|  | Index 
    | HP OpenVMS Guide to System Security: OpenVMS Version 8.4 
   
      Index
      Symbols$AUDIT_EVENT system service, reporting
security-relevant events, Sources of Event Information$CHECK_ACCESS system service, security auditing and, Sources of Event Information$CHECK_PRIVILEGE
system service, reporting privilege use, Sources of Event Information$CHKPRO system servicerole in access control, How the System Determines if a User Can Access a Protected Object security auditing and, Sources of Event Information
/ACCESS qualifier
in Authorize utility, Restricting Work Times/CLITABLES qualifier, Setting Up Captive Accounts, Restricting DCL Command Usage/EXPIRATION qualifier, Restricting Account Duration/FLAGS=CAPTIVE
qualifier, Setting Up Captive Accounts/FLAGS=DISIMAGE qualifier, Restricting DCL Command Usage/FLAGS=DISMAIL qualifier, New Mail Announcements/FLAGS=DISNEWMAIL
qualifier, New Mail Announcements/FLAGS=DISPWDDIC
qualifier, Screening New Passwords/FLAGS=DISPWDHIS qualifier, Screening New Passwords/FLAGS=DISRECONNECT qualifier, Limiting Disconnected Processes/FLAGS=DISREPORT
qualifier, Last Login Messages/FLAGS=DISUSER qualifier, Password Protection Checklist/FLAGS=DISWELCOME qualifier, Welcome Message/FLAGS=GENPWD
qualifier, Secondary Passwords, Generated Passwords/FLAGS=LOCKPWD qualifier, Generated Passwords/FLAGS=PWD_EXPIRED
qualifier, Expiring Passwords/FLAGS=RESTRICTED
qualifier, Restricted Accounts/LGICMD qualifier and captive accounts, Setting Up Captive Accounts/LOCAL_PASSWORD
qualifier, Overriding External Authentication/PRCLM qualifier in AUTHORIZE, Qualifiers Required to Define Captive Accounts/PRIMEDAYS qualifier, example, Restricting Work Times/PWDLIFETIME qualifier, Expiring Passwords/PWDMINIMUM qualifier, Requiring a Minimum Password Length
AAccessauditing of processes, Kinds of System Activity the Operating System Can Report BYPASS
privilege, How the System Determines if a User Can Access a Protected Objectclass-specific
overrides, How the System Determines if a User Can Access a Protected Objectdenying, Enhancing Protection for Sensitive Objectshow the system determines, How the System Determines if a User Can Access a Protected Objectobject-oriented, Authorization Database Represented as an Access Matrixperformance impact of auditing, Considering the Performance Impactprivileges bypassing ACLs, How Privileges Affect Protection Mechanismsprivileges
bypassing protection codes, How Privileges Affect Protection Mechanismssubject-oriented, Authorization Database Represented as an Access Matrixthrough ACLs, Granting Access to Particular Usersthrough
GRPPRV privilege, How the System Determines if a User Can Access a Protected Objectthrough protection codes, Protection Codethrough READALL privilege, How the System Determines if a User Can Access a Protected Objectthrough
SYSPRV privilege, How the System Determines if a User Can Access a Protected Objectto deleted file data, Accessibility of Data in a File
Access categories, Controlling Access with Protection CodesAccess controlACE order, importance of, Ordering ACEs Within a Listassigning file defaults, Establishing an Inheritance Scheme for Filesbypassing ACLs, Understanding Privileges and Control Accessbypassing protection codes, Understanding Privileges and Control Accesscomparing security profiles, Contents of a User's Security Profilecontrolling in network environment, Setting Up a Proxy Databasedefault application account, Hierarchy of Access Controlsdefault for inbound connection, Using Default Application Accountsdenying a class of users, Conditionalizing Identifiers for Different Usersdenying access through an ACL, Preventing Users from Accessing an Objectevaluating a user's access request, How the System Determines if a User Can Access a Protected Object explicit, Hierarchy of Access Controlsfor a network, Hierarchy of Access Controls for applications, Using Default Application Accountsfor connections, Hierarchy of Access Controlsfor protected objects, Protecting DataIdentifier ACEs and, Granting Access to Particular Usersin a network environment, Managing Network Securitylimited-access accounts, Assigning Appropriate Accounts to Userslimiting access to an environment, Types of Identifiers, Limiting Access to an Environment limiting device access, Limiting Access to a Devicelimiting logins, Defining Times and Conditions for System Accessmatrix, Authorization Database Represented as an Access Matrixobject security profiles, Security Profile of Objectsobject-specific considerations, Object-Specific Access Considerationsprotection code processing rules, How the System Determines if a User Can Access a Protected Objectprotection code user categories, Protection Code proxy, Hierarchy of Access Controls, Using Proxy Loginsrouting initialization
passwords, Specifying Routing Initialization Passwordsthrough ACLs, Controlling Access with ACLs, Ordering ACEs Within a Listusing Identifier ACEs, Using Identifier Access Control Entries (ACEs), Establishing an Inheritance Scheme for Filesusing the NCP, Using Explicit Access Controlwith Identifier ACEs, Using Identifier Access Control Entries (ACEs), Establishing an Inheritance Scheme for Files
