HP OpenVMS Guide to System Security > Chapter 12 Security in a Network Environment

Managing Network Security

  Table of Contents

  Glossary

  Index

Networking software regulates access to the network on various levels:

  • Privileges for access to the network.

    To perform any kind of network activity, all network users must have TMPMBX and NETMBX privileges. Privileged users hold privileges in addition to TMPMBX and NETMBX.

  • Access control.

    To connect to a networked node, a user needs explicit access information, a proxy account, an application account, or a default DECnet account. (See “Hierarchy of Access Controls”.)

  • Routing initialization passwords for connecting local nodes to remote nodes over synchronous or asynchronous lines. (See “Specifying Routing Initialization Passwords”.)

Requirements for Achieving Security

There are three critical requirements for achieving security in a network environment:

  • Common security policy

    There must be a correspondence between the initiating process on the source machine and the process on the target machine that works on behalf of the initiating process (see Figure 12-1 “The Reference Monitor in a Network”). This correspondence must be managed by the two reference monitors and must be consistent with the security policy intended on the target machine (which is ultimately responsible for protecting the object). See Chapter 2 “OpenVMS Security Model”Chapter 2 for a description of the reference monitor.

  • Shared access control information

    The authorization database on the target machine must have some access authorization, such as an account or a proxy, that corresponds to the initiating process on the source machine.

  • Protected circuits, lines, terminals, and processors

    There must be a protected means of communication between the two reference monitors (source and target) so that correspondence between the local and remote subjects can be reliably established and authenticated.

Figure 12-1 The Reference Monitor in a Network

The Reference Monitor in a Network

Auditing in the Network

Security administrators can audit network activity by enabling specific event classes with the SET AUDIT command. Possible audits include:

  • Use of NCP commands. Each NCP command line is audited along with its completion status.

  • Use of privilege. In a network environment, much of this privilege use is related to the use of the OPER privilege in modifying the volatile network database.

  • Initiation and termination of connections.

    On VAX systems running DECnet for OpenVMS, each network connection results in four audits:

    1. The source node, which initiates the connection, logs the first event message.

    2. The target node, which receives the incoming initiation message, logs the second event.

    3. The third event message is logged by whichever node terminates the connection.

    4. The last event message is logged by the node where the link is terminated.

    With an incoming network connection, the auditing message has a remote user name field that identifies who initiated the connection. With outgoing logical link connections, the remote logical link identifier is always 0.