PeopleSoft Audit Program

By
Frank W. Lyons
Of
Entellus Technology Group, Inc.
407774!"#7
F$lyons%&prynet.co'
I. General
(. O)ta*n a co'pany organ*+at*onal chart.
,. O)ta*n a copy of all secur*ty pol*c*es an- proce-ures.
". O)ta*n a -*agra' of the .eople&oft appl*cat*on arch*tecture.
4. O)ta*n a copy of /pro)le' track*ng0 or /*nc*-ent report0 for the appl*cat*on )e*ng
au-*te-.
1. O)ta*n a copy of all syste' enhance'ents that are 2ueue- up for *'ple'entat*on.
3. O)ta*n a copy of the appl*cat*on4s -ocu'entat*on.
7. O)ta*n a copy of the -e5elop'ent 'etho-ology use- to co'plete the
syste'.6Bus*ness an- 7es*gn 8e2u*re'ents .rocesses9
!. O)ta*n a copy of any ser5*ce le5el agree'ents esta)l*she- for the appl*cat*on.
#. O)ta*n a copy of the cont*ngency:)ackup plan for the appl*cat*on
(0. O)ta*n a copy of the ;orporate 7*saster .lan
((. 7eter'*ne $h*ch release of .eople&oft *s *nstalle-
(,. I-ent*fy the 'o-ules *nstalle-.
(". 7eter'*ne the *nterfaces to the pro-uct*on syste'
(3. 7eter'*ne $hat le5el of custo' progra''*ng *n ongo*ng
(7. E5aluate the o5erall .eople&oft secur*ty arch*tecture
(!. 7eter'*ne the operat*ng syste's an- -ata)ase 'anage'ent syste's runn*ng $*th*n
the en5*ron'ent
(
II. Design And Implementation
(. 7eter'*ne *f proper plann*ng has )een for'al*+e-
<as a clearly esta)l*she- funct*onal or geograph*cal approach )een
esta)l*she-=
<as a structure 'etho-ology )een a-opte-=
<as a top-o$n plan )een -e5elope- to a--ress syste' *ntegrat*on *ssues=
<a5e .eople&oft release -ates )een taken *nto cons*-erat*on as part of the
plan=
7oes the plan cons*-er the t*'e to perfor' a post*'ple'entat*on re5*e$=
,. 7eter'*ne *f the proper organ*+at*on an- staff*ng for the tea' has )een co'plete-.
<as a &teer*ng ;o''*ttee )een organ*+e- to *nclu-e all funct*onal )us*ness
areas=
<a5e enterpr*se$*-e stan-ar-s )een esta)l*she-=
>re users ass*gne- to key pro?ect 'anage'ent pos*t*ons=
<as an *ntegrat*on tea' )een esta)l*she- $*th 'e')ers fro' all funct*onal
areas=
<as a techn*cal tea' )een esta)l*she- separate fro' the funct*onal tea' to
share techn*cal respons*)*l*ty an- to ensure stan-ar- techn*2ues are
e'ploye-=
Is the staff s*+e appropr*ate for the scope of the *'ple'entat*on=
!(0 'e')ers for each core 'o-ule.
". 7eter'*ne *f a-e2uate tra*n*ng *s con-ucte-.
8e5*e$ the tra*n*ng progra' to ensure that *t *s a-e2uate an- a--resses all
funct*onal areas.
Ensure that the tra*n*ng approach *s *ntegrate- *nto the pro?ect 'etho-ology.
Ensure that a-e2uate t*'e for all le5els of tra*n*ng *s sche-ule-.
4. 7eter'*ne *f the pro?ect *s properly controlle- through )u-get, 2ual*ty, an- sche-ule.
>re stan-ar- pro?ect control tools an- -ocu'entat*on for'ats use- across
tea's to ensure cons*stent co''un*cat*on an- '*n*'*+e *'pact of tea'
turno5er=
>re $eekly or e5en -a*ly crosstea' progress 'eet*ngs hel- along $*th
'onthly steer*ng co''*ttee 'eet*ngs to co''un*cate status an- resol5e
*ssues=
>re *ssues logs use- to resol5e pro?ect -elays=
Ensure that a cons*stent *'ple'entat*on 'etho-ology across all tea's *s )e*ng
e'ploye-.
Is the pro?ect 'easure- )y $orkplan tasks an- -el*5era)les rather than hours
spent=
>re support syste's such as Lotus @otes or e'a*l esta)l*she- at the
)eg*nn*ng of the pro?ect.
,
1. 7eter'*ne to $hat eAtent reeng*neer*ng *s )e*ng e'ploye-.
If the pro?ect tea' *s go*ng through a large reeng*neer*ng effort, ensure that *t
*s co'plete- pr*or to the )eg*nn*ng of the *'ple'entat*on process. Other$*se,
the changes can )e *ncorporate- -ur*ng the analys*s an- -es*gn phases.
Ensure that all reeng*neer*ng processes are for'ally s*gne-off.
3. 7eter'*ne *f an a-e2uate glo)al -es*gn *s co'plete-.
<a5e pract*ces an- processes glo)ally )een har'on*+e- along $*th .eople&oft
funct*onal*ty=
<a5e $orl-$*-e representat*5es on the pro?ect )een present -ur*ng the
prototyp*ng an- Bo*n >ppl*cat*on 7e5elop 6B>79 sess*ons to ensure that
syste' -ec*s*ons are properly con-ucte-.
