pSeries Security--Building on Strength
From its initial ship date in June 1990, AIX*, deployed first on the IBM RISC/6000* and now on the IBM eServer pSeries*, has provided a secure foundation on which to run your business. The security technology in AIX has changed with the times to accommodate the characteristics of today's customer needs.
While it's not possible to describe all of AIX's security features here, I'll describe the major elements and offer pointers to in-depth technical information. It's useful to categorize the technology into elements: authorization, accountability, administration and availability--the four A's. Although it's not a technology, a fifth category, assurance, is equally important for establishing confidence that technology elements are implemented correctly.
AIX offers highly configurable, fine-grained controls over a user's access to the system. While the means and mechanisms by which a user must authenticate to AIX can be set at a system-wide level, these controls are per-user configurable, such that policy can be set for each individual with respect to how, when and from where a user is permitted to access the system.
Individual users may warrant and be granted differing levels of trust in the computing environment depending upon a number of factors--job responsibility, time with the company, business policies, etc. To accommodate these levels, the AIX system administrator can configure an individual's access policy to restrict:
Time-of-day/day-of-week--These policies restrict when the user is allowed to access the system. These 'normal' work patterns can be enforced, such that the Monday--Friday worker will not be granted weekend access.
Ports allowed--Certain business policies may require that users access the system only from specified terminals. For example, bank tellers might only have access capabilities at specific terminals. Additionally, certain privileged users (e.g., auditor) might have access restricted to one terminal.