HP OpenVMS Guide to System Security

Index

  Table of Contents

  Glossary

  Index

Symbols

$AUDIT_EVENT system service, reporting security-relevant events, Sources of Event Information
$CHECK_ACCESS system service, security auditing and, Sources of Event Information
$CHECK_PRIVILEGE system service, reporting privilege use, Sources of Event Information
$CHKPRO system service
role in access control, How the System Determines If a User Can Access a Protected Object
security auditing and, Sources of Event Information
/ACCESS qualifier in Authorize utility, Restricting Work Times
/CLITABLES qualifier, Setting Up Captive Accounts, Restricting DCL Command Usage
/EXPIRATION qualifier, Restricting Account Duration
/FLAGS=CAPTIVE qualifier, Setting Up Captive Accounts
/FLAGS=DISIMAGE qualifier, Restricting DCL Command Usage
/FLAGS=DISMAIL qualifier, New Mail Announcements
/FLAGS=DISNEWMAIL qualifier, New Mail Announcements
/FLAGS=DISPWDDIC qualifier, Screening New Passwords
/FLAGS=DISPWDHIS qualifier, Screening New Passwords
/FLAGS=DISRECONNECT qualifier, Limiting Disconnected Processes
/FLAGS=DISREPORT qualifier, Last Login Messages
/FLAGS=DISUSER qualifier, Password Protection Checklist
/FLAGS=DISWELCOME qualifier, Welcome Message
/FLAGS=GENPWD qualifier, Secondary Passwords, Generated Passwords
/FLAGS=LOCKPWD qualifier, Generated Passwords
/FLAGS=PWD_EXPIRED qualifier, Expiring Passwords
/FLAGS=RESTRICTED qualifier, Restricted Accounts
/LGICMD qualifier and captive accounts, Setting Up Captive Accounts
/LOCAL_PASSWORD qualifier, Overriding External Authentication
/PRCLM qualifier in AUTHORIZE, Qualifiers Required to Define Captive Accounts
/PRIMEDAYS qualifier, example, Restricting Work Times
/PWDLIFETIME qualifier, Expiring Passwords
/PWDMINIMUM qualifier, Requiring a Minimum Password Length

A

Access
auditing of processes, Kinds of System Activity the Operating System Can Report
BYPASS privilege, How the System Determines If a User Can Access a Protected Object
class-specific overrides, How the System Determines If a User Can Access a Protected Object
denying, Enhancing Protection for Sensitive Objects
how the system determines, How the System Determines If a User Can Access a Protected Object
object-oriented, Authorization Database Represented as an Access Matrix
performance impact of auditing, Considering the Performance Impact
privileges bypassing ACLs, How Privileges Affect Protection Mechanisms
privileges bypassing protection codes, How Privileges Affect Protection Mechanisms
subject-oriented, Authorization Database Represented as an Access Matrix
through ACLs, Granting Access to Particular Users
through GRPPRV privilege, How the System Determines If a User Can Access a Protected Object
through protection codes, Protection Code
through READALL privilege, How the System Determines If a User Can Access a Protected Object
through SYSPRV privilege, How the System Determines If a User Can Access a Protected Object
to deleted file data, Accessibility of Data in a File
Access categories, Controlling Access with Protection Codes
Access control
ACE order, importance of, Ordering ACEs Within a List
assigning file defaults, Establishing an Inheritance Scheme for Files
bypassing ACLs, Understanding Privileges and Control Access
bypassing protection codes, Understanding Privileges and Control Access
comparing security profiles, Contents of a User's Security Profile
controlling in network environment, Setting Up a Proxy Database
default application account, Hierarchy of Access Controls
default for inbound connection, Using Default Application Accounts
denying a class of users, Conditionalizing Identifiers for Different Users
denying access through an ACL, Preventing Users from Accessing an Object
evaluating a user's access request, How the System Determines If a User Can Access a Protected Object
explicit, Hierarchy of Access Controls
for a network, Hierarchy of Access Controls
for applications, Using Default Application Accounts
for connections, Hierarchy of Access Controls
for protected objects, Protecting Data
Identifier ACEs and, Granting Access to Particular Users
in a network environment, Managing Network Security
limited-access accounts, Assigning Appropriate Accounts to Users
limiting access to an environment, Types of Identifiers, Limiting Access to an Environment
limiting device access, Limiting Access to a Device
limiting logins, Defining Times and Conditions for System Access
matrix, Authorization Database Represented as an Access Matrix
object security profiles, Security Profile of Objects
object-specific considerations, Object-Specific Access Considerations
protection code processing rules, How the System Determines If a User Can Access a Protected Object
protection code user categories, Protection Code
proxy, Hierarchy of Access Controls, Using Proxy Logins
routing initialization passwords, Specifying Routing Initialization Passwords
through ACLs, Controlling Access with ACLs, Ordering ACEs Within a List
using Identifier ACEs, Using Identifier Access Control Entries (ACEs), Establishing an Inheritance Scheme for Files
using the NCP, Using Explicit Access Control
with Identifier ACEs, Using Identifier Access Control Entries (ACEs), Establishing an Inheritance Scheme for Files
Access control strings, Protecting Information in Access Control Strings, Using Explicit Access Control
command procedures and, Protecting Information in Access Control Strings
exposing password in, Guidelines for Protecting Your Password
protecting information in, Protecting Information in Access Control Strings
secondary passwords with, Secondary Passwords
Access requirements
allocating devices, Access Requirements for I/O Operations
capability object, Types of Access
common event flag clusters, Types of Access
directories, Access Requirements
file-oriented devices, Access Requirements for I/O Operations
files, Access Requirements
global sections, Types of Access
I/O channel, Access Requirements for I/O Operations
logical name tables, Types of Access
non-file-oriented devices, Access Requirements for I/O Operations
queues, Types of Access
resource domains, Types of Access
security class objects, Types of Access
shareable devices, Access Requirements for I/O Operations
spooled devices, Access Requirements for I/O Operations
unshareable devices, Access Requirements for I/O Operations
volumes, Access Requirements for I/O Operations
Access types
abbreviations of, Format of a Protection Code
ACLs, Establishing an Inheritance Scheme for Files
associate, Types of Access
capability class, Types of Access
class-dependency of, Types of Access in a Protection Code
common event flag clusters, Types of Access
control, Types of Access in a Protection Code, Types of Access
files, Types of Access
objects in general, Using Control Access to Modify an Object Profile
create
logical name tables, Types of Access
volumes, Types of Access
delete
common event flag clusters, Types of Access
files, Types of Access
logical name tables, Types of Access
queues, Types of Access
volumes, Types of Access
directories, Types of Access
execute
files, Types of Access
global sections, Types of Access
files, Types of Access
global sections, Types of Access
lock, Types of Access
logical I/O, Types of Access
logical name tables, Types of Access
manage, Types of Access
physical I/O, Types of Access
protection codes and, Format of a Protection Code, Types of Access in a Protection Code
queues, Types of Access
read
devices, Types of Access
files, Types of Access
global sections, Types of Access
logical name tables, Types of Access
queues, Types of Access
resource domains, Types of Access
security class, Types of Access
volumes, Types of Access
resource domains, Types of Access
security audit and, Additional Events to Audit
security class, Types of Access
shared devices, Types of Access
submit, Types of Access
unshared devices, Types of Access
volumes, Types of Access
write
devices, Types of Access
files, Types of Access, Access Requirements
global section, Types of Access
logical name tables, Types of Access
resource domains, Types of Access
security class, Types of Access
volumes, Types of Access
Accounting logs
as security tool, System Accounting
Accounting logs as security tool, System Accounting
Accounts
accessing after password expires, Changing an Expired Password
application, Hierarchy of Access Controls
auditing access, Auditing Access to Your Account and Files
captive, Types of System Accounts
DECNET account, removing, Removing Default DECnet Access to the System
designing secure accounts, Training the New User, Assigning Appropriate Accounts to Users
disabling with DISUSER flag, Disabling Accounts
disguising identity, Security Auditing
expiration, Password and Account Expiration Times, Renewing an Expired Account
first login, Obtaining Your Initial Password
group, Keeping Individuals Accountable
guest, Guest Accounts, Keeping Individuals Accountable
initial password, Obtaining Your Initial Password
interactive, Types of System Accounts
limited-access, Types of System Accounts
network objects, Configuring Network Objects Manually
open, Password Requirements for Different Types of Accounts
password expiration and, Changing an Expired Password
password requirements for, Password Requirements for Different Types of Accounts
passwords for multiple, Guidelines for Protecting Your Password
privileged, Privileged Accounts
project, Setting Defaults for a Directory Owned by a Resource Identifier, Setting Up the Directory of a Resource Identifier
proxies for groups, Keeping Individuals Accountable
proxy, Proxy Accounts
renewing expired, Renewing an Expired Account
restricted, Password Requirements for Different Types of Accounts, Types of System Accounts
secondary password, Types of Passwords
setting duration of, Restricting Account Duration
setting up to use project identifiers, Setting Up the Resource Identifier
types of, Password Requirements for Different Types of Accounts, Types of System Accounts
user passwords for, Knowing What Type of Password to Use
ACE attributes
Default, Establishing an Inheritance Scheme for Files
Hidden, Displaying ACLs
None, Preventing Users from Accessing an Object, Limiting Access to a Device
Nopropagate, Copying an ACL, Restoring a File's Default Security Profile
Protected, Deleting an ACL, Copying an ACL, Restoring a File's Default Security Profile
ACEs (access control entries)
adding, Adding ACEs to an Existing ACL
Alarm ACEs, Adding Security-Auditing ACEs, Attaching a Security-Auditing ACE
Audit ACEs, Adding Security-Auditing ACEs, Attaching a Security-Auditing ACE
creating, Using Identifier Access Control Entries (ACEs)
Creator ACEs, Rules for Assigning a Protection Code and ACL, Resource Attribute, Setting Up the ACL
Default Protection ACEs, Providing a Default Protection Code for a Directory Structure
deleting, Deleting ACEs from an ACL
generating audit event messages, Ways to Generate Audit Information
inserting in a list, Adding ACEs to an Existing ACL
order of, How the System Determines If a User Can Access a Protected Object, Ordering ACEs Within a List, Adding ACEs to an Existing ACL
replacing, Replacing Part of an ACL
security auditing, Adding ACEs to an Existing ACL
sensitive files and, Adding Access Control Entries to Sensitive Files
Subsystem ACEs, Customizing Identifiers
subsystem ACEs, System Management Requirements, Building the Subsystem, Enabling Protected Subsystems on a Trusted Volume
types of, Using Identifier Access Control Entries (ACEs)
ACL editor
displaying ACLs, Access Control List (ACL)
modifying ACLs, Adding ACEs to an Existing ACL
ACLs (access control lists), Access Control List (ACL), Controlling Access with ACLs, Setting Defaults for a Directory Owned by a Resource Identifier
ACE order, How the System Determines If a User Can Access a Protected Object, Ordering ACEs Within a List, Adding ACEs to an Existing ACL
alarms generated by, Alarm Messages
assigning by default to new files, Establishing an Inheritance Scheme for Files
auditing in C2 systems, Managing the Auditing Trail
bypassing with special rights, Understanding Privileges and Control Access
copying, Copying an ACL
creating, Using Identifier Access Control Entries (ACEs)
deleting, Deleting an ACL
deleting obsolete identifiers, Removing Identifiers
designing, Designing ACLs
disadvantages of, Designing ACLs
displaying, Access Control List (ACL), Displaying ACLs
effect of privileges, How the System Determines If a User Can Access a Protected Object
effect on performance, Designing ACLs
granting access, Granting Access to Particular Users
interaction with protection codes, Enhancing Protection for Sensitive Objects
management overview, Naming Individual Users in ACLs
modifying, Adding ACEs to an Existing ACL
network file sharing, Setting Up Accounts for Local and Remote Users
priority in access evaluation, How the System Determines If a User Can Access a Protected Object
protection codes and, Preventing Users from Accessing an Object
queue access rights, Types of Access
reordering entries, Adding ACEs to an Existing ACL
replacing ACEs, Replacing Part of an ACL
restoring default ACL, Restoring a File's Default ACL
restoring file default, Restoring a File's Default Security Profile
security element of an object, Contents of an Object's Profile
setting file protection, Controlling File Access, Setting Up the ACL
system program files, Restricting DCL Command Usage
ACME agent ordering, ACME Agent Ordering
ACME agents, ACME Subsystem Overview
ACME subsystem, Authentication and Credentials Management Extensions (ACME) Subsystem
ACME_SERVER process, ACME Subsystem Overview
ACNT privilege, ACNT Privilege (Devour)
ADD/IDENTIFIER command in Authorize utility, Restoring the Rights Database
ADD/PROXY command in Authorize utility, Procedure for Creating a Proxy Account, Setting Up Accounts for Local and Remote Users
Alarm ACEs, Adding Security-Auditing ACEs
how to use, Attaching a Security-Auditing ACE
position in ACL, Displaying ACLs
Alarm messages, Alarm Messages
ACL event, Alarm Messages
authorization database modification, Alarm Messages
break-in event, Alarm Messages
INSTALL event, Alarm Messages
login, Alarm Messages
login failure, Alarm Messages
logout, Alarm Messages
network connection, Alarm Messages
object access event, Alarm Messages
object creation, Alarm Messages
object deaccess, Alarm Messages
object deletion, Alarm Messages
privilege use, Alarm Messages
process control event, Alarm Messages
SET AUDIT use, Alarm Messages
system parameter modification, Alarm Messages
time modification, Alarm Messages
volume mount/dismount, Alarm Messages
Alarms
enabling for security, Asking Your Security Administrator to Enable Auditing
ALF (automatic login facility), Providing Automatic Login
Autologin account as security problem, Automatic Login Accounts
AUTOLOGIN flag, Automatic Login Accounts
C2 systems and, Keeping Individuals Accountable
cluster requirements for ALF files, Synchronizing Authorization Data
ALLSPOOL privilege, ALLSPOOL Privilege (Devour)
Alphanumeric UICs, Format of a UIC
ALTPRI privilege, ALTPRI Privilege (System)
ANALYZE/AUDIT command, Invoking the Audit Analysis Utility
qualifier summary, Providing Report Specifications
Announcement messages, Entering a System Password, Local Login Messages
security disadvantages, Announcement Message
APPEND command, /PROTECTION qualifier, Adjusting Protection Defaults
Applications, setting access control, Using Default Application Accounts
Archive files
analyzing security-relevant events, Using a Remote Log File
enabling remote, Using a Remote Log File
for security event messages, Using a Remote Log File
Archive flush, Adjusting the Transfer of Messages to Disk
ASCII output from Audit Analysis utility, Providing Report Specifications
Associate access, Types of Access
Asynchronous connection, dynamic, Establishing a Dynamic Asynchronous Connection
Asynchronous DDCMP driver, Establishing a Dynamic Asynchronous Connection
Attacks, types of system, Forms of System Attacks
Audit ACEs, Adding Security-Auditing ACEs
how to use, Attaching a Security-Auditing ACE
Audit Analysis utility (ANALYZE/AUDIT), Security Auditing, Using a Remote Log File, Examining the Report
analyzing archive files, Using a Remote Log File
ASCII output from, Providing Report Specifications
binary output from, Providing Report Specifications
determining criteria of the analysis, Examining the Report
example, Examining the Report
generating daily reports, Recommended Procedure
interactive commands, Using the Audit Analysis Utility Interactively
invoking, Invoking the Audit Analysis Utility
overview, Analyzing a Log File
prerequisites, Recommended Procedure
report formats, Qualifiers for the Audit Analysis Utility
types of output, Providing Report Specifications
when to ignore events, Recommended Procedure
Audit listener mailboxes
capturing audit event messages, Using a Listener Mailbox
disabling, Using a Listener Mailbox
example of programs for, Using a Listener Mailbox
AUDIT privilege, AUDIT Privilege (System)
Audit server databases, Tasks Performed by the Audit Server
Audit server processes
changing disk transfer rate, Adjusting the Transfer of Messages to Disk
controlling message flow, Choosing the Number of Outstanding Messages That Trigger Process Suspension
delaying delivery of event messages, Changing the Point in Startup When the Operating System Initiates Auditing
disabling, Disabling and Reenabling Startup of the Audit Server
enabling, Disabling and Reenabling Startup of the Audit Server
error handling, Allocating Disk Space for the Audit Log File, Error Handling in the Auditing Facility
final server action, Reacting to Insufficient Memory
managing, Managing the Auditing Subsystem
memory limitations and, Reacting to Insufficient Memory
pre-extending log files, Allocating Disk Space for the Audit Log File
tasks performed by, Tasks Performed by the Audit Server
Audit trails
in security models, Reference Monitor Concept
Auditing
applications, Security Auditing
as security feature, Security Auditing
of security events, Security Auditing
Authentication and credentials management extensions (ACME), Authentication and Credentials Management Extensions (ACME) Subsystem
Authentication cards, Authentication Cards
C2 system requirements, Physical Security
Authentication, external, Enabling External Authentication
Authority-based systems, Authorization Database Represented as an Access Matrix
Authorization databases, Authorization Database, Authorization Database Represented as an Access Matrix
access matrix, Authorization Database Represented as an Access Matrix
adding users, Assigning Appropriate Accounts to Users
auditing, Auditing Categories of Activity
auditing modifications to, Kinds of System Activity the Operating System Can Report
contents, Reference Monitor Concept
synchronizing authorization on clustered systems, Synchronizing Authorization Data
Authorize utility (AUTHORIZE)
/GENERATE_PASSWORD qualifier, Primary Passwords
ADD/FLAG command, Enabling External Authentication
ADD/IDENTIFIER command, Restoring the Rights Database, Setting Up the Resource Identifier
ADD/PROXY command, Procedure for Creating a Proxy Account, Setting Up Accounts for Local and Remote Users
CREATE/PROXY command, Procedure for Creating a Proxy Account
CREATE/RIGHTS command, Populating the Rights Database
EXTAUTH flag, Enabling External Authentication
GRANT/IDENTIFIER command, Assigning Identifiers to Users, Setting Up the Resource Identifier
MODIFY/FLAG command, Enabling External Authentication
MODIFY/SYSTEM_PASSWORD command, System Passwords
REMOVE/IDENTIFIER command, Removing Identifiers
SHOW/IDENTIFIER command, Displaying the Database
SHOW/RIGHTS command, Displaying the Database
Autodial protocol, Establishing a Dynamic Asynchronous Connection
Automatic password generation, Selecting Your Own Password, Using Generated Passwords
disadvantages, Using Generated Passwords
example, Using Generated Passwords
minimum length, Using Generated Passwords

