Managing Network Security

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP OpenVMS Guide to System Security

Security for the System Administrator

Security in a Network Environment

Hierarchy of Access Controls

Managing Network Security

Networking software regulates access to the network on various levels:

Privileges for access to the network.

To perform any kind of network activity, all network users must have TMPMBX and NETMBX privileges. Privileged users hold privileges in addition to TMPMBX and NETMBX.

Access control.

To connect to a networked node, a user needs explicit access information, a proxy account, an application account, or a default DECnet account. (See Hierarchy of Access Controls.)

Routing initialization passwords for connecting local nodes to remote nodes over synchronous or asynchronous lines. (See Specifying Routing Initialization Passwords.)

Requirements for Achieving Security

There are three critical requirements for achieving security in a network environment:

Common security policy

There must be a correspondence between the initiating process on the source machine and the process on the target machine that works on behalf of the initiating process (see The Reference Monitor in a Network). This correspondence must be managed by the two reference monitors and must be consistent with the security policy intended on the target machine (which is ultimately responsible for protecting the object). See OpenVMS Security ModelChapter 2 for a description of the reference monitor.

Shared access control information

The authorization database on the target machine must have some access authorization, such as an account or a proxy, that corresponds to the initiating process on the source machine.

Protected circuits, lines, terminals, and processors

There must be a protected means of communication between the two reference monitors (source and target) so that correspondence between the local and remote subjects can be reliably established and authenticated.

Figure 1 The Reference Monitor in a Network

tbs

Auditing in the Network

Security administrators can audit network activity by enabling specific event classes with the SET AUDIT command. Possible audits include:

Use of NCP commands. Each NCP command line is audited along with its completion status.

Use of privilege. In a network environment, much of this privilege use is related to the use of the OPER privilege in modifying the volatile network database.

Initiation and termination of connections.

On VAX systems running DECnet for OpenVMS, each network connection results in four audits:
1. The source node, which initiates the connection, logs the first event message.
2. The target node, which receives the incoming initiation message, logs the second event.
3. The third event message is logged by whichever node terminates the connection.
4. The last event message is logged by the node where the link is terminated.
With an incoming network connection, the auditing message has a remote user name field that identifies who initiated the connection. With outgoing logical link connections, the remote logical link identifier is always 0.

Hierarchy of Access Controls