiring protection Audience The authors wrote this book for those who plan and implement system security measures including: • The database administrator • The security administrator • Operations personnel • Other employees associated with these functions How This Book Is Organized This book contains five chapters and one appendix: Chapter 1: “Introduction to Teradata Database Security” • Presents the basic elements of security for the Teradata Database, including access control and accountability • Explains how to identify the level of security required for the system and the access needs of the users • Defines the role of the security administrator as a user of the Teradata Database ii Security Administration
  5. 5. Preface About This Book Chapter 2: “Controlling Access to Teradata Database” • Describes the controls for initial access to the Teradata Database • Defines various terminology • Describes the logon policy • Suggests ways to protect password confidentiality • Describes system controls for handling sessions, user access privileges, and user logons • Describes network data encryption and logon encryption Chapter 3: “Managing Data Access” • Explains the management of space allocation, space and object ownership, and rights verification • Discusses setting up the system administration user • Defines the types of access rights • Describes how to grant and revoke rights • Discusses Roles and Profiles Chapter 4: “Monitoring Access to Teradata Database” • Introduces the Data Dictionary • Discusses the system views from which you can extract useful audit reports • Provides general rules for controlling access log entries • Describes the BEGIN LOGGING and END LOGGING statements for invoking and suspending audit trails • Explains the use of the Account String Expansion (ASE) for detailed security audit information Chapter 5: “Physical System Security” • Proposes methods of restricting access to the physical components of the computer system Appendix A: “Running a Secure Teradata Database” • Details the requirements for configuring and running a secure Teradata Database as suggested by the National Computer Security Center (NCSC). Security Administration iii
  6. 6. Preface About This Book Prerequisites This book assumes you have some basic knowledge of computer system hardware and software. To help you understand the terms and concepts in this book, you may want to review the following books: Review the book titled... For information about... Introduction to Teradata Warehouse system hardware. Database Design relational database management concepts. SQL Reference the syntax and usage of Teradata Structured Query Language (SQL). Data Dictionary the structure, content, and purpose of the Data Dictionary. Teradata Director Program Reference programming the logon and security exits in the Teradata Director Program (TDP). iv Security Administration
  7. 7. Preface List of Acronyms List of Acronyms This book uses the following acronyms, which the table below lists in alphabetical order: AMP Access Module Processor AP Application Processor ASE Account String Expansion AWS Administration Workstation BTEQ Basic Teradata Query BYNET Banyan Network (high-speed interconnect) CLIv2 Call Level Interface version 2 DBC Database Computer DD Data Dictionary DDL Data Definition Language DES Data Encryption Standard LAN Local Area Network MVS Multiple Virtual Storage NCSC National Computer Security Center PC Personal Computer PE Parsing Engine RDBMS Relational Database Management System SQL Structured Query Language SSO Single Sign On TCB Trusted Computing Base TDI Trusted Database Interpretation TDP Teradata Director Program TSC Teradata Support Center UDF User-Defined Function WAN Wide Area Network Security Administration v
  8. 8. Preface Technical Information on the Web Technical Information on the Web The NCR home page ( http://www.ncr.com) provides links to numerous sources of information about Teradata. Among the links provided are sites that deal with the following subjects: • Contacting technical support • Enrolling in customer education courses • Ordering and downloading product documentation • Accessing case studies of customer experiences with Teradata • Accessing third party industry analyses of Teradata Warehouse products • Accessing white papers • Viewing or subscribing to various online periodicals vi Security Administration
  9. 9. Contents Preface Supported Software Release ............................................................................................ i Changes to This Book ....................................................................................................... i About This Book ..................................................................................................................ii List of Acronyms ................................................................................................................. v Technical Information on the Web...................................................................................vi Chapter 1: Introduction to Teradata Database Security Security Controls ............................................................................................................. 1–2 Introduction................................................................................................................... 1–2 Access Control .............................................................................................................. 1–2 Resource Access Control ............................................................................................ 1–2 Physical System Access Control................................................................................. 1–3 Auditing and Accountability ...................................................................................... 1–3 Establishing a Security Policy........................................................................................ 1–5 Introduction................................................................................................................... 1–5 Identifying Security Requirements ............................................................................ 1–5 Identifying Security Levels ......................................................................................... 1–5 Minimal Security .......................................................................................................... 1–6 Moderate Security ........................................................................................................ 1–7 High Security ................................................................................................................ 1–7 Identifying Users and Their Needs............................................................................... 1–8 Introduction................................................................................................................... 1–8 Common User Groups................................................................................................. 1–8 Formulating the Security Policy.................................................................................... 1–9 Introduction................................................................................................................... 1–9 System-Enforced Security Features ........................................................................... 1–9 Key Elements of a Security Policy.............................................................................. 1–9 Reevaluating the Security Policy................................................................................ 1–9 Security Administrator Role ........................................................................................ 1–11 Introduction................................................................................................................. 1–11 Duties of the Security Administrator ...................................................................... 1–11 Assigning Security Administrator Attributes to a User ....................................... 1–11 Security Administration vii