B

Backup operations
general recommendations, Protecting Backup Media
performed from captive privileged account, Privileged Accounts
Backup utility (BACKUP)
general recommendations, Protecting Backup Media
performed from captive privileged account, Privileged Accounts
Batch identifiers, Major Types of Rights Identifiers
Batch jobs
affected by shift restrictions, Using an Account Restricted to Certain Days and Times
authorization, When the System Logs In for You: Network and Batch Logins
password protection and cardreaders, Guidelines for Protecting Your Password
Batch logins, When the System Logs In for You: Network and Batch Logins
Binary output from Audit Analysis utility, Providing Report Specifications
Break key and secure servers, Using the Secure Server
Break-in alarms, Alarm Messages
Break-in attempts, Types of Computer Security Problems, Failing to Enter the Correct Password During a Dialup Login
auditing, Auditing Categories of Activity, Kinds of System Activity the Operating System Can Report
counteraction through dual passwords, Secondary Passwords
detecting, Detecting Intruders, Setting the Exclusion Period
evading, Knowing When Break-In Evasion Procedures Are in Effect
security audit report and, Examining the Report
BUGCHK privilege, BUGCHK Privilege (Devour)
Buses, default security elements, Template Profile
BYPASS privilege
description, BYPASS Privilege (All)
effect on control access, Using Control Access to Modify an Object Profile
overriding access controls, How the System Determines If a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms

C

C2 environments, Running an OpenVMS System in a C2 Environment
C2 security systems, Definition of the C2 Environment, Checklist for Generating a C2 System
C2 security, systems
checklist for generating, Checklist for Generating a C2 System
criteria, Definition of the C2 Environment
documentation, Documentation
object protection and, Protecting Objects
physical security requirements, Physical Security
software not included, Software in the TCB
system parameters, Starting Up and Operating the System
system startup, Starting Up and Operating the System
Capability objects
as protected objects, Classes of Protected Objects
elements of, Capabilities
reestablishing profile, Permanence of the Object
template profile, Template Profile
types of access, Types of Access
Capability-based systems, Authorization Database Represented as an Access Matrix
Captive accounts, Password Requirements for Different Types of Accounts, Interactive Accounts
command procedures, Guidelines for Captive Command Procedures
Ctrl/Y key sequence and, Captive Accounts
disabling mail and notification of delivery, New Mail Announcements
example of production account, Limited-Account Example
locked passwords and, Qualifiers Required to Define Captive Accounts
when to use, Types of System Accounts
Card readers, default security elements, Template Profile
Case sensitivity
in passwords and user names, Case Sensitivity in Passwords and User Names
CDSA, Common Data Security Architecture (CDSA)
Cluster environments
building single security domain, Building a Common Environment
C2 system restrictions, Configuring Clusters
managing audit log file, Managing the Audit Log File
protected object databases, Storing Profiles and Auditing Information
protected objects, Protecting Objects
security considerations, Securing a Cluster
security implementation, Using the System Management Utility
synchronizing authorization data, Synchronizing Authorization Data
SYSMAN requirements, Using the System Management Utility
system file recommendations, Recommended Common System Files
system file requirements, Required Common System Files
Cluster managers and security administrators, Securing a Cluster
CLUSTER_AUTHORIZE.DAT files, Managing Cluster Membership
Clusterwide intrusion detection, Clusterwide Intrusion Detection
CMEXEC privilege, CMEXEC Privilege (All)
CMKRNL privilege, CMKRNL Privilege (All)
Command mode for Audit Analysis utility, manipulating the display, Using the Audit Analysis Utility Interactively
Command procedures
access control strings in, Protecting Information in Access Control Strings
STARTNET.COM, Establishing a Dynamic Asynchronous Connection
SYSTARTUP_VMS.COM, Establishing a Dynamic Asynchronous Connection
Commands, usage restrictions, Restricting DCL Command Usage
Common Data Security Architecture (CDSA), Common Data Security Architecture (CDSA)
Common event flag clusters
as protected objects, Classes of Protected Objects
events audited, Kinds of Auditing Performed
privilege requirements, Privilege Requirements
reestablishing security profile, Permanence of the Object
security elements of, Common Event Flag Clusters
system modifications of templates, Template Profile
template profile, Template Profile
types of access to, Types of Access
Communications devices
C2 system requirements, Physical Security
default security elements, Template Profile
Compilers, restricting use with ACLs, Protecting System Files
Confidential files, security auditing and, Adding Access Control Entries to Sensitive Files
CONNECT command, /LOGOUT qualifier, Removing Disconnected Processes
Connections
auditing, Kinds of System Activity the Operating System Can Report
Connections, auditing of, Kinds of System Activity the Operating System Can Report
Console terminals
C2 system requirements, Physical Security
C2 systems and, Starting Up and Operating the System
HSC and C2 system requirements, Physical Security
Consoles, enabling passwords for, Console Passwords
Control access
acquiring, Access Required to Modify a Profile, Types of Access in a Protection Code, Using Control Access to Modify an Object Profile
common event flag clusters, Types of Access
devices, Types of Access
files, Types of Access
global sections, Types of Access
limitations, Using Control Access to Modify an Object Profile
logical name tables, Types of Access
queues, Types of Access
resource domains, Types of Access
security class, Types of Access
volumes, Types of Access
COPY command
/PROTECTION qualifier, Adjusting Protection Defaults
security profile assigned, Using the COPY and RENAME Commands
Create access
logical name tables, Types of Access
volumes, Types of Access
CREATE/PROXY command in Authorize utility, Procedure for Creating a Proxy Account
CREATE/RIGHTS command in Authorize utility, Populating the Rights Database
Creator ACEs, Rules for Assigning a Protection Code and ACL
example, Setting Up the ACL
with resource identifiers, Resource Attribute
Ctrl/B key sequence, Protecting Information in Access Control Strings
Ctrl/Y key sequence and restricted accounts, Restricted Accounts

D

Database
volatile network, Establishing a Dynamic Asynchronous Connection
Databases
authorization, Authorization Database, Authorization Database Represented as an Access Matrix
protected objects, Storing Profiles and Auditing Information
rights, Displaying the Database
synchronizing authorization on clustered systems, Synchronizing Authorization Data
volatile network, Establishing a Dynamic Asynchronous Connection
DBG$ENABLE_SERVER identifier
C2 system restriction, Keeping Individuals Accountable
DCL commands
SET HOST/DTE in network operations, Establishing a Dynamic Asynchronous Connection
SET TERMINAL in network operations, Establishing a Dynamic Asynchronous Connection
DCL tables, modifications for security, Restricting DCL Command Usage
DDCMP (Digital Data Communications Message Protocol)
asynchronous driver, Establishing a Dynamic Asynchronous Connection
Debug server identifier, C2 system restriction, Keeping Individuals Accountable
DECamds
software not in C2 evaluation, Software Not Included in the C2-Evaluated System
DECamds, software not in C2 evaluation, Software Not Included in the C2-Evaluated System
DECdns (Digital Distributed Name Service)
not in C2 evaluation, Software Not Included in the C2-Evaluated System
DECdns distributed name service, not in C2 evaluation, Software Not Included in the C2-Evaluated System
DECnet
C2 system restrictions, Configuring Clusters
cluster nodes and, Using DECnet Between Cluster Nodes
dynamic asynchronous connection, Establishing a Dynamic Asynchronous Connection
INBOUND parameter, Establishing a Dynamic Asynchronous Connection
installing dynamic asynchronous connection, Establishing a Dynamic Asynchronous Connection
network objects, Configuring Network Objects Manually
nonprivileged user name, Using DECnet Application (Object) Accounts
receive password, Establishing a Dynamic Asynchronous Connection
receive passwords, Establishing a Dynamic Asynchronous Connection
removing, Removing Default DECnet Access to the System
transmit password, Establishing a Dynamic Asynchronous Connection
transmit passwords, Establishing a Dynamic Asynchronous Connection
DECnet-Plus for OpenVMS
full names
not in C2 evaluation, Software Not Included in the C2-Evaluated System
DECnet-Plus for OpenVMS, full names not in C2 evaluation, Software Not Included in the C2-Evaluated System
Decryption, Encrypting Files
DECwindows screens, clearing, Using Generated Passwords, Protecting Information in Access Control Strings, Clearing Your Terminal Screen
DECwindows software
not in C2 evaluation, Software Not Included in the C2-Evaluated System
DECwindows software, not in C2 evaluation, Software Not Included in the C2-Evaluated System
Default attribute for ACEs, Establishing an Inheritance Scheme for Files
Default ownership
for directories, Setting Up the ACL
for files, Controlling File Access
for protected objects, Setting Default Protection and Ownership, Setting Defaults for Objects Other Than Files
Default protection
Alpha system files, Protecting System Files
for directories, Rules for Assigning a Protection Code and ACL
for files, Rules for Assigning a Protection Code and ACL
for processes, Controlling File Access, Adjusting Protection Defaults
for system files, Protection for OpenVMS System Files
management, Setting Default Protection and Ownership
Default Protection ACEs, Providing a Default Protection Code for a Directory Structure, Controlling File Access, Adjusting Protection Defaults
examples, Admitting Remote Users to Multiple Accounts
generating default file protection, Rules for Assigning a Protection Code and ACL
Delete access
common event flag clusters, Types of Access
files, Types of Access
granting through protection codes, Format of a Protection Code
logical name tables, Types of Access
queues
through ACLs, Types of Access
through protection codes, Types of Access
volumes, Types of Access
DELETE command, /ERASE qualifier, Overwriting Disk Blocks
DETACH privilege, IMPERSONATE Privilege (All) (Formerly DETACH)
Devices
access requirements, Access Requirements for I/O Operations
as protected objects, Classes of Protected Objects
controlling access through ACLs, Limiting Access to a Device
default security elements, Template Profile
events audited, Kinds of Auditing Performed
modifying security profiles of, Setting Up Profiles for New Devices
privilege requirements, Privilege Requirements
profile storage, Permanence of the Object
protecting BACKUP save sets, Protecting a Backup Save Set
reusing in C2 systems, Reusing Objects
security elements of, Devices
spooled, access requirements, Access Requirements for I/O Operations
template security profiles, Template Profile
terminal configuration, Configuring Terminal Lines for Modems
DIAGNOSE privilege, DIAGNOSE Privilege (Objects)
Dialup identifiers, Major Types of Rights Identifiers
Dialup lines
connection security, Establishing a Dynamic Asynchronous Connection
controlling access to, Types of Passwords
using for dynamic asynchronous connection, Establishing a Dynamic Asynchronous Connection
using in a public area, Breaking the Connection to a Dialup Line
Dialup logins, Logging In Interactively: Local, Dialup, and Remote Logins
breaking connections, Breaking the Connection to a Dialup Line
controlling retries, Last Login Messages
failures, Failing to Enter the Correct Password During a Dialup Login
retries, Failing to Enter the Correct Password During a Dialup Login
Directories
access control through ACLs, Ordering ACEs Within a List
access requirements, Types of Access, Access Requirements
assigning a security profile, Rules for Assigning a Protection Code and ACL
controlling access to files, Establishing an Inheritance Scheme for Files, Controlling File Access
creating, Creation Requirements
events audited, Kinds of Auditing Performed
ownership
by resource identifier, Setting Up the Directory of a Resource Identifier
changing access to files, Controlling File Access
setting default, Controlling File Access
setting default file protection, Establishing an Inheritance Scheme for Files
setting file protection, Controlling File Access
DIRECTORY command
/SECURITY qualifier, Suggestions for Optimizing File Security
DIRECTORY command, /SECURITY qualifier, Suggestions for Optimizing File Security
Disconnected job messages, Local Login Messages
Discretionary access controls, GRPNAM Privilege (Devour), SYSNAM Privilege (All)
DISFORCE_PWD_CHANGE flag, Enforcing Change of Expired Password
Disk quotas
as restriction for users, Restricting Disk Volumes
charging to identifiers, Resource Attribute
Disk scavenging
discouraging, Protecting Disks
preventing, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blocks
Disk space
charging to identifier, Setting Up the Resource Identifier
requirements for security audit log file, Allocating Disk Space for the Audit Log File
usage and charging, Resource Attribute
Disk volumes
controlling access, Volumes
protecting, Volumes
restrictions, Restricting Disk Volumes
Disks
accessing deleted data, Accessibility of Data in a File
changing message transfer rate, Adjusting the Transfer of Messages to Disk
default security elements, Template Profile
erase-on-allocate, Protecting Information When Disk Space Is Reassigned, Setting a High-water Mark
erasing, Setting a High-water Mark, Erasing Techniques
erasure patterns, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blocks
high-water marking, Protecting Information When Disk Space Is Reassigned, Setting a High-water Mark
managing security profiles, Setting Up Profiles for New Devices
protecting
after file deletion, Protecting Information When Disk Space Is Reassigned
protecting after file deletion, Protecting Information When Disk Space Is Reassigned
DISMOUNT command, alarms, Alarm Messages
DOWNGRADE privilege, DOWNGRADE Privilege (All)
DSE (data security erase)
tailoring, Erasing Techniques
Dual passwords, Secondary Passwords
Dynamic asynchronous connections
automatic switching of terminal line, Establishing a Dynamic Asynchronous Connection
connection example, Establishing a Dynamic Asynchronous Connection
manual switching of terminal line, Establishing a Dynamic Asynchronous Connection
passwords for, Establishing a Dynamic Asynchronous Connection
procedure for establishing, Establishing a Dynamic Asynchronous Connection
security, Establishing a Dynamic Asynchronous Connection
switching of terminal line, Establishing a Dynamic Asynchronous Connection
terminating the link, Establishing a Dynamic Asynchronous Connection
verifier, Specifying Routing Initialization Passwords
Dynamic attribute for identifiers, Dynamic Attribute
Dynamic attributes
for identifiers, Dynamic Attribute