>re key syste' checkpo*nts 'appe- to the glo)al -es*gn to ensure the syste'
'eets the nee-s of each reg*on=
>re the use of prototyp*ng an- play)acks use- to 5al*-ate the -es*gn=
<a5e key -ata *te's such as or-er nu')er, custo'er nu')er, chart of
accounts, an- co'pany co-es )een stan-ar-*+e-=
7. 7eter'*ne *f proper *ntegrat*on has )een -es*gne- *nto the syste'.
7eter'*ne *f an o5erall *ntegrat*on plan has )een -e5elope- an- re5*e$e- )y
the *ntegrat*on tea'=
<as the *ntegrat*on tea' )een *n5ol5e- throughout the pro?ect=
>re the *ntegrat*on po*nts teste- throughout the pro?ect=
!. 7eter'*ne *f the .eople&oft soft$are *s properly conf*gure-.
<as the organ*+at*onal h*erarchy )een properly esta)l*she- $*th*n the
soft$are=
<a5e any 'o-*f*cat*ons to the suppl*e- soft$are )een co'plete-= If so,
-eter'*ne the r*sk *'pact of such 'o-*f*cat*ons.
>re crosschecks con-ucte- per*o-*cally for ta)le conf*gurat*ons $*th all tea'
'e')ers=
>re checks con-ucte- to ensure that ta)le an- f*le structures are cons*stent
across all locat*ons=
#. 7eter'*ne *f 'atr*Aes are use- to -ef*ne ?o) funct*ons an- proper separat*on of -ut*es.
(0. 7eter'*ne *f -ata o$nersh*p respons*)*l*t*es are -ef*ne- for the syste'.
"
III. Preliminary Step
A. Determine the scope of your review
(. Work &tat*on &ecur*ty
,. @et$ork &ecur*ty
". Operat*ng &yste' &ecur*ty
4. 7BC& &yste' &ecur*ty
1. .eople&oft >ppl*cat*on &ecur*ty
3. Interface &ecur*ty
7. ;on5ers*on &ecur*ty
B. Obtain the following items
(. L*st of all Operat*ng &yste' user accounts
,. L*st of all 7BC& user accounts
". L*st of all Operator I-s
4. L*st of all Operator ;lasses
1. L*st of all .rocess Groups
3. L*st of all O)?ect Groups
7. L*st of all >ccess Groups
!. L*st of all .eople&oft -*rectory an- f*le r*ghts.
#. L*st of any au-*t reports
(0. L*st of any 5*olat*on logs
((. L*st of any *nc*-ent reports
(,. L*st of any outstan-*ng appl*cat*on re2uests.
. Obtain the following privileges
(. Operator:Operator ;lasses an- Cenus:.anels:>ct*ons
,. .rocess Groups ass*gne- to Operator ;lasses
". O)?ect Groups ass*gne- to Operator ;lasses
4. >ccess Groups ass*gne- to Operator ;lasses
4
I!. PeopleSoft"s Security Architecture
O)ta*n a net$ork -*agra' of the .eople&oft arch*tecture. Th*s shoul-
*nclu-e all appl*cat*on ser5ers an- -ata)ase ser5ers.
1
!. #or$ Station Security
>. >uthent*cat*on &ecur*ty
7eter'*ne that a-e2uate authent*cat*on secur*ty *s esta)l*she- for each
.eople&oftDs $orkstat*on.
B. ;onf*gurat*on F*les
W*n-o$s Operat*on &yste'
WI@.I@I
&E&TEC.I@I
.&TOOL&.I@I
W*n-o$s#1
To access the conf*gurat*on f*les un-er W*n-o$s#1 you $*ll nee-
to access the reg*stry. The eas*est $ay to access the reg*stry *s to
Fse the ;onf*gurat*on Canager Interface. To start the
;onf*gurat*on Canager use F*le, .reference, E-*t ;onf*gurat*on
>u-*t &tep
Ensure that no startup pass$or-s ha5e )een -ef*ne- *n clear teAt on
the $orkstat*on.
;. Tro?an GFIs
Ensure that only author*+e- users can $r*te to .; start up f*les.
7eter'*ne *f the conf*gurat*on f*les of the .; are auto'at*cally checke- to
ensure that no changes are 'a-e $*thout proper appro5al. Tools such as
&C& fro' C*crosoft an- @orton >-'*n*strator $*ll auto'at*cally check
the cons*stency of any f*le on the .; each t*'e the user s*gns onto the
appl*cat*on ser5er.
7. Gey &troke ;apture .rogra's
7eter'*ne that no ter'*nalstayres*-ent progra's such as a key stroke
capture progra' *s present on the .;. These progra's can p*ck up the
userDs pass$or- an- store *t on the .; for later retr*e5al.
3
!I. Operating System Security
>. @T >u-*t:&ecur*ty:;ontrol
8estr*ct access to the .&HE8 -*rectory
8e5*e$ access r*ghts to .&HE8I&J8
Audit Step
7eter'*ne $h*ch users ha5e rea-:$r*te access to th*s -*rectory. E5aluate
$hether th*s le5el of access *s re2u*re- to perfor' the*r ?o) funct*on.
