[OpenVMS documentation]
[Site home] [Send comments] [Help with this site] [How to order documentation] [OpenVMS site] [Compaq site]
Updated: 11 December 1998

OpenVMS Guide to System Security


Previous Contents Index

Q
Queues
    access granted by OPER privilege
    ACL access rights
    as protected objects
    events audited
    privilege requirements
    profile storage
    protection code access rights
    security elements of
    template profiles
    types of access
R
Read access
    devices
    files
    global sections
    granting through ACLs
    granting through protection codes
    logical name tables
    queues
        through ACLs
        through protection codes
    resource domains
    security class
    volumes
READALL privilege #1
READALL privilege #2
READALL privilege #3
Recall buffers
RECALL command, /ERASE qualifier
Receive passwords
Reconnection to processes
Records displaying holder of a rights identifier
Reference monitors
    applying to networks
    concept in security #1
    concept in security #2
    implementation
    requirements on
Remote diagnostics, C2 system requirements
Remote identifiers
Remote logins
    logging out
    system passwords and
REMOVE/IDENTIFIER command in Authorize utility
Removing proxy access
RENAME command, /INHERIT_SECURITY qualifier
Reserved UIC group numbers
Resource attribute #1
Resource attribute #2
Resource attributes #1
Resource attributes #2
Resource domains
    events audited
    privilege requirements
    profile storage
    security elements of
    template profile
    types of access
Resource identifiers
    as file owners #1
    as file owners #2
Resource monitoring
    disabling
Restricted accounts #1
Restricted accounts #2
    danger of process spawning
    setting up
    when to use #1
    when to use #2
Rights database
    adding identifiers
    assigning identifiers to users
    creating and maintaining
    displaying
    removing identifiers and holders
Rights databases
    adding identifiers
    assigning identifiers to users
    creating and maintaining
    displaying
    removing identifiers and holders
Rights list, access arranged by capability
Rights of users
    displaying
RIGHTSLIST.DAT files
    auditing
    creating and maintaining
    how UICs are stored
RMS_FILEPROT system parameter #1
RMS_FILEPROT system parameter #2
RMS_FILEPROT system parameter #3
RMS_FILEPROT system parameter #4
Routing initialization passwords
S
Save set (BACKUP), protection of
Screen clearing #1
Screen clearing #2
Secondary passwords
    advantages
    changing
    changing expired
    disadvantages
    entering
    login expiration
    managing
    minimum length
SECSRV$CLIENT
    reserved identifier
SECSRV$COMMUNICATION
    reserved identifier
SECSRV$OBJECT
    reserved identifier
Secure terminal servers
    password protection and
Security
    environmental factors
Security administrators
    C2 requirements
    checklist for maintaining a secure system
    cluster managers and
    goals of
    personal accounts
    privilege requirements
    role of
    system passwords and
    training users #1
    training users #2
Security alarms
    audit log file
    disabling on system consoles
    events to enable as #1
    events to enable as #2
    events triggering
    example of enabling events
    sample messages #1
    sample messages #2
Security archive files
    losing the remote link to
Security attacks, forms of #1
Security attacks, forms of #2
Security audit event messages
    changing disk transfer rate
    controlling delivery to server
    delaying delivery at startup
    when to ignore
SECURITY.AUDIT$JOURNAL files
Security audit log files #1
Security audit log files #2
    advantages of
    allocating disk space
    C2 systems and
    changing location
    changing message transfer rate
    characteristics
    creating
    description
    events to report
    interactive analysis
    maintaining
    pre-extending
    procedures
    selecting records from
Security audit reports
    analyzing suspicious activity
    brief format
    creating
    defining contents of #1
    defining contents of #2
    destination
    detailed inspection
    examples #1
    examples #2
    formats #1
    formats #2
    full format
    rights identifiers in
    routine inspections
    scheduling
    summary format
Security auditing
    account and file access
    adding ACEs to files
    analyzing audit log files
    archive files
    assessing site requirements
    audit server databases
    audit trails #1
    audit trails #2
    C2 system restrictions
    capability objects
    cluster considerations
    common event flag clusters
    controlling event messages
    default auditing events
    default characteristics
    devices
    directories
    disabling auditing
    disabling events
    disabling resource monitoring
    effective use
    enabling auditing
    enabling event classes
    enabling events
    error handling #1
    error handling #2
    excluding processes from suspension
    files #1
    files #2
    global sections
    granularity of events
