|
|
|
You can use CA ControlMinder to specify day‑of‑week and time‑of‑day restrictions for resource access. This feature can be exploited for TERMINAL access, SURROGATE requests, and user‑defined resources. For example, the following rule completely disables the terminal ws3 on weekends and outside the 08:00‑19:00 time period every day:
chres TERMINAL ws3 restrictions(days(weekdays) time(0800:1900))
No login request from that station is accepted outside these periods.
You can use CA ControlMinder to protect against substitution requests to highly authorized users outside work hours. Suppose user AcctMgr is the Accounting Manager, who is allowed to perform financial transactions, and you have restricted AcctMgr login to work hours and weekdays only. Intruders or unauthorized personnel may try to access the account of AcctMgr by invoking the command su AcctMgr. Use the following command to make it impossible to substitute the user name to AcctMgr outside the specified period:
chres SURROGATE USER.AcctMgr restrictions(days(weekdays) time(0800:1900))
The same technique can be implemented for any protected resource, including user‑defined abstract classes that are used for implementing in‑house applications.
| Copyright © 2013 CA. All rights reserved. |
|