%. &ser Account 'is$
()posure
@T co'es $*th t$o -efault user accounts 6>-'*n*strator an- Guest9. The
>-'*n*strator account -oes not co'ply $*th the lockout pol*cy. Th*s *s
)ecause so'eone coul- lock all of the accounts on the syste', $h*ch
$oul- re2u*re a re*nstall of the operat*ng syste' *tself. Because the
>-'*n*strator account *s 5ulnera)le to a )rute force pass$or- attack.
ontrol
By )uy*ng an- *'ple'ent*ng the @T 8esource G*t, a progra'
calle- KpasspropK can )e *nstalle- $h*ch forces the >-'*n*strator
account to )e locke- out accor-*ng to the lockout pol*cy as *f *t
$as a nor'al account. Eet the >-'*n*strator account can st*ll
logon to the console.
*. Group Account 'is$
()posure
There are se5eral -efault groups that are auto'at*cally *nstalle-
$*th the @T operat*ng syste'. &o'e of these groups are 5ery
po$erful such as >-'*n*strators an- 7o'a*n >-'*ns. The
>-'*n*strators 'e')ers can, for *nstance, change the pass$or- of
the >-'*n*strator user account. Each of these -efault groups an-
the*r 'e')ers nee- to )e re5*e$e- to ensure that only proper
pr*5*leges are grante- to each group an- that each group has only
author*+e- 'e')ers.
7
ontrol
8e5*e$ the @T,.7O; f*le on the 'ag*c -*skette for reco''en-e-
group r*ghts. 8e5*e$ 'e')ersh*p of key groups to ensure that
only author*+e- 'e')ers are present.
+. Directory 'ights
()posure
@TDs -efault *nstall conf*gurat*on sets the E5eryone group $*th full
control 68WL79 at the root -*rectory le5el. &*nce the E5eryone
group *s a -efault group that each user part*c*pates $*th*n, e5ery
user on the syste' has full control at the root -*rectory le5el.
&o'e of the su)-*rector*es 6fol-ers9 such as the secur*ty -*rectory
are further protecte-. But 'any of the -*rector*es are open for an
attack fro' a nor'al user account.
ontrol
Look at the -ocu'ent of @T,.-oc on your 'ag*c -*sk. Th*s has
reco''en-e- sett*ngs for the -*rectory pr*5*leges. C*crosoft also
has pu)l*she- a $h*te paper on the su)?ect $*th reco''en-e-
-*rectory sett*ngs. These sett*ngs are not perfect so $ork $*th your
part*cular en5*ron'ent to ensure that you secure as 'uch of the
-*rector*es as poss*)le unless access *s really re2u*re-.
One note *s that *f you -eny access to the E5eryone group, @T $*ll
-eny access to all users e5en the >-'*n*strator account. &o use
-eny spar*ngly.
,. Account Policy
()posure
The account pol*cy sets the authent*cat*on stan-ar-s for the @T
operat*ng syste'. @TDs -efault sett*ngs are eAtre'ely $eak.
ontrol
8e5*e$ the @T,.7O; f*le on your 'ag*c -*skette as to the
reco''en-e- sett*ngs.
!
-. Audit Policy
()posure
@TDs au-*t pol*c*es are set to no au-*t*ng as a -efault.
ontrol
8e5*e$ the @T,.7O; f*le on your 'ag*c -*skette as to the
reco''en-e- sett*ngs.
.. &ser 'ights Policy
()posure
Fser 8*ghts are spec*al r*ghts pro5*-e- to *n-*5*-ual users or
groups. Fser 8*ghts pro5*-e glo)al r*ghts for ?o) funct*ons such as
Backup author*ty. &o'e of the Fser 8*ghts are not fully -ef*ne-
$h*ch *n th*s case the r*ghts shoul- not )e grante- to anyone.

ontrol
8e5*e$ the @T,.7O; f*le on your 'ag*c -*skette as to the
reco''en-e- sett*ngs.
/. Services
()posure
&er5*ces are not ne$. Fn*A an- other operat*ng syste's ha5e ha-
progra's 6ser5*ces9 that perfor' spec*al funct*ons. These
funct*ons *nclu-e progra's such as F*le Transfer .rotocol 6ftp at
socket ,(9, We) process*ng 6http at socket !09, an- Telnet 6telnet at
socket ,"9. There are 'any others 6o5er 30009 that can )e
*nstalle-. Each of these ser5*ces run progra's that $ere $r*tten )y
a 5en-or. These progra's coul- )e attacke- an- co'pro'*se-.
Only author*+e- an- secur*ty cert*f*e- ser5*ces shoul- )e runn*ng.
ontrol
8e5*e$ all ser5*ces 6;ontrol &ett*ngs, &er5*ces9 an- -eter'*ne that
only author*+e- an- 5al*- ser5*ces are *nstalle- $*th*n the @T
en5*ron'ent.
#
0. 'egedt+*.e)e
()posure
The 8ege-t",.eAe progra' an- the 8ege-*t.eAe 6s*Ateen )*t
5ers*on9 allo$ for -*rect changes to the @T reg*stry. The @T
reg*stry *s a co'plete set of all @T sett*ngs an- -ef*n*t*ons.
E5eryth*ng fro' user accounts an- $orkstat*on conf*gurat*on *s
store- *n the 8eg*stry. The 8ege-t",.eAe an- the 8ege-*t.eAe
progra's allo$ for the 'o-*f*cat*on of the 8eg*stry 5alues. The
-efault user r*ghts on these progra's are the E5eryone group has
full control. These 'eans that e5eryone can eAecute an- change
any reg*stry 5alue that they are author*+e- to change.
ontrol
;hange the per'*ss*ons on the 8ege-t",.eAe an- 8ege-*t.eAe to
rea- an- eAecute 68L9 for the >-'*n*strator Group only.
