Análisis del TOP 10 de OWASP frente al WAF El objetivo del TOP 10 de OWASP permite catalogar las vulnerabilidades más presentes y críticas que están

Unicenter AutoSys JM provides you with Asset Level Security, if selected during installation. This security is accomplished through integration with eTrust™ Access Control (eTrust AC). All GUI applications and all Command Line Interfaces will have call outs to security. User-defined classes within eTrust AC will be used to govern what types of resources can be controlled by which users. Since the event processor and remote agent will not enforce security, policy changes will not affect resources which were entered into the database. For example; if the security administrator withdraws a user’s permission to create jobs, Unicenter AutoSys JM will continue to run jobs created by the user before the change.

Note: Policy changes can only be made by users who have been assigned eTrust administrative rights and only from host machines that have the proper eTrust access rights. The primary eTrust administrator and administrator host is determined during the eTrust Server installation portion of the Unicenter AutoSys JM installation. Additional eTrust administrators and administrative hosts can be defined by the primary administrator using the autosys_secure binary menu item [7] followed by items [3] and [4] respectively. The same tasks can alternatively be accomplished through eTrust AC using the eTrust Policy Manager on Windows or the selang command line utility. For more information on selang, see the eTrust Access Control for UNIX Reference Guide.

eTrust Access Control

If you turn on eTrust AC security, the job-level security and superuser security supported in native mode will no longer be adhered to.

Note: Wherever Unicenter AutoSys JM binaries are installed, a local eTrust database will be created called seosdb. This database will subscribe to the machine where the eTrust Local Policy Model Database (pmdb) was created to ensure that security policies are pushed out to each machine. Any security calls made by these binaries will go against the local seosdb, rather than a remote security database, to avoid unnecessary network traffic. The seosdb can be subscribed to the parent pmdb either during the eTrust client installation portion of the Unicenter AutoSys JM installation or by an eTrust administrator from an administrative host through the autosys_secure binary menu item [7] sub-item [5]. The same task can alternatively be accomplished through eTrust AC using the eTrust Policy Manager on Windows or the selang command line utility. For more information on selang, see the eTrust Access Control for UNIX Reference Guide.

If eTrust security is enabled, you must establish a subscriber authentication security word before any secured executables will work properly. Before establishing your security word is a good opportunity to define your enterprise security policy since Unicenter AutoSys JM is effectively locked down until you establish the security word.

When you are ready to establish your security word, run autosys_secure as a user and from a host that are authorized to administer the eTrust pmdb. Choose menu item 7 followed by item 2. You will be prompted for your security word. The only time you will ever be prompted for this word again is if you decide to change your security word.

Note: To provide cross-platform compatibility, the security word is stored in the eTrust database and the Unicenter AutoSys JM database in upper case. This renders the security word case-insensitive. For example, if you create the security word 'my_word' and then decide to change it, when you are prompted for the existing security word, you could successfully enter 'My_Word' or 'my_WORD'; and Unicenter AutoSys JM will see them as the same.

If you have reason to believe that your security word has been compromised, you should change it using autosys_secure. With that information it would be possible for a malicious user to setup a local eTrust policy and circumvent Unicenter AutoSys JM security.

eTrust Access Control

The security word you provide is stored in the Unicenter AutoSys JM database and the eTrust database. Before checking security, all secured Unicenter AutoSys JM executables will read the security word from the Unicenter AutoSys JM database and compare it to the security word in the eTrust database. It will only be present in eTrust if the local installation is a valid subscriber to the enterprise security policy. If there are problems verifying the security word, access to secured assets will be denied.

Note: The eTrust AC audit log may have failed to check the security word resource each time you run a secured binary. This is expected behavior. If you would rather not see these failures, you can do one of two things.

■ You can create a filter that will not include these entries. For more information see the section Audit Filters in the eTrust Access Control Administrator Guide.

■ You can change your user resources so that these failures will not be logged. By default, all users are configured to cause log entries to be generated on access failures (regardless of which resource the failure occurred with). However, the security word resource has been created to not cause log entries to be generated on failure (since that is expected behavior in this case). You can change (or create) your users to not create an audit log entry when a failure occurs. This leaves it up to the individual resources to create failure entries in the audit log (the default behavior for resources). You can change the audit rules using either selang or the Policy Manager GUI. For more information on configuring audit rules see the eTrust Access Control Administrator Guide.

You can globally enable or disable eTrust using autosys_secure. In order to disable eTrust, you must be granted execute access to the SECADM resource.