Updated: 11 December 1998

OpenVMS Guide to System Security

P
Paper shredders
Password generators
obtaining initial password
when to require
Password grabber programs #1
Password grabber programs #2
Password grabber programs #3
catching with auditing ACEs
Password protection #1
Password protection #2
Password synchronization
Passwords
acceptable
automatically generated #1
automatically generated #2
avoiding detection #1
avoiding detection #2
avoiding detection #3
chances to supply during dialups
changing #1
changing #2
at login
expired
frequency guidelines
secondary
using /NEW_PASSWORD qualifier
cluster membership management
console
C2 system requirements
console passwords
dialup retries #1
dialup retries #2
dual #1
dual #2
eliminating for networks
encoding
encryption algorithms
expiration #1
expiration #2
expiration #3
expiration time
failure to change
first
forced change #1
forced change #2
format
generated #1
generated #2
generated #3
guessing
history list
how to preexpire
incorrect
initial #1
initial #2
length #1
length #2
length #3
lifetime of #1
lifetime of #2
locked #1
locked #2
locked #3
minimum length #1
minimum length #2
minimum length #3
multiple systems and
new
null as choice for captive account
open accounts and
password grabber programs
primary #1
primary #2
primary #3
primary passwords
proxy logins
reason for changing #1
reason for changing #2
receive
restrictions #1
restrictions #2
reuse
risky
routing initialization
screening
against dictionary
against history list
with site-specific filter
secondary #1
secondary #2
changing
changing expired
entering
secondary passwords
secure
secure choices for
secure terminal servers and
sharing #1
sharing #2
system #1
system #2
system #3
dictionary
transmit
types
uniqueness for each account
user #1
user #2
user guidelines
verifying change of
when account is created
when to change
Performance
ACL length and
high-water marking and
security-auditing impact
PFMGBL privilege
PFNMAP privilege #1
PFNMAP privilege #2
PHONE objects
Physical I/O access
Physical security
C2 systems and
encrypting files
restricting system access
violation indicators
when logging out #1
when logging out #2
PHY_IO privilege #1
PHY_IO privilege #2
PIPE command
impact on subprocess auditing events
PIPE subprocess
analyzing audit messages
Port
terminal
/PRCLM qualifier in AUTHORIZE
Primary passwords
/PRIMEDAYS qualifier, example
Printers
C2 systems and
default security elements
Privilege requirements
common event flag clusters
devices
global sections
logical name tables
queues
resource domains
volumes
Privileged accounts #1
Privileged accounts #2
Privileges
ACNT
affecting object access
All category #1
All category #2
ALLSPOOL
ALTPRI
AUDIT
auditing use of #1
auditing use of #2
authorized process #1
authorized process #2
BUGCHK
BYPASS #1
BYPASS #2
BYPASS #3
BYPASS #4
BYPASS #5
bypassing ACLs
bypassing protection codes
captive accounts and
categories of #1
categories of #2
CMEXEC
CMKRNL
default process #1
default process #2
definition
DETACH
Devour category #1
Devour category #2
DIAGNOSE
disabling
DOWNGRADE
enabling through SETPRV
EXQUOTA
file sharing and
GROUP #1
GROUP #2
Group category #1
Group category #2
GRPNAM #1
GRPNAM #2
GRPPRV #1
GRPPRV #2
GRPPRV #3
GRPPRV #4
GRPPRV #5
GRPPRV #6
GRPPRV #7
IMPERSONATE
IMPORT
influence on object access
LOG_IO
MOUNT
NETMBX
network requirements
Normal category #1
Normal category #2
Objects category #1
Objects category #2
OPER #1
OPER #2
PFNMAP
PHY_IO
PRMCEB
PRMGBL
PRMMBX
process
PSWAPM
READALL #1
READALL #2
READALL #3
recommendations for different users
related to group UIC
reporting use with $CHECK_PRIVILEGE
SECURITY
security administrator requirements
SET PROCESS/PRIVILEGES
SETPRV
SHARE
SHMEM
storage in UAF record
summary of #1
summary of #2
SYSGBL
SYSLCK
SYSNAM
SYSPRV #1
SYSPRV #2
controlling access through
effect on protection mechanisms
giving rights of system user
tasks requiring
System category
TMPMBX
trusted users and
UAF records and
untrusted users and
UPGRADE
VOLPRO
WORLD
PRMCEB privilege #1
PRMCEB privilege #2
PRMGBL privilege
PRMMBX privilege #1
PRMMBX privilege #2
Probers, catching #1
Probers, catching #2
Probing, as security problem
Process exclusion list
Processes
access rights of
activities permitted by privileges
adding to exclusion list
audit server
auditing of #1
auditing of #2
auditing system services controlling
connecting to
restrictions
creating
with different UICs
default protection for
disconnected #1
disconnected #2
displaying default protection
displaying process rights identifiers
enabling privileges
interactive mode
logging out of current
modifying the rights list
reconnecting
security profiles of
suspending
UIC identifiers
Project accounts
as protected subsystems
setting up
Prompts, passwords and
Propagating protection, example
Protected attribute #1
Protected attribute #2
deleting ACEs with
Protected object databases
Protected subsystems
advantages of #1
advantages of #2
applications for
constructing
description of #1
description of #2
design requirements
enabling
example
file protection #1
file protection #2
mounting volumes with
printer protection
subsystem ACEs
system management requirements
user access
Protection
ACL-based
capability
command procedures and
common event flag clusters
deleted data #1
deleted data #2
deleted data #3
deleted data #4
devices
global sections
logical name tables
managing defaults #1
managing defaults #2
objects
queues
resource domains
security class
through protected subsystems
UIC-based codes
volumes
Protection checking
evaluating an object access request
exception with zero UICs
influenced by ownership
Protection codes
access specification
access types
assigning during file creation
bypassing with special rights
changing
default file protection #1
default file protection #2
definition #1
definition #2
denying all access
effect of privileges
evaluation sequence
format
granting control access
Identifier ACEs and
interaction with ACLs
interpreting
multiple user categories and
null access specification #1
null access specification #2
priority in access evaluation
processing
queue access rights
reading
restoring file default
security element of an object
sequence of checking categories
user categories
Protocols
autodial
Proxies
access control
Proxy
access
setting up a proxy database for
access control
removing
Proxy access
to applications
to nodes
Proxy accounts #1
Proxy accounts #2
as captive accounts
as restricted accounts
C2 systems and
default
example #1
example #2
general-access
maximum number allowed
multiple-user
naming
recommended restrictions
selecting from multiple
single-user
Proxy database
setting up
Proxy logins
access control
account
establishing and managing #1
establishing and managing #2
NET$PROXY.DAT
NETPROXY.DAT
network applications
security benefits
PSWAPM privilege
PURGE command, /ERASE qualifier
/PWDLIFETIME qualifier
/PWDMINIMUM qualifier

Copyright © Compaq Computer Corporation 1998. All rights reserved. Legal

6346PRO_INDEX_005.HTML