1. 2rusted Systems
()posure
Truste- syste's $*th*n @T are -*ff*cult to a-'*n*strate. The
7o'a*n groups can )e a--e- to $*th ne$ 'e')ers $*thout local
a-'*n*stratorDs kno$le-ge. The relat*onsh*ps can )e )eco'e 5ery
confus*ng an- 'ay cause too 'uch glo)al access.
ontrol
8e5*e$ all the trust relat*onsh*ps an- -eter'*ne- that they are
properly esta)l*she- an- a-'*n*strate-.
%3. 4A5 Attempts
()posure
Cany hack atte'pts ha5e occurre- *n the past couple of years.
Each of these can )e re5*e$e- )y access*ng
httpMII$$$.'*crosoft.co'Isecur*ty.
(0
<>;Gs
Get>-'*n
8e- Button
.ass$or- <ack
&E@ attack
ontrol
Ensure that your operat*ng syste' *s upto-ate $*th the latest
syste' patches.
B. Fn*A >u-*t:&ecur*ty:;ontrol
8estr*ct access to the .&HE8 -*rectory
Audit Step
7eter'*ne $h*ch users ha5e rea-:$r*te access to th*s -*rectory. E5aluate
$hether th*s le5el of access *s re2u*re- to perfor' the*r ?o) funct*on.
7eter'*ne $ho has root author*ty on the syste' 6u*- N 09.
7eter'*ne $ho has psa-' or hra-' .eople&oft author*ty an- ensure that
they re2u*re th*s le5el of author*ty for the*r ?o) funct*on.
&ee the 'ag*c -*skette, spec*f*cally the Fn*A art*cle on the top ten r*sks.
((
!II. DB6S System Security
>. Oracle
T$o ne$ .eople&oft roles ha5e )een -ef*ne-. These are .&F&E8 an-
.&>7CI@. The .&F&E8 role has the pr*5*lege to log *nto the -ata)ase
an- perfor' selects aga*nst .&7BOW@E8, .&LO;G, an- .&O.87EF@
6 all re2u*re- -ur*ng s*gnon9. .&>7CI@ role *s a su)set of OracleDs 7B>
role. Th*s role shoul- )e grante- to .eople&oft -ata)ase o$ners.
7eter'*ne $ho can logon to the -ata)ase -*rectly an- $hat r*ghts they
ha5e $*th*n the -ata)ase.
7eter'*ne $h*ch users ha5e a-'*n*strat*5e r*ghts an- ensure that these
*n-*5*-uals re2u*re th*s le5el of access.
;hange any -efault user *-s such asM
&ys .ass$or- N ;hangeOOnOInstall
&yste' .ass$or- N Canager
&ysa-' .ass$or- N &ysa-'
7esktop7B> .ass$or- N 7esktop7B>
.eople&oft nor'ally uses &E&>7C as the o$ner I7 $hen ta)les are
create- $*th*n the 7BC&. The o$ner I7 *s grante- ;O@@E;T,
8E&OF8;E, an- 7B> pr*5*leges. Oracle users can change th*s -efault
na'e for o$ner I7 fro' &E&>7C to so'eth*ng else us*ng .&O8>&JL.
Th*s 'ay help to pre5ent a )rute force pass$or- attack on the &E&>7C
user account.
.eople&oft 5al*-ates the user *- an- pass$or- us*ng the &JLP@et Oracle
'*--le$are pro-uct. Th*s runs at socket layer (1,( (1,1.
Be sure to look at the 'ag*c -*skette, spec*f*cally the Oracle art*cle.
(. 7eter'*ne that proper segregat*on of -ut*es are *n place for 7ataBase >-'*n*strat*on
,. O)ta*n the 7ata)ase *n*t*al*+at*on f*le I@IT.O8>.
". O)ta*n 'a?or 7ata 7*ct*onary H*e$s
7B>OOBBE;T&
7B>OT>BO;OLFC@&
7B>OF&E8&
7B>OHIEW&
4. 8e5*e$ all user prof*les to ensure that only author*+e- users ha5e access to the
appl*cat*on f*les.
(,
1. 7eter'*ne the users that ha5e phys*cal access to the appl*cat*on f*les an- ensure that
th*s pr*5*lege *s necessary to support the*r ?o) funct*on.
3. 7eter'*ne that all -efault user*-s an- pass$or-s ha5e )een change-.
&E&
&E&TEC
&;OTT
&ysa-'
7. Ensure that all users are re2u*re- to enter a pass$or- along $*th the*r user*- to
authent*cate to the appl*cat*on.
!. 7eter'*ne that the pass$or-s are re2u*re- to )e change- on a per*o-*c )ases.
#. L*st off all 8oles $*th*n the -ata)ase.
(0. L*st off all users that ha5e 8esource or 7B> pr*5*leges.
((. O)ta*n a l*st*ng of all the appl*cat*on o)?ects such as ta)les an- 5*e$s.
(,. 8e5*e$ the o)?ects r*ghts to ensure that only author*+e- users are allo$e- to operate
aga*nst these o)?ects.
7B>OT>BOG8>@T&
7B>O;OLOG8>@T& 7*rect ta)le access an- store- proce-ure access shoul-
)e *n5est*gate- to ensure that only author*+e- users or progra's ha5e access
to the appl*cat*on f*les.
(". Ensure that the WIT< G8>@T O.TIO@ *s only ass*gne- to appropr*ate users for
appropr*ate o)?ects.
