Document revision date: 19 July 1999

Q
Queues
access granted by OPER privilege
ACL access rights
as protected objects
events audited
privilege requirements
profile storage
protection code access rights
security elements of
template profiles
types of access
R
Read access
devices
files
global sections
granting through ACLs
granting through protection codes
logical name tables
queues
through ACLs
through protection codes
resource domains
security class
volumes
READALL privilege #1
READALL privilege #2
READALL privilege #3
Recall buffers
RECALL command, /ERASE qualifier
Receive passwords
Reconnection to processes
Records displaying holder of a rights identifier
Reference monitors
applying to networks
concept in security #1
concept in security #2
implementation
requirements on
Remote diagnostics, C2 system requirements
Remote identifiers
Remote logins
logging out
system passwords and
REMOVE/IDENTIFIER command in Authorize utility
Removing proxy access
RENAME command, /INHERIT_SECURITY qualifier
Reserved UIC group numbers
Resource attribute #1
Resource attribute #2
Resource attributes #1
Resource attributes #2
Resource domains
events audited
privilege requirements
profile storage
security elements of
template profile
types of access
Resource identifiers
as file owners #1
as file owners #2
Resource monitoring
disabling
Restricted accounts #1
Restricted accounts #2
danger of process spawning
setting up
when to use #1
when to use #2
Rights database
adding identifiers
assigning identifiers to users
creating and maintaining
displaying
removing identifiers and holders
Rights databases
adding identifiers
assigning identifiers to users
creating and maintaining
displaying
removing identifiers and holders
Rights list, access arranged by capability
Rights of users
displaying
RIGHTSLIST.DAT files
auditing
creating and maintaining
how UICs are stored
RMS_FILEPROT system parameter #1
RMS_FILEPROT system parameter #2
RMS_FILEPROT system parameter #3
RMS_FILEPROT system parameter #4
Routing initialization passwords
S
Save set (BACKUP), protection of
Screen clearing #1
Screen clearing #2
Secondary passwords
advantages
changing
changing expired
disadvantages
entering
login expiration
managing
minimum length
SECSRV$CLIENT
reserved identifier
SECSRV$COMMUNICATION
reserved identifier
SECSRV$OBJECT
reserved identifier
Secure terminal servers
password protection and
Security
environmental factors
Security administrators
C2 requirements
checklist for maintaining a secure system
cluster managers and
goals of
personal accounts
privilege requirements
role of
system passwords and
training users #1
training users #2
Security alarms
audit log file
disabling on system consoles
events to enable as #1
events to enable as #2
events triggering
example of enabling events
sample messages #1
sample messages #2
Security archive files
losing the remote link to
Security attacks, forms of #1
Security attacks, forms of #2
Security audit event messages
changing disk transfer rate
controlling delivery to server
delaying delivery at startup
when to ignore
SECURITY.AUDIT$JOURNAL files
Security audit log files #1
Security audit log files #2
advantages of
allocating disk space
C2 systems and
changing location
changing message transfer rate
characteristics
creating
description
events to report
interactive analysis
maintaining
pre-extending
procedures
selecting records from
Security audit reports
analyzing suspicious activity
brief format
creating
defining contents of #1
defining contents of #2
destination
detailed inspection
examples #1
examples #2
formats #1
formats #2
full format
rights identifiers in
routine inspections
scheduling
summary format
Security auditing
account and file access
adding ACEs to files
analyzing audit log files
archive files
assessing site requirements
audit server databases
audit trails #1
audit trails #2
C2 system restrictions
capability objects
cluster considerations
common event flag clusters
controlling event messages
default auditing events
default characteristics
devices
directories
disabling auditing
disabling events
disabling resource monitoring
effective use
enabling auditing
enabling event classes
enabling events
error handling #1
error handling #2
excluding processes from suspension
files #1
files #2
global sections
granularity of events
high security needs #1
high security needs #2