E

Echoing, passwords and, Entering a System Password
Editing ACLs, Adding ACEs to an Existing ACL, Copying an ACL
Emergency accounts and privileges, Limiting User Privileges
Emulator
terminal, Establishing a Dynamic Asynchronous Connection
Encryption, Encrypting Files
Environmental factors in security, Building a Secure System Environment
Environmental identifiers, Conditionalizing Identifiers for Different Users
conditionalizing general identifiers, Conditionalizing Identifiers for Different Users
example, Types of Identifiers, Displaying the Rights Identifiers of Your Process, Ordering ACEs Within a List
Identifier ACEs and, Limiting Access to an Environment
Erase-on-allocate, Protecting Information When Disk Space Is Reassigned, Setting a High-water Mark
Erase-on-delete, Overwriting Disk Blocks, Erasing Techniques
C2 systems and, Reusing Objects
Erasing disks, Erasing Techniques
Erasure patterns, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blocks, Erasing Techniques
Event tolerance and security levels, Levels of Security Requirements
Execute access
files, Types of Access
global sections, Types of Access
granting through protection codes, Format of a Protection Code
Expiration
of account, Renewing an Expired Account
of password, Changing an Expired Password, Primary Passwords
of secondary password, Changing an Expired Password
password system messages, Changing Your Password As You Log In, Changing an Expired Password
Expired passwords, system message, Changing Your Password As You Log In
EXQUOTA privilege, EXQUOTA Privilege (Devour)
EXTAUTH flag, Enabling External Authentication
External authentication, Enabling External Authentication
DECnet-Plus and NET_CALLOUTs parameter, Specifying the SYS$SINGLE_SIGNON Logical Name Bits
DECnet-Plus requirement, Specifying the SYS$SINGLE_SIGNON Logical Name Bits
defining logical names, Enabling External Authentication
disabling when network is down, Overriding External Authentication
failed connection attempts on POP server, Specifying the SYS$SINGLE_SIGNON Logical Name Bits
impact on layered products and applications, Impact on Layered Products and Applications
marking user accounts, Enabling External Authentication
NET PASSWORD command, Setting a New Password
password verification, User Name Mapping and Password Verification
setting a password, Setting a New Password
specifying SYS$SINGLE_SIGNON logical name bits, Specifying the SYS$SINGLE_SIGNON Logical Name Bits
using the /LOCAL_PASSWORD qualifier, Overriding External Authentication

F

F$MODE lexical function, Types of Logins and Login Classes
Facility identifiers, Types of Identifiers
FAL (file access listener) recommendations, Summary of Network Objects
File browsers, Asking Your Security Administrator to Enable Auditing, Security Auditing, Identifying the Perpetrator
File protection, Contents of an Object's Profile, Files, Controlling File Access
auditing, Security Auditing
C2 systems, Protecting Files
DCL commands for, Protecting System Files
setting default ACLs, Establishing an Inheritance Scheme for Files
Files
access control through ACLs, Ordering ACEs Within a List
access requirements, Types of Access, Access Requirements
accessing
allocated disk blocks, Accessibility of Data in a File
by file identifier, Access Requirements
adding ACEs for security auditing, Adding Access Control Entries to Sensitive Files, Adding Security-Auditing ACEs
applying an alarm to, Adding Access Control Entries to Sensitive Files
as protected objects, Classes of Protected Objects
assigning protection codes, Rules for Assigning a Protection Code and ACL
assigning security profiles, Profile Assignment, Rules for Assigning a Protection Code and ACL, Controlling File Access
auditing access to, Auditing Access to Your Account and Files, Adding Access Control Entries to Sensitive Files, Auditing Protected Objects
changing security profiles, Rules for Assigning a Protection Code and ACL
confidential, protecting, Asking Your Security Administrator to Enable Auditing
controlling access with Identifier ACEs, Using Identifier Access Control Entries (ACEs)
copying
from remote account, Using Proxy Login Accounts to Protect Passwords
creating
dependency on directory ownership, Controlling File Access
requirements for, Creation Requirements
default protection, Providing a Default Protection Code for a Directory Structure
encrypting, Encrypting Files
erasing data from disks, Overwriting Disk Blocks
events audited, Kinds of Auditing Performed
exceptions to ownership rules, Owner
managing directory defaults, Setting Up the ACL
naming rules, Naming Rules
optimizing security, Suggestions for Optimizing File Security
owned by resource identifier, Rules for Assigning a Protection Code and ACL, Setting Up the ACL
ownership rules, Rules for Assigning Ownership
protecting data after deletion, Protecting Information When Disk Space Is Reassigned
protecting mail, Suggestions for Optimizing File Security
protection required for proxy access, Using Proxy Login Accounts to Protect Passwords
restoring default security elements, Restoring a File's Default ACL
restoring default security profiles, Restoring a File's Default Security Profile
security auditing and, Adding Access Control Entries to Sensitive Files, Kinds of Auditing Performed
security elements of, Files
setting default protection and ownership, Controlling File Access
sharing and exchanging in network environment, Sharing Files in a Network, Admitting Remote Users to Multiple Accounts
sharing for a cluster system, Synchronizing Authorization Data
transfers with MAIL, Sharing Files in a Network
Flush interval, Adjusting the Transfer of Messages to Disk
Flushing messages to disk, Adjusting the Transfer of Messages to Disk
Foreign volumes, access requirements, Access Requirements for I/O Operations
Formats
Identifier ACE, Using Identifier Access Control Entries (ACEs)
protection code, Controlling Access with Protection Codes
rights identifiers, Types of Identifiers
security-auditing ACE, Access Control Entries (ACEs) for Security Auditing
UIC (user identification code), Format of a UIC
FYDRIVER, C2 systems and, Starting Up and Operating the System

G

General identifiers, Granting Access to Particular Users
design considerations, Naming Individual Users in ACLs
example, Displaying the Rights Identifiers of Your Process, Ordering ACEs Within a List
format, Major Types of Rights Identifiers
Generated passwords, Using Generated Passwords
disadvantages, Using Generated Passwords
example, Using Generated Passwords
initial passwords, Primary Passwords
length, Requiring a Minimum Password Length
minimum length, Using Generated Passwords
requiring, Secondary Passwords, History Lists
Global sections
default protection, Protecting Objects
events audited, Kinds of Auditing Performed
group, Classes of Protected Objects
privilege requirements, Privilege Requirements
reestablishing security profile, Permanence of the Object
restricting access, Template Profile
security elements of, Global Sections
system, Classes of Protected Objects
template profiles, Template Profile
types of access, Types of Access
Group accounts, C2 systems and, Keeping Individuals Accountable
Group numbers
in UICs, Format of a UIC
reserved UICs, Format of a UIC
uniqueness requirement for clustered systems, Synchronizing Authorization Data
Group numbers and passwords, Managing Cluster Membership
Group numbers and passwords, setting up for cluster, Managing Cluster Membership
GROUP privilege, GROUP Privilege (Group)
Group UIC names, Format of a UIC
Group users (security category), Protection Code, Format of a Protection Code
Groups
design of, Displaying the Database
guidelines for organization, Designing User Groups
UIC design, Designing User Groups
GRPNAM privilege, Privilege Requirements, GRPNAM Privilege (Devour), Privileges for Untrusted Users
GRPPRV privilege, GRPPRV Privilege (Group)
description, GRPPRV Privilege (Group)
effect on protection mechanisms, How Privileges Affect Protection Mechanisms
giving rights of system user, How the System Determines If a User Can Access a Protected Object, Format of a Protection Code
granting control access, How Privileges Affect Protection Mechanisms
trusted users and, Privileges for Trusted Users
Guest accounts
as limited-access accounts, Guest Accounts
C2 systems and, Keeping Individuals Accountable

H

Hardcopy output
disposal of, Disposing of Hardcopy Output
Hardcopy terminals, logout considerations, Disposing of Hardcopy Output
Hidden attribute, Displaying ACLs
High-water marking, Protecting Information When Disk Space Is Reassigned, Setting a High-water Mark, Prevention Through High-Water Marking
C2 systems and, Reusing Objects
performance and, Prevention Through High-Water Marking
History, History Lists
Holder Hidden attribute, Holder Hidden Attribute
Holders of a rights identifier
associating with identifier, Assigning Identifiers to Users
displaying records, Displaying the Database
granting access to, Granting Access to Particular Users
removing from rights database, Removing Holder Records
HSC console terminals
C2 system requirements, Physical Security
C2 system restrictions, Keeping Individuals Accountable
HSM (Hierarchical Shelving Manager)
not in C2 evaluation, Software Not Included in the C2-Evaluated System
HSM (Hierarchical Shelving Manager), not in C2 evaluation, Software Not Included in the C2-Evaluated System

