| Appendix B |
|
Appendix B
|
Protection for OpenVMS VAX System Files
|
|
B.1
|
Standard Ownership and Protection
|
|
B.2
|
Listing of OpenVMS VAX System Files
|
|
B.2.1
|
Files in Top-Level Directories
|
|
B.2.2
|
Files in DECW$DEFAULTS.SYSTEM and MOM$SYSTEM
|
|
B.2.3
|
Files in SYS$KEYMAP
|
|
B.2.4
|
Files in SYS$KEYMAP.DECW.SYSTEM
|
|
B.2.5
|
Files in SYS$LDR
|
|
B.2.6
|
Files in SYS$STARTUP and SYS$ERR
|
|
B.2.7
|
Files in SYSEXE
|
|
B.2.8
|
Files in SYSFONT and SYSFONT.DECW
|
|
B.2.9
|
Files in DECW.100DPI
|
|
B.2.10
|
Files in DECW.75DPI
|
|
B.2.11
|
Files in SYSFONT.DECW.COMMON
|
|
B.2.12
|
Files in SYSHLP
|
|
B.2.13
|
Files in SYSLIB
|
|
B.2.14
|
Files in SYSMGR
|
|
B.2.15
|
Files in SYSMSG
|
|
B.2.16
|
Files in SYSTEST
|
|
B.2.17
|
Files in SYSUPD
|
|
B.2.18
|
Files in VUE$LIBRARY
|
| Appendix C |
|
Appendix C
|
Running an OpenVMS System in a C2 Environment
|
|
C.1
|
Introduction to C2 Systems
|
|
C.1.1
|
Definition of the C2 Environment
|
|
C.1.2
|
Documentation
|
|
C.2
|
Trusted Computing Base (TCB) for C2 Systems
|
|
C.2.1
|
Hardware in the TCB
|
|
C.2.2
|
Software in the TCB
|
|
C.2.3
|
Site-Specific Additions to the TCB
|
|
C.3
|
Protecting Objects
|
|
C.4
|
Protecting the TCB
|
|
C.4.1
|
Protecting Files
|
|
C.4.2
|
Privileges for Trusted Users
|
|
C.4.3
|
Privileges for Untrusted Users
|
|
C.4.4
|
Physical Security
|
|
C.5
|
Configuring a C2 System
|
|
C.5.1
|
Keeping Individuals Accountable
|
|
C.5.2
|
Managing the Auditing Trail
|
|
C.5.3
|
Reusing Objects
|
|
C.5.4
|
Configuring Clusters
|
|
C.5.5
|
Starting Up and Operating the System
|
|
C.5.6
|
Forcing Immediate Reauthentication of a Specified Subject After a Change in Access Rights
|
|
C.6
|
Checklist for Generating a C2 System
|
| Appendix D |
|
Appendix D
|
Alarm Messages
|
| Glossary |
|
Glossary
|
Glossary
|
| Index |
| Index |
| Examples |
| 3-1 |
Local Login Messages |
| 4-1 |
Authorized Versus Default Process Privileges |
| 6-1 |
Sample Security Administrator's Account |
| 7-1 |
Creating a Typical Interactive User Account |
| 7-2 |
Creating a Limited-Access Account |
| 7-3 |
Sample Captive Procedure for Privileged Accounts |
| 7-4 |
Sample Captive Command Procedure for Unprivileged Accounts |
| 7-5 |
Intrusion Database Display |
| 9-1 |
Sample Alarm Message |
| 9-2 |
Audit Generated by an Object Access Event |
| 9-3 |
Auditing Events for a Site with Moderate Security Requirements |
| 9-4 |
Brief Audit Report |
| 9-5 |
One Record from a Full Audit Report |
| 9-6 |
Summary of Events in an Audit Log File |
| 9-7 |
Identifying Suspicious Activity in the Audit Report |
| 9-8 |
Scrutinizing a Suspicious Record |
| 9-9 |
Default Characteristics of the Audit Server |
| 12-1 |
Sample Proxy Account |
| 12-2 |
UAF Record for MAIL$SERVER Account |
| 12-3 |
Sample Commands for a Dynamic Asynchronous Connection |
| 12-4 |
Protected File Sharing in a Network |
| 13-1 |
Subsystem Command Procedure |
| Figures |
| 2-1 |
Reference Monitor |