(4. 7eter'*ne $hat le5el of au-*t*ng has )een turne- on )y re5*e$*ng the I@IT.O8> f*le
to see *f >F7ITOT8>IL *s set to T8FE an- the 7B>O&E&O>F7ITOO.T& Q
7B>OT>BO>F7ITOO.T&.
(1. 7eter'*ne that the au-*t tra*l *s re5*e$e- on a regularly )ases.
(3. 7eter'*ne $ho has )een ass*gne- *'port an- eAport capa)*l*ty.
(7. 8e5*e$ all operat*ng syste' roles O&O.E8 for ass*gn'ent to 5al*- users
(#. Ensure that any ass*gn'ent to the user /.u)l*c0 *s h*ghly restr*cte-.
B. 7B,
>ccess*ng the host co'puter through .eople&oft 'ust )e set up *n host
secur*ty $*th a s*gnon 6us*ng 8>;F, >;F,, or Top&ecret9. .eople&oft
also supports 7B, secon-ary author*+at*on I-s *'ple'ente- us*ng the
7B, eA*t 7&@"%>T< an- 8>;F:>;F, source groups.
7B,:CH&M >ccess I7 *s a 'a*nfra'e logon I7 that 'ust )e a)le to logon
through the gate$ay. Each operator *s ass*gne- an access I7 $hen they
are a--e- *n Operator &ecur*ty. Eou can use one or 'any access I7s for
each .eople&oft -ata)ase.
("
!III. Application Security
>. >uthent*cat*on
(. O)ta*n a l*st*ng of all users an- all user classes
,. O)ta*n a copy of all secur*ty authent*cat*on stan-ar-s that ha5e )een
esta)l*she-.
". 7eter'*ne *f users 6Operators9 ha5e 5al*- s*gn on t*'es esta)l*she-
4. 7eter'*ne *f users 6Operators9 ha5e effect*5e T*'eout per*o-s are set.
1. 7eter'*ne *f the follo$*ng authent*cat*on stan-ar-s are *n placeM
.ass$or- re2u*re-
.ass$or- lengths
.ass$or- construct*on rules
@u')er of *n5al*- pass$or- atte'pts
8etent*on t*'e of *n5al*- pass$or- count
Lock out t*'e per*o-
&ess*on t*'e outs
.ass$or- ag*ng
&*gn on t*'e of -ay restr*ct*ons
8estr*ct*on )y $orkstat*on *-
;hallenge an- 8esponse >uthent*cat*on .rotocol 6;<>.9
.eople&oft eA*ts allo$s for the *ntegrat*on of the organ*+at*onDs secur*ty
syste'. To ena)le th*s opt*on you $*ll nee- to 'o-*fy the
.sGetLogonInfo proce-ure *n the .&F&E8.; f*le an- reco'p*le *t.
B. >uthor*+at*on
>uthor*+at*on *s -eter'*ne- )y esta)l*sh*ng a relat*onsh*p )et$een a user
an- the grante- Cenus:.anels. Cult*ple users can share a prof*le )y
ass*gn*ng users to an operator class. The .eople&oft syste' *s -el*5ere-
$*th se5eral pre-ef*ne- classes an- operator I7s. >LL.>@L& an-
T8@.>@L& are t$o operator classes. >LL.>@L& has all author*ty
$*th*n the syste'.
Before us*ng Operator secur*ty your organ*+at*on shoul- )u*lt a 'atr*A
analys*s of a userDs respons*)*l*t*es to syste' Cenus:.anels:Ta)les.
E5ery prof*le 6Operator ;lass9 has three author*+at*on l*sts. They areM
>uthor*+e- 'enu *te's an- relate- panels
>uthor*+e- s*gnon t*'es
>uthor*+e- .rocess Groups for )atch ?o)s
(4
8e5*e$ the O.8I7:O.8;L>&& ass*gne- 'enus:panels:act*ons to
-eter'*ne *f the ass*gn'ent *s re2u*re- for the*r ?o) funct*on.
>ct*ons areM >ct*ons are )ase- on effect*5e -at*ng. ;urrent an- future are
Effect*5e 7ate greater than or e2ual to current ro$.
<*story can a-- or up-ate $*th no effect*5e -ate check*ng.
>-- >-- a ne$ *te'
Fp-ate:7*splay H*e$ current an- future
Fp-ate future only
Fp-ate:7*splay >ll H*e$ h*story, current an- future
Fp-ate future only
;orrect*on H*e$ h*story, current an- future
Fp-ate all eA*st*ng ro$s
Who e5er has ;orrect*on can change any ro$ of *nfor'at*on for the
spec*f*e- panel an- relate- -ata)ase.
Batch .rocess*ng
There are three le5els of secur*ty for )atch progra's.
(. Each )atch progra' 'ust ha5e a run control f*le that *s -ef*ne-
Before the )atch progra' can )e eAecute-. The run control *s set
up us*ng .rocess &che-uler. The .rocess &che-uler access can )e
controlle- through Operator secur*ty.
,. Through Operator secur*ty you can grant or -eny a user access to
*n-*5*-ual or 'ult*ple )atch processes )y ass*gn'ent of the user to
a .rocess Group.
". >ccess can )e restr*cte- to >- <oc reports that run -*rectly aga*nst
the 7BC&. By us*ng 7BC& secur*ty, you can restr*ct a userDs
access to &ELE;T 68ea- only9 an- to $hat ta)les or f*el-s the user
can access.
