Appendix B |
Appendix B
|
Protection for OpenVMS VAX System Files
|
B.1
|
Standard Ownership and Protection
|
B.2
|
Listing of OpenVMS VAX System Files
|
B.2.1
|
Files in Top-Level Directories
|
B.2.2
|
Files in DECW$DEFAULTS.SYSTEM and MOM$SYSTEM
|
B.2.3
|
Files in SYS$KEYMAP
|
B.2.4
|
Files in SYS$KEYMAP.DECW.SYSTEM
|
B.2.5
|
Files in SYS$LDR
|
B.2.6
|
Files in SYS$STARTUP and SYS$ERR
|
B.2.7
|
Files in SYSEXE
|
B.2.8
|
Files in SYSFONT and SYSFONT.DECW
|
B.2.9
|
Files in DECW.100DPI
|
B.2.10
|
Files in DECW.75DPI
|
B.2.11
|
Files in SYSFONT.DECW.COMMON
|
B.2.12
|
Files in SYSHLP
|
B.2.13
|
Files in SYSLIB
|
B.2.14
|
Files in SYSMGR
|
B.2.15
|
Files in SYSMSG
|
B.2.16
|
Files in SYSTEST
|
B.2.17
|
Files in SYSUPD
|
B.2.18
|
Files in VUE$LIBRARY
|
Appendix C |
Appendix C
|
Running an OpenVMS System in a C2 Environment
|
C.1
|
Introduction to C2 Systems
|
C.1.1
|
Definition of the C2 Environment
|
C.1.2
|
Documentation
|
C.2
|
Trusted Computing Base (TCB) for C2 Systems
|
C.2.1
|
Hardware in the TCB
|
C.2.2
|
Software in the TCB
|
C.2.3
|
Site-Specific Additions to the TCB
|
C.3
|
Protecting Objects
|
C.4
|
Protecting the TCB
|
C.4.1
|
Protecting Files
|
C.4.2
|
Privileges for Trusted Users
|
C.4.3
|
Privileges for Untrusted Users
|
C.4.4
|
Physical Security
|
C.5
|
Configuring a C2 System
|
C.5.1
|
Keeping Individuals Accountable
|
C.5.2
|
Managing the Auditing Trail
|
C.5.3
|
Reusing Objects
|
C.5.4
|
Configuring Clusters
|
C.5.5
|
Starting Up and Operating the System
|
C.5.6
|
Forcing Immediate Reauthentication of a Specified Subject After a Change in Access Rights
|
C.6
|
Checklist for Generating a C2 System
|
Appendix D |
Appendix D
|
Alarm Messages
|
Glossary |
Glossary
|
Glossary
|
Index |
Index |
Examples |
3-1 |
Local Login Messages |
4-1 |
Authorized Versus Default Process Privileges |
6-1 |
Sample Security Administrator's Account |
7-1 |
Creating a Typical Interactive User Account |
7-2 |
Creating a Limited-Access Account |
7-3 |
Sample Captive Procedure for Privileged Accounts |
7-4 |
Sample Captive Command Procedure for Unprivileged Accounts |
7-5 |
Intrusion Database Display |
9-1 |
Sample Alarm Message |
9-2 |
Audit Generated by an Object Access Event |
9-3 |
Auditing Events for a Site with Moderate Security Requirements |
9-4 |
Brief Audit Report |
9-5 |
One Record from a Full Audit Report |
9-6 |
Summary of Events in an Audit Log File |
9-7 |
Identifying Suspicious Activity in the Audit Report |
9-8 |
Scrutinizing a Suspicious Record |
9-9 |
Default Characteristics of the Audit Server |
12-1 |
Sample Proxy Account |
12-2 |
UAF Record for MAIL$SERVER Account |
12-3 |
Sample Commands for a Dynamic Asynchronous Connection |
12-4 |
Protected File Sharing in a Network |
13-1 |
Subsystem Command Procedure |
Figures |
2-1 |
Reference Monitor |
2-2 |
Authorization Access Matrix |
2-3 |
Authorization Access Matrix with Labeled Cross-Points |
4-1 |
Previous Per-Thread Security Model |
4-2 |
Per-Thread Security Profile Model |
4-3 |
Flowchart of Access Request Evaluation |
8-1 |
Flowchart of File Creation |
8-2 |
Security Class Object |
12-1 |
The Reference Monitor in a Network |
12-2 |
A Typical Dynamic Asynchronous Connection |
13-1 |
How Protected Subsystems Differ from Normal Access Control |
13-2 |
Directory Structure of the Taylor Company's Subsystem |
Tables |
1-1 |
Event Tolerance as a Measure of Security Requirements |
2-1 |
Objects Protected by Security Controls |
2-2 |
Information Stored in the Authorization Database |
2-3 |
Security Auditing Overview |
3-1 |
Secure and Insecure Passwords |
3-2 |
Types of Passwords |
3-3 |
Reasons for Login Failure |
4-1 |
Major Types of Rights Identifiers |
4-2 |
Classes of Protected Objects |
5-1 |
Access Requirements for Non-File-Oriented Devices |
6-1 |
Example of a Site Security Policy |
7-1 |
Authorize Qualifiers Controlling Login Times and Conditions |
7-2 |
Login Qualifiers Not Allowed by Captive Accounts |
7-3 |
Qualifiers Required to Define Captive Accounts |
7-4 |
Defaults for Password History List |
7-5 |
SYS$SINGLE_SIGNON Logical Name Bits |
7-6 |
Intrusion Example |
7-7 |
Parameters for Controlling Login Attempts |
8-1 |
Employee Grouping by Department and Function |
8-2 |
OpenVMS Privileges |
8-3 |
Minimum Privileges for System Users |
8-4 |
DCL Commands Used to Protect Files |
9-1 |
Event Classes Audited by Default |
9-2 |
Access Control Entries (ACEs) for Security Auditing |
9-3 |
Kinds of Security Events the System Can Report |
9-4 |
Events to Monitor Depending on a Site's Security Requirements |
9-5 |
Characteristics of the Audit Log File |
9-6 |
Qualifiers for the Audit Analysis Utility |
9-7 |
Controlling the Flow of Audit Event Messages |
10-1 |
System Files Benefiting from ACL-Based Auditing |
11-1 |
System Files That Must Be Common in a Cluster |
11-2 |
System Files Recommended to Be Common |
11-3 |
Using Multiple Versions of Required Cluster Files |
11-4 |
Fields in SYSUAF.DAT Requiring Synchronization |
11-5 |
Summary of Object Behavior in a Cluster |
12-1 |
AUTHORIZE Commands for Managing Network Proxy Access |
12-2 |
Network Object Defaults |
B-1 |
Exceptions to Standard OpenVMS VAX System File Protection |
C-1 |
Software Not Included in the C2-Evaluated System |
C-2 |
Privileges for Untrusted Users |