listener devices
logical name tables
low security needs #1
low security needs #2
managing the audit server
memory limitations and
messages
moderate security needs #1
moderate security needs #2
moderate security needs #3
object class enabled
overview
performance impact
queues
reporting object access
reporting object use
resource domains
security class objects
sending event messages to archive files #1
sending event messages to archive files #2
sending event messages to mailboxes
sending event messages to operator terminals
synchronizing cluster time
volumes
Security-auditing ACEs
position in ACL
Security-auditing events
based on security needs
classes of
default classes #1
default classes #2
default classes #3
disabling all classes
displaying
enabling all classes
enabling as alarms
enabling as audits
example
network
reporting #1
reporting #2
reporting #3
reporting #4
sending to audit log files
sending to listener mailboxes
sending to operator terminals
sending to remote archive files
suppressing privilege audits
suppressing process control audits
system services for
Security breaches, handling #1
Security breaches, handling #2
Security checklists
for C2 systems
for designing a secure system
for maintaining a secure system
for training users
for users
Security class object
definition
events audited
profile storage
template profile
types of access
Security features
access controls #1
access controls #2
account duration #1
account duration #2
account duration #3
auditing #1
auditing #2
auditing #3
auditing #4
automatic password generation #1
automatic password generation #2
dialup retries
erase-on-allocate
erase-on-delete
high-water marking
intrusion detection #1
intrusion detection #2
login class restrictions #1
login class restrictions #2
password changes
password expiration #1
password expiration #2
password protection #1
password protection #2
password requirements #1
password requirements #2
password restrictions #1
password restrictions #2
passwords
protected subsystems
proxy accounts
proxy logins #1
proxy logins #2
secondary passwords #1
secondary passwords #2
secure terminal servers #1
secure terminal servers #2
security alarms
shift restrictions
system passwords #1
system passwords #2
Security kernel, definition
Security levels #1
Security levels #2
event monitoring and
high #1
high #2
low #1
low #2
medium
Security management
for clusters #1
for clusters #2
for clusters #3
managing audit log file
modifying cluster group number
modifying cluster password
policy development #1
policy development #2
policy development #3
protected objects, cluster-visible
protected objects, databases
synchronizing authorization data
SYSMAN requirements
Security models
Security operator terminals
SECURITY privilege
hidden ACEs and
Security problems
anonymity of network and dialup users
autologin accounts, reducing
categories of
disk scavenging
hardcopy terminal output
logging out #1
logging out #2
network access control strings
password detection
telephone system as
Security profiles
assigning to new devices
capability object
common event flag clusters
devices
displaying class defaults
files #1
files #2
files #3
global sections
in access evaluations
logical name tables
modification requirements #1
modification requirements #2
objects
ACLs
changing
contents
deleting ACLs
displaying
modifying class templates
origin of
owner element
protection codes #1
protection codes #2
processes
displaying #1
displaying #2
identifiers
privileges
UICs
queues
resource domains
security class
users
displaying #1
displaying #2
identifiers
privileges
UICs #1
UICs #2
volumes
Security restrictions
captive command procedures
login class
on command usage
on mode of operation
shifts #1
shifts #2
time-of-day #1
time-of-day #2
Security Server process
SECURITY_POLICY system parameter #1
SECURITY_POLICY system parameter #2
Servers
audit
secure terminals
security
SET AUDIT command
alarms
enabling security-relevant events
/EXCLUDE qualifier
/INTERVAL qualifier
/LISTENER qualifier
opening new log files
/SERVER qualifier #1
/SERVER qualifier #2
suggested auditing applications
/THRESHOLD qualifier
SET FILE command, /ERASE qualifier
SET HOST command
SET HOST/DTE command, using over the network
SET PASSWORD command
automatic password generation
/GENERATE qualifier #1
/GENERATE qualifier #2