  10. 10. Contents Chapter 2: Controlling Access to Teradata Database Identifiers.......................................................................................................................... 2–2 Introduction................................................................................................................... 2–2 Username Identifiers.................................................................................................... 2–2 Client System Identifiers ............................................................................................. 2–2 Logon Policy..................................................................................................................... 2–3 Introduction................................................................................................................... 2–3 Tdpid .............................................................................................................................. 2–3 Account String .............................................................................................................. 2–3 Password........................................................................................................................ 2–4 Single Sign On............................................................................................................... 2–4 Password Control ............................................................................................................ 2–6 Introduction................................................................................................................... 2–6 SysSecDefaults Table.................................................................................................... 2–6 Password Expiration .................................................................................................. 2–10 Resetting an Expired Password................................................................................ 2–10 Setting Password for New User ............................................................................... 2–11 Setting a Temporary Password................................................................................. 2–11 Password Format........................................................................................................... 2–13 Introduction................................................................................................................. 2–13 Rules for Creating a Password ................................................................................. 2–13 Examples of Using UPDATE to Set Password Values .......................................... 2–14 Specifying Password Length..................................................................................... 2–14 Submitting a Password String .................................................................................. 2–15 Error Messages............................................................................................................ 2–15 Maximum Logon Attempts.......................................................................................... 2–16 Password Lockout Time ............................................................................................... 2–18 Password Reuse ............................................................................................................. 2–19 Session Handling ........................................................................................................... 2–21 Introduction................................................................................................................. 2–21 Handling Space Allocation........................................................................................ 2–21 Handling Data Access................................................................................................ 2–21 Logon Control ................................................................................................................ 2–23 Introduction................................................................................................................. 2–23 Description of GRANT/REVOKE LOGON Statements ....................................... 2–23 Rules for Submitting GRANT/REVOKE LOGON Statements ........................... 2–23 Providing Access Control.......................................................................................... 2–24 General Rules and Precedence of Clauses .............................................................. 2–24 Encryption ...................................................................................................................... 2–25 Network Data Encryption ......................................................................................... 2–25 viii Security Administration
  11. 11. Contents Logon Encryption....................................................................................................... 2–25 Chapter 3: Managing Data Access User DBC .......................................................................................................................... 3–2 Introduction................................................................................................................... 3–2 User DBC Contents ...................................................................................................... 3–2 Establishing a System Administrator ........................................................................... 3–3 User and Database........................................................................................................... 3–5 Introduction................................................................................................................... 3–5 Space Allocation ........................................................................................................... 3–5 Access Rights.................................................................................................................... 3–6 Introduction................................................................................................................... 3–6 Ownership Rights......................................................................................................... 3–6 Automatic Rights.......................................................................................................... 3–6 Examples Using GRANT Statement .......................................................................... 3–8 Example 1: User A Creating Database X................................................................... 3–8 Example 2: User A Creating User B ........................................................................... 3–9 Example 3: User C Creating Table Z.Y...................................................................... 3–9 Example 4: User D Creating Stored Procedure Z.SpSample.................................. 3–9 Explicit Rights ............................................................................................................... 3–9 Forms of GRANT Statement........................................................................................ 3–11 Forms of REVOKE Statement ...................................................................................... 3–12 Owners and Parents...................................................................................................... 3–13 Introduction................................................................................................................. 