8e5*e$ the .rocess groups 6Batch &ecur*ty9 ass*gne- to each
O.8I7:O.8;L>&& to -eter'*ne *f the ass*gn'ent *s re2u*re- for the*r
?o) funct*on. .rocess &che-uler &ecur*ty '*n*'u' panel le5el secur*ty *s
tr*ggere- $*th access to .8;&8F@;@TL panel.
To 7*splay use H*e$, Cenu Ite' 7*splay, &*gnon T*'e 7*splay, or
.rocess Group 7*splay.
(1
.rocess .rof*les -eter'*nes the -efault sett*ngs for an operator or operator
class. .rocess .rof*les are -ef*ne- us*ng .rocess &che-uler Operator
.rof*le -*alog. In the -*alog, the follo$*ng can )e spec*f*e-M
7efault f*le an- pr*nter locat*ons for )oth the cl*ent an- the
ser5er
.rocess Con*tor run -efaults
The author*ty le5el for 5*e$*ng an- up-at*ng process re2uests
7B,:CH& spec*f*c controls
Bus*ness .rocess Caps
> )us*ness process 'ap *s a graph*c representat*on of a )us*ness process,
$h*ch can )e -*splaye- *n the @a5*gator. For each secur*ty prof*le
6Operator ;lass9, a )us*ness 'ap can )e use- to -eter'*ne T*'eOut
C*nutes an- Backgroun- 7*sconnect Inter5al. The 7efault Bus*ness
.rocess Cap *s al$ays -*splaye- *n the hea-*ng sect*on of the Operator
&ecur*ty $*n-o$.
8o$ Le5el &ecur*ty
8o$ le5el secur*ty *s controlle- )y &ecur*ty H*e$s ut*l*+e- as &earch
8ecor-s *n Cenu -ef*n*t*ons.
>s &earch 8ecor-s $*th*n the Cenu 7es*gner <8C&
>s .ro'pt Ta)les for f*el-s *n 8ecor-s F*nanc*als $h*ch co'es
$*th no ro$ le5el secur*ty *n effect.
8o$ le5el secur*ty can )e h*erarch*cal or flat. <*erarch*cal such as
7epart'ent *- *n <8C& *s -ef*ne- f*rst *n the Tree Canager. Flat *s )ase-
on *n-*5*-ual f*el- 5alues such as Bus*ness Fn*ts or Le-gers. The flat
approach uses the f*el- 5alues as pr*'ary keys. These secur*ty 5*e$s are
f*lters that l*'*t $hat a user 'ay select $*th*n the -ata)ase.
F*el- Le5el &ecur*ty
Fs*ng .eople;o-e )y us*ng a ROperator;lass check.
.eople;o-e *s attache- to 8ecor-.F*el- co')*nat*ons *n the 7ata
7es*gner. To search for a reference to ROpertor;lass use 7ata
7es*gner, H*e$, &earch .eople;o-e.
>--*ng ne$ panel -ef*n*t*ons.
(3
;. >ccounta)*l*ty
8e5*e$ the au-*t reports on the syste' to ensure that they are a-e2uate to
-eter'*ne $ho entere- $hat transact*on $hen.
8e5*e$ the use of the follo$*ng *ntegr*ty toolsM
&E&>F7IT
The purpose of .eople&oftDs &yste' >u-*t 6&E&>F7IT.&J89
*s to *-ent*fy Korphanne-K .eople&oft o)?ects an- other
*ncons*stenc*es $*th*n your syste'. Th*s report shoul- )e run
-ur*ng ne$ releases, 'a?or up-ates, or custo'*+at*ons.
777>F7IT
The 7ata 7es*gner:7ata)ase >u-*t 8eport 6777>F7IT.&J89
f*n-s *ncons*stenc*es )et$een .eopleTools recor- an- *n-eA
-ef*n*t*ons an- the -ata)ase o)?ects. Th*s shoul- )e run $hen
'a?or releases, 'a?or up-ates, or custo'*+at*ons.
&JL >LTE8
7eter'*nes -*screpanc*es )et$een the recor- -ef*n*t*ons an-
&JL ta)les.
7ata)ase >u-*t
>lerts users to changes 'a-e to recor-s an- f*el-s that ha5e
ha- the au-*t flag turne- on *n the 7ata 7es*gner .eopleTool.
CenuM &tart, >-'*n*ster Workforce, >-'*n*ster Workforce
6F.&.9
7ata)ase >u-*t *s -el*5ere- -efault turne- off *n the .eople&oft
appl*cat*on.
Th*s *s your recor- an- f*el- le5el au-*t*ng $*th*n .eople&oft.
Turn on 7ata)ase 8ecor- or F*el- au-*t to track changes to the
-ata)ase.
The au-*te- *nfor'at*on *s store- *n the .&>F7IT f*le.
(7
Batch Bo) >u-*t
.rocess Con*tor tracks the status of all su)'*tte- an-
co'plete- process an- ?o) re2uests fro' the .eople&oft
.rocess &che-uler Ft*l*ty.
7. Cenus are 'a*nta*ne- *n the Cenu 7es*gner. Operator &ecur*ty s*'ply
author*+es access to these 'enus. There are syste'-ef*ne- 'enus an-
user-ef*ne- 'enus. >ny of these can )e ass*gne- to a spec*f*c operator or
operator class.
(!
