HP OpenVMS Guide to System Security

Part III  Security for the System Administrator

  Table of Contents

  Glossary

  Index

Security for the System Administrator

The chapters in this part discuss the following topics:

This part of the manual also includes information on the following topics:

Table of Contents

6 Managing the System and Its Data
Role of a Security Administrator
Site Security Policies
Tools for Setting Up a Secure System
Account Requirements for a Security Administrator
Training the New User
Logging a User's Session
Ongoing Tasks to Maintain a Secure System
7 Managing System Access
Defining Times and Conditions for System Access
Restricting Work Times
Restricting Modes of Operation
Restricting Account Duration
Disabling Accounts
Restricting Disk Volumes
Marking Accounts for External Authentication
Assigning Appropriate Accounts to Users
Types of System Accounts
Privileged Accounts
Interactive Accounts
Captive Accounts
Restricted Accounts
Automatic Login Accounts
Guest Accounts
Proxy Accounts
Externally Authenticated Accounts
Using Passwords to Control System Access
Types of Passwords
Enforcing Minimum Password Standards
Screening New Passwords
Password Protection Checklist
Enabling External Authentication
Overriding External Authentication
Impact on Layered Products and Applications
Setting a New Password
Case Sensitivity in Passwords and User Names
User Name Mapping and Password Verification
Password Synchronization
Specifying the SYS$SINGLE_SIGNON Logical Name Bits
Authentication and Credentials Management Extensions (ACME) Subsystem
Controlling the Login Process
Informational Display During Login
Limiting Disconnected Processes
Providing Automatic Login
Using the Secure Server
Detecting Intruders
Understanding the Intrusion Database
Security Server Process
8 Controlling Access to System Data and Resources
Designing User Groups
Example of UIC Group Design
Limitations to UIC Group Design
Naming Individual Users in ACLs
Defining Sharing of Rights
Conditionalizing Identifiers for Different Users
Designing ACLs
Populating the Rights Database
Displaying the Database
Adding Identifiers
Restoring the Rights Database
Assigning Identifiers to Users
Removing Holder Records
Removing Identifiers
Customizing Identifiers
Modifying a System or Process Rights List
Giving Users Privileges
Categories of Privilege
Suggested Privilege Allocations
Limiting User Privileges
Installing Images with Privilege
Restricting Command Output
Setting Default Protection and Ownership
Controlling File Access
Setting Defaults for Objects Other Than Files
Added Protection for System Data and Resources
Precautions to Take When Installing New Software
Protecting System Files
Restricting DCL Command Usage
Encrypting Files
Protecting Disks
Protecting Backup Media
Protecting Terminals
9 Security Auditing
Overview of the Auditing Process
Reporting Security-Relevant Events
Ways to Generate Audit Information
Kinds of System Activity the Operating System Can Report
Sources of Event Information
Developing an Auditing Plan
Assessing Your Auditing Requirements
Selecting a Destination for the Event Message
Considering the Performance Impact
Methods of Capturing Event Messages
Using an Audit Log File
Enabling a Terminal to Receive Alarms
Secondary Destinations for Event Messages
Analyzing a Log File
Recommended Procedure
Invoking the Audit Analysis Utility
Providing Report Specifications
Using the Audit Analysis Utility Interactively
Examining the Report
Managing the Auditing Subsystem
Tasks Performed by the Audit Server
Disabling and Reenabling Startup of the Audit Server
Changing the Point in Startup When the Operating System Initiates Auditing
Choosing the Number of Outstanding Messages That Trigger Process Suspension
Reacting to Insufficient Memory