    high security needs #1
    high security needs #2
    listener devices
    logical name tables
    low security needs #1
    low security needs #2
    managing the audit server
    memory limitations and
    messages
    moderate security needs #1
    moderate security needs #2
    moderate security needs #3
    object class enabled
    overview
    performance impact
    queues
    reporting object access
    reporting object use
    resource domains
    security class objects
    sending event messages to archive files #1
    sending event messages to archive files #2
    sending event messages to mailboxes
    sending event messages to operator terminals
    synchronizing cluster time
    volumes
Security-auditing ACEs
    position in ACL
Security-auditing events
    based on security needs
    classes of
    default classes #1
    default classes #2
    default classes #3
    disabling all classes
    displaying
    enabling all classes
    enabling as alarms
    enabling as audits
    example
    network
    reporting #1
    reporting #2
    reporting #3
    reporting #4
    sending to audit log files
    sending to listener mailboxes
    sending to operator terminals
    sending to remote archive files
    suppressing privilege audits
    suppressing process control audits
    system services for
Security breaches, handling #1
Security breaches, handling #2
Security checklists
    for C2 systems
    for designing a secure system
    for maintaining a secure system
    for training users
    for users
Security class object
    definition
    events audited
    profile storage
    template profile
    types of access
Security features
    access controls #1
    access controls #2
    account duration #1
    account duration #2
    account duration #3
    auditing #1
    auditing #2
    auditing #3
    auditing #4
    automatic password generation #1
    automatic password generation #2
    dialup retries
    erase-on-allocate
    erase-on-delete
    high-water marking
    intrusion detection #1
    intrusion detection #2
    login class restrictions #1
    login class restrictions #2
    password changes
    password expiration #1
    password expiration #2
    password protection #1
    password protection #2
    password requirements #1
    password requirements #2
    password restrictions #1
    password restrictions #2
    passwords
    protected subsystems
    proxy accounts
    proxy logins #1
    proxy logins #2
    secondary passwords #1
    secondary passwords #2
    secure terminal servers #1
    secure terminal servers #2
    security alarms
    shift restrictions
    system passwords #1
    system passwords #2
Security kernel, definition
Security levels #1
Security levels #2
    event monitoring and
    high #1
    high #2
    low #1
    low #2
    medium
Security management
    for clusters #1
    for clusters #2
    for clusters #3
    managing audit log file
    modifying cluster group number
    modifying cluster password
    policy development #1
    policy development #2
    policy development #3
    protected objects, cluster-visible
    protected objects, databases
    synchronizing authorization data
    SYSMAN requirements
Security models
Security operator terminals
SECURITY privilege
    hidden ACEs and
Security problems
    anonymity of network and dialup users
    autologin accounts, reducing
    categories of
    disk scavenging
    hardcopy terminal output
    logging out #1
    logging out #2
    network access control strings
    password detection
    telephone system as
Security profiles
    assigning to new devices
    capability object
    common event flag clusters
    devices
    displaying class defaults
    files #1
    files #2
    files #3
    global sections
    in access evaluations
    logical name tables
    modification requirements #1
    modification requirements #2
    objects
        ACLs
        changing
        contents
        deleting ACLs
        displaying
        modifying class templates
        origin of
        owner element
        protection codes #1
        protection codes #2
    processes
        displaying #1
        displaying #2
        identifiers
        privileges
        UICs
    queues
    resource domains
    security class
    users
        displaying #1
        displaying #2
        identifiers
        privileges
        UICs #1
        UICs #2
    volumes
Security restrictions
    captive command procedures
    login class
    on command usage
    on mode of operation
    shifts #1
    shifts #2
    time-of-day #1
    time-of-day #2
Security Server process
SECURITY_POLICY system parameter #1
SECURITY_POLICY system parameter #2
Servers
    audit
    secure terminals
    security
SET AUDIT command
    alarms
    enabling security-relevant events
    /EXCLUDE qualifier
    /INTERVAL qualifier
    /LISTENER qualifier
    opening new log files
    /SERVER qualifier #1
    /SERVER qualifier #2
    suggested auditing applications
    /THRESHOLD qualifier
SET FILE command, /ERASE qualifier
SET HOST command
SET HOST/DTE command, using over the network
