The Question is:
Is there a security hole if I have network access to my serial console port ?
I have a decserver always connected to the network and serial port of my Alpha.
If I have the information, I can connect by the network to the serial console
port of my system: it ask me my username and password. Break is disabled. Is
there a security i
ssue (is it possible to get in or stop the system without username/password and
without physical access to the system ?
The Answer is :
Anyone with access to the system console has full system access.
The OpenVMS Wizard must decline further discussions of an open-ended
discussion of security exposures. For general configuration details
and recommendations, please see the appendix of the security manual.
The OpenVMS Wizard will mention that there are various system error
messages that are system critical, and -- because of the run-time
system context and the nature of the errors -- these messages can
only be written to the console, if the error messages can be
written at all.