Re: Security Setup and Product Advice

I just want to thank the folks who have responded to me with rock-solid
information and great advice. You've given me some excellent resources
and a great start at finding the information that I need. Thanks
again!

Bob Gezelter wrote:
ou8125150 wrote:
I am a VMS newcomer and am seeking advice on where to look for security
lockdown advice, whitepapers, and/or products. I am specifically
looking to be able to:

1. Have very granular lockdown capabilities such that if someone has
access to the $ prompt I can allow or deny access to run particular
images or commands
2. Log and playback entire login (telnet based) sessions
3. Automatically disable accounts that have n (say 3 or 4) failed,
consecutive login attempts.
4. Have the system generate and send reports based on security events
in an admin-definable way.

From what little I have gleaned from my reading, some or most of this
can be accomplished via standard VMS tools. It appears that I may not
get all I need without a separate (perhaps commercial) tool. Any
advice will be greatly appreciated.

OpenVMS has the inherant ability to control access in extremely fine
granularity. If need be, this can be on a file by file basis.
Thankfully, this degree of granularity is not often needed.

My presentation "Building Secure Applications on OpenVMS" (slides at
http://www.rlgsc.com/cets/2000/444.html ) gives some examples of
solutions and issues. Another presentation, "OpenVMS User Environments"
(a summary of the session is at
http://www.rlgsc.com/hpworld/2004/N227.html ). That presentation
focused on how privileges can be delegated, without requiring users to
be granted privileges which could compromise other users.

As Hoff and Larry have mentioned, the best general place to start for
the basic information is the standard Guide to System Security, which
is available in the OpenVMS documentation kit (on hardcopy, CDROM, or
on the www via HP at http://www.hp.com/go/openvms ). Beyond that, the
most productive method starts with understanding the security and
integrity requirements of the environment, and determining the details
of implementing these requirements.

I hope that the above is helpful. If I have been unclear, please let me
know.

- Bob Gezelter, http://www.rlgsc.com
Author, "OpenVMS Security", Handbook of Information Security
Contributing Editor, OpenVMS.org

.

Relevant Pages

  • Re: Security Setup and Product Advice
    ... lockdown advice, whitepapers, and/or products. ... Have the system generate and send reports based on security events ... OpenVMS has the inherant ability to control access in extremely fine ... this degree of granularity is not often needed. ...
    (comp.os.vms)
  • Re: The Register: OpenVMS among most-secure of operating systems
    ... >>Unfortunately its a pointless piece of research because OpenVMS ... >>security advisories do not get reliably reported to CERT, ... I don't claim CERT report counts are not accurate, ...
    (comp.os.vms)
  • Re: OT: unathorized network user.
    ... that are UTTERLY WORTHLESS to security and even cause ... and offers actually useful advice for security. ... In fact, some of them will cause many people networking problems, ... offered has absolutely NOTHING to do with securing a wireless network. ...
    (Fedora)
  • Re: Windows xp screen freezing...randomly
    ... My views on security coincide with the vast ... disregard advice to install security software. ... Mechanical KVM switches often lose the keyboard and mouse on ... "The Linksys KVM, like other electronic KVM switches, is able to ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Windows xp screen freezing...randomly
    ... I read ALL your posts. ... My views on security coincide with the vast ... disregard advice to install security software. ... "The Linksys KVM, like other electronic KVM switches, is able to ...
    (microsoft.public.windowsxp.help_and_support)
Loading