Chapter 8: Security

Previous page
Table of content
Next page

Overview

OpenVMS has the capability to:

  • Manage account passwords and other account parameters.

  • Monitor and control account intrusions (break-ins).

  • Maintain a password history.

  • Group users into security classes.

  • Place access restrictions on system resources: disks, files, queues.

  • Control access to restricted programs.

  • Keep logs of errors, break-in attempts, file accesses, operator actions, and so on.

OpenVMS's out-of-the-box default security level is C2, as defined by the U.S. Computer Security Center's Orange Book. OpenVMS 6.1 is the most recent version formally accepted as C2 compliant. OpenVMS is also available as a B1 level.

The system manager has the responsibility to tailor his or her system for the specific environment. More often than not, I have used Department of Defense "secured" systems that were wide open to the authorized users (i.e., everyone was granted unlimited privileges). Granted, the machine and the network it was connected to were behind a security door with limited access, but the manager made no effort to protect the users from one another or from the applications running on that machine. Certainly, no malicious activity was expected, because everyone using the system had specific government clearances, but there was no protection against accidents either, which, in my opinion, are more likely in such an environment.

Once logged into the system, OpenVMS supports three independent mechanisms that enforce system security. The three security mechanisms are access control list (ACL), user identification code (UIC), and system privileges. ACL is able to grant privileges on a user-by-user basis, or user groups can be defined to ease the manager's task. ACL, which is used to grant privileges to arbitrary groups, is governed by the rights identifier. ACL supersedes the others. If ACL does not specify an access privilege, then the UIC mechanism is examined. UIC grants privileges at the user level and/or at a predefined group level. The ACL and UIC mechanisms identify the system privilege of the user to access a specific resource in a specific way (e.g., no access, read-only, read/write).



Previous page
Table of content
Next page
Getting Started with OpenVMS System Management
Getting Started with OpenVMS System Management (HP Technologies)
ISBN: 1555582818
EAN: 2147483647
Year: 2004
Pages: 130
Authors: David Miller
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Building Web Applications with UML (2nd Edition)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy