Clusterwide intrusion detection extends protection against
attacks of all types throughout the cluster. Intrusion data and information
from each system is integrated to protect the cluster as a whole.
You can set the SECURITY_POLICY system parameter
on the member systems in your cluster to maintain either a local or
a clusterwide intrusion database of unauthorized attempts and the
state of any intrusion events.
If bit 12 in the SECURITY_POLICY
is cleared, all cluster members are made aware if a system is under
attack or has any intrusion events recorded. Events recorded on one
system can cause another system in the cluster to take restrictive
action. For example, users attempting to log in are monitored more
closely and are limited to a certain number of login retries within
a limited period of time. Once users exceed either the retry or time
limitation, they cannot log in. The default for bit 12 in the SECURITY_POLICY
system parameter is clear.
For information on the system services $DELETE_INTRUSION,
$SCAN_INTRUSION, and $SHOW_INTRUSION, see the HP OpenVMS
System Services Reference Manual.
For information on the DCL commands DELETE INTRUSION
and SHOW INTRUSION, see the HP OpenVMS DCL Dictionary.