I

I/O channels, access requirements, Access Requirements for I/O Operations
I/O operations, access requirements for devices, Access Requirements for I/O Operations
Identifier ACEs, Using Identifier Access Control Entries (ACEs), Adding ACEs to an Existing ACL, Building the Subsystem
ACE order, Ordering ACEs Within a List
adding to an ACL, Adding ACEs to an Existing ACL
conditionalizing access, Limiting Access to an Environment
creating, Using Identifier Access Control Entries (ACEs)
Default attribute, Establishing an Inheritance Scheme for Files
denying access, Preventing Users from Accessing an Object
format, Using Identifier Access Control Entries (ACEs)
interpreting, Using Identifier Access Control Entries (ACEs)
protected subsystems and, Building the Subsystem
using general identifiers, Granting Access to Particular Users
Identifier attributes, Customizing Identifiers, Subsystem Attribute
description of, Customizing Identifiers
Dynamic, Dynamic Attribute
Holder Hidden, Holder Hidden Attribute
Name Hidden, Name Hidden Attribute
No Access, No Access Attribute
Resource, Resource Attribute
Subsystem, Subsystem Attribute
Identifiers
adding to rights database, Adding Identifiers
as directory owners, Setting Up the Resource Identifier
as file owners, Access Requirements, Rules for Assigning a Protection Code and ACL
assigning to users, Assigning Identifiers to Users
auditing use of, Kinds of System Activity the Operating System Can Report
creating, Granting Access to Particular Users
customizing, Conditionalizing Identifiers for Different Users
displaying process, Displaying the Rights Identifiers of Your Process
environmental, Types of Identifiers, Displaying the Rights Identifiers of Your Process, Conditionalizing Identifiers for Different Users
facility, Types of Identifiers
format, Types of Identifiers
general, Major Types of Rights Identifiers, Displaying the Rights Identifiers of Your Process, Granting Access to Particular Users
in ACEs, Using Identifier Access Control Entries (ACEs)
of a process, Protecting Data
protected subsystems and, Giving Users Access
removing, Removing Identifiers
reserved, How Protected Subsystems Work
resource
and directory ownership, Controlling File Access
security audit reports and, How Rights Identifiers Appear in the Audit Trail
types, Types of Identifiers
UIC, Major Types of Rights Identifiers, Displaying the Rights Identifiers of Your Process
uniqueness requirement, Synchronizing Authorization Data
Images
installing
security ramifications, Installing Images with Privilege
Images, installing
security ramifications, Installing Images with Privilege, Advantages of Protected Subsystems
subsystem images, Advantages of Protected Subsystems, Design Considerations
IMPERSONATE privilege, IMPERSONATE Privilege (All) (Formerly DETACH)
IMPORT privilege, IMPORT Privilege (Objects)
INBOUND parameter for node type specification, Establishing a Dynamic Asynchronous Connection
Incoming proxy access, enabling or disabling, Enabling and Disabling Incoming Proxy Access
INITIALIZE command
/ERASE qualifier, Overwriting Disk Blocks
INITIALIZE command, /ERASE qualifier, Overwriting Disk Blocks, Erasing Techniques
Install utility (INSTALL)
alarms, Alarm Messages
auditing changes made through, Kinds of System Activity the Operating System Can Report
security ramifications, Installing Images with Privilege, Advantages of Protected Subsystems
Interactive accounts, Types of System Accounts
Interactive identifiers, Major Types of Rights Identifiers
Interactive logins, Types of Logins and Login Classes
classes, Logging In Interactively: Local, Dialup, and Remote Logins
dialup, Logging In Interactively: Local, Dialup, and Remote Logins, Failing to Enter the Correct Password During a Dialup Login
local, Logging In Interactively: Local, Dialup, and Remote Logins
remote, Logging In Interactively: Local, Dialup, and Remote Logins
system message, Local Login Messages
Interactive mode
processes, Types of Logins and Login Classes
Intrusion databases, Understanding the Intrusion Database
Intrusions
attempts, Failing to Enter the Correct Password During a Dialup Login
detection, Detecting Intruders
clusterwide, Clusterwide Intrusion Detection
counteraction through dual passwords, Secondary Passwords
database, Understanding the Intrusion Database
evasive procedures, Knowing When Break-In Evasion Procedures Are in Effect
reporting events, Additional Events to Audit
setting exclusion period, Setting the Exclusion Period
system parameters for, How Intrusion Detection Works

J

Job controllers
affected by shift restrictions, Using an Account Restricted to Certain Days and Times
enforcing work time restrictions, Restricting Work Times
Job terminations
imposed by shift restrictions, Using an Account Restricted to Certain Days and Times
Job terminations imposed by shift restrictions, Using an Account Restricted to Certain Days and Times
Journal flush, Adjusting the Transfer of Messages to Disk

K

Kerberos, Kerberos

L

Last login messages, Observing Your Last Login Time
disabling, Last Login Messages
LASTport and LASTport/DISK protocols
not in C2 evaluation, Software Not Included in the C2-Evaluated System
LAT protocol, not in C2 evaluation, Software Not Included in the C2-Evaluated System
LGI system parameters, Parameters for Controlling Login Attempts
controlling login attempts, System Parameters Controlling Login Attempts
LGI_BRK_DISUSER, Parameters for Controlling Login Attempts
LGI_BRK_LIM, Parameters for Controlling Login Attempts
LGI_BRK_TERM, Parameters for Controlling Login Attempts
LGI_BRK_TMO, Parameters for Controlling Login Attempts
LGI_CALLOUTS, Starting Up and Operating the System
LGI_HID_TIM, Parameters for Controlling Login Attempts
LGI_RETRY_LIM, Parameters for Controlling Login Attempts
LGI_RETRY_TMO, Parameters for Controlling Login Attempts
LGI_TWD_TMO, Parameters for Controlling Login Attempts
Lifetime of accounts, Renewing an Expired Account
Lifetime of passwords, Changing Your Password, Changing a Secondary Password
Limited-access accounts, Types of System Accounts
LINK command, /NOTRACEBACK qualifier, Installing Images with Privilege
Links
terminating dynamic asynchronous, Establishing a Dynamic Asynchronous Connection
Listener devices, example of programs for, Using a Listener Mailbox
LOAD_PWD_POLICY system parameter, Starting Up and Operating the System
Local identifiers, Major Types of Rights Identifiers
Lock access, Types of Access
LOCKPWD flag, Password Requirements for Different Types of Accounts
LOG_IO privilege, Privilege Requirements, LOG_IO Privilege (All)
Logging
access to protected objects, Auditing Protected Objects
security audit events, Ways to Generate Audit Information, Methods of Capturing Event Messages
terminal sessions, Logging a User's Session
Logging out
breaking dialup connection, Breaking the Connection to a Dialup Line
deciding when it is necessary, Logging Out Without Compromising System Security
from disconnected processes, Removing Disconnected Processes
reasons for, Logging Out Without Compromising System Security
security considerations, Logging Out Without Compromising System Security, Clearing Your Terminal Screen
Logical I/O access, Types of Access
Logical name tables
as protected objects, Classes of Protected Objects
events audited, Kinds of Auditing Performed
privilege requirements, Privilege Requirements
reestablishing security profile, Permanence of the Object
security elements of, Logical Name Tables
template profiles, Template Profile
types of access, Types of Access
Logical names
defining for external authentication, Enabling External Authentication
Login alarms, Alarm Messages
enabling, Kinds of System Activity the Operating System Can Report
Login classes, Types of Logins and Login Classes
batch, When the System Logs In for You: Network and Batch Logins
dialup, Logging In Interactively: Local, Dialup, and Remote Logins
interactive, Logging In Interactively: Local, Dialup, and Remote Logins
local, Logging In Interactively: Local, Dialup, and Remote Logins
network, When the System Logs In for You: Network and Batch Logins
noninteractive, When the System Logs In for You: Network and Batch Logins
remote, Logging In Interactively: Local, Dialup, and Remote Logins
restrictions on, Observing Your Login Class Restrictions
Login command procedures
for restricted accounts, Privileged Accounts, Guidelines for Captive Command Procedures
proper protection for, Potentially Harmful Programs
Login failures
alarms, Alarm Messages
auditing, Kinds of System Activity the Operating System Can Report
break-in evasion and, Knowing When Break-In Evasion Procedures Are in Effect
causes of, Login Failures: When You Are Unable to Log In
dialup logins, Failing to Enter the Correct Password During a Dialup Login
expired accounts, Renewing an Expired Account
login class restrictions and, Observing Your Login Class Restrictions
messages, Local Login Messages, Observing Your Last Login Time
password grabber programs, Guidelines for Protecting Your Password
retries and, Failing to Enter the Correct Password During a Dialup Login
security audit report and, Examining the Report
shift restrictions, Using an Account Restricted to Certain Days and Times
system passwords and, Using a Terminal That Requires a System Password
Login messages, Reading Informational Messages
announcement, Local Login Messages
controlling, Informational Display During Login, New Mail Announcements
disconnected job, Local Login Messages
expired password, Changing Your Password As You Log In, Changing an Expired Password
last successful interactive login, Local Login Messages
last successful noninteractive login, Local Login Messages
new mail, Local Login Messages
number of login failures, Local Login Messages
suppressing, Reading Informational Messages, Observing Your Last Login Time
welcome, Local Login Messages
Login programs, authentication by secure terminal server, Guidelines for Protecting Your Password
Logins
auditing, Kinds of System Activity the Operating System Can Report
batch, When the System Logs In for You: Network and Batch Logins
changing password, Obtaining Your Initial Password
changing password during, Changing Your Password As You Log In
controlling, Types of Passwords
default process protection and, Rules for Assigning a Protection Code and ACL
dialup, Logging In Interactively: Local, Dialup, and Remote Logins
supplying password, Failing to Enter the Correct Password During a Dialup Login
disabled
by break-in evasion, Knowing When Break-In Evasion Procedures Are in Effect
by shift restriction, Using an Account Restricted to Certain Days and Times
expired accounts, Renewing an Expired Account
flags, Enforcing Change of Expired Password
interactive, Types of Logins and Login Classes
classes of, Logging In Interactively: Local, Dialup, and Remote Logins
most recent, Local Login Messages
local, Logging In Interactively: Local, Dialup, and Remote Logins
monitoring last, Observing Your Last Login Time
network, When the System Logs In for You: Network and Batch Logins
noninteractive, Types of Logins and Login Classes
classes of, When the System Logs In for You: Network and Batch Logins
most recent, Local Login Messages
permitted time periods, Using an Account Restricted to Certain Days and Times
remote, Logging In Interactively: Local, Dialup, and Remote Logins
logging out, Clearing Your Terminal Screen
system passwords and, System Passwords
restricting with system passwords, System Passwords
secure terminal server, Guidelines for Protecting Your Password, Using the Secure Server
security implications, Obtaining Your Initial Password
simplifying for user with ALF (automatic login facility), Automatic Login Accounts
system parameters controlling, System Parameters Controlling Login Attempts
time out, Entering a Secondary Password
with external authentication, Logging In Using External Authentication
Logout alarms, Alarm Messages
Logout auditing, Kinds of System Activity the Operating System Can Report
LOGOUT command, Clearing Your Terminal Screen
/HANGUP qualifier, Breaking the Connection to a Dialup Line

M

Mail files, recommended protection for, Suggestions for Optimizing File Security
MAIL objects, recommended access, Summary of Network Objects
Mail utility (MAIL)
controlling notification messages, New Mail Announcements
transferring text files, Sharing Files in a Network
MAIL.EXE
reinstalling with privileges, Protecting System Files
Mailboxes
default protection, Protecting Objects
default security elements, Template Profile
for audit event messages, Methods of Capturing Event Messages
modifying security profiles, Setting Up Profiles for New Devices
privilege requirements, Privilege Requirements
Maintenance tasks for secure systems, Ongoing Tasks to Maintain a Secure System
Manage access, Types of Access
Mandatory access controls, BYPASS Privilege (All), IMPORT Privilege (Objects), UPGRADE Privilege (All)
MAXSYSGROUP system parameter, Format of a Protection Code, Starting Up and Operating the System
Media initialization
access requirements, Volumes
restricting with ACLs, Protecting System Files
Member numbers in UICs, Format of a UIC
Member UIC names, Format of a UIC
Memory consumption by ACLs, Designing ACLs
Messages
announcement, Local Login Messages
security disadvantages, Announcement Message
auditing, Reporting Security-Relevant Events
auditing security-relevant events, Auditing File Access
disabling last login, Last Login Messages
last successful interactive login, Local Login Messages
login, Reading Informational Messages
login failures, Observing Your Last Login Time
suppressing, Reading Informational Messages, Informational Display During Login
suppressing last login, Observing Your Last Login Time
welcome, Local Login Messages
MFD (master file directory), Rules for Assigning a Protection Code and ACL
Microsoft ACME agent, ACME Subsystem Overview
MIRROR objects, Summary of Network Objects
MME (Media Management Extension)
not in C2 evaluation, Software Not Included in the C2-Evaluated System
MME (Media Management Extension), not in C2 evaluation, Software Not Included in the C2-Evaluated System
Modems, Establishing a Dynamic Asynchronous Connection
C2 system requirements, Physical Security
MODIFY user/FLAG=AUDIT command in Authorize utility, Modifying a User Authorization Record, Considering the Performance Impact
MODIFY/SYSTEM_PASSWORD command in Authorize utility, System Passwords
MOM (maintenance operations module) objects, Summary of Network Objects
MOUNT command, alarms, Alarm Messages
MOUNT privilege, MOUNT Privilege (Normal)
Mounting volumes
access requirements, Volumes
security audits and, Additional Events to Audit
with protected subsystems, Enabling Protected Subsystems on a Trusted Volume

N

Name Hidden attribute, Name Hidden Attribute
Naming conventions
capability objects, Naming Rules
common event flag clusters, Naming Rules
devices, Naming Rules
files, Naming Rules
global sections, Naming Rules
logical name tables, Naming Rules
queues, Naming Rules
resource domains, Naming Rules
security class, Naming Rules
Naming rules
capability objects, Naming Rules
common event flag clusters, Naming Rules
devices, Naming Rules
files, Naming Rules
global sections, Naming Rules
logical name tables, Naming Rules
queues, Naming Rules
resource domains, Naming Rules
security class, Naming Rules
NCP (Network Control Program)
auditing database modifications, Kinds of System Activity the Operating System Can Report
NET PASSWORD command, Setting a New Password
NET$PROXY.DAT files, Setting Up a Proxy Database
auditing, Auditing Categories of Activity
NETMBX privilege, NETMBX Privilege (Normal)
NETPROXY.DAT files, Setting Up a Proxy Database
auditing, Auditing Categories of Activity
normal protection, Password Protection Checklist
Network access control strings, Guidelines for Protecting Your Password, Protecting Information in Access Control Strings, Secondary Passwords, Using Explicit Access Control
Network accounts
DECNET account, removing, Removing Default DECnet Access to the System
network objects, Configuring Network Objects Manually
Network databases, Establishing a Dynamic Asynchronous Connection
Network identifiers, Major Types of Rights Identifiers
Network logins, Types of Logins and Login Classes, When the System Logs In for You: Network and Batch Logins
Network security, Network Security Considerations, Managing Network Security, Establishing a Dynamic Asynchronous Connection
C2 systems and, Keeping Individuals Accountable
events audited, Auditing in the Network
limitations, Security in a Network Environment
network object configuration, Configuring Network Objects Manually
requirements for, Requirements for Achieving Security
Networks
access control, Hierarchy of Access Controls
INBOUND parameter, Establishing a Dynamic Asynchronous Connection
proxy login for applications, Using Proxy Logins
NISCS_CONV_BOOT system parameter, Starting Up and Operating the System
NML (network management listener) objects, Summary of Network Objects
No Access attribute, No Access Attribute
Nodes, types of, Establishing a Dynamic Asynchronous Connection
Non-file-oriented devices, access requirements, Access Requirements for I/O Operations
None attribute (ACEs), Preventing Users from Accessing an Object, Limiting Access to a Device
Noninteractive logins, Types of Logins and Login Classes, When the System Logs In for You: Network and Batch Logins
batch, When the System Logs In for You: Network and Batch Logins
classes, When the System Logs In for You: Network and Batch Logins
network, When the System Logs In for You: Network and Batch Logins
Nopropagate attribute, Copying an ACL, Restoring a File's Default Security Profile, Rules for Assigning a Protection Code and ACL
Numeric UICs, Format of a UIC

