OpenVMS Guide to System Security

Document revision date: 19 July 1999

OpenVMS Guide to System Security

Contents

Index

M

MAIL.EXE

    reinstalling with privileges

Mail files, recommended protection for

MAIL objects, recommended access

Mail utility (MAIL)

    controlling notification messages

    transferring text files

Mailboxes

    default protection

    default security elements

    for audit event messages

    modifying security profiles

    privilege requirements

Maintenance tasks for secure systems

Manage access

MAXSYSGROUP system parameter #1

MAXSYSGROUP system parameter #2

Media initialization

    access requirements

    restricting with ACLs

Member numbers in UICs

Member UIC names

Memory consumption by ACLs

Messages

    announcement

        security disadvantages

    auditing

    auditing security-relevant events

    disabling last login

    last successful interactive login

    login

    login failures

    suppressing #1

    suppressing #2

    suppressing last login

    welcome

MFD (master file directory)

MIRROR objects

MME (Media Management Extension)

    not in C2 evaluation

Modems

    C2 system requirements

MODIFY/SYSTEM_PASSWORD command in Authorize utility

MODIFY user/FLAG=AUDIT command in Authorize utility #1

MODIFY user/FLAG=AUDIT command in Authorize utility #2

MOM (maintenance operations module) objects

MOUNT command, alarms

MOUNT privilege

Mounting volumes

    access requirements

    security audits and

    with protected subsystems

N

Name Hidden attribute

Naming rules

    capability objects

    common event flag clusters

    devices

    files

    global sections

    logical name tables

    queues

    resource domains

    security class

NCP (Network Control Program)