Access control strings, Protecting Information in Access Control Strings, Using Explicit Access Controlcommand procedures and, Protecting Information in Access Control Stringsexposing password in, Guidelines for Protecting Your Passwordprotecting information
in, Protecting Information in Access Control Stringssecondary passwords with, Secondary Passwords
Access requirementsallocating devices, Access Requirements for I/O Operationscapability object, Types of Access common event flag clusters, Types of Accessdirectories, Access Requirementsfile-oriented devices, Access Requirements for I/O Operations files, Access Requirements global sections, Types of AccessI/O channel, Access Requirements for I/O Operations logical name tables, Types of Accessnon-file-oriented devices, Access Requirements for I/O Operations queues, Types of Access resource domains, Types of Access security class objects, Types of Accessshareable devices, Access Requirements for I/O Operationsspooled devices, Access Requirements for I/O Operationsunshareable devices, Access Requirements for I/O Operationsvolumes, Access Requirements for I/O Operations
Access typesabbreviations of, Format of a Protection CodeACLs, Establishing an Inheritance Scheme for Filesassociate, Types of Accesscapability class, Types of Accessclass-dependency
of, Types of Access in a Protection Code common event flag clusters, Types of Accesscontrol, Types of Access in a Protection Code, Types of Accessfiles, Types of Accessobjects in general, Using Control Access to Modify an Object Profile
create logical name tables, Types of Accessvolumes, Types of Access
deletecommon event flag clusters, Types of Access files, Types of Access logical name tables, Types of Accessqueues, Types of Access volumes, Types of Access
directories, Types of Accessexecutefiles, Types of Accessglobal sections, Types of Access
files, Types of Access global sections, Types of Accesslock, Types of Accesslogical I/O, Types of Access logical name tables, Types of Accessmanage, Types of Accessphysical I/O, Types of Accessprotection
codes and, Format of a Protection Code, Types of Access in a Protection Code queues, Types of Accessreaddevices, Types of Access files, Types of Accessglobal sections, Types of Access logical name tables, Types of Accessqueues, Types of Accessresource domains, Types of Accesssecurity class, Types of Access volumes, Types of Access
 resource domains, Types of Accesssecurity
audit and, Additional Events to Audit security class, Types of Accessshared devices, Types of Accesssubmit, Types of Accessunshared devices, Types of Access volumes, Types of Accesswritedevices, Types of Access files, Types of Access, Access Requirementsglobal section, Types of Access logical name tables, Types of Accessresource domains, Types of Accesssecurity class, Types of Access volumes, Types of Access
Accounting logs as security tool, System Accounting
Accounting
logs as security tool, System AccountingAccountsaccessing after password expires, Changing an Expired Passwordapplication, Hierarchy of Access Controlsauditing access, Auditing Access to Your Account and Filescaptive, Types of System AccountsDECNET account, removing, Removing Default DECnet Access to the Systemdesigning secure accounts, Training the New User, Assigning Appropriate Accounts to Usersdisabling with DISUSER flag, Disabling Accountsdisguising
identity, Security Auditingexpiration, Password and Account Expiration Times, Renewing an Expired Accountfirst login, Obtaining Your Initial Passwordguest, Guest Accountsinitial password, Obtaining Your Initial Passwordinteractive, Types of System Accountslimited-access, Types of System Accountsnetwork objects, Configuring Network Objects Manuallyopen, Password Requirements for Different Types of Accountspassword expiration and, Changing an Expired Passwordpassword requirements for, Password Requirements for Different Types of Accountspasswords
for multiple, Guidelines for Protecting Your Passwordprivileged, Privileged Accounts project, Setting Defaults for a Directory Owned by a Resource Identifier, Setting Up the Directory of a Resource Identifierproxy, Proxy Accountsrenewing expired, Renewing an Expired Accountrestricted, Password Requirements for Different Types of Accounts, Types of System Accountssecondary password, Types of Passwordssetting duration of, Restricting Account Durationsetting
up to use project identifiers, Setting Up the Resource Identifiertypes of, Password Requirements for Different Types of Accounts, Types of System Accountsuser passwords for, Knowing What Type of Password to Use
ACE
attributesDefault, Establishing an Inheritance Scheme for FilesHidden, Displaying ACLsNone, Preventing Users from Accessing an Object, Limiting Access to a DeviceNopropagate, Copying an ACL, Restoring a File's Default Security ProfileProtected, Deleting an ACL, Copying an ACL, Restoring a File's Default Security Profile
