31.2 Preventing Unauthorized Access

NSS includes the following features to help prevent access to data that circumvents normal access control:

  • Encrypted volume support

    Encrypted volume support encrypts the volume, which makes data inaccessible to software that circumvents normal access control, such as if the media were stolen. It meets U.S. Government security standards. For information, see Managing Encrypted NSS Volumes.

  • Data shredding

    The Data Shredding attribute supports shredding of purged files (up to 7 times), which erases files completely. It meets the U.S. Government security standards. For information, see Section 21.3, Using Data Shredding to Prevent Access to Purged Files.

  • Multiple server access prevention for pools

    Multiple Server Activation Prevention (MSAP) ensures data integrity by preventing unauthorized access to shared media in a storage area network. For information, see Section 16.14, Preventing Pools from Activating on Multiple Servers.

  • OES Trustee model for access control

    NSS uses the OES Trustee model to greatly simplify access control management in the file system. It restricts visibility of data structures so that users only see subdirectories they have rights to see, not the whole tree like all other file systems.

    For information about the OES Trustee model and NSS file system rights, see the OES 2018: File Systems Management Guide.