| 2-2 |
Authorization Access Matrix |
| 2-3 |
Authorization Access Matrix with Labeled Cross-Points |
| 4-1 |
Previous Per-Thread Security Model |
| 4-2 |
Per-Thread Security Profile Model |
| 4-3 |
Flowchart of Access Request Evaluation |
| 8-1 |
Flowchart of File Creation |
| 8-2 |
Security Class Object |
| 12-1 |
The Reference Monitor in a Network |
| 12-2 |
A Typical Dynamic Asynchronous Connection |
| 13-1 |
How Protected Subsystems Differ from Normal Access Control |
| 13-2 |
Directory Structure of the Taylor Company's Subsystem |
| Tables |
| 1-1 |
Event Tolerance as a Measure of Security Requirements |
| 2-1 |
Objects Protected by Security Controls |
| 2-2 |
Information Stored in the Authorization Database |
| 2-3 |
Security Auditing Overview |
| 3-1 |
Secure and Insecure Passwords |
| 3-2 |
Types of Passwords |
| 3-3 |
Reasons for Login Failure |
| 4-1 |
Major Types of Rights Identifiers |
| 4-2 |
Classes of Protected Objects |
| 5-1 |
Access Requirements for Non-File-Oriented Devices |
| 6-1 |
Example of a Site Security Policy |
| 7-1 |
Authorize Qualifiers Controlling Login Times and Conditions |
| 7-2 |
Login Qualifiers Not Allowed by Captive Accounts |
| 7-3 |
Qualifiers Required to Define Captive Accounts |
| 7-4 |
Defaults for Password History List |
| 7-5 |
SYS$SINGLE_SIGNON Logical Name Bits |
| 7-6 |
Intrusion Example |
| 7-7 |
Parameters for Controlling Login Attempts |
| 8-1 |
Employee Grouping by Department and Function |
| 8-2 |
OpenVMS Privileges |
| 8-3 |
Minimum Privileges for System Users |
| 8-4 |
DCL Commands Used to Protect Files |
| 9-1 |
Event Classes Audited by Default |
| 9-2 |
Access Control Entries (ACEs) for Security Auditing |
| 9-3 |
Kinds of Security Events the System Can Report |
| 9-4 |
Events to Monitor Depending on a Site's Security Requirements |
| 9-5 |
Characteristics of the Audit Log File |
| 9-6 |
Qualifiers for the Audit Analysis Utility |
| 9-7 |
Controlling the Flow of Audit Event Messages |
| 10-1 |
System Files Benefiting from ACL-Based Auditing |
| 11-1 |
System Files That Must Be Common in a Cluster |
| 11-2 |
System Files Recommended to Be Common |
| 11-3 |
Using Multiple Versions of Required Cluster Files |
| 11-4 |
Fields in SYSUAF.DAT Requiring Synchronization |
| 11-5 |
Summary of Object Behavior in a Cluster |
| 12-1 |
AUTHORIZE Commands for Managing Network Proxy Access |
| 12-2 |
Network Object Defaults |
| B-1 |
Exceptions to Standard OpenVMS VAX System File Protection |
| C-1 |
Software Not Included in the C2-Evaluated System |
| C-2 |
Privileges for Untrusted Users |
![[Compaq]](../../images/compaq.gif)
![[Go to the documentation home page]](../../images/buttons/bn_site_home.gif)
![[How to order documentation]](../../images/buttons/bn_order_docs.gif)
![[Help on this site]](../../images/buttons/bn_site_help.gif)
![[How to contact us]](../../images/buttons/bn_comments.gif)
![[OpenVMS documentation]](../../images/ovmsdoc_sec_head.gif)