ACEs (access control entries)adding, Adding ACEs to an Existing ACLAlarm ACEs, Adding Security-Auditing ACEs, Attaching a Security-Auditing ACEAudit ACEs, Adding Security-Auditing ACEs, Attaching a Security-Auditing ACEcreating, Using Identifier Access Control Entries (ACEs)Creator ACEs, Rules for Assigning a Protection Code and ACL, Resource Attribute, Setting Up the ACL Default Protection
ACEs, Providing a Default Protection Code for a Directory Structure deleting, Deleting ACEs from an ACLgenerating audit event messages, Ways to Generate Audit Information inserting in a list, Adding ACEs to an Existing ACLorder of, How the System Determines if a User Can Access a Protected Object, Ordering ACEs Within a List, Adding ACEs to an Existing ACLreplacing, Replacing Part of an ACLsecurity auditing, Adding ACEs to an Existing ACLsensitive files and, Adding Access Control Entries to Sensitive FilesSubsystem ACEs, Customizing Identifierssubsystem ACEs, System Management Requirements, Building the Subsystem, Enabling Protected Subsystems on a Trusted Volumetypes of, Using Identifier Access Control Entries (ACEs)
ACL editordisplaying ACLs, Access Control List (ACL)modifying
ACLs, Adding ACEs to an Existing ACL
ACLs (access control lists), Access Control List (ACL), Controlling Access with ACLs, Setting Defaults for a Directory Owned by a Resource IdentifierACE order, How the System Determines if a User Can Access a Protected Object, Ordering ACEs Within a List, Adding ACEs to an Existing ACLalarms generated by, Alarm Messages assigning by default to new files, Establishing an Inheritance Scheme for Filesbypassing with special rights, Understanding Privileges and Control Access copying, Copying an ACL creating, Using Identifier Access Control Entries (ACEs)deleting, Deleting an ACLdeleting obsolete identifiers, Removing Identifiersdesigning, Designing ACLsdisadvantages of, Designing ACLsdisplaying, Access Control List (ACL), Displaying ACLseffect of
privileges, How the System Determines if a User Can Access a Protected Objecteffect on performance, Designing ACLsgranting access, Granting Access to Particular Usersinteraction with protection codes, Enhancing Protection for Sensitive Objectsmanagement overview, Naming Individual Users in ACLsmodifying, Adding ACEs to an Existing ACLnetwork file sharing, Setting Up Accounts for Local and Remote Userspriority in access evaluation, How the System Determines if a User Can Access a Protected Objectprotection codes and, Preventing Users from Accessing an Objectqueue access rights, Types of Accessreordering entries, Adding ACEs to an Existing ACL replacing ACEs, Replacing Part of an ACL restoring default ACL, Restoring a File's Default ACLrestoring file default, Restoring a File's Default Security Profilesecurity element of an object, Contents of an Object's Profilesetting file
protection, Controlling File Access, Setting Up the ACLsystem program files, Restricting DCL Command Usage
ACME, ACME Subsystem OverviewACME agents, ACME Subsystem OverviewACME subsystem, Authentication and Credentials Management Extensions (ACME) SubsystemACME_SERVER process, ACME Subsystem OverviewACNT
privilege, ACNT Privilege (Devour)ADD/IDENTIFIER
command in Authorize utility, Restoring the Rights DatabaseADD/PROXY command
in Authorize utility, Procedure for Creating a Proxy Account, Setting Up Accounts for Local and Remote UsersAES Algorithm, Encryption ProcessAlarm ACEs, Adding Security-Auditing ACEshow
to use, Attaching a Security-Auditing ACEposition
in ACL, Displaying ACLs
Alarm
messages, Alarm MessagesACL event, Alarm Messagesauthorization database
modification, Alarm Messagesbreak-in event, Alarm MessagesINSTALL event, Alarm Messageslogin, Alarm Messageslogin failure, Alarm Messageslogout, Alarm Messagesnetwork connection, Alarm Messagesobject access event, Alarm Messagesobject creation, Alarm Messagesobject deaccess, Alarm Messagesobject deletion, Alarm Messagesprivilege use, Alarm Messagesprocess control event, Alarm MessagesSET AUDIT use, Alarm Messagessystem parameter modification, Alarm Messagestime modification, Alarm Messagesvolume mount/dismount, Alarm Messages
Alarmsenabling for security, Asking Your Security Administrator to Enable Auditing
ALF (automatic login facility), Providing Automatic LoginAutologin account as security problem, Automatic Login AccountsAUTOLOGIN flag, Automatic Login Accountscluster requirements for ALF files, Synchronizing Authorization Data
ALLSPOOL
privilege, ALLSPOOL Privilege (Devour)Alphanumeric UICs, Format of a UICALTPRI
privilege, ALTPRI Privilege (System)ANALYZE/AUDIT
command, Invoking the Audit Analysis Utilityqualifier summary, Providing Report Specifications
Announcement messages, Entering a System Password, Local Login Messagessecurity disadvantages, Announcement Message
APPEND command, /PROTECTION
qualifier, Adjusting Protection DefaultsApplications, setting access control, Using Default Application AccountsArchive filesanalyzing security-relevant