    auditing database modifications

NET PASSWORD command

NET$PROXY.DAT files

    auditing

NETMBX privilege

NETPROXY.DAT files

    auditing

    normal protection

Network access control strings #1

Network access control strings #2

Network access control strings #3

Network access control strings #4

Network accounts

    DECNET account, removing

    network objects #1

    network objects #2

Network databases

Network identifiers

Network logins #1

Network logins #2

Network security

    C2 systems and

    events audited

    limitations

    network object configuration #1

    network object configuration #2

    requirements for

Networks

    access control

    INBOUND parameter

    proxy login for applications

NISCS_CONV_BOOT system parameter

NML (network management listener) objects

No Access attribute

Nodes, types of

Non-file-oriented devices, access requirements #1

Non-file-oriented devices, access requirements #2

None attribute (ACEs) #1

None attribute (ACEs) #2

Noninteractive logins

    batch

    classes

    network

Nopropagate attribute #1

Nopropagate attribute #2

Nopropagate attribute #3

Numeric UICs

O

Object classes

    descriptions of

    security attributes of

Object ownership

    assigning during file creation

    by resource identifiers

    changing #1

    changing #2

    exceptions to the rules

    files

    managing defaults #1

    managing defaults #2

    managing directory defaults

    qualifying for

    reassigning

    restoring file defaults

    security element of an object

    zero UICs in protection checks

Object permanence

    capability object

    common event flag cluster

    devices

    global sections

    logical name tables

    queues

    resource domains

    security class object

    volumes

Objects

    access arranged by

    access to, comparing security profiles

    ACLs and

    adding ACEs for security auditing

    alarms for creation

    alarms for deaccess

    alarms for deletion

    auditing access #1

    auditing access #2

    auditing access #3

    C2 systems and

    capability class

    changing security profile

    characteristics of protected objects

    class descriptions

    class-specific access overrides

    class specification

    classes of

    classes protected by operating system

    classes protected by operating system

    controlling access with Identifier ACEs #1

    controlling access with Identifier ACEs #2

    displaying default protection and ownership

    displaying security profiles

    global sections

    granting access through protection codes

    in security models

    kinds of events audited

    logical name tables

    managing default protection and ownership

    modifying class templates

    protection codes #1

    protection codes #2

    queues

    reassigning ownership

    resource domains

    role in security models

    rules for determining access

    security class

    security elements source

    security management overview

    security profiles #1

    security profiles #2

    volumes

OPCOM (operator communication manager), security auditing and

Open accounts

    C2 systems and

    captive accounts and

    captive recommendation

Open files and ACL consumption of memory

OpenVMS Management Station

    not in C2 evaluation

OPER privilege

    overriding access controls

    queue access

    queue management

Owner

    category of user access

M
MAIL.EXE
reinstalling with privileges
Mail files, recommended protection for
MAIL objects, recommended access
Mail utility (MAIL)
controlling notification messages
transferring text files
Mailboxes
default protection
default security elements
for audit event messages
modifying security profiles
privilege requirements
Maintenance tasks for secure systems
Manage access
MAXSYSGROUP system parameter #1
MAXSYSGROUP system parameter #2
Media initialization
access requirements
restricting with ACLs
Member numbers in UICs
Member UIC names
Memory consumption by ACLs
Messages
announcement
security disadvantages
auditing
auditing security-relevant events
disabling last login
last successful interactive login
login
login failures
suppressing #1
suppressing #2
suppressing last login
welcome
MFD (master file directory)
MIRROR objects
MME (Media Management Extension)
not in C2 evaluation
Modems
C2 system requirements
MODIFY/SYSTEM_PASSWORD command in Authorize utility
MODIFY user/FLAG=AUDIT command in Authorize utility #1
MODIFY user/FLAG=AUDIT command in Authorize utility #2
MOM (maintenance operations module) objects
MOUNT command, alarms
MOUNT privilege
Mounting volumes
access requirements
security audits and
with protected subsystems
N
Name Hidden attribute
Naming rules
capability objects
common event flag clusters
devices
files
global sections
logical name tables
queues
resource domains
security class
NCP (Network Control Program)
auditing database modifications
NET PASSWORD command
NET$PROXY.DAT files
auditing
NETMBX privilege
NETPROXY.DAT files
auditing
normal protection
Network access control strings #1
Network access control strings #2
Network access control strings #3
Network access control strings #4
Network accounts
DECNET account, removing
network objects #1
network objects #2
Network databases
Network identifiers
Network logins #1
Network logins #2
Network security
C2 systems and
events audited
limitations
network object configuration #1
network object configuration #2
requirements for
Networks
access control
INBOUND parameter
proxy login for applications
NISCS_CONV_BOOT system parameter
NML (network management listener) objects
No Access attribute
Nodes, types of
Non-file-oriented devices, access requirements #1
Non-file-oriented devices, access requirements #2
None attribute (ACEs) #1
None attribute (ACEs) #2
Noninteractive logins
batch
classes
network
Nopropagate attribute #1
Nopropagate attribute #2
Nopropagate attribute #3
Numeric UICs
O
Object classes
descriptions of
security attributes of
Object ownership
assigning during file creation
by resource identifiers
changing #1
changing #2
exceptions to the rules
files
managing defaults #1
managing defaults #2
managing directory defaults
qualifying for
reassigning
restoring file defaults
security element of an object
zero UICs in protection checks
Object permanence
capability object
common event flag cluster
devices
global sections
logical name tables
queues
resource domains
security class object
volumes
Objects
access arranged by
access to, comparing security profiles
ACLs and
adding ACEs for security auditing
alarms for creation
alarms for deaccess
alarms for deletion
auditing access #1
auditing access #2
auditing access #3
C2 systems and
capability class
changing security profile
characteristics of protected objects
class descriptions
class-specific access overrides
class specification
classes of
classes protected by operating system
classes protected by operating system
controlling access with Identifier ACEs #1
controlling access with Identifier ACEs #2
displaying default protection and ownership
displaying security profiles
global sections
granting access through protection codes
in security models
kinds of events audited
logical name tables
managing default protection and ownership
modifying class templates
protection codes #1
protection codes #2
queues
reassigning ownership
resource domains
role in security models
rules for determining access
security class
security elements source
security management overview
security profiles #1
security profiles #2
volumes
OPCOM (operator communication manager), security auditing and
Open accounts
C2 systems and
captive accounts and
captive recommendation
Open files and ACL consumption of memory
OpenVMS Management Station
not in C2 evaluation
OPER privilege
overriding access controls
queue access
queue management
Owner
category of user access

Contents

Index

privacy and legal statement

6346PRO_INDEX_004.HTML