2 Basic Demands
High Security Systems, Technical Manual
10 (20)
TAC AB, Nov 2006
04-00007-01-en
The Vista server should be configured to accept Windows user authori-
zation only. This means that Vista users defined in the TAC Vista data-
base cannot gain access to the system.
The disk volume of the Vista system and database should be formatted
as NTFS partitions, which enables files and directories to be protected
from changes in access. The TAC Vista database directories (object
database and event log database) should be protected from changes in
access by normal users, but of course be fully accessible by the account
running the TAC Vista server. An automatic function of the TAC Vista
server provides this protection.
The TAC Vista servers should be configured to perform scheduled
backup automatically. The backup files should be directed to a shared
directory on the server. The server should be scheduled to create these
backup files on a write-only medium such as a CD-ROM. A stand-alone
TAC Vista and Server can be installed on the server to view the backups
made.
TAC Vista database objects that are critical to the requirements of data
security during data logging, should be protected from being changed
by the users of TAC Vista. Only one user account should be registered
as the Owner of the TAC Vista database. No user should be given the
right to change access to TAC Vista objects. Only the owner has the
right to make changes. Protected objects should include:
•
Sensor objects in data log definitions
•
Data log definition objects
•
Event log definition object
•
Alarm objects reporting conditions on hardware involved in log-
ging data
•
Database Backup definition objects
•
Time event objects controlling automatic backup
•
Xenta outstation objects
The owner account should be protected from intrusion by using pass-
word expiration and maximum logon attempts in Windows. The server
should be set up to log invalid logon attempts.
The Vista has to be set up to create backups automatically at regular
intervals. The log database definitions in Vista have to define cyclic
logs. It is the creation of backups that secures the data. The hard disk
storing the TAC Vista database should have sufficient capacity to cover
a full cycle of all data logs and the event logs.
At least two Vista servers have to be running permanently on the net-
work. They have to be configured so that if one fails, the other sends an
alarm to a permanently manned site.
The TAC Xenta should be programmed to store eight days of data on a
rolling re-writeable cycle. The TAC Xenta is capable of storing eight