Maintaining the Accuracy of Message Time-Stamping
Adjusting the Transfer of Messages to Disk
Allocating Disk Space for the Audit Log File
Error Handling in the Auditing Facility
10 System Security Breaches
Forms of System Attacks
Indications of Trouble
Reports from Users
Monitoring the System
Routine System Surveillance
System Accounting
Security Auditing
Handling a Security Breach
Unsuccessful Intrusion Attempts
Successful Intrusions
11 Securing a Cluster
Overview of Clusters
Building a Common Environment
Required Common System Files
Recommended Common System Files
Synchronizing Multiple Versions of Files
Synchronizing Authorization Data
Managing the Audit Log File
Protecting Objects
Storing Profiles and Auditing Information
Clusterwide Intrusion Detection
Using the System Management Utility
Managing Cluster Membership
Using DECnet Between Cluster Nodes
12 Security in a Network Environment
Managing Network Security
Requirements for Achieving Security
Auditing in the Network
Hierarchy of Access Controls
Using Explicit Access Control
Using Proxy Logins
Using Default Application Accounts
Proxy Access Control
Special Security Measures with Proxy Access
Setting Up a Proxy Database
Example of a Proxy Account
Using DECnet Application (Object) Accounts
Summary of Network Objects
Configuring Network Objects Manually
Removing Default DECnet Access to the System
Setting Privilege Requirements for Remote Object Connections
Specifying Routing Initialization Passwords
Establishing a Dynamic Asynchronous Connection
Sharing Files in a Network
Using the Mail Utility
Setting Up Accounts for Local and Remote Users
Admitting Remote Users to Multiple Accounts
13 Using Protected Subsystems
Advantages of Protected Subsystems
Applications for Protected Subsystems
How Protected Subsystems Work
Design Considerations
System Management Requirements
Building the Subsystem
Enabling Protected Subsystems on a Trusted Volume
Giving Users Access
Example of a Protected Subsystem
Protecting the Top-Level Directory
Protecting Subsystem Directories
Protecting the Images and Data Files
Protecting the Printer
Command Procedure for Building the Subsystem
A Assigning Privileges
ACNT Privilege (Devour)
ALLSPOOL Privilege (Devour)
ALTPRI Privilege (System)
AUDIT Privilege (System)
BUGCHK Privilege (Devour)
BYPASS Privilege (All)
CMEXEC Privilege (All)
CMKRNL Privilege (All)
DIAGNOSE Privilege (Objects)
DOWNGRADE Privilege (All)
EXQUOTA Privilege (Devour)
GROUP Privilege (Group)
GRPNAM Privilege (Devour)
GRPPRV Privilege (Group)
IMPERSONATE Privilege (All) (Formerly DETACH)
IMPORT Privilege (Objects)
LOG_IO Privilege (All)
MOUNT Privilege (Normal)
NETMBX Privilege (Normal)
OPER Privilege (System)
PFNMAP Privilege (All)
PHY_IO Privilege (All)
PRMCEB Privilege (Devour)
PRMGBL Privilege (Devour)
PRMMBX Privilege (Devour)
PSWAPM Privilege (System)
READALL Privilege (Objects)
SECURITY Privilege (System)
SETPRV Privilege (All)
SHARE Privilege (All)
SHMEM Privilege (Devour)
SYSGBL Privilege (Files)
SYSLCK Privilege (System)
SYSNAM Privilege (All)
SYSPRV Privilege (All)
TMPMBX Privilege (Normal)
UPGRADE Privilege (All)
VOLPRO Privilege (Objects)
WORLD Privilege (System)
B Protection for OpenVMS System Files
Standard Ownership and Protection
Listing of OpenVMS System Files
Files in Top-Level Directories
Files in SYS$KEYMAP
Files in SYS$LDR
Files in SYS$STARTUP and SYS$ERR
Files in SYSEXE
Files in SYSHLP
Files in SYSLIB
Files in SYSMGR
Files in SYSMSG
Files in SYSTEST
Files in SYSUPD
Files in VUE$LIBRARY
C Running an OpenVMS System in a C2 Environment
Introduction to C2 Systems
Definition of the C2 Environment
Trusted Computing Base (TCB) for C2 Systems
Hardware in the TCB
Software in the TCB
Protecting Objects
Protecting the TCB
Configuring a C2 System
Checklist for Generating a C2 System
D Alarm Messages