O

Object classes
descriptions of, Descriptions of Object Classes
security attributes of, Specifying an Object's Class
Object ownership
assigning during file creation, Controlling File Access
by resource identifiers, Access Requirements
changing, Owner, Modifying a Security Profile
exceptions to the rules, Owner
files, Rules for Assigning Ownership
managing defaults, Setting Default Protection and Ownership, Controlling File Access
managing directory defaults, Setting Up the ACL
qualifying for, Owner
reassigning, Owner
restoring file defaults, Restoring a File's Default Security Profile
security element of an object, Contents of an Object's Profile
zero UICs in protection checks, How the System Determines If a User Can Access a Protected Object
Object permanence
capability object, Permanence of the Object
common event flag cluster, Permanence of the Object
devices, Permanence of the Object
global sections, Permanence of the Object
logical name tables, Permanence of the Object
queues, Permanence of the Object
resource domains, Permanence of the Object
security class object, Permanence of the Object
volumes, Permanence of the Object
Objects, Protecting Data
access arranged by, Authorization Database Represented as an Access Matrix
access to, comparing security profiles, Contents of a User's Security Profile
ACLs and, Access Control List (ACL)
adding ACEs for security auditing, Adding Security-Auditing ACEs
alarms for creation, Alarm Messages
alarms for deaccess, Alarm Messages
alarms for deletion, Alarm Messages
auditing access, Auditing Protected Objects, Enabling Auditing for a Class of Objects, Kinds of System Activity the Operating System Can Report
C2 systems and, Protecting Objects
capability class, Capabilities
changing security profile, Modifying a Security Profile
characteristics of protected objects, Definition of a Protected Object
class descriptions, Descriptions of Object Classes
class specification, Specifying an Object's Class
class-specific access overrides, Object-Specific Access Considerations
classes of, Specifying an Object's Class
classes protected by operating system, Specifying an Object's Class, Descriptions of Object Classes
controlling access with Identifier ACEs, Using Identifier Access Control Entries (ACEs), Limiting Access to a Device
displaying default protection and ownership, Setting Defaults for Objects Other Than Files
displaying security profiles, Displaying a Security Profile
global sections, Global Sections
granting access through protection codes, Controlling Access with Protection Codes
in security models, Reference Monitor Concept
kinds of events audited, Kinds of Events the System Audits
logical name tables, Logical Name Tables
managing default protection and ownership, Setting Default Protection and Ownership
modifying class templates, Modifying Class Templates
protection codes, Protection Code, Controlling Access with Protection Codes
queues, Queues
reassigning ownership, Owner
resource domains, Resource Domains
role in security models, Objects
rules for determining access, How the System Determines If a User Can Access a Protected Object
security class, Security Classes
security elements source, Contents of an Object's Profile
security management overview, Descriptions of Object Classes
security profiles, Security Profile of Objects, Access Required to Modify a Profile
volumes, Volumes
OPCOM (operator communication manager), security auditing and, Disabling and Reenabling Startup of the Audit Server
Open accounts, Password Requirements for Different Types of Accounts
C2 systems and, Keeping Individuals Accountable
captive accounts and, Qualifiers Required to Define Captive Accounts
captive recommendation, Password Protection Checklist
Open files and ACL consumption of memory, Designing ACLs
OpenSSL, Secure Sockets Layer (SSL)
OpenVMS Cluster environments
building single security domain, Building a Common Environment
C2 system restrictions, Configuring Clusters
managing audit log file, Managing the Audit Log File
protected object databases, Storing Profiles and Auditing Information
security considerations, Securing a Cluster
security implementation, Using the System Management Utility
synchronizing authorization data, Synchronizing Authorization Data
system file recommendations, Recommended Common System Files
system file requirements, Required Common System Files
OpenVMS Cluster environments, protected objects, Protecting Objects
OpenVMS Management Station
not in C2 evaluation, Software Not Included in the C2-Evaluated System
OpenVMS Management Station, not in C2 evaluation, Software Not Included in the C2-Evaluated System
OPER privilege, OPER Privilege (System)
overriding access controls, How the System Determines If a User Can Access a Protected Object
queue access, Object-Specific Access Considerations
queue management, Privilege Requirements
Owner
category of user access, Format of a Protection Code

P

Paper shredders, Disposing of Hardcopy Output
Password generators
obtaining initial password, Primary Passwords
when to require, Generated Passwords
Password grabber programs, Guidelines for Protecting Your Password, Using the Secure Server
catching with auditing ACEs, Attaching a Security-Auditing ACE
Password history, History Lists
Password protection, Guidelines for Protecting Your Password, Password Protection Checklist
Password synchronization, Password Synchronization
Passwords
acceptable, Observing System Restrictions on Passwords
automatically generated, Selecting Your Own Password, Using Generated Passwords
avoiding detection, Using Generated Passwords, Unsuccessful Intrusion Attempts, Identifying the Perpetrator
chances to supply during dialups, Failing to Enter the Correct Password During a Dialup Login
changing, Changing Your Password, Selecting Your Own Password
at login, Changing Your Password As You Log In
expired, Changing an Expired Password
frequency guidelines, Guidelines for Protecting Your Password
secondary, Changing a Secondary Password
using /NEW_PASSWORD qualifier, Changing Your Password As You Log In
cluster membership management, Managing Cluster Membership
console
C2 system requirements, Physical Security
console passwords, Console Passwords
dialup retries, Failing to Enter the Correct Password During a Dialup Login
dual, Types of Passwords, Types of Passwords
eliminating for networks, Special Security Measures with Proxy Access
encoding, Subjects
encryption algorithms, Site Password Algorithms
expiration, Password and Account Expiration Times, Changing an Expired Password
expiration time, Expiring Passwords
failure to change, Changing an Expired Password
first, Obtaining Your Initial Password
forced change, Changing an Expired Password, Enforcing Change of Expired Password
format, Choosing a Password for Your Account
generated, Using Generated Passwords, Primary Passwords
guessing, Obtaining Your Initial Password
history list, Observing System Restrictions on Passwords
how to preexpire, Primary Passwords
incorrect, Local Login Messages
initial, Obtaining Your Initial Password, Primary Passwords
length, Choosing a Password for Your Account, Obtaining Your Initial Password, Requiring a Minimum Password Length
lifetime of, Changing Your Password, Changing a Secondary Password
locked, Password Requirements for Different Types of Accounts, Qualifiers Required to Define Captive Accounts, Generated Passwords
minimum length, Observing System Restrictions on Passwords, Changing Your Password, Requiring a Minimum Password Length
multiple systems and, Guidelines for Protecting Your Password
new, Changing Your Password As You Log In
null as choice for captive account, Qualifiers Required to Define Captive Accounts
open accounts and, Password Requirements for Different Types of Accounts
password grabber programs, Guidelines for Protecting Your Password
primary, Types of Passwords, Entering a Secondary Password, Primary Passwords
proxy logins, Using Proxy Login Accounts to Protect Passwords
reason for changing, Observing Your Last Login Time, Additional Events to Audit
receive, Establishing a Dynamic Asynchronous Connection
restrictions, Observing System Restrictions on Passwords, Enforcing Minimum Password Standards
reuse, Choosing a Password for Your Account
risky, Choosing a Password for Your Account
routing initialization, Specifying Routing Initialization Passwords
screening
against dictionary, System Dictionary
against history list, History Lists
with site-specific filter, Site-Specific Filters
secondary, Types of Passwords, Secondary Passwords
advantages, Secondary Passwords
changing, Changing a Secondary Password
changing expired, Changing an Expired Password
entering, Entering a Secondary Password
managing, Secondary Passwords
secure, Choosing a Password for Your Account
secure choices for, Choosing a Password for Your Account
secure terminal servers and, Guidelines for Protecting Your Password
sharing, Guidelines for Protecting Your Password, Sharing Files in a Network
system, Types of Passwords, Entering a System Password, System Passwords
causing login failures, Using a Terminal That Requires a System Password
dictionary, Observing System Restrictions on Passwords
disadvantages, System Passwords
guidelines, System Passwords
minimum length requirement, Requiring a Minimum Password Length
modifying, System Passwords
recommended change frequency, Expiring Passwords
setting up, System Passwords
transmit, Establishing a Dynamic Asynchronous Connection
types, Knowing What Type of Password to Use
uniqueness for each account, Guidelines for Protecting Your Password
user, Subjects, Knowing What Type of Password to Use
user guidelines, Choosing a Password for Your Account
verifying change of, Selecting Your Own Password
when account is created, Obtaining Your Initial Password
when to change, Obtaining Your Initial Password
Performance
ACL length and, Designing ACLs
high-water marking and, Prevention Through High-Water Marking
security-auditing impact, Considering the Performance Impact
PFMGBL privilege, Privilege Requirements
PFNMAP privilege, Privilege Requirements, PFNMAP Privilege (All)
PHONE objects, Summary of Network Objects
PHY_IO privilege, Privilege Requirements, PHY_IO Privilege (All)
Physical I/O access, Types of Access
Physical security, Building a Secure System Environment
C2 systems and, Physical Security
encrypting files, Encrypting Files
restricting system access, Controlling Access to System Data and Resources
violation indicators, Reports from Users
when logging out, Logging Out Without Compromising System Security, Clearing Your Terminal Screen
PIPE command, impact on subprocess auditing events, Considering the Performance Impact
PIPE subprocess, analyzing audit messages, Recommended Procedure
Port, terminal, Establishing a Dynamic Asynchronous Connection
Primary passwords, Types of Passwords
Printers
C2 systems and, Reusing Objects
default security elements, Template Profile
Privilege requirements
common event flag clusters, Privilege Requirements
devices, Privilege Requirements
global sections, Privilege Requirements
logical name tables, Privilege Requirements
queues, Privilege Requirements
resource domains, Privilege Requirements
volumes, Privilege Requirements
Privileged accounts, Privileged Accounts, Limiting User Privileges
Privileges
ACNT, ACNT Privilege (Devour)
affecting object access, How the System Determines If a User Can Access a Protected Object
All category, Categories of Privilege, Privileges for Trusted Users
ALLSPOOL, ALLSPOOL Privilege (Devour)
ALTPRI, ALTPRI Privilege (System)
AUDIT, AUDIT Privilege (System)
auditing use of, Additional Events to Audit, Kinds of System Activity the Operating System Can Report
authorized process, Privileges, Giving Users Privileges
BUGCHK, BUGCHK Privilege (Devour)
BYPASS, How the System Determines If a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms, Using Control Access to Modify an Object Profile, BYPASS Privilege (All)
bypassing ACLs, How Privileges Affect Protection Mechanisms
bypassing protection codes, How Privileges Affect Protection Mechanisms
captive accounts and, Privileged Accounts
categories of, Giving Users Privileges, Categories of Privilege
CMEXEC, CMEXEC Privilege (All)
CMKRNL, CMKRNL Privilege (All)
default process, Privileges, Giving Users Privileges
definition, Privileges
DETACH, IMPERSONATE Privilege (All) (Formerly DETACH)
Devour category, Categories of Privilege, Privileges for Untrusted Users
DIAGNOSE, DIAGNOSE Privilege (Objects)
disabling, Privileges
DOWNGRADE, DOWNGRADE Privilege (All)
enabling through SETPRV, Privileges
EXQUOTA, EXQUOTA Privilege (Devour)
file sharing and, Sharing Files in a Network
GROUP, GROUP Privilege (Group), GRPPRV Privilege (Group)
Group category, Categories of Privilege, Privileges for Trusted Users
GRPNAM, GRPNAM Privilege (Devour), Privileges for Untrusted Users
GRPPRV, How the System Determines If a User Can Access a Protected Object, Format of a Protection Code, How Privileges Affect Protection Mechanisms, Using Control Access to Modify an Object Profile, Privileges for Trusted Users
IMPERSONATE, IMPERSONATE Privilege (All) (Formerly DETACH)
IMPORT, IMPORT Privilege (Objects)
influence on object access, How the System Determines If a User Can Access a Protected Object
LOG_IO, LOG_IO Privilege (All)
MOUNT, MOUNT Privilege (Normal)
NETMBX, NETMBX Privilege (Normal)
network requirements, Managing Network Security
Normal category, Categories of Privilege, Privileges for Untrusted Users
Objects category, Categories of Privilege, Privileges for Trusted Users
OPER, Object-Specific Access Considerations, OPER Privilege (System)
PFNMAP, PFNMAP Privilege (All)
PHY_IO, PHY_IO Privilege (All)
PRMCEB, PRMCEB Privilege (Devour)
PRMGBL, PRMGBL Privilege (Devour)
PRMMBX, PRMMBX Privilege (Devour)
process, Assigning Privileges
PSWAPM, PSWAPM Privilege (System)
READALL, How the System Determines If a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms, READALL Privilege (Objects)
recommendations for different users, Suggested Privilege Allocations
related to group UIC, Designing User Groups
reporting use with $CHECK_PRIVILEGE, Sources of Event Information
requirements
common event flag clusters, Privilege Requirements
devices, Privilege Requirements
global sections, Privilege Requirements
logical name tables, Privilege Requirements
queues, Privilege Requirements
resource domains, Privilege Requirements
volumes, Privilege Requirements
SECURITY, SECURITY Privilege (System)
security administrator requirements, Account Requirements for a Security Administrator
SET PROCESS/PRIVILEGES, Privileges
SETPRV, SETPRV Privilege (All)
SHARE, SHARE Privilege (All)
SHMEM, SHMEM Privilege (Devour)
storage in UAF record, Giving Users Privileges
summary of, Categories of Privilege, Assigning Privileges
SYSGBL, SYSGBL Privilege (Files)
SYSLCK, SYSLCK Privilege (System)
SYSNAM, SYSNAM Privilege (All)
SYSPRV, How the System Determines If a User Can Access a Protected Object
controlling access through, Using Control Access to Modify an Object Profile
effect on protection mechanisms, How Privileges Affect Protection Mechanisms
giving rights of system user, Format of a Protection Code
tasks requiring, SYSPRV Privilege (All)
System category, Categories of Privilege
TMPMBX, TMPMBX Privilege (Normal)
trusted users and, Privileges for Trusted Users
UAF records and, Privileges
untrusted users and, Privileges for Untrusted Users
UPGRADE, UPGRADE Privilege (All)
VOLPRO, VOLPRO Privilege (Objects)
WORLD, WORLD Privilege (System)
PRMCEB privilege, Privilege Requirements, PRMCEB Privilege (Devour)
PRMGBL privilege, PRMGBL Privilege (Devour)
PRMMBX privilege, Privilege Requirements, PRMMBX Privilege (Devour)
Probers, catching, Monitoring the System, Security Auditing
Probing, as security problem, Types of Computer Security Problems
Process exclusion list, Preventing Process Suspension
Processes
access rights of, Protecting Data
activities permitted by privileges, Giving Users Privileges
adding to exclusion list, Preventing Process Suspension
audit server, Tasks Performed by the Audit Server
auditing of, Modifying a User Authorization Record, Kinds of System Activity the Operating System Can Report
auditing system services controlling, Kinds of System Activity the Operating System Can Report
connecting restrictions, Local Login Messages
creating with different UICs, How Your Process Acquires a UIC
default protection for, Rules for Assigning a Protection Code and ACL
disconnected, Local Login Messages, Removing Disconnected Processes
displaying default protection, Rules for Assigning a Protection Code and ACL
displaying process rights identifiers, Displaying the Rights Identifiers of Your Process
enabling privileges, Privileges
interactive mode, Types of Logins and Login Classes
logging out of current, Removing Disconnected Processes
modifying the rights list, Modifying a System or Process Rights List
reconnecting, Local Login Messages
security profiles of, Contents of a User's Security Profile
suspending, Preventing Process Suspension
UIC identifiers, How Your Process Acquires a UIC
Project accounts, Setting Up the Resource Identifier
as protected subsystems, Applications for Protected Subsystems
setting up, Setting Up the Directory of a Resource Identifier
Prompts, passwords and, Entering a System Password
Propagating protection, example, Admitting Remote Users to Multiple Accounts
Protected attribute, Copying an ACL, Restoring a File's Default Security Profile
deleting ACEs with, Deleting an ACL
Protected object databases, Storing Profiles and Auditing Information
Protected subsystems
advantages of, Using Protected Subsystems, Advantages of Protected Subsystems
applications for, Applications for Protected Subsystems
constructing, Building the Subsystem
description of, How Protected Subsystems Work, Giving Users Access
design requirements, Design Considerations
enabling, Enabling Protected Subsystems on a Trusted Volume
example, Example of a Protected Subsystem
file protection, Protecting Subsystem Directories, Protecting the Images and Data Files
mounting volumes with, Enabling Protected Subsystems on a Trusted Volume
printer protection, Protecting the Printer
subsystem ACEs, Building the Subsystem
system management requirements, System Management Requirements
user access, Giving Users Access
Protection
ACL-based, Setting Defaults for a Directory Owned by a Resource Identifier
capability, Template Profile
command procedures and, Potentially Harmful Programs
common event flag clusters, Template Profile
deleted data, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blocks, Setting a High-water Mark
devices, Template Profile
global sections, Template Profile
logical name tables, Template Profile
managing defaults, Setting Default Protection and Ownership, Controlling File Access
objects, Security Profile of Objects
queues, Template Profile
resource domains, Template Profile
security class, Template Profile
through protected subsystems, Using Protected Subsystems
UIC-based codes, Protection Code
volumes, Template Profile
Protection checking, How the System Determines If a User Can Access a Protected Object
evaluating an object access request, How the System Determines If a User Can Access a Protected Object
exception with zero UICs, How the System Determines If a User Can Access a Protected Object
influenced by ownership, Controlling File Access
Protection codes, Protection for OpenVMS System Files
access specification, Types of Access in a Protection Code
access types, Format of a Protection Code
assigning during file creation, Controlling File Access
bypassing with special rights, Understanding Privileges and Control Access
changing, Changing a Protection Code
default file protection, Providing a Default Protection Code for a Directory Structure, Adjusting Protection Defaults
definition, Authorization Database, Protection Code
denying all access, Enhancing Protection for Sensitive Objects
effect of privileges, How the System Determines If a User Can Access a Protected Object
evaluation sequence, Protection Code
format, Controlling Access with Protection Codes
granting control access, Types of Access in a Protection Code
Identifier ACEs and, Preventing Users from Accessing an Object
interaction with ACLs, Enhancing Protection for Sensitive Objects
interpreting, Protection Code
multiple user categories and, Processing a Protection Code
null access specification, Format of a Protection Code
priority in access evaluation, How the System Determines If a User Can Access a Protected Object
processing, Processing a Protection Code
queue access rights, Types of Access
reading, Processing a Protection Code
restoring file default, Restoring a File's Default Security Profile
security element of an object, Contents of an Object's Profile
sequence of checking categories, Processing a Protection Code
user categories, Protection Code
Protocols
autodial/master, Establishing a Dynamic Asynchronous Connection
Protocols, autodial/nomaster, Establishing a Dynamic Asynchronous Connection
Proxies
access control
removing, Removing Proxy Access
Proxy access, Using Proxy Logins
access control, Hierarchy of Access Controls
removing, Removing Proxy Access
setting up a proxy database for, Setting Up a Proxy Database
to applications, Enabling and Disabling Incoming Proxy Access
to nodes, Enabling and Disabling Incoming Proxy Access
Proxy accounts, Using Proxy Login Accounts to Protect Passwords, Using Proxy Logins, Using DECnet Application (Object) Accounts
as captive accounts, Procedure for Creating a Proxy Account
as restricted accounts, Proxy Accounts
C2 systems and, Keeping Individuals Accountable
default, Using Proxy Login Accounts to Protect Passwords
example, Example of a Proxy Account, Admitting Remote Users to Multiple Accounts
general-access, Using Proxy Login Accounts to Protect Passwords
maximum number allowed, Using Proxy Login Accounts to Protect Passwords
multiple-user, Using Proxy Login Accounts to Protect Passwords
naming, Using Proxy Login Accounts to Protect Passwords
recommended restrictions, Procedure for Creating a Proxy Account
selecting from multiple, Using Proxy Login Accounts to Protect Passwords
single-user, Using Proxy Login Accounts to Protect Passwords
Proxy database, Setting Up a Proxy Database
setting up, Setting Up a Proxy Database
Proxy logins, When the System Logs In for You: Network and Batch Logins, Using Proxy Login Accounts to Protect Passwords, Using Proxy Logins
access control, Using Proxy Logins
account, Using Proxy Logins
establishing and managing, Proxy Access Control, Special Security Measures with Proxy Access
NET$PROXY.DAT, Setting Up a Proxy Database
NETPROXY.DAT, Setting Up a Proxy Database
network applications, Using Proxy Logins
security benefits, Using Proxy Login Accounts to Protect Passwords
PSWAPM privilege, PSWAPM Privilege (System)
PURGE command, /ERASE qualifier, Overwriting Disk Blocks

