The Question is:
Limited access via ftp
We supply an administration systems for mobile telephone networks. Within the
networks there may be several different platforms that are required to talk to
each other. Included amongst these platforms there may be systems that are run
by our competitors.
If at all possible we would like to provide these other platforms with FTP
access to a single directory (read and write)and effectively disable the cd
(or set def) command. So far we have tried
setting directory permissions and ACL but to no avail. Do you know how we can
The Answer is :
The OpenVMS Wizard recommends first determining your critical data,
then designing a security model (ACLs, protection masks, etc) that
will protect it.
Though you indicate that your have tried ACLs, you do not indicate
what ACLs were tried, nor what problems were seen. The OpenVMS
Wizard would typically use the broadest of ACLs and protections
possible at the first and highest level (eg: device ACLs), then
working downward to more specific granularities (eg: file ACLs).
The same holds for the sequence of ACEs within ACLs, start with
the broad permissions and broad denials at the top of the ACL,
then followed by ACEs in the ACL that provide specific permissions
SET DEFAULT is not a security-relevent event, is not audited, and
is not part of the OpenVMS security model. The only way to prevent
use of the SET DEFAULT command is to maintain the user as captive.
Use of security-relevent events and security features is strongly
recommended here, rather than attempting to use obscurity -- use
of SET DEFAULT and then DIRECTORY is no different than directly
issuing a DIRECTORY command (from another default device and
directory) on the target device and directory.
The OpenVMS Wizard will make a few general recommendations in the
area of security and security management:
o determine what data is truely valuable, and protect that.
o determine what will allow access to your data, and protect that.
o don't neglect human factors and human engineering:
- security must be easy to use, or it will be bypassed
- many security breaches are "inside jobs"
- many security violations are "inside jobs"
o beware network connects, tunnels, and firewalls
- avoid allowing trusted network tunnels from untrusted hosts
- firewalls must operate bidirectional
- use multiple (different) firewalls
- include (silent) network activity monitors
o use skilled staff knowledgeable in OpenVMS security
- use this staff to try to bypass your own security
- keep this staff current on security vulnerabilities
o use automatic analysis tools to monitor activity
- monitor for (unusual) network activity
- monitor for (unusual) system activity
- monitor for (unusual) user activity
o partition your data
- avoid allowing all users access to all data
- keep the closest track of your critical data
o disable and avoid tools containing built-in scripting languages
- avoid SMTP mailers with debug enabled
- avoid integrated word processing tools
- avoid any mail system that permits transfering executable
code, as somebody is going to accidently activate it.
o use operating system security features
- auditing and alarms
- subsystem identifiers on images
- user identifiers
- educate users on reasonable passwords
Please read the Guide to System Security for an overview of OpenVMS
security features, as well as for information on how to configure and
operate OpenVMS in an NCSC Class C2 environment.
Various service and contracting organizations are available that
can help educate you in system and network security.
Also see topics 4282, 4481, 4612, 4653.