events, Using a Remote Log Fileenabling remote, Using a Remote Log Filefor security event messages, Using a Remote Log File
Archive flush, Adjusting the Transfer of Messages to DiskASCII output
from Audit Analysis utility, Providing Report SpecificationsAssociate access, Types of AccessAsynchronous connection, dynamic, Establishing a Dynamic Asynchronous ConnectionAsynchronous
DDCMP driver, Establishing a Dynamic Asynchronous ConnectionAttacks,
types of system, Forms of System AttacksAudit
ACEs, Adding Security-Auditing ACEshow to use, Attaching a Security-Auditing ACE
Audit Analysis utility (ANALYZE/AUDIT), Security Auditing, Using a Remote Log File, Examining the Reportanalyzing archive files, Using a Remote Log FileASCII output from, Providing Report Specificationsbinary output from, Providing Report Specificationsdetermining criteria
of the analysis, Examining the Reportexample, Examining the Reportgenerating daily reports, Recommended Procedureinteractive commands, Using the Audit Analysis Utility Interactivelyinvoking, Invoking the Audit Analysis Utilityoverview, Analyzing a Log Fileprerequisites, Recommended Procedurereport formats, Qualifiers for the Audit Analysis Utilitytypes of output, Providing Report Specificationswhen to ignore events, Recommended Procedure
Audit listener mailboxescapturing audit event messages, Using a Listener Mailboxdisabling, Using a Listener Mailboxexample of programs for, Using a Listener Mailbox
AUDIT
privilege, AUDIT Privilege (System)Audit server databases, Tasks Performed by the Audit ServerAudit
server processeschanging disk transfer rate, Adjusting the Transfer of Messages to Diskcontrolling message flow, Choosing the Number of Outstanding Messages That Trigger Process Suspensiondelaying delivery of event messages, Changing the Point in Startup When the Operating System Initiates Auditingdisabling, Disabling and Reenabling Startup of the Audit Serverenabling, Disabling and Reenabling Startup of the Audit Servererror handling, Allocating Disk Space for the Audit Log File, Error Handling in the Auditing Facilityfinal server action, Reacting to Insufficient Memorymanaging, Managing the Auditing Subsystemmemory limitations and, Reacting to Insufficient Memorypre-extending log files, Allocating Disk Space for the Audit Log Filetasks performed by, Tasks Performed by the Audit Server
Audit
trailsin security models, Reference Monitor Concept
Auditingapplications, Security Auditingas security
feature, Security Auditingof security
events, Security Auditing
Authentication and credentials management
extensions (ACME), Authentication and Credentials Management Extensions (ACME) SubsystemAuthentication
cards, Authentication CardsAuthentication, external, Enabling External AuthenticationAuthority-based systems, Authorization Database Represented as an Access MatrixAuthorization databases, Authorization Database, Authorization Database Represented as an Access Matrixaccess matrix, Authorization Database Represented as an Access Matrixadding users, Assigning Appropriate Accounts to Usersauditing, Auditing Categories of Activityauditing modifications to, Kinds of System Activity the Operating System Can Reportcontents, Reference Monitor Conceptsynchronizing authorization on clustered
systems, Synchronizing Authorization Data
Authorize utility (AUTHORIZE)/GENERATE_PASSWORD qualifier, Primary PasswordsADD/FLAG command, Enabling External AuthenticationADD/IDENTIFIER command, Restoring the Rights Database, Setting Up the Resource IdentifierADD/PROXY command, Procedure for Creating a Proxy Account, Setting Up Accounts for Local and Remote UsersCREATE/PROXY command, Procedure for Creating a Proxy AccountCREATE/RIGHTS command, Populating the Rights DatabaseEXTAUTH flag, Enabling External AuthenticationGRANT/IDENTIFIER command, Assigning Identifiers to Users, Setting Up the Resource IdentifierMODIFY/FLAG command, Enabling External AuthenticationMODIFY/SYSTEM_PASSWORD
command, System PasswordsREMOVE/IDENTIFIER command, Removing IdentifiersSHOW/IDENTIFIER command, Displaying the DatabaseSHOW/RIGHTS command, Displaying the Database
Autodial protocol, Establishing a Dynamic Asynchronous ConnectionAutomatic password generation, Selecting Your Own Password, Using Generated Passwordsdisadvantages, Using Generated Passwordsexample, Using Generated Passwordsminimum length, Using Generated Passwords
BBackup operationsgeneral recommendations, Protecting Backup Mediaperformed from captive privileged account, Privileged Accounts
BACKUP utility, Encrypting Save SetsBackup utility (BACKUP)general recommendations, Protecting Backup Mediaperformed from captive privileged account, Privileged Accounts
Batch identifiers, Major Types of Rights IdentifiersBatch jobsaffected
by shift restrictions, Using an Account Restricted to Certain Days and Timesauthorization, When the System Logs In for You: Network and Batch Loginspassword protection and cardreaders, Guidelines for Protecting Your Password
