Hitachi

Job Management Partner 1 Version 10 Job Management Partner 1/Automatic Job Management System 3 System Design (Configuration) Guide

2.7 JP1/AJS3 security considerations

This section describes security measures for the safe use of JP1/AJS3.

As security measures, we recommend that you use firewalls and JP1/AJS3 functions that prevent access from unauthorized users and prevent the execution of jobs from unintended hosts.

The following figure shows an example of measures taken to prevent access by unauthorized users.

Figure 2‒41: Measures preventing access by unauthorized users

[Figure]

The following table describes the security measures shown in the figure. The numbers in the table correspond to the numbers in the figure.

Table 2‒34: Meaures to prevent access by unauthorized users

No

Operation from unauthorized user

Protective measure

1

Access from outside the company

Firewall#1

2

Eavesdropping on communication data flowing between JP1/AJS3 - View and JP1/AJS3 - Manager

Encryption of communication paths

3

Login from inside the company

  • Restrictions on physical access to machines

  • Proper management of OS users#2

  • Proper management of JP1 users#3

  • Connection source restrictions in JP1/AJS3#4

  • Proper management of embedded database administrators#5

4

Unauthorized use of the JP1/AJS3 - View login history

Preventing the login history from being displayed#6
#1

For details about the firewall, see 2.3.2 Working through a firewall.

#2

We recommend that you manage OS users so that general users without administrator permissions are not permitted to log in to manager hosts. Do not assign OS users permissions other than those necessary for executing a job.

#3

Change the initial password for the JP1 user jp1admin. Add JP1 users only when necessary, and set appropriate permissions for each JP1 user.

#4

Using a JP1/AJS3 function, you can limit the hosts that are able to access manager hosts or agent hosts. For details see, 2.3.8 Restricting access to JP1/AJS3.

#5

You can change the passwords used by embedded database administrators. For details about how to do this, see B. Notes on Using the Embedded-Database Commands in the manual Job Management Partner 1/Automatic Job Management System 3 Command Reference 1.

#6

Using a JP1/AJS3 function, you can prevent the previously used JP1 login user names and the names of previously connected hosts from appearing on the Login screen of JP1/AJS3 - View. By hiding previously used login information, you can prevent unauthorized users from logging in to the system by using valid JP1 user names. For details, see 11.2.6 Preventing the history of previously used login user and connected host names from appearing on the Login screen in the Job Management Partner 1/Automatic Job Management System 3 Operator's Guide.

We recommend that you disable the predictive conversion functionality of character input software such as IMEs. If this functionality is enabled, suggestions might be displayed when a user is inputting information in User name, Password, or Host to connect, even though previously used login information is set to be hidden.

To Page Top

Trademarks

Copyright (C) 2012, 2014, Hitachi, Ltd.

Copyright (C) 2012, 2014, Hitachi Solutions, Ltd.