3–13 Object Ownership....................................................................................................... 3–13 Giving Ownership ...................................................................................................... 3–13 Rights Verification...................................................................................................... 3–14 Roles ................................................................................................................................ 3–15 Advantages of Using Roles ....................................................................................... 3–15 Related Topics ............................................................................................................. 3–15 Profiles ............................................................................................................................ 3–17 Definition ..................................................................................................................... 3–17 Advantages of Using Profiles ................................................................................... 3–17 Related Topics ............................................................................................................. 3–17 System-Wide Password Security.............................................................................. 3–18 Controlling User-Level Password Security ............................................................ 3–18 Chapter 4: Monitoring Access to Teradata Database System Views ................................................................................................................... 4–2 Security Administration ix
  12. 12. Contents System View Queries ...................................................................................................... 4–4 Introduction................................................................................................................... 4–4 MONITOR-Related Queries........................................................................................ 4–4 Example 1: Determining Which Users Can Force Other Users Off System......... 4–4 Example 2: Determining Which Users Have Been Forced Off System................. 4–4 Example 3: Determining Who Is Currently Using the MONITOR ....................... 4–4 Controlling Access Log Entries ..................................................................................... 4–5 Overview of Logging ................................................................................................... 4–5 General Rules for Using DDL Statements................................................................. 4–5 Security Macro Privilege Checking............................................................................ 4–6 System Default .............................................................................................................. 4–6 BEGIN/END LOGGING Statements ........................................................................... 4–7 Introduction................................................................................................................... 4–7 Function ......................................................................................................................... 4–7 DBC.AccLogRuleTbl Entries....................................................................................... 4–7 DBC.AccLogTbl Entries ............................................................................................... 4–8 Logging at Database Level .......................................................................................... 4–8 Logging at Table Level................................................................................................. 4–9 Using BEGIN LOGGING With GRANT ................................................................... 4–9 Viewing Log Entries..................................................................................................... 4–9 Using END LOGGING .............................................................................................. 4–10 Purging Aged Log Entries......................................................................................... 4–10 DBC.AccLogRule Macro............................................................................................ 4–10 Access Logging and Errors ....................................................................................... 4–11 Changing Options With MODIFY USER ................................................................ 4–11 Using Account String Expansion ................................................................................ 4–12 Chapter 5: Physical System Security Controlling Machine Room Access............................................................................... 5–2 Introduction................................................................................................................... 5–2 Setting Security Policy ................................................................................................. 5–2 Enforcing Security Policy ............................................................................................ 5–2 Controlling Access to Outside Devices ........................................................................ 5–3 Controlling Access to Dump Files ................................................................................ 5–4 Controlling Access to the Operating System............................................................... 5–5 Appendix A: Running a Secure Teradata Database Securing System at C2 Level or Equivalent ................................................................ A–2 Introduction.................................................................................................................. A–2 x Security Administration
  13. 13. Contents C2 Security Level Procedure...................................................................................... A–2 Potential Hazards ........................................................................................................... A–4 Index ......................................................................................................................... Index–1 Security Administration xi
  14. 14. Contents xii Security Administration
  15. 15. List of Tables Table 1-1 Advantages and Disadvantages of Data Security Levels.................. 1–6 Table 1-2 User Groups ............................................................................................. 1–8 Table 2-1 SysSecDefaults Column Descriptions .................................................. 2–8 Table 2-2 OldPasswords Column Descriptions ................................................. 2–20 Table 3-1 Creator Privileges .................................................................................... 3–8 Security Administration xiii
  16. 16. List of Tables xiv Security Administration
  17. 17. Chapter 1: Introduction to Teradata Database Security The goals of Teradata Database system security features, as presented in this book, are: • To prevent unauthorized users from gaining access to stored data • To permit legitimate Teradata Database users access to only those resources (databases, tables, views, stored procedures, and macros) they are authorized to use The suggestions and procedures in this book are intended to help the system administrator or security administrator to achieve these goals. Security Administration 1–1