Batch logins, When the System Logs In for You: Network and Batch LoginsBinary output from Audit Analysis utility, Providing Report SpecificationsBreak key and secure servers, Using the Secure ServerBreak-in alarms, Alarm MessagesBreak-in attempts, Types of Computer Security Problems, Failing to Enter the Correct Password During a Dialup Loginauditing, Auditing Categories of Activity, Kinds of System Activity the Operating System Can Reportcounteraction through dual passwords, Secondary Passwordsdetecting, Detecting Intruders, Setting the Exclusion Periodevading, Knowing When Break-In Evasion Procedures Are in Effectsecurity audit report and, Examining the Report
BUGCHK
privilege, BUGCHK Privilege (Devour)Buses, default
security elements, Template ProfileBYPASS privilegedescription, BYPASS Privilege (All)effect on control access, Using Control Access to Modify an Object Profileoverriding access controls, How the System Determines if a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms
CCapability objectsas protected objects, Classes of Protected Objectselements of, Capabilitiesreestablishing profile, Permanence of the Objecttemplate profile, Template Profiletypes of access, Types of Access
Capability-based systems, Authorization Database Represented as an Access MatrixCaptive accounts, Password Requirements for Different Types of Accounts, Interactive Accountscommand procedures, Guidelines for Captive Command ProceduresCtrl/Y key sequence and, Captive Accountsdisabling mail and notification of delivery, New Mail Announcementsexample of production account, Limited-Account Examplelocked passwords and, Qualifiers Required to Define Captive Accountswhen to use, Types of System Accounts
Card readers, default security elements, Template ProfileCase
sensitivityin passwords and user names, Case Sensitivity in Passwords and User Names
CDSA, Common Data Security Architecture (CDSA)Ciphertext, Encryption ProcessCluster
environmentsbuilding single security domain, Building a Common Environmentmanaging audit log file, Managing the Audit Log Fileprotected object databases, Storing Profiles and Auditing Informationprotected objects, Protecting Objectssecurity considerations, Securing a Clustersecurity implementation, Using the System Management Utilitysynchronizing authorization data, Synchronizing Authorization DataSYSMAN requirements, Using the System Management Utilitysystem file recommendations, Recommended Common System Filessystem file requirements, Required Common System Files
Cluster managers
and security administrators, Securing a ClusterCLUSTER_AUTHORIZE.DAT files, Managing Cluster MembershipClusterwide
intrusion detection, clusterwide Intrusion DetectionCMEXEC
privilege, CMEXEC Privilege (All)CMKRNL
privilege, CMKRNL Privilege (All)Command mode
for Audit Analysis utility, manipulating the display, Using the Audit Analysis Utility InteractivelyCommand proceduresaccess control strings
in, Protecting Information in Access Control StringsSTARTNET.COM, Establishing a Dynamic Asynchronous ConnectionSYSTARTUP_VMS.COM, Establishing a Dynamic Asynchronous Connection
Commands, usage restrictions, Restricting DCL Command UsageCommon Data
Security Architecture (CDSA), Common Data Security Architecture (CDSA)Common event flag clustersas protected objects, Classes of Protected Objectsevents audited, Kinds of Auditing Performedprivilege requirements, Privilege Requirementsreestablishing security profile, Permanence of the Objectsecurity elements of, Common Event Flag Clusterssystem modifications of templates, Template Profiletemplate profile, Template Profiletypes of access to, Types of Access
Communications devicesdefault security elements, Template Profile
Compilers, restricting use with ACLs, Protecting System FilesConfidential files, security auditing
and, Adding Access Control Entries to Sensitive FilesCONNECT command, /LOGOUT qualifier, Removing Disconnected ProcessesConnectionsauditing, Kinds of System Activity the Operating System Can Report
Connections,
auditing of, Kinds of System Activity the Operating System Can ReportConsoles, enabling passwords for, Console PasswordsControl accessacquiring, Access Required to Modify a Profile, Types of Access in a Protection Code, Using Control Access to Modify an Object Profile common event flag clusters, Types of Access devices, Types of Access files, Types of Access global sections, Types of Accesslimitations, Using Control Access to Modify an Object Profile logical name tables, Types of Access queues, Types of Access resource domains, Types of Access security class, Types of Access volumes, Types of Access
COPY command /PROTECTION qualifier, Adjusting Protection Defaults security profile assigned, Using the COPY and RENAME Commands
Create access logical
name tables, Types of Access volumes, Types of Access
CREATE/PROXY command in Authorize utility, Procedure for Creating a Proxy AccountCREATE/RIGHTS
command in Authorize utility, Populating the Rights DatabaseCreator
ACEs, Rules for Assigning a Protection Code and ACLexample, Setting Up the ACLwith resource identifiers, Resource Attribute
Ctrl/B key
sequence, Protecting Information in Access Control StringsCtrl/Y