Q

Queues
access granted by OPER privilege, Object-Specific Access Considerations
ACL access rights, Types of Access
as protected objects, Classes of Protected Objects
events audited, Kinds of Auditing Performed
privilege requirements, Privilege Requirements
profile storage, Permanence of the Object
protection code access rights, Types of Access
security elements of, Queues
template profiles, Template Profile
types of access, Types of Access

R

Read access
devices, Types of Access
files, Types of Access
global sections, Types of Access
granting through ACLs, Establishing an Inheritance Scheme for Files
granting through protection codes, Format of a Protection Code
logical name tables, Types of Access
queues
through ACLs, Types of Access
through protection codes, Types of Access
resource domains, Types of Access
security class, Types of Access
volumes, Types of Access
READALL privilege, How the System Determines If a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms, READALL Privilege (Objects)
Recall buffers, Protecting Information in Access Control Strings
RECALL command, /ERASE qualifier, Protecting Information in Access Control Strings
Receive passwords, Establishing a Dynamic Asynchronous Connection
Reconnection to processes, Limiting Disconnected Processes
Records displaying holder of a rights identifier, Displaying the Database
Reference monitors, Structure of a Secure Operating System
applying to networks, Requirements for Achieving Security
concept in security, Structure of a Secure Operating System, Reference Monitor
implementation, Implementation of the Reference Monitor
requirements on, How the Reference Monitor Enforces Security Rules
Remote diagnostics, C2 system requirements, Physical Security
Remote identifiers, Major Types of Rights Identifiers
Remote logins, Logging In Interactively: Local, Dialup, and Remote Logins
logging out, Clearing Your Terminal Screen
system passwords and, System Passwords
REMOVE/IDENTIFIER command in Authorize utility, Removing Identifiers
Removing proxy access, Removing Proxy Access
RENAME command
/INHERIT_SECURITY qualifier, Using the COPY and RENAME Commands
RENAME command, /INHERIT_SECURITY qualifier, Using the COPY and RENAME Commands
Reserved UIC group numbers, Format of a UIC
Resource attribute, Resource Attribute, Setting Up the Resource Identifier
Resource attributes, Resource Attribute, Setting Up the Resource Identifier
Resource domains, Classes of Protected Objects
events audited, Kinds of Auditing Performed
privilege requirements, Privilege Requirements
profile storage, Permanence of the Object
security elements of, Resource Domains
template profile, Template Profile
types of access, Types of Access
Resource identifiers, Setting Up the Resource Identifier
as file owners, Rules for Assigning a Protection Code and ACL
Resource monitoring, Error Handling in the Auditing Facility
disabling, Disabling Disk Monitoring
Restricted accounts, Password Requirements for Different Types of Accounts, Restricted Accounts
danger of process spawning, Qualifiers Required to Define Captive Accounts
setting up, Types of System Accounts
when to use, Types of System Accounts
Rights database
adding identifiers, Adding Identifiers
assigning identifiers to users, Assigning Identifiers to Users
creating and maintaining, Populating the Rights Database
displaying, Displaying the Database
removing identifiers and holders, Removing Identifiers
Rights databases
adding identifiers, Adding Identifiers
assigning identifiers to users, Assigning Identifiers to Users
creating and maintaining, Populating the Rights Database
displaying, Displaying the Database
removing identifiers and holders, Removing Identifiers
Rights list, access arranged by capability, Authorization Database Represented as an Access Matrix
Rights lists
access arranged by capability, Authorization Database Represented as an Access Matrix
Rights of users
displaying, Displaying the Database
RIGHTSLIST.DAT files
auditing, Auditing Categories of Activity
creating and maintaining, Displaying the Database
how UICs are stored, Guidelines for Creating a UIC
RMS_FILEPROT system parameter, Rules for Assigning a Protection Code and ACL, Controlling File Access, Adjusting Protection Defaults, Starting Up and Operating the System
Routing initialization passwords, Specifying Routing Initialization Passwords