  18. 18. Chapter 1: Introduction to Teradata Database Security Security Controls Security Controls Introduction The controls available to maintain Teradata Database security include: • Software-enforced access restrictions • Physical access restrictions • System auditing of security-related user actions in Teradata Database • Security policy You must define and implement these controls effectively to maintain optimal security. This introductory chapter briefly outlines the first three controls that are described more fully in subsequent chapters. This chapter, in particular, describes security policy in full. Access Control As security administrator, you can control access to Teradata Database. Access control takes one of two forms: • Resource access control • Physical system access control Resource Access Control Resource access control involves controlling access to the data and to the relational computing power of Teradata Database. Access to Teradata Database means the user is capable of carrying on a dialog with the system beyond the logon process. Teradata Database controls access by identifying users with a username and password. Teradata Database acknowledges only users that it recognizes as currently authorized to access the system. If the system identifies the username as an authorized user and the password is correct for that user, Teradata Database assumes the user is valid and establishes a session with the user. A user cannot run a session on Teradata Database without an associated username. An individual or a process logs on by supplying a username known to Teradata Database and, if required, an associated password. The system then validates the username (with or without a password), against the definition stored in a table maintained by the system. Optionally, Teradata Database can verify that the logon request originating from a client system connection (LAN, WAN, or mainframe channel) is specifically associated with the username. If Teradata Database verifies the logon request, it establishes a session for the user and assigns a unique number to the session. The session runs under the 1–2 Security Administration
  19. 19. Chapter 1: Introduction to Teradata Database Security Security Controls combined identifier of session number and username until the user logs off. The user is the basis for ownership of all databases, users, and objects (tables, views, stored procedures, and macros) created during a session. The system can also associate the user with other explicitly granted access rights. For information on how to regulate access, see Chapter 2: “Controlling Access to Teradata Database.” Physical System Access Control Physical access control is the control of access to the physical components of the computer system. These components include the processors, disk storage units, and Administration Workstation (AWS). Controlling access to physical components involves: • Protecting the system and its components against deliberate damage • Controlling access to devices used to establish sessions on Teradata Database, such as remote terminals and the local system console Auditing and Accountability The security administrator can periodically audit events on Teradata Database to detect the following security hazards: • Potential break-ins • Attempts to gain unauthorized access to database resources • Attempts to alter the behavior of Teradata Database auditing facilities Teradata Database automatically audits all logon and logoff activity. However, the security administrator can specify additional audits of attempts to access data by configuring the system to log one, or any combination, of the following parameters: • All access requests made (for all or specific users) • All access requests denied (for all or specific users) • Specific types of access request made (for all or specific users) The security administrator can examine or print the audit data during normal system operations, or archive the data to review offline and generate reports. To select data from the audit log during normal operations, the security administrator composes statements with Teradata Structured Query Language (SQL). If security administrators identify unauthorized or undesirable activity, they take one of the following remedial actions to address the problem: • Change the security policy • Change compromised passwords • Audit intensively all actions of particular users Security Administration 1–3
  20. 20. Chapter 1: Introduction to Teradata Database Security Security Controls • Change access rights • Deny the offending users any access to Teradata Database (in extreme cases) 1–4 Security Administration
  21. 21. Chapter 1: Introduction to Teradata Database Security Establishing a Security Policy Establishing a Security Policy Introduction A security policy consists of those procedures and regulations used to maintain a desired level of system security. The two major steps for establishing a security policy are: Step Action 1 Identify security needs. 2 Identify procedures and regulations to fulfill those needs. Identifying Security Requirements Identifying security needs may involve one or a combination of the following procedures: • Identifying the business importance of the data and the associated processing system • Assigning a security priority to the data, based on the business case evaluation • Identifying the classes of users requiring access to Teradata Database and the data that it controls • Identifying the system resources that require protection to ensure continued availability data to all valid Teradata Database users You should base security requirements on the business value of the data processed on the system. A system that stores and processes highly sensitive data probably has a greater need for security than one that stores and processes less sensitive data. Identifying Security Levels The three levels of data security include minimal, moderate, and high. Table 1-1 summarizes the advantages and disadvantages of each security level, and the following sections briefly discuss each level. You should ask some key questions to identify the level of security appropriate to your Teradata Database including: • Is the data on Teradata Database sensitive? How damaging would it be if: – An unauthorized person gained access to the data? – An unauthorized person altered, corrupted, or destroyed the data? • How important are the processing resources to your company business? • What would be the loss if someone maliciously brought down the system? Security Administration 1–5
  22. 22. Chapter 1: Introduction to Teradata Database Security Establishing a Security Policy Table 1-1 Advantages and Disadvantages of Data Security Levels Minimal security... Moderate security... High security... • makes sharing • protects the system • affords a high level of information extremely from casual attempts protection to data and simple. to circumvent processing resources. • allows an environment security. • gives users confidence of trusted users with • requires little or no that their data is safe from unrestricted access to additional effort for unauthorized corruption all database resources users to perform their or disclosure and Advantages to realize a high level of work. unwarranted deletions. productivity. • involves • uses an auditing policy • requires few security security-related designed both to detect enforcement activities events that have little unauthorized access enhancing system or no effect on system attempts and permit the performance. performance. implementation of corrective measures. • allows anyone • can leave serious • requires that owners of accessing Teradata violation attempts shared data make Database to destroy or undetected for additional effort define corrupt data. extended periods. those authorized to access • gives anyone accessing • provides no the data. Teradata Database guidelines for • may degrade system access to all passwords possibly performance depending information stored letting users choose on the frequency and under its control. passwords that others scope of auditing and the Disadvantages • allows no private or can easily guess. demands of secret data. security-related events. • lets unauthorized users gain access to Teradata Database. • might degrade system performance by allowing unauthorized use or misuse of the system. Minimal Security Minimal security may also include no security. Under minimal security, anyone who has successfully logged on to the system has unrestricted access to all data and Teradata Database resources. No one performs security-related auditing and no formal security policy exists. The only security-related access restriction is that a user must first gain access to a client system (mainframe, minicomputer, PC, or Application Processor) that is capable of communicating with Teradata Database via a channel, LAN, WAN, or BYNET connection. 1–6 Security Administration