key sequence and restricted accounts, Restricted Accounts
DDatabasevolatile network, Establishing a Dynamic Asynchronous Connection
Databasesauthorization, Authorization Database, Authorization Database Represented as an Access Matrixprotected objects, Storing Profiles and Auditing Informationrights, Displaying the Databasesynchronizing authorization
on clustered systems, Synchronizing Authorization Datavolatile
network, Establishing a Dynamic Asynchronous Connection
DCL commandsSET HOST/DTE in network operations, Establishing a Dynamic Asynchronous ConnectionSET
TERMINAL in network operations, Establishing a Dynamic Asynchronous Connection
DCL tables, modifications for security, Restricting DCL Command UsageDDCMP
(Digital Data Communications Message Protocol)asynchronous driver, Establishing a Dynamic Asynchronous Connection
DECnetcluster nodes and, Using DECnet Between Cluster Nodesdynamic
asynchronous connection, Establishing a Dynamic Asynchronous ConnectionINBOUND
parameter, Establishing a Dynamic Asynchronous Connectioninstalling dynamic asynchronous
connection, Establishing a Dynamic Asynchronous Connectionnetwork
objects, Configuring Network Objects Manuallynonprivileged user name, Using DECnet Application (Object) Accountsreceive password, Establishing a Dynamic Asynchronous Connectionreceive passwords, Establishing a Dynamic Asynchronous Connectionremoving, Removing Default DECnet Access to the Systemtransmit
password, Establishing a Dynamic Asynchronous Connectiontransmit passwords, Establishing a Dynamic Asynchronous Connection
DECRYPT commandpurpose, Decrypting Files
Decryptionrequirements, Maintaining Keys
DECwindows screens, clearing, Using Generated Passwords, Protecting Information in Access Control Strings, Clearing Your Terminal ScreenDefault attribute
for ACEs, Establishing an Inheritance Scheme for FilesDefault ownershipfor directories, Setting Up the ACLfor files, Controlling File Accessfor protected objects, Setting Default Protection and Ownership, Setting Defaults for Objects Other Than Files
Default protectionAlpha system files, Protecting System Filesfor directories, Rules for Assigning a Protection Code and ACLfor files, Rules for Assigning a Protection Code and ACLfor processes, Controlling File Access, Adjusting Protection Defaultsfor system files, Protection for OpenVMS System Filesmanagement, Setting Default Protection and Ownership
Default Protection
ACEs, Providing a Default Protection Code for a Directory Structure, Controlling File Access, Adjusting Protection Defaultsexamples, Admitting Remote Users to Multiple Accountsgenerating default file protection, Rules for Assigning a Protection Code and ACL
Delete access common
event flag clusters, Types of Access files, Types of Accessgranting through protection
codes, Format of a Protection Code logical
name tables, Types of Access queuesthrough ACLs, Types of Accessthrough
protection codes, Types of Access
 volumes, Types of Access
DELETE command, /ERASE qualifier, Overwriting Disk BlocksDESmodes, Encryption Algorithms
DES algorithm, DES Encryption AlgorithmDETACH privilege, IMPERSONATE Privilege (All) (Formerly DETACH)Devicesaccess requirements, Access Requirements for I/O Operationsas protected objects, Classes of Protected Objectscontrolling access through ACLs, Limiting Access to a Devicedefault security elements, Template Profileevents audited, Kinds of Auditing Performedmodifying security profiles of, Setting Up Profiles for New Devicesprivilege requirements, Privilege Requirementsprofile
storage, Permanence of the Objectprotecting
BACKUP save sets, Protecting a Backup Save Setsecurity elements of, Devicesspooled, access requirements, Access Requirements for I/O Operationstemplate security profiles, Template Profileterminal
configuration, Configuring Terminal Lines for Modems
DIAGNOSE
privilege, DIAGNOSE Privilege (Objects)Dialup identifiers, Major Types of Rights IdentifiersDialup linesconnection security, Establishing a Dynamic Asynchronous Connectioncontrolling access to, Types of Passwordsusing for dynamic asynchronous
connection, Establishing a Dynamic Asynchronous Connectionusing in a public area, Breaking the Connection to a Dialup Line
Dialup logins, Logging In Interactively: Local, Dialup, and Remote Loginsbreaking connections, Breaking the Connection to a Dialup Linecontrolling retries, Last Login Messagesfailures, Failing to Enter the Correct Password During a Dialup Loginretries, Failing to Enter the Correct Password During a Dialup Login
Directoriesaccess control through ACLs, Ordering ACEs Within a Listaccess
requirements, Types of Access, Access Requirementsassigning
a security profile, Rules for Assigning a Protection Code and ACL controlling access to files, Establishing an Inheritance Scheme for Files, Controlling File Accesscreating, Creation Requirementsevents audited, Kinds of Auditing Performedownership by resource identifier, Setting Up the Directory of a Resource Identifierchanging access to files, Controlling File Accesssetting default, Controlling File Access
