[OpenVMS documentation]
[Site home] [Send comments] [Help with this site] [How to order documentation] [OpenVMS site] [Compaq site]
Updated: 11 December 1998

OpenVMS Guide to System Security

Begin Index
Contents (summary)
Preface Preface
Part I Security Overview
Chapter 1 Understanding System Security
Chapter 2 OpenVMS Security Model
Part II Security for the User
Chapter 3 Using the System Responsibly
Chapter 4 Protecting Data
Chapter 5 Descriptions of Object Classes
Part III Security for the System Administrator
Chapter 6 Managing the System and Its Data
Chapter 7 Managing System Access
Chapter 8 Controlling Access to System Data and Resources
Chapter 9 Security Auditing
Chapter 10 System Security Breaches
Chapter 11 Securing a Cluster
Chapter 12 Security in a Network Environment
Chapter 13 Using Protected Subsystems
Appendix A Assigning Privileges
Appendix B Protection for OpenVMS VAX System Files
Appendix C Running an OpenVMS System in a C2 Environment
Appendix D Alarm Messages
  Glossary
  Index
  Figures
  Examples
  Tables

Contents

Preface
Preface Preface
Part I
Part I Security Overview
Chapter 1
1 Understanding System Security
     1.1     Types of Computer Security Problems
     1.2     Levels of Security Requirements
     1.3     Building a Secure System Environment
Chapter 2
2 OpenVMS Security Model
     2.1     Structure of a Secure Operating System
         2.1.1         Reference Monitor Concept
         2.1.2         How the Reference Monitor Enforces Security Rules
     2.2     Implementation of the Reference Monitor
         2.2.1         Subjects
         2.2.2         Objects
         2.2.3         Authorization Database
         2.2.4         Audit Trail
         2.2.5         Reference Monitor
         2.2.6         Authorization Database Represented as an Access Matrix
     2.3     Summary: System Security Design
Part II
Part II Security for the User
Chapter 3
3 Using the System Responsibly
     3.1     Choosing a Password for Your Account
         3.1.1         Obtaining Your Initial Password
         3.1.2         Observing System Restrictions on Passwords
     3.2     Knowing What Type of Password to Use
         3.2.1         Entering a System Password
         3.2.2         Entering a Secondary Password
     3.3     Password Requirements for Different Types of Accounts
     3.4     Types of Logins and Login Classes
         3.4.1         Logging In Interactively: Local, Dialup, and Remote Logins
         3.4.2         Logging In Using External Authentication
         3.4.3         Reading Informational Messages
         3.4.4         When the System Logs In for You: Network and Batch Logins
     3.5     Login Failures: When You Are Unable to Log In
         3.5.1         Using a Terminal That Requires a System Password
         3.5.2         Observing Your Login Class Restrictions
         3.5.3         Using an Account Restricted to Certain Days and Times
         3.5.4         Failing to Enter the Correct Password During a Dialup Login
         3.5.5         Knowing When Break-In Evasion Procedures Are in Effect
     3.6     Changing Your Password
         3.6.1         Selecting Your Own Password
         3.6.2         Using Generated Passwords
         3.6.3         Changing a Secondary Password
         3.6.4         Changing Your Password As You Log In
     3.7     Password and Account Expiration Times
         3.7.1         Changing an Expired Password
         3.7.2         Renewing an Expired Account
     3.8     Guidelines for Protecting Your Password
     3.9     Network Security Considerations
         3.9.1         Protecting Information in Access Control Strings
         3.9.2         Using Proxy Login Accounts to Protect Passwords
     3.10     Auditing Access to Your Account and Files
         3.10.1         Observing Your Last Login Time
         3.10.2         Adding Access Control Entries to Sensitive Files
         3.10.3         Asking Your Security Administrator to Enable Auditing
             3.10.3.1             Auditing File Access
             3.10.3.2             Additional Events to Audit
     3.11     Logging Out Without Compromising System Security
         3.11.1         Clearing Your Terminal Screen
         3.11.2         Disposing of Hardcopy Output
         3.11.3         Removing Disconnected Processes
         3.11.4         Breaking the Connection to a Dialup Line
         3.11.5         Turning Off a Terminal
     3.12     Checklist for Contributing to System Security
Chapter 4
4 Protecting Data
     4.1     Contents of a User's Security Profile
         4.1.1         Per-Thread Security
         4.1.2         Persona Security Block Data Structure (PSB)
         4.1.3         Previous Security Model
         4.1.4         Per-Thread Security Model
         4.1.5         User Identification Code (UIC)
             4.1.5.1             Format of a UIC
             4.1.5.2             Guidelines for Creating a UIC
             4.1.5.3             How Your Process Acquires a UIC
         4.1.6         Rights Identifiers
             4.1.6.1             Types of Identifiers
             4.1.6.2             Process and System Rights Lists
             4.1.6.3             Displaying the Rights Identifiers of Your Process
             4.1.6.4             How Rights Identifiers Appear in the Audit Trail
         4.1.7         Privileges
     4.2     Security Profile of Objects
         4.2.1         Definition of a Protected Object
         4.2.2         Contents of an Object's Profile
             4.2.2.1             Owner
             4.2.2.2             Protection Code
             4.2.2.3             Access Control List (ACL)
         4.2.3         Displaying a Security Profile
         4.2.4         Modifying a Security Profile
         4.2.5         Specifying an Object's Class
         4.2.6         Access Required to Modify a Profile
     4.3     How the System Determines If a User Can Access a Protected Object
     4.4     Controlling Access with ACLs
         4.4.1         Using Identifier Access Control Entries (ACEs)
         4.4.2         Granting Access to Particular Users
         4.4.3         Preventing Users from Accessing an Object
         4.4.4         Limiting Access to a Device
         4.4.5         Limiting Access to an Environment
         4.4.6         Ordering ACEs Within a List
         4.4.7         Establishing an Inheritance Scheme for Files
         4.4.8         Displaying ACLs
         4.4.9         Adding ACEs to an Existing ACL
         4.4.10         Deleting an ACL
         4.4.11         Deleting ACEs from an ACL
         4.4.12         Replacing Part of an ACL
         4.4.13         Restoring a File's Default ACL
         4.4.14         Copying an ACL
     4.5     Controlling Access with Protection Codes
         4.5.1         Format of a Protection Code
         4.5.2         Types of Access in a Protection Code
         4.5.3         Processing a Protection Code
         4.5.4         Changing a Protection Code
         4.5.5         Enhancing Protection for Sensitive Objects
         4.5.6         Providing a Default Protection Code for a Directory Structure
         4.5.7         Restoring a File's Default Security Profile
     4.6     Understanding Privileges and Control Access
         4.6.1         How Privileges Affect Protection Mechanisms
         4.6.2         Using Control Access to Modify an Object Profile
         4.6.3         Object-Specific Access Considerations
     4.7     Auditing Protected Objects
         4.7.1         Kinds of Events the System Audits
         4.7.2         Enabling Auditing for a Class of Objects
         4.7.3         Adding Security-Auditing ACEs

Previous Next Contents Index

[Site home] [Send comments] [Help with this site] [How to order documentation] [OpenVMS site] [Compaq site]
[OpenVMS documentation]

Copyright © Compaq Computer Corporation 1998. All rights reserved.

Legal
6346PRO_CONTENTS.HTML