HP OpenVMS Systems Documentation

Content starts here

OpenVMS Guide to System Security

Previous Contents Index

    access granted by OPER privilege
    ACL access rights
    as protected objects
    events audited
    privilege requirements
    profile storage
    protection code access rights
    security elements of
    template profiles
    types of access
Read access
    global sections
    granting through ACLs
    granting through protection codes
    logical name tables
        through ACLs
        through protection codes
    resource domains
    security class
READALL privilege #1
READALL privilege #2
READALL privilege #3
Recall buffers
RECALL command, /ERASE qualifier
Receive passwords
Reconnection to processes
Records displaying holder of a rights identifier
Reference monitors
    applying to networks
    concept in security #1
    concept in security #2
    requirements on
Remote diagnostics, C2 system requirements
Remote identifiers
Remote logins
    logging out
    system passwords and
REMOVE/IDENTIFIER command in Authorize utility
Removing proxy access
RENAME command, /INHERIT_SECURITY qualifier
Reserved UIC group numbers
Resource attribute #1
Resource attribute #2
Resource attributes #1
Resource attributes #2
Resource domains
    events audited
    privilege requirements
    profile storage
    security elements of
    template profile
    types of access
Resource identifiers
    as file owners #1
    as file owners #2
Resource monitoring
Restricted accounts #1
Restricted accounts #2
    danger of process spawning
    setting up
    when to use #1
    when to use #2
Rights database
    adding identifiers
    assigning identifiers to users
    creating and maintaining
    removing identifiers and holders
Rights databases
    adding identifiers
    assigning identifiers to users
    creating and maintaining
    removing identifiers and holders
Rights list, access arranged by capability
Rights of users
    creating and maintaining
    how UICs are stored
RMS_FILEPROT system parameter #1
RMS_FILEPROT system parameter #2
RMS_FILEPROT system parameter #3
RMS_FILEPROT system parameter #4
Routing initialization passwords
Save set (BACKUP), protection of
Screen clearing #1
Screen clearing #2
Secondary passwords
    changing expired
    login expiration
    minimum length
SECSRV$CLIENT, reserved identifier
SECSRV$COMMUNICATION, reserved identifier
SECSRV$OBJECT, reserved identifier
Secure terminal servers
    password protection and
    environmental factors
Security administrators
    C2 requirements
    checklist for maintaining a secure system
    cluster managers and
    goals of
    personal accounts
    privilege requirements
    role of
    system passwords and
    training users #1
    training users #2
Security alarms
    audit log file
    disabling on system consoles
    events to enable as #1
    events to enable as #2
    events triggering
    example of enabling events
    sample messages #1
    sample messages #2
Security archive files, losing the remote link to
Security attacks, forms of #1
Security attacks, forms of #2
Security audit event messages
    changing disk transfer rate
    controlling delivery to server
    delaying delivery at startup
    when to ignore
Security audit log files #1
Security audit log files #2
    advantages of
    allocating disk space
    C2 systems and
    changing location
    changing message transfer rate
    events to report
    interactive analysis
    selecting records from
Security audit reports
    analyzing suspicious activity
    brief format
    defining contents of #1
    defining contents of #2
    detailed inspection
    examples #1
    examples #2
    formats #1
    formats #2
    full format
    rights identifiers in
    routine inspections
    summary format
Security auditing
    account and file access
    adding ACEs to files
    analyzing audit log files
    archive files
    assessing site requirements
    audit listener mailboxes
    audit server databases
    audit trails #1
    audit trails #2
    C2 system restrictions
    capability objects
    cluster considerations
    common event flag clusters
    controlling event messages
    default auditing events
    default characteristics
    disabling auditing
    disabling events
    disabling resource monitoring
    effective use
    enabling auditing
    enabling event classes
    enabling events
    error handling #1
    error handling #2
    excluding processes from suspension
    files #1
    files #2
    global sections
    granularity of events