setting
default file protection, Establishing an Inheritance Scheme for Filessetting
file protection, Controlling File Access
DIRECTORY command /SECURITY qualifier, Suggestions for Optimizing File Security
DIRECTORY command, /SECURITY qualifier, Suggestions for Optimizing File SecurityDisconnected job messages, Local Login MessagesDiscretionary access controls, GRPNAM Privilege (Devour), SYSNAM Privilege (All)DISFORCE_PWD_CHANGE flag, Enforcing Change of Expired PasswordDisk quotasas
restriction for users, Restricting Disk Volumescharging to identifiers, Resource Attribute
Disk scavengingdiscouraging, Protecting Diskspreventing, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blocks
Disk spacecharging to identifier, Setting Up the Resource Identifierrequirements
for security audit log file, Allocating Disk Space for the Audit Log Fileusage
and charging, Resource Attribute
Disk volumescontrolling
access, Volumesprotecting, Volumesrestrictions, Restricting Disk Volumes
Disksaccessing
deleted data, Accessibility of Data in a Filechanging message transfer rate, Adjusting the Transfer of Messages to Diskdefault security elements, Template Profileerase-on-allocate, Protecting Information When Disk Space Is Reassigned, Setting a High-water Markerasing, Setting a High-water Mark, Erasing Techniqueserasure patterns, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blockshigh-water marking, Protecting Information When Disk Space Is Reassigned, Setting a High-water Markmanaging
security profiles, Setting Up Profiles for New Devicesprotectingafter file deletion, Protecting Information When Disk Space Is Reassigned
protecting
after file deletion, Protecting Information When Disk Space Is Reassigned
DISMOUNT command, alarms, Alarm MessagesDOWNGRADE
privilege, DOWNGRADE Privilege (All)DSE (data security erase)tailoring, Erasing Techniques
Dual
passwords, Secondary PasswordsDynamic asynchronous connectionsautomatic switching of terminal line, Establishing a Dynamic Asynchronous Connectionconnection example, Establishing a Dynamic Asynchronous Connectionmanual switching of terminal
line, Establishing a Dynamic Asynchronous Connectionpasswords for, Establishing a Dynamic Asynchronous Connectionprocedure
for establishing, Establishing a Dynamic Asynchronous Connectionsecurity, Establishing a Dynamic Asynchronous Connectionswitching
of terminal line, Establishing a Dynamic Asynchronous Connectionterminating the link, Establishing a Dynamic Asynchronous Connectionverifier, Specifying Routing Initialization Passwords
Dynamic
attribute for identifiers, Dynamic AttributeDynamic attributesfor identifiers, Dynamic Attribute
EEchoing, passwords and, Entering a System PasswordEditing
ACLs, Adding ACEs to an Existing ACL, Copying an ACLEmergency accounts and privileges, Limiting User PrivilegesEmulatorterminal, Establishing a Dynamic Asynchronous Connection
ENCRYPT$MAC.LISfor storing
MAC values, Specifying a Listing File
ENCRYPT/CREATE_KEY commandverifying, Verifying Key Creation
Encryption, Using Encryptiondefining keys, Defining KeysENCRYPT command, Encrypting Files
Encryption processoverview, Encryption
Environmental
factors in security, Building a Secure System EnvironmentEnvironmental identifiers, Conditionalizing Identifiers for Different Usersconditionalizing general identifiers, Conditionalizing Identifiers for Different Usersexample, Types of Identifiers, Displaying the Rights Identifiers of Your Process, Ordering ACEs Within a ListIdentifier ACEs and, Limiting Access to an Environment
Erase-on-allocate, Protecting Information When Disk Space Is Reassigned, Setting a High-water MarkErase-on-delete, Overwriting Disk Blocks, Erasing TechniquesErasing disks, Erasing TechniquesErasure patterns, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blocks, Erasing TechniquesEvent tolerance and security levels, Levels of Security RequirementsExecute access files, Types of Access global sections, Types of Accessgranting through protection
codes, Format of a Protection Code
Expirationof account, Renewing an Expired Accountof password, Changing an Expired Password, Primary Passwordsof secondary
password, Changing an Expired Passwordpassword system messages, Changing Your Password As You Log In, Changing an Expired Password
Expired passwords, system message, Changing Your Password As You Log InEXQUOTA
privilege, EXQUOTA Privilege (Devour)EXTAUTH flag, Enabling External AuthenticationExternal
authentication, Enabling External AuthenticationDECnet-Plus and NET_CALLOUTs parameter, Specifying the SYS$SINGLE_SIGNON Logical Name BitsDECnet-Plus requirement, Specifying the SYS$SINGLE_SIGNON Logical Name Bitsdefining logical
names, Enabling External Authenticationdisabling when
network is down, Overriding External Authenticationfailed connection attempts on POP
server, Specifying the SYS$SINGLE_SIGNON Logical Name Bitsimpact on layered products and