I7. Ob8ect 9evel Security
O)?ect secur*ty uses the operator classes an- operator *-s to restr*ct o)?ect le5el
secur*ty. .eople&oft *s -el*5ere- $*th no appl*cat*on o)?ect secur*ty. >ll operators
an- operator classes ha5e co'plete access to all .eopleTools o)?ects.
O)?ect Groups
O)?ect &ecur*ty -ef*nes o)?ect groups an- l*nk the' to Operator &ecur*ty prof*les.
>n o)?ect group *s a collect*on of one or 'ore o)?ects that for' a log*cal group
for secur*ty purposes. For *nstance all payroll o)?ects coul- )e ass*gne- to a pay
o)?ect group an- the pay o)?ect group coul- )e ass*gne- to a spec*f*c secur*ty
prof*le 6Operator ;lass9. O)?ect secur*ty can )e appl*e- only to o)?ect groups not
to *n-*5*-ual o)?ects. Each o)?ect shoul- )e ass*gne- to an o)?ect group.
Cult*ple ass*gn'ents can )e esta)l*she- for each o)?ect. >ll o)?ects shoul- )e
ass*gne- to at least one o)?ect group or anyone can up-ate *t. If an o)?ect *s
ass*gne- to an o)?ect group )ut the group *s not ass*gne- to an Operator ;lass,
then no one can access the o)?ect.
To open o)?ect secur*tyM &tart, .eopleTools, O)?ect &ecur*ty.
>ll O)?ects >ll O)?ects O)?ect type N >
I'port I'port Ft*l*ty O)?ect type N I
Cenus Cenu 7es*gner O)?ect type N C
.anels .anel 7es*gner O)?ect type N .
8ecor-s 7ata 7es*gner O)?ect type N 8
F*el-s 7ata 7es*gner O)?ect type N 8
Tree structures Tree Canager O)?ect type N E
Juery 7ef*n*t*ons Juery O)?ect type N J
Translate F*el-;on5ers*on O)?ect type N L
Bus*ness .rocess O)?ect type N B
Bus*ness .rocess Cap O)?ect type N F
Tree &tructure O)?ect type N &
>u-*t &tep
8e5*e$ all operator *-s an- classes that ha5e PP>LL OBBE;T&PP group. Th*s *s
the supergroup an- *nclu-es all syste' o)?ects. Grant*ng access to th*s group
o5err*-es any other group I7 ass*gn'ents.
8e5*e$ all operator *-s an- classes that ha5e .eopleTools o)?ect group access.
L*st all of the O)?ect Groups. 6O)?ect Groups assoc*ate 5ar*ous o)?ects *nto
funct*onal groups9. 8e5*e$ all o)?ects:o)?ect groups an- the*r assoc*ate- operator
(#
*-s or classes. 7eter'*ne *f the*r ?o) funct*on re2u*res the' to ha5e th*s le5el of
access.
,0
7. :uery Security
>. .eople&oft Juery
&ecur*ty *s a t$o step process. F*rst a 2uery tree *s -ef*ne- *n Tree
Canager $h*ch -ef*nes access groups conta*n*ng recor-s that can )e
accesse-. Then *n .eopleTools, Ft*l*t*es )y, a grant to
O.8I7:O.87;L>&& for spec*f*c access groups *s ass*gne-.
8o$ le5el secur*ty can )e enforce- )y ass*gn*ng a Juery &ecur*ty 8ecor-
for each recor- *n the 7ata 7es*gner.
8e5*e$ the 2uery secur*ty )y e5aluat*ng the Tree Canager:>ccess Groups
that are t*e- to O.8I7:O.8;L>&&. .eopleTools, Ft*l*t*es, Fse, Juery
&ecur*ty pro5*-es a tree na'e $*th an assoc*ate- access group. 7eter'*ne
*f the access r*ghts for each O.8I7:O.8;L>&& *s proper accor-*ng to
the*r ?o) class*f*cat*on.
8e5*e$ the Juery .rof*le, $h*ch *s accesse- )y us*ng .eopleTools,
Ft*l*t*es for -*fferent Operator *-s. There are three uses of Juery .rof*le.
(. Only >llo$e- to run Juer*es 6*s the 'ost restr*ct*5e9 f*rst )oA
turne- on.
,. 8un .u)l*c 2uer*es, create pr*5ate 2uer*es 6eAper*ence- user9
ne*ther )oA turne- on.
". >llo$ creat*on of .u)l*c Juer*es secon- )oA turne- on
4. >llo$ creat*on of Workflo$ Juer*es 8un )y the syste' an-
-oes not 5er*fy access to a spec*f*c access group.

B. .&:nH*s*on
In or-er for a user to access .&:nH*s*on, the user 'ust ha5e access to the
tool un-er Operator &ecur*ty. The 'enu nH*s*on has the )ar na'e $*th
*te' na'e an- act*ons:panels that a user can perfor'.
;. 8e5*e$ the use of any other -yna'*c report $r*ters an- $ho has the
capa)*l*ty to run these reports. Ensure that the access r*ghts are proper for
the userDs ?o) respons*)*l*t*es.
&J8 8eports
;rystal 8eports
>- <oc 8eports
,(
7I. ;etwor$ Security
(. 7eter'*ne that all authent*cat*on processes $*th*n the appl*cat*on arch*tecture are
secure as they go across the net$ork.
,. 7eter'*ne that all authent*cat*on processes $*th*n the ;l*ent:&er5er arch*tecture
are secure- as they go across the net$ork.