  23. 23. Chapter 1: Introduction to Teradata Database Security Establishing a Security Policy A client might have its own security procedures. Teradata Database security procedures neither coordinate nor communicate with any such client security procedures. Moderate Security This class groups users according to their needs and trustworthiness. Under moderate security, a small, privileged subgroup has unlimited access. The security administrator performs only occasional auditing of security-related events, and no formal security policy exists for the users. High Security This level identifies and charges a security administrator with establishing and maintaining Teradata Database security. The security administrator is the only user that Teradata Database permits to perform the following security-related actions: • Define which username/client system combinations Teradata Database allows to establish a session • Define and control the auditing of security-related events • Review the results of security-related audits The administrator carefully controls physical access to processors, disk storage units, and system consoles. In addition, the administrator regularly audits security-related events and randomly audits individual users. Each user should receive a document that states the security policy, explains the importance of security, outlines the role of the user in supporting that policy, and defines the guidelines for protecting passwords and data. Each operator should receive a document that explains their role in supporting the security policy. Operator awareness is important to early detection of potential security violations. Security Administration 1–7
  24. 24. Chapter 1: Introduction to Teradata Database Security Identifying Users and Their Needs Identifying Users and Their Needs Introduction The required level of enforced protection on a system is directly influenced by the level of trust placed in its users. With carefully screened users who are highly trusted, and with strict controls on physical access to Teradata Database, you might be able to establish a high degree of security without denying users needed access rights and without resorting to frequent and detailed audits. However, the time required to screen all users and the cost of physical access controls make this an undesirable security policy. Also, because you cannot automatically audit and verify the trustworthiness of a user, this type of policy may not easily accommodate additions to the user community in a timely fashion. For these reasons, you can only achieve a high degree of security by making full use of Teradata Database security features and conducting careful administration. Common User Groups When formulating a security policy, you must balance the access needs of users with the need to provide system security. In a large computer installation, most Teradata Database users fall into one or more of the groups listed in Table 1-2. Usually the various groups have different needs, with the systems programmers requiring the broadest range of access. Table 1-2 User Groups User Group Description End Users Make Teradata SQL requests to Teradata Database as a means of accomplishing their tasks . Application Develop databases, tables, views, stored procedures, Programmers and macros on behalf of the end users. Systems Responsible for the installation, maintenance, and Programmers availability of Teradata Database to all system users. 1–8 Security Administration
  25. 25. Chapter 1: Introduction to Teradata Database Security Formulating the Security Policy Formulating the Security Policy Introduction After you define the security needs of the system and balance those with the needs of system users, you can formulate the security policy. System-Enforced Security Features System-enforced security features are relatively easy to implement. Issue a guide defining how to use Teradata Database security features and offer some suggestions. It is up to the security administrator to implement those suggestions. It is recommended that a document describing the security policy be supplied to each user and operator defined on Teradata Database. The document should outline the advantages of a secure database, minimize any restrictions imposed by the security policy, and include explanations of the following topics: • Why security is needed • Benefits of security to the users and the company • Suggested security actions for users • Required security actions for users Key Elements of a Security Policy The key elements for a system security policy might include knowledge and guidelines on the following: • Extent of the need for security • Benefits to be derived from a secure system • A defined management policy when a user is discovered attempting to violate security • Password protection • Granting access to data • Computer room staff • Contacting the security administrator Reevaluating the Security Policy A system security policy should not remain static. You should conduct periodic reviews to continually reevaluate how the current policy meets current needs of the system, the users, and the company. Security Administration 1–9
  26. 26. Chapter 1: Introduction to Teradata Database Security Formulating the Security Policy The following factors make a review of the security policy necessary: • Changes in the profiles of users who access the system • Changes in business needs that raise or lower the opportunity value of the data being protected • New releases of Teradata Database software that might introduce new security features • Discovery of security violations, potential violations, or attempted violations 1 – 10 Security Administration
  27. 27. Chapter 1: Introduction to Teradata Database Security Security Administrator Role Security Administrator Role Introduction If system security is critical, then one or more individuals should assume responsibility for the duties of the security administrator. Teradata Database security features allow privileges associated with security to be assigned solely to the security administrator. Duties of the Security Administrator The designated security administrator performs the following duties: • Establishes and modifies logon rules • Defines users, if any, to be audited • Defines objects, if any, to be audited • Defines Teradata SQL functions, if any, to be audited • Coordinates Teradata Database security duties with the NCR server security administrator, if applicable Assigning Security Administrator Attributes to a User To assign the attributes of a security administrator to a user, perform the following steps: Step Action 1 Log on to Teradata Database under username DBC. 2 Enter a CREATE USER statement to create user space for the security administrator in Teradata Database. If you need more information about the CREATE USER statement, see SQL Reference: Data Definition Statements. Any name except “sysadmin” can be assigned (this book uses the name “SECADMIN”). Be sure to assign a password to user SECADMIN. 3 When user SECADMIN has been created, enter the following Teradata SQL statements to grant user SECADMIN the privilege of executing the GRANT/REVOKE LOGON and BEGIN/END LOGGING statements: GRANT EXECUTE ON DBC.LogonRule TO SECADMIN ; GRANT EXECUTE ON DBC.AccLogRule TO SECADMIN ; 4 Log off Teradata Database as user. Security Administration 1 – 11