SET PASSWORD command
    automatic password generation
    /GENERATE qualifier #1
    /GENERATE qualifier #2
    /SECONDARY qualifier
    /SYSTEM/GENERATE qualifier
    /SYSTEM qualifier
SET PROCESS command, /PRIVILEGES qualifier #1
SET PROCESS command, /PRIVILEGES qualifier #2
SET PROTECTION/DEFAULT command
SET SECURITY command
    /ACL qualifier
        adding Identifier ACEs
        deleting
        deleting ACEs
        example
        replacing ACEs
    /AFTER qualifier
    changing object security profile
    changing protection codes
    /CLASS=DEVICE qualifier
    /CLASS qualifier #1
    /CLASS qualifier #2
    copying ACLs
    /COPY_ATTRIBUTE qualifier
    creating an ACL
    /DEFAULT qualifier #1
    /DEFAULT qualifier #2
    /DELETE qualifier
    deleting ACEs
    example
    /LIKE qualifier
    managing site defaults
    /OWNER qualifier
    /PROTECTION qualifier #1
    /PROTECTION qualifier #2
        modifying codes
        modifying for devices
    /REPLACE qualifier
    restoring defaults for files
    setting default file protection
SET TERMINAL command
    /DISCONNECT qualifier
    /HANGUP qualifier
    /NOMODEM/SECURE qualifier
    /SECURE qualifier
    stopping password grabbers
    /SYSPWD qualifier
    using over the network
Set-Up key
SET VOLUME command
    /ERASE_ON_DELETE qualifier
    /NOHIGHWATER_MARKING qualifier #1
    /NOHIGHWATER_MARKING qualifier #2
    /PROTECTION qualifier
SET VOLUME command, /ERASE_ON_DELETE qualifier
SETPRV privilege
SHARE privilege
Shareable devices, access requirements
Shared files, considerations for a cluster system
Shift restrictions
SHMEM privilege
SHOW AUDIT command #1
SHOW AUDIT command #2
SHOW/IDENTIFIER command in Authorize utility #1
SHOW/IDENTIFIER command in Authorize utility #2
SHOW INTRUSION command
SHOW PROCESS command
    and WORLD privilege
SHOW PROTECTION command
SHOW/RIGHTS command in Authorize utility
SHOW SECURITY command
    displaying security profiles of objects
    displaying site defaults #1
    displaying site defaults #2
    displaying the object's class
SHOW USERS command, disconnected jobs and
Sign-on
    single
Single sign-on
Site security
Social engineering as security problem
SOGW user category abbreviation
Spawning processes, security implications in restricted accounts
Spooled devices, access requirements
STARTNET.COM command procedure
STARTUP_P1 system parameter
Subjects in security models #1
Subjects in security models #2
Submit access
Subprocesses
    analyzing audit messages
    increase in auditing events
subsystem ACEs #1
subsystem ACEs #2
subsystem ACEs #3
subsystem ACEs #4
    format
Subsystem attribute
Surveillance guidelines
Synchronization
    password
SYS$ACME_MODULE logical name
SYS$ANNOUNCE logical name
SYS$NODE logical name
SYS$SINGLE_SIGNON logical name
SYS$SINGLE_SIGNON logical name bits
SYS$WELCOME logical name
SYSALF, automatic login facility (ALF) file
SYSECURITY.COM command procedure
SYSGBL privilege #1
SYSGBL privilege #2
SYSLCK privilege #1
SYSLCK privilege #2
SYSMAN databases and C2 environments
SYSNAM privilege #1
SYSNAM privilege #2
    modifying system operations
    overriding access controls
    queue management
SYSPRV privilege #1
SYSPRV privilege #2
SYSPRV privilege #3
    giving rights of system user
    tasks requiring
SYSTARTUP_VMS.COM command procedure
System failures
    disposing of hardcopy output
System files
    adding ACLs
    Alpha default protection
    auditing recommendations
    benefiting from ACLs
    default protection
    protecting
    protection codes and ownership
    recommended
    required
    VAX default protection
System Generation utility (SYSGEN), auditing parameter modifications
System Management utility (SYSMAN)
    managing clusters
    modifying cluster security data
    modifying LGI parameters
System parameters
    auditing modification of
    controlling disconnected processes
    defining system users (security category)
    required C2 settings
System passwords
    causing login failures
    disadvantages
    entering
    guidelines
    minimum length requirement
    modifying
    recommended change frequency
    setting up
    where stored
System services, auditing event information
System users (security category) #1
System users (security category) #2
    defining with MAXSYSGROUP parameter
    qualifications for
Systems
    controlling access to
    controlling use of
SYSUAF.DAT files
    account expiration
    auditing modifications to
    LOCKPWD flag
    login class restrictions
    modifications and security audit #1
    modifications and security audit #2
    normal protection
    password storage
    privileges and #1
    privileges and #2
    recording privileges
    synchronization with rights database
SYSUAFs (system user authorization files)
    marking for external authentication


Previous Next Contents Index

[Site home] [Send comments] [Help with this site] [How to order documentation] [OpenVMS site] [Compaq site]
[OpenVMS documentation]

Copyright © Compaq Computer Corporation 1998. All rights reserved.

Legal
6346PRO_INDEX_006.HTML