    high security needs #1
    high security needs #2
    logical name tables
    low security needs #1
    low security needs #2
    managing the audit server
    memory limitations and
    moderate security needs #1
    moderate security needs #2
    moderate security needs #3
    object class enabled
    performance impact
    reporting object access
    reporting object use
    resource domains
    security class objects
    sending event messages to archive files #1
    sending event messages to archive files #2
    sending event messages to mailboxes
    sending event messages to operator terminals
    synchronizing cluster time
Security-auditing ACEs
    position in ACL
Security-auditing events
    based on security needs
    classes of
    default classes #1
    default classes #2
    default classes #3
    disabling all classes
    enabling all classes
    enabling as alarms
    enabling as audits
    reporting #1
    reporting #2
    reporting #3
    reporting #4
    sending to audit log files
    sending to listener mailboxes
    sending to operator terminals
    sending to remote archive files
    suppressing privilege audits
    suppressing process control audits
    system services for
Security breaches, handling #1
Security breaches, handling #2
Security checklists
    for C2 systems
    for designing a secure system
    for maintaining a secure system
    for training users
    for users
Security class object
    events audited
    profile storage
    template profile
    types of access
Security, clusterwide intrusion detection
Security features
    access controls #1
    access controls #2
    account duration #1
    account duration #2
    account duration #3
    auditing #1
    auditing #2
    auditing #3
    auditing #4
    automatic password generation #1
    automatic password generation #2
    dialup retries
    high-water marking
    intrusion detection #1
    intrusion detection #2
    login class restrictions #1
    login class restrictions #2
    password changes
    password expiration #1
    password expiration #2
    password protection #1
    password protection #2
    password requirements #1
    password requirements #2
    password restrictions #1
    password restrictions #2
    protected subsystems
    proxy accounts
    proxy logins #1
    proxy logins #2
    secondary passwords #1
    secondary passwords #2
    secure terminal servers #1
    secure terminal servers #2
    security alarms
    shift restrictions
    system passwords #1
    system passwords #2
Security kernel, definition
Security levels #1
Security levels #2
    event monitoring and
    high #1
    high #2
    low #1
    low #2
Security management
    for clusters #1
    for clusters #2
    for clusters #3
    managing audit log file
    modifying cluster group number
    modifying cluster password
    policy development #1
    policy development #2
    policy development #3
    protected objects
    synchronizing authorization data
    SYSMAN requirements
Security models
Security operator terminals
SECURITY privilege
    hidden ACEs and
Security problems
    anonymity of network and dialup users
    autologin accounts, reducing
    categories of
    disk scavenging
    hardcopy terminal output
    logging out #1
    logging out #2
    network access control strings
    password detection
    telephone system as
Security profiles
    assigning to new devices
    capability object
    common event flag clusters
    displaying class defaults
    files #1
    files #2
    files #3
    global sections
    in access evaluations
    logical name tables
    modification requirements #1
    modification requirements #2
        deleting ACLs
        modifying class templates
        origin of
        owner element
        protection codes #1
        protection codes #2
        displaying #1
        displaying #2
    resource domains
    security class
        displaying #1
        displaying #2
        UICs #1
        UICs #2
Security restrictions
    captive command procedures
    login class
    on command usage
    on mode of operation
    shifts #1
    shifts #2
    time-of-day #1
    time-of-day #2
Security Server process
SECURITY_POLICY system parameter #1
SECURITY_POLICY system parameter #2
    secure terminals
SET AUDIT command
    enabling security-relevant events
    /EXCLUDE qualifier
    /INTERVAL qualifier
    /LISTENER qualifier
    opening new log files
    /SERVER qualifier #1
    /SERVER qualifier #2
    suggested auditing applications
    /THRESHOLD qualifier
SET FILE command, /ERASE qualifier