  28. 28. Chapter 1: Introduction to Teradata Database Security Security Administrator Role Step Action 5 Immediately log back onto Teradata Database as username SECADMIN. 6 Enter the following Teradata SQL statement to initiate an audit trail on the execution of any BEGIN/END LOGGING or GRANT/REVOKE LOGON statement: BEGIN LOGGING ON EACH ALL ON MACRO DBC.LogonRule, MACRO DBC.AccLogRule ; After this statement is executed, audit entries are generated for all future execution of Teradata SQL statements that control auditing of actions on and the source of logons to Teradata Database. 7 Log off Teradata Database. 1 – 12 Security Administration
  29. 29. Chapter 2: Controlling Access to Teradata Database This chapter describes the following: • Logon control and Teradata SQL statements used to grant or revoke logons • The controls on initial access to Teradata Database • Logon policy • Suggested ways to protect password confidentiality A user gains access to Teradata Database when the logon process completes and a session initiates. This chapter discusses the elements of each of the following major phases of system access control: Phase Process 1 Identifying and verifying each parameter of the logon request. Teradata Database logon process accomplishes the first phase by performing a variety of identification checks based on system requirements and, optionally, on requirements imposed by the security administrator. 2 Assigning each session to the conducting user. Teradata Database accomplishes the second phase by identifying the session with a unique number that is irrevocably linked with the user identification. 3 Controlling user access to stored data during that session. Teradata Database accomplishes the third phase by checking an arrangement of access rights any time a user submits a Teradata SQL statement that attempts to access (or to execute a function that accesses) a database or object (table, view, stored procedure, or macro) owned by another user. Security Administration 2–1
  30. 30. Chapter 2: Controlling Access to Teradata Database Identifiers Identifiers Introduction Teradata Database access control is based on the following: • A user identifier • Optionally, an identifier associated with a channel- or LAN-connected client system The security administrator can use these identifiers in GRANT LOGON and REVOKE LOGON statements to designate which users can log on from which client system connections. The following paragraphs explain each type of identifier. Username Identifiers A user identifier or “username” is the name defined in a CREATE USER statement. The Teradata Database security administrator must execute a separate CREATE USER statement for each authorized user to establish the username, define an associated password, and allocate user disk space. A system table named DBase stores usernames and database names and resides in the space allocated to a system user. You can retrieve information on usernames from DBC.DBase by querying the system view DBC.Users. Client System Identifiers Many different types of client systems exist, and they can connect to Teradata Database in many different ways. Each connection must have its own unique client system identifier. To Teradata Database, a client system can be a mainframe, a minicomputer, a PC, an applications node, a node of a server, or the server itself. Teradata Database communicates with: • A mainframe client system through a channel connection • A minicomputer or PC client system through a LAN or WAN connection • An application node through a BYNET connection In turn, the server can have multiple connections to mainframe channels and a single LAN or WAN connection. You assign each connection a unique value and define that value to Teradata Database using the Configuration utility. The system uses each defined value as a client system identifier or “hostid.” For more information on the Configuration utility, see Utilities. 2–2 Security Administration
  31. 31. Chapter 2: Controlling Access to Teradata Database Logon Policy Logon Policy Introduction Teradata Database requires that a LOGON request be issued to identify the user and establish a session. The logon string must include a username already established in the system via a CREATE USER statement. In addition to the username, the logon string may include any combination of the following operands, each involving special considerations as described in this section: • Tdpid • Account string • Password Teradata Database validates the account identification (account string) and password associated with the supplied username against system data. Another method to log on to Teradata Database is Single Sign On (SSO). SSO is further described at the end of this section. Tdpid The Teradata Director Program (TDP) is a Teradata-supplied program that manages communication between the client and Teradata Database. On a system connected to more than one server, each copy of the TDP receives a unique identifier, called a tdpid. The tdpid is a client system-based operand and is not transmitted to Teradata Database. For channel-attached clients connected to several Teradata servers, the tdpid is the identifier of the TDP that handles Teradata Database traffic. The tdpid on a network-attached client specifies the network ID of the Teradata Database. Use the optional tdpid identifier to specify a particular Teradata Database. Users should see their system or site administrator for the identifier associated with the Teradata Database to be used. In a Teradata Database logon string, the tdpid indicates which copy of the TDP the system should invoke for the requested session. For more information on tdpid and default tdpid values, see Teradata Director Program Reference. Account String Each username may have one or more associated account strings. Resource accounting requires use of the account string. If the logon string does not supply the account string, the system assigns a default value. Optionally, the account string may include a priority-level Performance Group prefix code, which establishes the session priority. Priorities are useful when Security Administration 2–3
  32. 32. Chapter 2: Controlling Access to Teradata Database Logon Policy interactive users are competing for system resources with long-running batch applications. For additional information, see Database Administration. Password The password authenticates a user request to initiate a Teradata Database session under the supplied username. You must define a password in the applicable CREATE USER statement, and the system default requires that the password appear in the user logon string. For a user to log on to Teradata Database without a password, set up the following conditions: • A GRANT LOGON statement containing the WITH NULL PASSWORD option must be current for this username. The GRANT LOGON statement is explained later in this chapter. • For mainframe channel-connected systems, a security exit in the TDP must acknowledge that the logon string for this username is valid without a password. For further details, see Teradata Director Program Reference. The null password applies only to logging onto the Teradata Database itself; other system security measures still apply. Under any circumstance, a null password limits the ability of the Teradata Database to authenticate the identity of a user. Although the username is the basis for identification, it is not usually protected information. Unlike a password, a username is openly displayed during interactive logon, on printer listings, and when session information is queried. The password, however, is stored in an encrypted form on Teradata Database. A password is extremely valuable to system security, because it enables authentication of a username. Never write down or compromise your password. Encourage users to do the same. Single Sign On SSO provides Teradata Database users with the ability to be authenticated through network security rather than providing an account and password to logon. Using this feature, Teradata Database users log on to their computer once and run Teradata Database client applications accessing Teradata Database without having to provide username, password, and optional account. This feature is currently only available on Windows NT and Windows 2000 platforms and must be explicitly turned on by the DBA through DBW or DBS Control. For more information on DBW, see Database Window. For more information on DBS Control, see Utilities. 2–4 Security Administration
