HP OpenVMS Systems Documentation
Content starts here

OpenVMS Guide to System Security
Previous Contents Index

B
Backup operations
    general recommendations
    performed from captive privileged account
Backup utility (BACKUP)
    general recommendations
Batch identifiers
Batch jobs
    affected by shift restrictions
    authorization
    password protection and cardreaders
Batch logins
Binary output from Audit Analysis utility
Break-in alarms
Break-in attempts
    auditing #1
    auditing #2
    counteraction through dual passwords
    detecting #1
    detecting #2
    evading
    security audit report and
Break key and secure servers
BUGCHK privilege
Buses, default security elements
BYPASS privilege
    description
    effect on control access
    overriding access controls #1
    overriding access controls #2
C
C2 environments
C2 security, systems
    checklist for generating
    criteria
    documentation
    effect of site changes on certification
    object protection and
    physical security requirements
    software not included
    SYSMAN databases
    system parameters
    system startup
Capability-based systems
Capability objects
    as protected objects
    elements of
    reestablishing profile
    template profile
    types of access
Captive accounts
    command procedures
    Ctrl/Y key sequence and
    disabling mail and notification of delivery
    example of production account
    locked passwords and
    when to use #1
    when to use #2
Card readers, default security elements
Case sensitivity
    in passwords and user names
$CHECK_ACCESS system service, security auditing and
$CHECK_PRIVILEGE system service, reporting privilege use
$CHKPRO system service
    role in access control
    security auditing and
/CLITABLES qualifier #1
/CLITABLES qualifier #2
Cluster environments
    building single security domain
    C2 system restrictions
    managing audit log file
    protected object databases
    protected objects
    security considerations
    security implementation
    synchronizing authorization data
    SYSMAN requirements
    system file recommendations
    system file requirements
Cluster managers and security administrators
Clusterwide intrusion detection
CLUSTER_AUTHORIZE.DAT files #1
CLUSTER_AUTHORIZE.DAT files #2
CMEXEC privilege
CMKRNL privilege
Command mode for Audit Analysis utility, manipulating the display
Command procedures
    access control strings in
    STARTNET.COM
    SYSTARTUP_VMS.COM
Commands, usage restrictions
Common event flag clusters
    as protected objects
    events audited
    privilege requirements
    reestablishing security profile
    security elements of
    system modifications of templates
    template profile
    types of access to
Communications devices
    C2 system requirements
    default security elements
Compilers, restricting use with ACLs
Confidential files, security auditing and
CONNECT command, /LOGOUT qualifier
Connections
    auditing
Connections, auditing of
Console terminals
    C2 system requirements
    C2 systems and
    HSC and C2 system requirements
Consoles, enabling passwords for
Control access
    acquiring #1
    acquiring #2
    acquiring #3
    common event flag clusters
    devices
    files
    global sections
    limitations
    logical name tables
    queues
    resource domains
    security class
    volumes
COPY command
    /PROTECTION qualifier
    security profile assigned
Create access
    logical name tables
    volumes
CREATE/PROXY command in Authorize utility
CREATE/RIGHTS command in Authorize utility
Creator ACEs
    example
    with resource identifiers
Ctrl/B key sequence
Ctrl/Y key sequence and restricted accounts
D
Database
    volatile network
Databases
    authorization #1
    authorization #2
    protected objects
    rights
    synchronizing authorization on clustered systems
DBG$ENABLE_SERVER identifier
    C2 system restriction
DCL commands
    SET HOST/DTE in network operations
    SET TERMINAL in network operations
DCL tables, modifications for security
DDCMP (Digital Data Communications Message Protocol)
    asynchronous driver
Debug server identifier, C2 system restriction
DECamds, software not in C2 evaluation
DECdns distributed name service, not in C2 evaluation
DECnet
    C2 system restrictions
    cluster nodes and
    dynamic asynchronous connection #1
    dynamic asynchronous connection #2
    dynamic asynchronous connection #3
    dynamic asynchronous connection #4
    INBOUND parameter #1
    INBOUND parameter #2
    installing dynamic asynchronous connection #1
    installing dynamic asynchronous connection #2
    network objects #1
    network objects #2
    nonprivileged user name
    receive password #1
    receive password #2
    receive passwords
    transmit password
    transmit passwords
DECnet-Plus for OpenVMS, full names not in C2 evaluation
Decryption
DECwindows screens, clearing #1
DECwindows screens, clearing #2
DECwindows screens, clearing #3
DECwindows software, not in C2 evaluation
Default attribute for ACEs
Default ownership
    for directories
    for files
    for protected objects #1
    for protected objects #2
Default protection
    Alpha system files
    for directories
    for files
    for processes #1
    for processes #2
    for VAX system files
    management
Default Protection ACEs #1
Default Protection ACEs #2
Default Protection ACEs #3
Default Protection ACEs #4
    examples
    generating default file protection #1
    generating default file protection #2
Delete access
    common event flag clusters
    files
    granting through protection codes
    logical name tables
    queues
        through ACLs
        through protection codes
    volumes
DELETE command, /ERASE qualifier
DETACH privilege
Devices
    access requirements
    as protected objects
    controlling access through ACLs
    default security elements
    events audited
    modifying security profiles of
    privilege requirements
    profile storage
    protecting BACKUP save sets
    reusing in C2 systems
    security elements of
    spooled, access requirements
    template security profiles
    terminal configuration
DIAGNOSE privilege
Dialup identifiers
Dialup lines
    connection security
    controlling access to
    using for dynamic asynchronous connection
    using in a public area
Dialup logins
    breaking connections
    controlling retries
    failures
    retries
Directories
    access control through ACLs
    access requirements #1
    access requirements #2
    assigning a security profile
    controlling access to files #1
    controlling access to files #2
    creating
    events audited
    ownership
        by resource identifier
        changing access to files
        setting default
    setting default file protection
    setting file protection
DIRECTORY command, /SECURITY qualifier
Disconnected job messages
DISFORCE_PWD_CHANGE flag
Disk quotas
    as restriction for users
    charging to identifiers
Disk scavenging
    discouraging
    preventing #1
    preventing #2
Disk space
    charging to identifier
    requirements for security audit log file
    usage and charging
Disk volumes
    controlling access
    protecting
    restrictions
Disks
    accessing deleted data
    changing message transfer rate
    default security elements
    erase-on-allocate #1
    erase-on-allocate #2
    erasing #1
    erasing #2
    erasure patterns #1
    erasure patterns #2
    high-water marking #1
    high-water marking #2
    managing security profiles
    protecting after file deletion
DISMOUNT command, alarms
DOWNGRADE privilege
DSE (data security erase)
    tailoring
Dual passwords
Dynamic asynchronous connections
    automatic switching of terminal line
    connection example
    manual switching of terminal line
    passwords for
    procedure for establishing
    security
    switching of terminal line
    terminating the link
    verifier
Dynamic attribute for identifiers

Previous Next Contents Index