SET HOST command
SET HOST/DTE command, using over the network
    automatic password generation
    /GENERATE qualifier #1
    /GENERATE qualifier #2
    /SECONDARY qualifier
    /SYSTEM/GENERATE qualifier
    /SYSTEM qualifier
SET PROCESS command, /PRIVILEGES qualifier #1
SET PROCESS command, /PRIVILEGES qualifier #2
    /ACL qualifier
        adding Identifier ACEs
        deleting ACEs
        replacing ACEs
    /AFTER qualifier
    changing object security profile
    changing protection codes
    /CLASS=DEVICE qualifier
    /CLASS qualifier #1
    /CLASS qualifier #2
    copying ACLs
    /COPY_ATTRIBUTE qualifier
    creating an ACL
    /DEFAULT qualifier #1
    /DEFAULT qualifier #2
    /DELETE qualifier
    deleting ACEs
    /LIKE qualifier
    managing site defaults
    /OWNER qualifier
    /PROTECTION qualifier #1
    /PROTECTION qualifier #2
        modifying codes
        modifying for devices
    /REPLACE qualifier
    restoring defaults for files
    setting default file protection
    /DISCONNECT qualifier
    /HANGUP qualifier
    /NOMODEM/SECURE qualifier
    /SECURE qualifier
    stopping password grabbers
    /SYSPWD qualifier
    using over the network
Set-Up key
SET VOLUME command
    /ERASE_ON_DELETE qualifier
    /NOHIGHWATER_MARKING qualifier #1
    /NOHIGHWATER_MARKING qualifier #2
    /PROTECTION qualifier
SET VOLUME command, /ERASE_ON_DELETE qualifier
SETPRV privilege
SHARE privilege
Shareable devices, access requirements
Shared files, considerations for a cluster system
Shift restrictions
SHMEM privilege
SHOW AUDIT command #1
SHOW AUDIT command #2
SHOW/IDENTIFIER command in Authorize utility #1
SHOW/IDENTIFIER command in Authorize utility #2
    and WORLD privilege
SHOW/RIGHTS command in Authorize utility
    displaying security profiles of objects
    displaying site defaults #1
    displaying site defaults #2
    displaying the object's class
SHOW USERS command, disconnected jobs and
Sign-on, single
Single sign-on
Site security
Social engineering as security problem
SOGW user category abbreviation
Spawning processes, security implications in restricted accounts
Spooled devices, access requirements
STARTNET.COM command procedure
STARTUP_P1 system parameter
Subjects in security models #1
Subjects in security models #2
Submit access
    analyzing audit messages
    increase in auditing events
Subsystem ACEs #1
Subsystem ACEs #2
Subsystem ACEs #3
subsystem ACEs
Subsystem ACEs
Subsystem attribute
Surveillance guidelines
Synchronization, password
SYS$ACME_MODULE logical name
SYS$ANNOUNCE logical name
SYS$NODE logical name
SYS$SINGLE_SIGNON logical name
SYS$SINGLE_SIGNON logical name bits
SYS$WELCOME logical name
SYSALF, ALF (automatic login facility) file
SYSECURITY.COM command procedure
SYSGBL privilege #1
SYSGBL privilege #2
SYSLCK privilege #1
SYSLCK privilege #2
SYSMAN databases and C2 environments
SYSNAM privilege #1
SYSNAM privilege #2
    modifying system operations
    overriding access controls
    queue management
SYSPRV privilege #1
SYSPRV privilege #2
SYSPRV privilege #3
    giving rights of system user
    tasks requiring
SYSTARTUP_VMS.COM command procedure
System failures, disposing of hardcopy output
System files
    adding ACLs
    Alpha default protection
    auditing recommendations
    benefiting from ACLs
    default protection
    protection codes and ownership
    VAX default protection
System Generation utility (SYSGEN), auditing parameter modifications
System Management utility (SYSMAN)
    managing clusters
    modifying cluster security data
    modifying LGI parameters
System parameters
    auditing modification of
    controlling disconnected processes
    defining system users (security category)
    required C2 settings
System passwords
    causing login failures
    minimum length requirement
    recommended change frequency
    setting up
    where stored
System services, auditing event information
System users (security category) #1
System users (security category) #2
    defining with MAXSYSGROUP parameter
    qualifications for
    controlling access to
    controlling use of
    account expiration
    auditing modifications to
    LOCKPWD flag
    login class restrictions
    modifications and security audit #1
    modifications and security audit #2
    normal protection
    password storage
    privileges and #1
    privileges and #2
    recording privileges
    synchronization with rights database
SYSUAFs (system user authorization files)
    marking for external authentication

Previous Next Contents Index