S

Save set (BACKUP), protection of, Protecting a Backup Save Set
Screen clearing, Clearing Your Terminal Screen, Reusing Objects
Secondary passwords, Types of Passwords
advantages, Secondary Passwords
changing, Changing a Secondary Password
changing expired, Changing an Expired Password
disadvantages, Types of Passwords
entering, Entering a Secondary Password
login expiration, Entering a Secondary Password
managing, Secondary Passwords
minimum length, Entering a Secondary Password
SECSRV$CLIENT, reserved identifier, How Protected Subsystems Work
SECSRV$COMMUNICATION, reserved identifier, How Protected Subsystems Work
SECSRV$OBJECT, reserved identifier, How Protected Subsystems Work
Secure Sockets Layer (SSL), Secure Sockets Layer (SSL)
Secure terminal servers, Guidelines for Protecting Your Password, Using the Secure Server
password protection and, Guidelines for Protecting Your Password
Security
assessing auditing requirements, Assessing Your Auditing Requirements
clusterwide intrusion detection, Clusterwide Intrusion Detection
data protection mechanisms, Security Profile of Objects
definition of levels, Levels of Security Requirements
environmental factors, Building a Secure System Environment
erasing data on disk, Protecting Information When Disk Space Is Reassigned
high-water marking, Protecting Information When Disk Space Is Reassigned
managing auditing, Managing the Auditing Subsystem
managing default protection and ownership, Setting Default Protection and Ownership
objects protected by system, Specifying an Object's Class
operating system model, Structure of a Secure Operating System
optimizing file security, Suggestions for Optimizing File Security
performance impact
auditing, Considering the Performance Impact
Trojan horse programs, Suggestions for Optimizing File Security
Security administrators
C2 requirements, Checklist for Generating a C2 System
checklist for maintaining a secure system, Ongoing Tasks to Maintain a Secure System
cluster managers and, Securing a Cluster
goals of, Understanding System Security
personal accounts, Account Requirements for a Security Administrator
privilege requirements, Account Requirements for a Security Administrator
role of, Role of a Security Administrator
system passwords and, Entering a System Password
training users, Checklist for Contributing to System Security, Training the New User
Security alarms, Asking Your Security Administrator to Enable Auditing
audit log file, Managing the Auditing Trail
disabling on system consoles, Enabling a Terminal to Receive Alarms
events to enable as, Auditing Categories of Activity, Selecting a Destination for the Event Message
events triggering, Additional Events to Audit
example of enabling events, Assessing Your Auditing Requirements
sample messages, Overview of the Auditing Process, Alarm Messages
Security archive files
losing the remote link to, Losing the Link to a Remote Log File
Security archive files, losing the remote link to, Losing the Link to a Remote Log File
Security attacks, forms of, Types of Computer Security Problems, Forms of System Attacks
Security audit event messages
changing disk transfer rate, Adjusting the Transfer of Messages to Disk
controlling delivery to server, Choosing the Number of Outstanding Messages That Trigger Process Suspension
delaying delivery at startup, Changing the Point in Startup When the Operating System Initiates Auditing
when to ignore, Recommended Procedure
Security audit log files, Audit Trail, Auditing File Access
advantages of, Selecting a Destination for the Event Message
allocating disk space, Allocating Disk Space for the Audit Log File
C2 systems and, Managing the Auditing Trail
changing location, Moving the File from the System Disk
changing message transfer rate, Adjusting the Transfer of Messages to Disk
characteristics, Using an Audit Log File
creating, Maintaining the File
description, Using an Audit Log File
events to report, Selecting a Destination for the Event Message
interactive analysis, Using the Audit Analysis Utility Interactively
maintaining, Maintaining the File
pre-extending, Disabling Disk Monitoring
procedures, Using an Audit Log File
selecting records from, Providing Report Specifications
Security audit reports, Analyzing a Log File, Examining the Report
analyzing suspicious activity, Recommended Procedure
brief format, Brief Audit Report
creating, Recommended Procedure
defining contents of, Providing Report Specifications
destination, Qualifiers for the Audit Analysis Utility
detailed inspection, Examining the Report
examples, Providing Report Specifications, Examining the Report
formats, Qualifiers for the Audit Analysis Utility
full format, One Record from a Full Audit Report
rights identifiers in, How Rights Identifiers Appear in the Audit Trail
routine inspections, Recommended Procedure
scheduling, Recommended Procedure
summary format, Summary of Events in an Audit Log File
Security auditing, Auditing Access to Your Account and Files, Security Auditing
account and file access, Auditing Access to Your Account and Files
adding ACEs to files, Adding Access Control Entries to Sensitive Files
analyzing audit log files, Analyzing a Log File
archive files, Using a Remote Log File
assessing site requirements, Assessing Your Auditing Requirements
audit listener mailboxes, Using a Listener Mailbox
audit server databases, Tasks Performed by the Audit Server
audit trails, Audit Trail, Managing the Auditing Trail
C2 system restrictions, Managing the Auditing Trail
capability objects, Kinds of Auditing Performed
cluster considerations, Managing the Audit Log File
common event flag clusters, Kinds of Auditing Performed
controlling event messages, Choosing the Number of Outstanding Messages That Trigger Process Suspension
default auditing events, Audit Trail
default characteristics, Tasks Performed by the Audit Server
devices, Kinds of Auditing Performed
directories, Kinds of Auditing Performed
disabling auditing, Disabling and Reenabling Startup of the Audit Server
disabling events, Auditing Categories of Activity
disabling resource monitoring, Disabling Disk Monitoring
effective use, Recommended Procedure
enabling auditing, Disabling and Reenabling Startup of the Audit Server
enabling event classes, Auditing Categories of Activity
enabling events, Ways to Generate Audit Information
error handling, Allocating Disk Space for the Audit Log File, Error Handling in the Auditing Facility
excluding processes from suspension, Preventing Process Suspension
files, Adding Access Control Entries to Sensitive Files, Kinds of Auditing Performed
global sections, Kinds of Auditing Performed
granularity of events, Enabling Auditing for a Class of Objects
high security needs, Levels of Security Requirements, Assessing Your Auditing Requirements
logical name tables, Kinds of Auditing Performed
low security needs, Levels of Security Requirements, Assessing Your Auditing Requirements
managing the audit server, Managing the Auditing Subsystem
memory limitations and, Reacting to Insufficient Memory
messages, Auditing File Access
moderate security needs, Levels of Security Requirements, Assessing Your Auditing Requirements, Auditing Events for a Site with Moderate Security Requirements
object class enabled, Enabling Auditing for a Class of Objects
overview, Overview of the Auditing Process
performance impact, Considering the Performance Impact
queues, Kinds of Auditing Performed
reporting object access, Auditing Protected Objects
reporting object use, How Rights Identifiers Appear in the Audit Trail
resource domains, Kinds of Auditing Performed
security class objects, Kinds of Auditing Performed
sending event messages to archive files, Using a Remote Log File
sending event messages to mailboxes, Using a Listener Mailbox
sending event messages to operator terminals, Enabling a Terminal to Receive Alarms
synchronizing cluster time, Maintaining the Accuracy of Message Time-Stamping
volumes, Kinds of Auditing Performed
Security breaches, handling, Understanding System Security, Handling a Security Breach
Security checklists
for C2 systems, Checklist for Generating a C2 System
for designing a secure system, Summary: System Security Design
for maintaining a secure system, Ongoing Tasks to Maintain a Secure System
for training users, Training the New User
for users, Checklist for Contributing to System Security
Security class object, Security Classes, Permanence of the Object
definition, Classes of Protected Objects
events audited, Kinds of Auditing Performed
profile storage, Permanence of the Object
template profile, Template Profile
types of access, Types of Access
Security features
access controls, Protecting Data, Managing System Access
account duration, Password and Account Expiration Times, Renewing an Expired Account, Restricting Account Duration
auditing, Adding Access Control Entries to Sensitive Files, Security Auditing, Security Auditing
automatic password generation, Selecting Your Own Password, Primary Passwords
dialup retries, Failing to Enter the Correct Password During a Dialup Login
erase-on-allocate, Prevention Through High-Water Marking
erase-on-delete, Erasing Techniques
erasure patterns, Overwriting Disk Blocks
high-water marking, Prevention Through High-Water Marking
intrusion detection, Knowing When Break-In Evasion Procedures Are in Effect, Secondary Passwords
login class restrictions, Observing Your Login Class Restrictions, Restricting Work Times
password changes, Changing Your Password
password expiration, Password and Account Expiration Times, Expiring Passwords
password protection, Guidelines for Protecting Your Password, Password Protection Checklist
password requirements, Password Requirements for Different Types of Accounts, Requiring a Minimum Password Length
password restrictions, Observing System Restrictions on Passwords, Using Passwords to Control System Access
passwords, Using Passwords to Control System Access, Password Protection Checklist
protected subsystems, Using Protected Subsystems
proxy accounts, Using DECnet Application (Object) Accounts
proxy logins, Using Proxy Login Accounts to Protect Passwords, Proxy Access Control
secondary passwords, Entering a Secondary Password, Changing a Secondary Password
secure terminal servers, Guidelines for Protecting Your Password, Using the Secure Server
security alarms, Asking Your Security Administrator to Enable Auditing
shift restrictions, Using an Account Restricted to Certain Days and Times
system passwords, Entering a System Password, Using a Terminal That Requires a System Password
Security kernel, definition, How the Reference Monitor Enforces Security Rules
Security levels, Levels of Security Requirements, Building a Secure System Environment
event monitoring and, Assessing Your Auditing Requirements
high, Levels of Security Requirements, Observing Your Last Login Time
low, Levels of Security Requirements, Observing Your Last Login Time
medium, Levels of Security Requirements
Security management, Role of a Security Administrator
for clusters, Building a Common Environment, Required Common System Files, Recommended Common System Files
managing audit log file, Managing the Audit Log File
modifying cluster group number, Managing Cluster Membership
modifying cluster password, Managing Cluster Membership
policy development, Levels of Security Requirements, Role of a Security Administrator, System Security Breaches
protected objects
cluster-visible, Protecting Objects
databases, Storing Profiles and Auditing Information
synchronizing authorization data, Synchronizing Authorization Data
SYSMAN requirements, Using the System Management Utility
Security models, Structure of a Secure Operating System
Security operator terminals, Enabling a Terminal to Receive Alarms
SECURITY privilege, SECURITY Privilege (System)
hidden ACEs and, Displaying ACLs
Security problems
anonymity of network and dialup users, Restricting Modes of Operation
autologin accounts, reducing, Automatic Login Accounts
categories of, Types of Computer Security Problems
disk scavenging, Protecting Information When Disk Space Is Reassigned
hardcopy terminal output, Disposing of Hardcopy Output
logging out, Logging Out Without Compromising System Security, Clearing Your Terminal Screen
network access control strings, Protecting Information in Access Control Strings
password detection, Using Generated Passwords
telephone system as, Identifying the Successful Perpetrator
Security profiles
assigning to new devices, Setting Up Profiles for New Devices
capability object, Template Profile
common event flag clusters, Template Profile
devices, Template Profile
displaying class defaults, Displaying Class Defaults
files, Restoring a File's Default Security Profile, Files, Profile Assignment
global sections, Template Profile
in access evaluations, How the System Determines If a User Can Access a Protected Object
logical name tables, Template Profile
modification requirements, Access Required to Modify a Profile, Using Control Access to Modify an Object Profile
objects, Security Profile of Objects
ACLs, Access Control List (ACL)
changing, Modifying a Security Profile
contents, Contents of an Object's Profile
deleting ACLs, Deleting an ACL
displaying, Displaying a Security Profile
modifying class templates, Modifying Class Templates
origin of, Contents of an Object's Profile
owner element, Owner
protection codes, Protection Code, Controlling Access with Protection Codes
processes, Contents of a User's Security Profile
displaying, Displaying the Rights Identifiers of Your Process
identifiers, Rights Identifiers
privileges, Privileges
UICs, User Identification Code (UIC)
queues, Template Profile
resource domains, Template Profile
security class, Template Profile
users, Contents of a User's Security Profile
displaying, Displaying the Rights Identifiers of Your Process
identifiers, Rights Identifiers
privileges, Privileges
UICs, User Identification Code (UIC), How Your Process Acquires a UIC
volumes, Template Profile
Security restrictions
captive command procedures, Guidelines for Captive Command Procedures
login class, Observing Your Login Class Restrictions
on command usage, Restricting DCL Command Usage
on mode of operation, Restricting Modes of Operation
shifts, Using an Account Restricted to Certain Days and Times, Restricting Work Times
time-of-day, Using an Account Restricted to Certain Days and Times, Restricting Work Times
Security Server process, Security Server Process
Security, clusterwide intrusion detection, Clusterwide Intrusion Detection
Security-auditing ACEs
position in ACL, Displaying ACLs
Security-auditing events, Additional Events to Audit
based on security needs, Assessing Your Auditing Requirements
classes of, Kinds of System Activity the Operating System Can Report
default classes, Overview of the Auditing Process, Auditing Categories of Activity, Assessing Your Auditing Requirements
disabling all classes, Assessing Your Auditing Requirements
displaying, Auditing Categories of Activity
enabling all classes, Assessing Your Auditing Requirements
enabling as alarms, Assessing Your Auditing Requirements
enabling as audits, Assessing Your Auditing Requirements
example, Auditing Categories of Activity
network, Auditing in the Network
reporting, Auditing Categories of Activity, Selecting a Destination for the Event Message, Methods of Capturing Event Messages
sending to audit log files, Using an Audit Log File
sending to listener mailboxes, Using a Listener Mailbox
sending to operator terminals, Enabling a Terminal to Receive Alarms
sending to remote archive files, Using a Remote Log File
suppressing privilege audits, Suppression of Certain Privilege Audits
suppressing process control audits, Suppression of Certain Process Control Audits
system services for, Sources of Event Information
SECURITY.AUDIT$JOURNAL files, Invoking the Audit Analysis Utility
SECURITY_POLICY system parameter, Storing Profiles and Auditing Information, Starting Up and Operating the System
Servers
audit, Tasks Performed by the Audit Server
secure terminals, Guidelines for Protecting Your Password
security, Security Server Process
SET AUDIT command
/EXCLUDE qualifier, Preventing Process Suspension
/INTERVAL qualifier, Adjusting the Transfer of Messages to Disk
/LISTENER qualifier, Using a Listener Mailbox
/SERVER qualifier, Reacting to Insufficient Memory, Adjusting the Transfer of Messages to Disk
/THRESHOLD qualifier, Allocating Disk Space for the Audit Log File
alarms, Alarm Messages
enabling security-relevant events, Auditing Categories of Activity
opening new log files, Maintaining the File
suggested auditing applications, Security Auditing
SET FILE command, /ERASE qualifier, Overwriting Disk Blocks
SET HOST command, Logging In Interactively: Local, Dialup, and Remote Logins
SET HOST/DTE command, using over the network, Establishing a Dynamic Asynchronous Connection
SET PASSWORD command, Changing Your Password, Selecting Your Own Password
/GENERATE qualifier, Using Generated Passwords, Requiring a Minimum Password Length
/SECONDARY qualifier, Changing a Secondary Password
/SYSTEM qualifier, System Passwords
/SYSTEM/GENERATE qualifier, System Passwords
automatic password generation, Using Generated Passwords
SET PROCESS command, /PRIVILEGES qualifier, Privileges, Giving Users Privileges
SET PROTECTION/DEFAULT command, Controlling File Access
SET SECURITY command
/ACL qualifier, Adding ACEs to an Existing ACL
adding Identifier ACEs, Using Identifier Access Control Entries (ACEs)
deleting, Deleting an ACL
deleting ACEs, Deleting ACEs from an ACL
example, Adjusting Protection Defaults
replacing ACEs, Replacing Part of an ACL
/AFTER qualifier, Adding ACEs to an Existing ACL
/CLASS qualifier, Specifying an Object's Class, Limiting Access to a Device
/CLASS=DEVICE qualifier
, Restricting Terminal Use
/COPY_ATTRIBUTE qualifier, Copying an ACL
/DEFAULT qualifier, Restoring a File's Default ACL, Setting Up Accounts for Local and Remote Users
/DELETE qualifier, Deleting ACEs from an ACL
/LIKE qualifier, Copying an ACL
/OWNER qualifier, Modifying a Security Profile
/PROTECTION qualifier, Modifying a Security Profile, Processing a Protection Code
modifying codes, Changing a Protection Code
modifying for devices, Restricting Application Terminals and Miscellaneous Devices
/REPLACE qualifier, Replacing Part of an ACL
changing object security profile, Modifying a Security Profile
changing protection codes, Changing a Protection Code
copying ACLs, Copying an ACL
creating an ACL, Setting Up the ACL
deleting ACEs, Deleting ACEs from an ACL
example, Setting Up Accounts for Local and Remote Users
managing site defaults, Setting Defaults for Objects Other Than Files
restoring defaults for files, Restoring a File's Default Security Profile
setting default file protection, Adjusting Protection Defaults
SET SERVER ACME command, SET and SHOW SERVER ACME Commands
SET TERMINAL command
/DISCONNECT qualifier, Limiting Disconnected Processes
/HANGUP qualifier, Breaking the Connection to a Dialup Line
/NOMODEM/SECURE qualifier, Using the Secure Server
/SECURE qualifier, Using the Secure Server
/SYSPWD qualifier, System Passwords
stopping password grabbers, Using the Secure Server
using over the network, Establishing a Dynamic Asynchronous Connection
SET VOLUME command
/ERASE_ON_DELETE qualifier, Overwriting Disk Blocks, Erasing Techniques
/NOHIGHWATER_MARKING qualifier, Setting a High-water Mark, Prevention Through High-Water Marking
/PROTECTION qualifier, Controlling File Access
SET VOLUME command, /ERASE_ON_DELETE qualifier, Overwriting Disk Blocks
Set-Up key, Clearing Your Terminal Screen
SETPRV privilege, SETPRV Privilege (All)
SHARE privilege, SHARE Privilege (All)
Shareable devices, access requirements, Access Requirements for I/O Operations
Shared files, considerations for a cluster system, Synchronizing Authorization Data
Shift restrictions, Using an Account Restricted to Certain Days and Times
SHMEM privilege, SHMEM Privilege (Devour)
SHOW AUDIT command, Auditing Categories of Activity, Tasks Performed by the Audit Server
SHOW INTRUSION command, Understanding the Intrusion Database
SHOW PROCESS command, Displaying the Rights Identifiers of Your Process
and WORLD privilege, Restricting Command Output
SHOW PROTECTION command, Rules for Assigning a Protection Code and ACL
SHOW SECURITY command, Displaying ACLs
displaying security profiles of objects, Displaying a Security Profile
displaying site defaults, Setting Defaults for Objects Other Than Files, Displaying Class Defaults
displaying the object's class, Specifying an Object's Class
SHOW USERS command, disconnected jobs and, Removing Disconnected Processes
SHOW/IDENTIFIER command in Authorize utility, Displaying the Database
SHOW/RIGHTS command in Authorize utility, Displaying the Database
Sign-on, single, Enabling External Authentication
Single sign-on, Enabling External Authentication
Site security, Building a Secure System Environment
Social engineering as security problem, Types of Computer Security Problems
SOGW user category abbreviation, Format of a Protection Code
Spawning processes, security implications in restricted accounts, Qualifiers Required to Define Captive Accounts
Spooled devices, access requirements, Access Requirements for I/O Operations
SSL, Secure Sockets Layer (SSL)
STARTNET.COM command procedure, Establishing a Dynamic Asynchronous Connection
STARTUP_P1 system parameter, Starting Up and Operating the System
Subjects in security models, Reference Monitor Concept, Subjects
Submit access, Types of Access
Subprocesses
analyzing audit messages, Recommended Procedure
increase in auditing events, Considering the Performance Impact
Subsystem ACEs, System Management Requirements, Building the Subsystem, Enabling Protected Subsystems on a Trusted Volume
format, Building the Subsystem
subsystem ACEs, Customizing Identifiers
Subsystem attribute, Subsystem Attribute
Surveillance guidelines, Ongoing Tasks to Maintain a Secure System
Synchronization, password, Password Synchronization
SYS$ACM system service, ACME Subsystem Overview
SYS$ANNOUNCE logical name, Announcement Message
SYS$NODE logical name, Welcome Message
SYS$PASSWORD_HISTORY_LIFETIME, History Lists
SYS$PASSWORD_HISTORY_LIMIT, History Lists
SYS$SINGLE_SIGNON logical name, Enabling External Authentication
SYS$SINGLE_SIGNON logical name bits, Specifying the SYS$SINGLE_SIGNON Logical Name Bits
SYS$WELCOME logical name, Welcome Message
SYSALF, ALF (automatic login facility) file, Providing Automatic Login
SYSECURITY.COM command procedure, Moving the File from the System Disk
SYSGBL privilege, Privilege Requirements, SYSGBL Privilege (Files)
SYSLCK privilege, Privilege Requirements, SYSLCK Privilege (System)
SYSNAM privilege, Privilege Requirements, SYSNAM Privilege (All)
modifying system operations, Privileges
overriding access controls, How the System Determines If a User Can Access a Protected Object
queue management, Privilege Requirements
SYSPRV privilege, How the System Determines If a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms
giving rights of system user, Format of a Protection Code
tasks requiring, SYSPRV Privilege (All)
SYSTARTUP_VMS.COM command procedure, Establishing a Dynamic Asynchronous Connection
System failures
disposing of hardcopy output, Disposing of Hardcopy Output
System failures, disposing of hardcopy output, Disposing of Hardcopy Output
System files
adding ACLs, Protecting System Files
Alpha default protection, Protecting System Files
auditing recommendations, Security Auditing
benefiting from ACLs, Security Auditing
default protection, Protecting System Files, Protection for OpenVMS System Files
protecting, Protecting System Files
protection codes and ownership, Protection for OpenVMS System Files
recommended, Recommended Common System Files
required, Required Common System Files
System Generation utility (SYSGEN), auditing parameter modifications, Kinds of System Activity the Operating System Can Report
System Management utility (SYSMAN)
managing clusters, Using the System Management Utility
modifying cluster security data, Managing Cluster Membership
modifying LGI parameters, Building a Common Environment
System managers
assessing auditing requirements, Assessing Your Auditing Requirements
System parameters
auditing modification of, Kinds of System Activity the Operating System Can Report
controlling disconnected processes, Limiting Disconnected Processes
defining system users (security category), Using Control Access to Modify an Object Profile
required C2 settings, Starting Up and Operating the System
System passwords, Types of Passwords
causing login failures, Using a Terminal That Requires a System Password
disadvantages, System Passwords
entering, Entering a System Password
guidelines, System Passwords
minimum length requirement, Requiring a Minimum Password Length
modifying, System Passwords
recommended change frequency, Expiring Passwords
setting up, System Passwords
where stored, System Passwords
System services, auditing event information, Sources of Event Information
System users (security category), Protection Code, Using Control Access to Modify an Object Profile
defining with MAXSYSGROUP parameter, Format of a Protection Code
qualifications for, Format of a Protection Code
Systems
controlling access to, Types of Logins and Login Classes
controlling use of, Types of Passwords
SYSUAF.DAT files
account expiration, Renewing an Expired Account
auditing modifications to, Auditing Categories of Activity
LOCKPWD flag, Password Requirements for Different Types of Accounts
login class restrictions, Observing Your Login Class Restrictions
modifications and security audit, Additional Events to Audit, Kinds of System Activity the Operating System Can Report
normal protection, Password Protection Checklist
password storage, Subjects
privileges and, Giving Users Privileges, Assigning Privileges
recording privileges, Privileges
synchronization with rights database, Populating the Rights Database
SYSUAFs (system user authorization files)
marking for external authentication, Enabling External Authentication