Br*-ges
8outers
<u)s
". 7eter'*ne that the a-'*n*strat*5e r*ghts to the gate$ay are properly ass*gne-.
4. 7eter'*ne that the authent*cat*on 'echan*s' to s*gnon to the gate$ay *s secure-.
1. 7eter'*ne *f the conf*gurat*on para'eters for the gate$ay are properly set.
3. 7eter'*ne *f sens*t*5e -ata tra5els across the net$ork *n clear teAt.
(. Ensure that net$ork -*agnost*c tools are properly ass*gne- an- locke- up $hen
not *n use.
!. 7eter'*ne *f the &@C. agent *s ena)le- $*th*n the net$ork co'ponents.
#. Ensure that only author*+e- users can access the &@C.4s capa)*l*t*es.
,,
7II. hange ontrol
,. 7eter'*ne that proper segregat*on of -ut*es are *n place for the '*grat*on of test to
pro-uct*on
". 7eter'*ne an- e5aluate change control proce-ures for
E'ergency f*Aes
Caster 7ata
;usto' .rogra''*ng
&J8 co-e
.eopleco-e
4. 7eter'*ne $ho has the author*ty to '*grate 'o-*f*e- custo'er-ef*ne- o)?ects to
pro-uct*on
1. &a'ple so'e recent changes for your au-*t an- re5*e$ the proce-ures follo$e-.
3. I-ent*fy the arch*tecture of the change en5*ron'ent
7e5elop'ent
Jual*ty ;ontrol
.ro-uct*on
,"
7III. ontingency Planning
(. O)ta*n a copy of the -*saster reco5ery:cont*ngency plan.
,. 8e5*e$ the plan for a-e2uacy.
". E5aluate that the plan has )een recently teste-
4. Ensure that )ackup cop*es of cr*t*cal or sens*t*5e -ata *s properly protecte-.
1. 7eter'*ne *s one of the follo$*ng *s *'ple'ent to ensure syste' rel*a)*l*tyM
C*rror*ng
7upleA*ng
Fault tolerance 'ach*nes
OnL*ne 5ault*ng
7. The cont*ngency plan shoul- *nclu-e the follo$*ngM
>. Workstat*on
B. @et$ork
;. F*le &er5er
7. 7BC&
E. Interfaces
F. .rogra's
G. 7ata
7I!. 5ey 2ables
>. .&Opr7efn O.8I7s an- pass$or-s 6encrypte-9 7E&
B. .&>uthIte'
;. .&>uth&*gnon
7. .&Lock ;onta*ns a colu'n OW@E8I7
E. .&8.;&8J&T .rocess ;ontrol re2uest
F. .&O.8O;E&&O&JL Th*s ta)le an- the neAt one -ef*ne the &JL ta)les
accesse- )y each )atch report
an- access r*ghts such as &ELE;T, F.7>TE, or
7ELETE.
G. .&O.8O;E&&OTBL
7!. Audit Points
>. Both the O.E8.&W7 an- the >;;E&&.&W7 are encrypte- )y the
syste'. If the >;;E&&.&W7 *s change- through non.eople&oft tools a
user $*ll not )e a)le to log onto the syste'.
,4
7!I. Security< Audit< and ontrol of 'emote ommunications
(. O)ta*n a l*st*ng of all re'ote connect*ons attache- to the en5*ron'ent.
,. 7eter'*ne that all re'ote connect*ons enter through a secure- po*nt of entry.
". Hal*-ate the s*gnon re2u*re'ents for re'ote authent*cat*on.
". Ensure that -*rect access to .ersonal ;o'puters or F*le &er5ers *s restr*cte-
$*thout f*rst go*ng through the authent*cat*on ser5er.
1. Ensure that the authent*cat*on process -oes not go across the net$ork *n clear teAt.
3. 7eter'*ne that a log f*le recor-s all connect*ons.
!. Ensure that any hack*ng act*5*ty *s properly controlle- )y goo- authent*cat*on
controls.

7!II. 'eview 2he Interface Security And ontrol 6echanisms
(. I-ent*fy all syste' *nterfaces
,. 8e5*e$ reconc*l*at*on proce-ures *n effect to ensure that they are a-e2uate.
8ecor- counts
Total nu')er of custo'er:5en-ors processe-
Total cre-*ts
Total -e)*ts
Total a'ounts
Total 5olu'e
(. I-ent*fy the 'o-e of su)'*ss*on an- the authent*cat*on pract*ce e'ploye- to ensure
that a proper au-*t tra*l *s *n force.
,. 8e5*e$ the use of stan-ar- ut*l*t*es to transfor' *nterface- -ata *nto a .eople&oft
for'at.
". I-ent*fy any cr*t*cal or sens*t*5e -ata that *s re-un-ant to ensure that changes are
'a-e to )oth syste's *n a t*'ely fash*on.
,1
7!III. Application Support
(. 7eter'*ne the eA*stence of a 2ual*f*e- group 6or *n-*5*-ual9 -es*gnate- to support the
appl*cat*on.
,. 8e5*e$ the ?o) funct*ons state'ent an- *nter5*e$ users of the ser5*ce to -eter'*ne
the scope an- effect*5eness of the pos*t*on.
". 7eter'*ne *f re'ote $orkstat*on process*ng locat*ons are pro5*-e- $*th /hot l*ne0
consultat*on on pro)le's relat*ng to $orkstat*on har-$are an- soft$are.
4. 7eter'*ne *f all *nc*-ents an- resolut*ons are properly recor-e-.
,3