  33. 33. Chapter 2: Controlling Access to Teradata Database Logon Policy SSO provides the following benefits: • Enhances site security because authentication mechanisms do not send passwords across the network • Saves time Security Administration 2–5
  34. 34. Chapter 2: Controlling Access to Teradata Database Password Control Password Control Introduction Several password control features enhance Teradata Database security: Feature Description Password Expiration Allows the security administrator to define a time span during which a password is valid. After the time elapses, the user must change the password. Password Reuse Complements the password expiration feature and allows the security administrator to define the time span that must elapse before a previously used password can be reassigned to a user. Maximum Logon Defines the number of erroneous sequential logon attempts a Attempt user is allowed before the user is locked out from further logon attempts. Password Lockout Sets the user lockout time duration after the user has Time exceeded the maximum number of logon attempts. Before V2R5.0, the maximum lockout duration was 32000 minutes, about 23 days. In V2R5.0, an additional option of indefinite lockout can be specified. Miscellaneous Allow the security administrator to restrict the number of Password Features characters in the password, and to control the use of digits and special characters. Encryption Enhances security between the Teradata Database and network-attached clients. SysSecDefaults Table The security administrator sets up the password features for a Teradata Database by updating columns of a single row in user DBC table DBC.SysSecDefaults. Teradata Database reads the single row in the table at system startup. The software uses the values in the columns to determine whether the option has been selected. Note: You must restart the system to allow it to read the DBC.SysSecDefaults table and to make changed values take effect. The rules you select apply to all users attempting to log on to Teradata Database, regardless of the logical client system from which the logon is received. The only override to the rules is the null password option, which allows a user to log on without a password and bypass all rules pertaining to user authentication. 2–6 Security Administration
  35. 35. Chapter 2: Controlling Access to Teradata Database Password Control The following is a Teradata SQL description of the DBC.SysSecDefaults table: CREATE SET TABLE DBC.SysSecDefaults ,FALLBACK , NO BEFORE JOURNAL, NO AFTER JOURNAL ( PrimeIndex BYTEINT FORMAT '--9' NOT NULL, ExpirePassword SMALLINT FORMAT '---,--9' NOT NULL, PasswordMinChar BYTEINT FORMAT '--9' NOT NULL, PasswordMaxChar BYTEINT FORMAT '--9' NOT NULL, PasswordDigits CHAR(1) CHARACTER SET LATIN UPPERCASE NOT CASESPECIFIC NOT NULL, PasswordSpecChar CHAR(1) CHARACTER SET LATIN UPPERCASE NOT CASESPECIFIC NOT NULL, MaxLogonAttempts BYTEINT FORMAT '---9' NOT NULL, LockedUserExpire SMALLINT FORMAT '---,--9' NOT NULL, PasswordReuse SMALLINT FORMAT '---,--9' NOT NULL) UNIQUE PRIMARY INDEX ( PrimeIndex ); User DBC has update and select access rights on the table. The following are the default values in the row (which are initialized by the dictionary initialization and conversion utilities) : INSERT INTO DBC.SysSecDefaults (1, /* Primary Index for single row */ 0, /* Do not expire passwords */ 1, /* Minimum characters in password */ 30, /* Maximum characters in password */ ’Y’, /* Allow digits in password */ ’Y’, /* Allow special characters in password */ 0, /* Allow unlimited logon attempts */ 0, /* Do not lock user on erroneous password */ 0 /* Allow immediate password reuse */ ); User DBC can use a simple update statement to change a default value. The option then becomes effective after the system is restarted. The following example shows the UPDATE statement to set the minimum number of password characters to eight: UPDATE DBC.SysSecDefaults SET PasswordMinChar = 8 ; Security Administration 2–7
  36. 36. Chapter 2: Controlling Access to Teradata Database Password Control Table 2-1 provides a quick reference to the password control features and their descriptions. Table 2-1 SysSecDefaults Column Descriptions This column… Indicates… ExpirePassword number of days to elapse before the password expires. To set a temporary password, you must assign a non-zero value to ExpirePassword. PasswordMinChar minimum number of characters in a valid password string. Valid character values include 1 through 30. If the user enters a 0 value, the system replaces that 0 value with the system default value, which is 1. PasswordMaxChar maximum number of characters in a valid password string. The maximum number of characters is 30. PasswordMaxChar must be equal to or greater than PasswordMinChar. Valid character values include 1 through 30. If the user enters a 0 value, the system replaces that 0 value with the system default value, which is 30. PasswordDigits whether digits are to be allowed in the password as follows: Setting Result Y allow digits in a password (except as first character). N do not allow digits. PasswordSpecChar whether special characters are to be allowed in the password as follows: Setting Result Y allow special characters in a password. N do not allow special characters. MaxLogonAttempts number of erroneous logons allowed before locking user. 0 indicates a user is never locked. 2–8 Security Administration
  37. 37. Chapter 2: Controlling Access to Teradata Database Password Control This column… Indicates… LockedUserExpire number of minutes to elapse before a locked user is unlocked. Before V2R5.0, the maximum lockout duration was 32000 minutes, about 23 days. In V2R5.0, an additional option of indefinite lockout can be specified. Note: If MaxLogonAttempts is set to a value other than zero, and if the time interval for locking users after erroneous attempts is left at zero, then the user is never locked. 0 indicates immediate unlock. -1 indicates indefinite lockout. PasswordReuse number of days to elapse before a password can be reused. 0 indicates immediate reuse. Security Administration 2–9
