Document revision date: 19 July 1999
[Compaq] [Go to the documentation home page] [How to order documentation] [Help on this site] [How to contact us]
[OpenVMS documentation]

OpenVMS Guide to System Security


Previous Contents Index

Appendix B
Appendix B Protection for OpenVMS VAX System Files
     B.1     Standard Ownership and Protection
     B.2     Listing of OpenVMS VAX System Files
         B.2.1         Files in Top-Level Directories
         B.2.2         Files in DECW$DEFAULTS.SYSTEM and MOM$SYSTEM
         B.2.3         Files in SYS$KEYMAP
         B.2.4         Files in SYS$KEYMAP.DECW.SYSTEM
         B.2.5         Files in SYS$LDR
         B.2.6         Files in SYS$STARTUP and SYS$ERR
         B.2.7         Files in SYSEXE
         B.2.8         Files in SYSFONT and SYSFONT.DECW
         B.2.9         Files in DECW.100DPI
         B.2.10         Files in DECW.75DPI
         B.2.11         Files in SYSFONT.DECW.COMMON
         B.2.12         Files in SYSHLP
         B.2.13         Files in SYSLIB
         B.2.14         Files in SYSMGR
         B.2.15         Files in SYSMSG
         B.2.16         Files in SYSTEST
         B.2.17         Files in SYSUPD
         B.2.18         Files in VUE$LIBRARY
Appendix C
Appendix C Running an OpenVMS System in a C2 Environment
     C.1     Introduction to C2 Systems
         C.1.1         Definition of the C2 Environment
         C.1.2         Documentation
     C.2     Trusted Computing Base (TCB) for C2 Systems
         C.2.1         Hardware in the TCB
         C.2.2         Software in the TCB
         C.2.3         Site-Specific Additions to the TCB
     C.3     Protecting Objects
     C.4     Protecting the TCB
         C.4.1         Protecting Files
         C.4.2         Privileges for Trusted Users
         C.4.3         Privileges for Untrusted Users
         C.4.4         Physical Security
     C.5     Configuring a C2 System
         C.5.1         Keeping Individuals Accountable
         C.5.2         Managing the Auditing Trail
         C.5.3         Reusing Objects
         C.5.4         Configuring Clusters
         C.5.5         Starting Up and Operating the System
         C.5.6         Forcing Immediate Reauthentication of a Specified Subject After a Change in Access Rights
     C.6     Checklist for Generating a C2 System
Appendix D
Appendix D Alarm Messages
Glossary
Glossary Glossary
Index
Index
Examples
3-1 Local Login Messages
4-1 Authorized Versus Default Process Privileges
6-1 Sample Security Administrator's Account
7-1 Creating a Typical Interactive User Account
7-2 Creating a Limited-Access Account
7-3 Sample Captive Procedure for Privileged Accounts
7-4 Sample Captive Command Procedure for Unprivileged Accounts
7-5 Intrusion Database Display
9-1 Sample Alarm Message
9-2 Audit Generated by an Object Access Event
9-3 Auditing Events for a Site with Moderate Security Requirements
9-4 Brief Audit Report
9-5 One Record from a Full Audit Report
9-6 Summary of Events in an Audit Log File
9-7 Identifying Suspicious Activity in the Audit Report
9-8 Scrutinizing a Suspicious Record
9-9 Default Characteristics of the Audit Server
12-1 Sample Proxy Account
12-2 UAF Record for MAIL$SERVER Account
12-3 Sample Commands for a Dynamic Asynchronous Connection
12-4 Protected File Sharing in a Network
13-1 Subsystem Command Procedure
Figures
2-1 Reference Monitor
2-2 Authorization Access Matrix
2-3 Authorization Access Matrix with Labeled Cross-Points
4-1 Previous Per-Thread Security Model
4-2 Per-Thread Security Profile Model
4-3 Flowchart of Access Request Evaluation
8-1 Flowchart of File Creation
8-2 Security Class Object
12-1 The Reference Monitor in a Network
12-2 A Typical Dynamic Asynchronous Connection
13-1 How Protected Subsystems Differ from Normal Access Control
13-2 Directory Structure of the Taylor Company's Subsystem
Tables
1-1 Event Tolerance as a Measure of Security Requirements
2-1 Objects Protected by Security Controls
2-2 Information Stored in the Authorization Database
2-3 Security Auditing Overview
3-1 Secure and Insecure Passwords
3-2 Types of Passwords
3-3 Reasons for Login Failure
4-1 Major Types of Rights Identifiers
4-2 Classes of Protected Objects
5-1 Access Requirements for Non-File-Oriented Devices
6-1 Example of a Site Security Policy
7-1 Authorize Qualifiers Controlling Login Times and Conditions
7-2 Login Qualifiers Not Allowed by Captive Accounts
7-3 Qualifiers Required to Define Captive Accounts
7-4 Defaults for Password History List
7-5 SYS$SINGLE_SIGNON Logical Name Bits
7-6 Intrusion Example
7-7 Parameters for Controlling Login Attempts
8-1 Employee Grouping by Department and Function
8-2 OpenVMS Privileges
8-3 Minimum Privileges for System Users
8-4 DCL Commands Used to Protect Files
9-1 Event Classes Audited by Default
9-2 Access Control Entries (ACEs) for Security Auditing
9-3 Kinds of Security Events the System Can Report
9-4 Events to Monitor Depending on a Site's Security Requirements
9-5 Characteristics of the Audit Log File
9-6 Qualifiers for the Audit Analysis Utility
9-7 Controlling the Flow of Audit Event Messages
10-1 System Files Benefiting from ACL-Based Auditing
11-1 System Files That Must Be Common in a Cluster
11-2 System Files Recommended to Be Common
11-3 Using Multiple Versions of Required Cluster Files
11-4 Fields in SYSUAF.DAT Requiring Synchronization
11-5 Summary of Object Behavior in a Cluster
12-1 AUTHORIZE Commands for Managing Network Proxy Access
12-2 Network Object Defaults
B-1 Exceptions to Standard OpenVMS VAX System File Protection
C-1 Software Not Included in the C2-Evaluated System
C-2 Privileges for Untrusted Users


Previous Next Contents Index

  [Go to the documentation home page] [How to order documentation] [Help on this site] [How to contact us]  
  privacy and legal statement  
6346PRO_CONTENTS_004.HTML