Training the New User

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP OpenVMS Guide to System Security

Security for the System Administrator

Managing the System and Its Data

Account Requirements for a Security Administrator

Logging a User's Session

Training the New User

Teaching new users about system security is an important security tool. It is important to involve users in security methods and goals; the more they know about the system and how break-ins occur, the better equipped they are to guard against them.

Include the following topics in your user training:

What is the location of the user's account? Specifically, which system, where is it located, what is the proper node name if on a network, and, if the system is part of a cluster, what other nodes are available?

Which terminals can be used for logging in, and where are they located?

Is the account restricted with regard to local, dialup, remote, interactive, network, or batch operations? If so, describe both permitted use and restrictions.

Can the account be accessed by dialing in? If so, provide the access telephone number, and describe the procedure. Specify how many retries are allowed and the maximum number of seconds allowed between each retry before the connection is lost.

Are system passwords implemented for any terminals that the user may be using? If so, describe which terminals, how often the system password is changed, and how the user can learn the new system password.

What is the account duration? When will it expire? From whom should the user request an extension?

What is the user name? What identifiers are held by the user, if any? What are the group and member numbers associated with the user?

What password information is required? Specifically, what is the initial password? Is the password locked? If the password is not locked, how often must the password be changed? What is the minimum length for the password? Is there a secondary password for this account, and who will know it? Is the user free to select passwords, or must they be automatically generated? See Checklist for Contributing to System Security"Checklist for Contributing to System Security" on page 60 for a checklist of good practices for users.

What is the default device and directory?

What is the default protection?

Are there quotas on disk usage? If so, what are the values?

Are there restrictions on use? For example, are there certain days or hours of the day that are suggested or enforced? Explain primary and secondary days if applicable.

Are there files or directories that are shared? If so, provide the details.

Are there ACLs that affect the user? What identifiers does the user need to know?

Which privileges does the user hold and what do they mean?

What is the command language interpreter?

Which type of account is this: open, captive, restricted, or interactive?

Which nodes permit proxy logins for this user, if any?

What are the names of the queues the user may need to use?

What actions should the user take to ensure physical site security, such as locking up materials?

Account Requirements for a Security Administrator

Logging a User's Session