  38. 38. Chapter 2: Controlling Access to Teradata Database Password Control The following values cause errors if placed in the SysSecDefaults row: • A negative value in ExpirePassword, MaxLogonAttempts, or PasswordReuse. • A PasswordMaxChar with a value less than PasswordMinChar. • A character other than Y or N in the PasswordDigits or PasswordSpecChar columns. If any of these errors occur, Teradata Database generates an error message for the event log during startup and replaces the value with the system default value for the corresponding column. Password Expiration The password expiration option allows the security administrator to specify the number of days a password is valid. Teradata Database adds this value to the password change date value maintained in the database row for the user. The system compares the result to the current date to determine if the password is still valid. Resetting an Expired Password When a user attempts to log on with an expired password, a session is established if the following conditions are met: • The logon string contains the correct expired password. • Another session is not currently established under the user identifier contained in the logon string. The session is limited to the use of MODIFY USER statement to establish a new password. After the password is modified, normal Teradata SQL activity is permitted over the session. If the user already has a session logged on and the password expires, the current session may be used to submit the MODIFY USER statement to establish a new password. If the current session is for a utility such as Archive or MultiLoad, which does not offer the MODIFY USER statement, the user must end the current session. The user must log off and log on again through a utility such as BTEQ, which allows use of the MODIFY USER statement. For example, use the following statement to establish a new password: MODIFY USER username AS PASSWORD = passwordname; The password is immediately valid for the number of days indicated in the field, ExpirePassword, in the DBC.SysSecDefaults table. For details, see the MODIFY USER syntax in SQL Reference: Data Definition Statements. The following example shows the UPDATE statement to set the duration of password acceptance to 30 days: UPDATE DBC.SysSecDefaults SET ExpirePassword = 30 ; 2 – 10 Security Administration
  39. 39. Chapter 2: Controlling Access to Teradata Database Password Control A zero value means passwords do not expire. A negative value is not accepted and causes an error message. The Department of Defense recommends the maximum lifetime of a password be no more than one year. The value of data or chance of a security breach indicates whether a shorter lifetime is needed. Setting Password for New User When you create a new user, the PasswordChgDate is set to zero. This value indicates that the password initially assigned to the user is a temporary password and has already expired at the first logon attempt by the user. Note: Temporary passwords expire immediately only if you set a non-zero value in the ExpirePassword column in the user DBC table DBC.SysSecDefaults. Setting a Temporary Password Use the MODIFY USER statement with the FOR USER option to provide a temporary password (for example, when a user has forgotten their password). Security Administration 2 – 11
  40. 40. Chapter 2: Controlling Access to Teradata Database Password Control The following procedure expires the existing password and creates a temporary password to replace it. Step Action 1 SELECT ExpirePassword from the DBC.SecurityDefaults view by entering the following: SELECT ExpirePassword FROM DBC.SecurityDefaults; 2 Examine the reported value for ExpirePassword. IF the value is… THEN… 0 Change it to a value > 0. UPDATE DBC. SecurityDefaults SET ExpirePassword=2; Restart the database. Go to Step 3. Note: Temporary passwords expire immediately only if you first set a non-zero value in the ExpirePassword column. 3 Perform MODIFY USER with the FOR USER option. Note: You must have the appropriate privilege. MODIFY USER JDoe AS PASSWORD = mysecret FOR USER; The existing password immediately expires and is replaced by ‘mysecret.’ The value for PasswordChgDate is reset to 0 just as is true for a new user. The temporary password expires immediately when the user logs on for the first time, and they must create a new, permanent password at that time using the MODIFY USER command without the FOR USER option. For details, see the MODIFY USER syntax in SQL Reference: Data Definition Statements. 2 – 12 Security Administration
  41. 41. Chapter 2: Controlling Access to Teradata Database Password Format Password Format Introduction The password format option allows the site administrator to change the minimum and maximum number of characters allowed in the string and control the use of digits and special characters. Teradata Database accepts any string for a password as long as it conforms to Teradata Database rules for a word. The rules are: • Characters from 1 to 30 • Letters from A through Z • digits 0 through 9 • $ (dollar sign) • _ (underscore) • # (pound sign) The first character must not be a digit. Rules for Creating a Password A password cannot contain any of the following: • Katakana symbols • Multibyte spaces • Special characters other than $ (dollar sign), # (pound sign), or _ (underscore) in single-byte or multibyte forms • Digits 0 through 9 in single-byte or multibyte forms when they are the first character in the name • Greek and Cyrillic characters • User-defined characters These rules are identical to those for naming objects. Note that many of these rules make sense only in a multibyte character set environment. When creating passwords, additional restrictions apply under each type of character set, as the following sections discuss. The password formatting feature does not apply to multibyte character sets. For charts of the supported Kanji character sets, Teradata Database internal JIS encoding, and the valid character ranges for Kanji object names and data, See International Character Set Support. Security Administration 2 – 13
  42. 42. Chapter 2: Controlling Access to Teradata Database Password Format Examples of Using UPDATE to Set Password Values The following examples show the UPDATE statements you use to set typical values for the password format. Example Description Set minimum number of The setting must be in the range from 1 to 30, and characters in password not less than the minimum number of characters: UPDATE DBC.SysSecDefaults SET PasswordMinChar = 6 ; Set maximum number of The setting must be in the range from 1 to 30, and characters in password less than or equal to the maximum number of characters: UPDATE DBC.SysSecDefaults SET PasswordMaxChar = 8 ; Allow digits in password The setting must be either Y or N. Even if digits are allowed in the password, the first password character cannot be a digit in order to comply with the definition of a Teradata SQL word: UPDATE DBC.SysSecDefaults SET PasswordDigits = Y ; Allow special characters in The setting must be either Y or N to allow special password characters in the password: UPDATE DBC.SysSecDefaults SET PasswordSpecChar = Y ; Set duration of password This setting allows you to decide the length of time in days before password must be renewed. To set the duration of password acceptance to 30 days: UPDATE DBC.SysSecDefaults SET ExpirePassword = 30 ; Specifying Password Length The Department of Defense recommends that passwords consist of eight or more characters. When specifying a password length, consider a longer password. However, keep in mind that because it is more difficult to remember a longer password, the user is more likely to write it rather than memorize it, and it is strongly recommended that users do not write passwords down. The password format options do not invalidate existing passwords. The format rules are enforced only when a new password is submitted. 2 – 14 Security Administration
  43. 43. Chapter 2: Controlling Access to Teradata Database Password Format Submitting a Password String Submit the password string in either a CREATE USER statement for a new user or a MODIFY USER statement to change a password for an established user. An error message results if a user submits a password string that violates the format constraints. Error Messages The error messages are: 3684 The password submitted contains too few characters. 3685 The password submitted contains too many characters. 3686 Digits may not be used in passwords. 3687 Special characters may not be used in passwords. The system returns the error message in a group of messages, indicating the statement that attempted to add or change the password was not successfully processed. Security Administration 2 – 15

×