/SECONDARY qualifier
/SYSTEM/GENERATE qualifier
/SYSTEM qualifier
SET PROCESS command, /PRIVILEGES qualifier #1
SET PROCESS command, /PRIVILEGES qualifier #2
SET PROTECTION/DEFAULT command
SET SECURITY command
/ACL qualifier
adding Identifier ACEs
deleting
deleting ACEs
example
replacing ACEs
/AFTER qualifier
changing object security profile
changing protection codes
/CLASS=DEVICE qualifier
/CLASS qualifier #1
/CLASS qualifier #2
copying ACLs
/COPY_ATTRIBUTE qualifier
creating an ACL
/DEFAULT qualifier #1
/DEFAULT qualifier #2
/DELETE qualifier
deleting ACEs
example
/LIKE qualifier
managing site defaults
/OWNER qualifier
/PROTECTION qualifier #1
/PROTECTION qualifier #2
modifying codes
modifying for devices
/REPLACE qualifier
restoring defaults for files
setting default file protection
SET TERMINAL command
/DISCONNECT qualifier
/HANGUP qualifier
/NOMODEM/SECURE qualifier
/SECURE qualifier
stopping password grabbers
/SYSPWD qualifier
using over the network
Set-Up key
SET VOLUME command
/ERASE_ON_DELETE qualifier
/NOHIGHWATER_MARKING qualifier #1
/NOHIGHWATER_MARKING qualifier #2
/PROTECTION qualifier
SET VOLUME command, /ERASE_ON_DELETE qualifier
SETPRV privilege
SHARE privilege
Shareable devices, access requirements
Shared files, considerations for a cluster system
Shift restrictions
SHMEM privilege
SHOW AUDIT command #1
SHOW AUDIT command #2
SHOW/IDENTIFIER command in Authorize utility #1
SHOW/IDENTIFIER command in Authorize utility #2
SHOW INTRUSION command
SHOW PROCESS command
and WORLD privilege
SHOW PROTECTION command
SHOW/RIGHTS command in Authorize utility
SHOW SECURITY command
displaying security profiles of objects
displaying site defaults #1
displaying site defaults #2
displaying the object's class
SHOW USERS command, disconnected jobs and
Sign-on
single
Single sign-on
Site security
Social engineering as security problem
SOGW user category abbreviation
Spawning processes, security implications in restricted accounts
Spooled devices, access requirements
STARTNET.COM command procedure
STARTUP_P1 system parameter
Subjects in security models #1
Subjects in security models #2
Submit access
Subprocesses
analyzing audit messages
increase in auditing events
subsystem ACEs #1
subsystem ACEs #2
subsystem ACEs #3
subsystem ACEs #4
format
Subsystem attribute
Surveillance guidelines
Synchronization
password
SYS$ACME_MODULE logical name
SYS$ANNOUNCE logical name
SYS$NODE logical name
SYS$SINGLE_SIGNON logical name
SYS$SINGLE_SIGNON logical name bits
SYS$WELCOME logical name
SYSALF, automatic login facility (ALF) file
SYSECURITY.COM command procedure
SYSGBL privilege #1
SYSGBL privilege #2
SYSLCK privilege #1
SYSLCK privilege #2
SYSMAN databases and C2 environments
SYSNAM privilege #1
SYSNAM privilege #2
modifying system operations
overriding access controls
queue management
SYSPRV privilege #1
SYSPRV privilege #2
SYSPRV privilege #3
giving rights of system user
tasks requiring
SYSTARTUP_VMS.COM command procedure
System failures
disposing of hardcopy output
System files
adding ACLs
Alpha default protection
auditing recommendations
benefiting from ACLs
default protection
protecting
protection codes and ownership
recommended
required
VAX default protection
System Generation utility (SYSGEN), auditing parameter modifications
System Management utility (SYSMAN)
managing clusters
modifying cluster security data
modifying LGI parameters
System parameters
auditing modification of
controlling disconnected processes
defining system users (security category)
required C2 settings
System passwords
causing login failures
disadvantages
entering
guidelines
minimum length requirement
modifying
recommended change frequency
setting up
where stored
System services, auditing event information
System users (security category) #1
System users (security category) #2
defining with MAXSYSGROUP parameter
qualifications for
Systems
controlling access to
controlling use of
SYSUAF.DAT files
account expiration
auditing modifications to
LOCKPWD flag
login class restrictions
modifications and security audit #1
modifications and security audit #2
normal protection
password storage
privileges and #1
privileges and #2
recording privileges
synchronization with rights database
SYSUAFs (system user authorization files)
marking for external authentication

	privacy and legal statement
6346PRO_INDEX_006.HTML