T

Tampering with system files, detecting, Security Auditing
Tapes
default security elements, Template Profile
managing security profiles, Setting Up Profiles for New Devices
TASK objects, Summary of Network Objects
TCB (trusted computing base), Trusted Computing Base (TCB) for C2 Systems, Protecting Files
file protection, Protecting Files
hardware, Hardware in the TCB
privileges and, Privileges for Trusted Users
software, Software in the TCB
software not included, Software in the TCB
Template devices, security elements of, Setting Up Profiles for New Devices
Terminal emulator, Establishing a Dynamic Asynchronous Connection
Terminal emulators, Establishing a Dynamic Asynchronous Connection
Terminal lines, Establishing a Dynamic Asynchronous Connection
Terminals
breaking dialup connection, Breaking the Connection to a Dialup Line
C2 system restrictions, Keeping Individuals Accountable, Managing the Auditing Trail
clearing DECwindows screen, Protecting Information in Access Control Strings
clearing the screen, Protecting Information in Access Control Strings, Clearing Your Terminal Screen
controlling access, Types of Passwords, System Passwords
default security elements, Template Profile
dialup login, Logging In Interactively: Local, Dialup, and Remote Logins
failing to respond, Entering a System Password
hardcopy
disposing of output, Disposing of Hardcopy Output
hardcopy, disposing of output, Disposing of Hardcopy Output
limiting access, Restricting Application Terminals and Miscellaneous Devices
lines for modems, security of, Configuring Terminal Lines for Modems
logout considerations, Clearing Your Terminal Screen
modifying security profiles, Setting Up Profiles for New Devices
port, Establishing a Dynamic Asynchronous Connection
requiring a system password, Using a Terminal That Requires a System Password
security alarms and, Enabling a Terminal to Receive Alarms
session logging, Logging a User's Session
system password
requirement for, Entering a System Password
system password, requirement for, Entering a System Password
usage restrictions, Restricting Terminal Use
user, in C2 systems, Reusing Objects
virtual, Local Login Messages, Removing Disconnected Processes, Devices, Limiting Disconnected Processes, Establishing a Dynamic Asynchronous Connection
Time
auditing changes to system time, Kinds of System Activity the Operating System Can Report
synchronizing cluster time, Maintaining the Accuracy of Message Time-Stamping
Time-of-day login restrictions, Using an Account Restricted to Certain Days and Times
Time-stamp, synchronizing in cluster, Maintaining the Accuracy of Message Time-Stamping
Time-stamps
synchronizing in cluster, Maintaining the Accuracy of Message Time-Stamping
TMPMBX privilege, TMPMBX Privilege (Normal)
Training
for users, importance to security, Training the New User
Training of users, importance to security, Training the New User
Trojan horse programs, Suggestions for Optimizing File Security, Potentially Harmful Programs
TTY_DEFCHAR2 system parameter
disabling virtual terminals, Limiting Disconnected Processes
enabling system passwords for remote logins, System Passwords
TTY_TIMEOUT system parameter, setting reconnection time, Limiting Disconnected Processes

U

UAFs (user authorization files), Obtaining Your Initial Password
auditing modifications to, Auditing Categories of Activity
enabling auditing through, Ways to Generate Audit Information, Modifying a User Authorization Record
LOCKPWD flag, Password Requirements for Different Types of Accounts
login class restrictions, Observing Your Login Class Restrictions
modifications and security audit, Additional Events to Audit, Kinds of System Activity the Operating System Can Report
MODIFY user/FLAG=AUDIT, Modifying a User Authorization Record, Considering the Performance Impact
normal protection, Password Protection Checklist
password storage, Subjects
performance impact of enabling auditing, Considering the Performance Impact
privileges and, Giving Users Privileges, Assigning Privileges
record of last login, Observing Your Last Login Time
recording privileges, Privileges
synchronization with rights database, Populating the Rights Database
UIC groups
design limitations, Limitations to UIC Group Design
designing, Designing User Groups
impact on user privileges, Designing User Groups
UIC identifiers
deleting when employee leaves, Removing Identifiers
example, Displaying the Rights Identifiers of Your Process, Ordering ACEs Within a List
UICs (user identification codes), Subjects, User Identification Code (UIC)
adding to rights database, Populating the Rights Database
alphanumeric, Format of a UIC
C2 systems and, Keeping Individuals Accountable
changing an object's, Owner
format, Format of a UIC
group restrictions, Format of a UIC
guidelines for creating, Guidelines for Creating a UIC
numeric, Format of a UIC
object access evaluations and, How the System Determines If a User Can Access a Protected Object
process, How Your Process Acquires a UIC
storage of, Guidelines for Creating a UIC
uniqueness requirement for clustered systems, Synchronizing Authorization Data
zero, How the System Determines If a User Can Access a Protected Object
Unshareable devices, access requirements, Access Requirements for I/O Operations
UPGRADE privilege, UPGRADE Privilege (All)
Use access, Types of Access
User accounts, Training the New User
security considerations, Assigning Appropriate Accounts to Users
User authorization
account expiration, Renewing an Expired Account
login class restrictions, Observing Your Login Class Restrictions
privilege use, Privileges
shift restrictions, Using an Account Restricted to Certain Days and Times
User irresponsibility
as security problem, Types of Computer Security Problems
training as antidote, Training the New User
User name mapping, User Name Mapping and Password Verification
User names
as identifiers, Subjects, Major Types of Rights Identifiers
User names as identifiers, Subjects, Major Types of Rights Identifiers
User penetration as security problem, Types of Computer Security Problems
User probing as security problem, Types of Computer Security Problems
User training, Training the New User
User-written system services
replacing with protected subsystems, Advantages of Protected Subsystems
Users
access through ACEs, Granting Access to Particular Users
C2 systems and, Keeping Individuals Accountable
displaying process rights identifiers, Displaying the Rights Identifiers of Your Process
displaying rights, Displaying the Database
file security and, Suggestions for Optimizing File Security
granting privileges, Giving Users Privileges
introduction to system, Training the New User
protection code categories, Format of a Protection Code
requesting access, How the System Determines If a User Can Access a Protected Object
security categories of, Protection Code, Format of a Protection Code
security profiles of, Contents of a User's Security Profile
setting default object protection, Setting Default Protection and Ownership
training, Training the New User
trusted, Privileges for Trusted Users, Managing the Auditing Trail
untrusted, Privileges for Untrusted Users

V

Verification using two passwords, Secondary Passwords
Virtual terminals, Limiting Disconnected Processes, Establishing a Dynamic Asynchronous Connection
disabling, Local Login Messages
disconnected processes and, Removing Disconnected Processes
LOCAL device, Devices
logging out of, Removing Disconnected Processes
Viruses, Potentially Harmful Programs
VMS ACME agent, ACME Subsystem Overview
VMS$OBJECTS.DAT file, Storing Profiles and Auditing Information
Volatile database, network, Establishing a Dynamic Asynchronous Connection
Volatile databases
network, Establishing a Dynamic Asynchronous Connection
VOLPRO privilege, Privilege Requirements, VOLPRO Privilege (Objects)
Volumes
access requirements, Access Requirements for I/O Operations
as protected objects, Classes of Protected Objects
auditing mounts or dismounts, Kinds of System Activity the Operating System Can Report
erasing data, Erasing Techniques
events audited, Kinds of Auditing Performed
foreign
access requirements, Access Requirements for I/O Operations
privilege requirements, Privilege Requirements
profile storage, Permanence of the Object
protection, Volumes
reusing in C2 systems, Reusing Objects
security elements of, Volumes
template profile, Template Profile
types of access, Types of Access
VT100-series terminals
clearing screen, Clearing Your Terminal Screen
VT100-series terminals, clearing screen, Clearing Your Terminal Screen
VT200-series terminals
clearing screen, Clearing Your Terminal Screen
VT200-series terminals, clearing screen, Clearing Your Terminal Screen

W

Weekday login restrictions, Using an Account Restricted to Certain Days and Times
Welcome messages, Local Login Messages
security disadvantages, Welcome Message
Wildcard characters
in ADD/IDENTIFIER command, Restoring the Rights Database
in SHOW/RIGHTS command, Displaying the Database
Work restrictions, Restricting Work Times
Workstations
clearing screen, Clearing Your Terminal Screen
default security elements, Template Profile
WORLD privilege, WORLD Privilege (System)
impact on SHOW PROCESS command, Restricting Command Output
World users (security category), Protection Code, Format of a Protection Code
Write access
devices, Types of Access
files, Types of Access, Access Requirements
global sections, Types of Access
granting through ACLs, Establishing an Inheritance Scheme for Files
granting through protection codes, Format of a Protection Code
logical name tables, Types of Access
resource domains, Types of Access
security class, Types of Access
volumes, Types of Access