applications, Impact on Layered Products and Applicationsmarking user accounts, Enabling External AuthenticationNET PASSWORD command, Setting a New Passwordpassword verification, User Name Mapping and Password Verificationsetting a password, Setting a New Passwordspecifying SYS$SINGLE_SIGNON
logical name bits, Specifying the SYS$SINGLE_SIGNON Logical Name Bitsusing the /LOCAL_PASSWORD
qualifier, Overriding External Authentication
FF$MODE lexical function, Types of Logins and Login ClassesFacility identifiers, Types of IdentifiersFAL (file access listener) recommendations, Summary of Network ObjectsFile browsers, Asking Your Security Administrator to Enable Auditing, Security Auditing, Identifying the PerpetratorFile
protection, Contents of an Object's Profile, Files, Controlling File Accessauditing, Security AuditingDCL commands for, Protecting System Filessetting default ACLs, Establishing an Inheritance Scheme for Files
Filesaccess control
through ACLs, Ordering ACEs Within a Listaccess requirements, Types of Access, Access Requirementsaccessingallocated disk blocks, Accessibility of Data in a Fileby file identifier, Access Requirements
adding ACEs
for security auditing, Adding Access Control Entries to Sensitive Files, Adding Security-Auditing ACEsapplying an alarm to, Adding Access Control Entries to Sensitive Filesas protected objects, Classes of Protected Objectsassigning protection codes, Rules for Assigning a Protection Code and ACL assigning security profiles, Profile Assignment, Rules for Assigning a Protection Code and ACL, Controlling File Accessauditing
access to, Auditing Access to Your Account and Files, Adding Access Control Entries to Sensitive Files, Auditing Protected Objectschanging security profiles, Rules for Assigning a Protection Code and ACLconfidential, protecting, Asking Your Security Administrator to Enable Auditing controlling access with Identifier ACEs, Using Identifier Access Control Entries (ACEs)copyingfrom remote account, Using Proxy Login Accounts to Protect Passwords
creatingdependency on directory ownership, Controlling File Accessrequirements for, Creation Requirements
default protection, Providing a Default Protection Code for a Directory Structureerasing data from disks, Overwriting Disk Blocksevents audited, Kinds of Auditing Performedexceptions to ownership rules, Ownermanaging directory defaults, Setting Up the ACLnaming rules, Naming Rulesoptimizing security, Suggestions for Optimizing File Securityowned by
resource identifier, Rules for Assigning a Protection Code and ACL, Setting Up the ACLownership rules, Rules for Assigning Ownershipprotecting data after deletion, Protecting Information When Disk Space Is Reassignedprotecting mail, Suggestions for Optimizing File Securityprotection required for proxy access, Using Proxy Login Accounts to Protect Passwordsrestoring default security elements, Restoring a File's Default ACLrestoring default security profiles, Restoring a File's Default Security Profilesecurity auditing and, Adding Access Control Entries to Sensitive Files, Kinds of Auditing Performedsecurity elements of, Filessetting default protection and
ownership, Controlling File Accesssharing and exchanging in network environment, Sharing Files in a Network, Admitting Remote Users to Multiple Accountssharing for a cluster system, Synchronizing Authorization Datatransfers with MAIL, Sharing Files in a Network
Flush interval, Adjusting the Transfer of Messages to DiskFlushing messages to disk, Adjusting the Transfer of Messages to DiskForeign volumes,
access requirements, Access Requirements for I/O OperationsFormatsIdentifier
ACE, Using Identifier Access Control Entries (ACEs)protection
code, Controlling Access with Protection Codesrights identifiers, Types of Identifierssecurity-auditing ACE, Access Control Entries (ACEs) for Security AuditingUIC (user identification code), Format of a UIC
GGeneral identifiers, Granting Access to Particular Usersdesign considerations, Naming Individual Users in ACLsexample, Displaying the Rights Identifiers of Your Process, Ordering ACEs Within a Listformat, Major Types of Rights Identifiers
Generated passwords, Using Generated Passwordsdisadvantages, Using Generated Passwordsexample, Using Generated Passwordsinitial passwords, Primary Passwordslength, Requiring a Minimum Password Lengthminimum length, Using Generated Passwordsrequiring, Secondary Passwords, History Lists
Global
sectionsevents audited, Kinds of Auditing Performedgroup, Classes of Protected Objectsprivilege requirements, Privilege Requirementsreestablishing security
profile, Permanence of the Objectrestricting access, Template Profilesecurity elements of, Global Sectionssystem, Classes of Protected Objectstemplate profiles, Template Profiletypes of access, Types of Access
Group numbersin UICs, Format of a UICreserved UICs, Format of a UICuniqueness
requirement for clustered systems, Synchronizing Authorization Data
Group numbers and passwords, Managing Cluster MembershipGroup numbers and passwords, setting
up for cluster, Managing Cluster MembershipGROUP
privilege, GROUP Privilege (Group)Group UIC
names, Format of a UICGroup users
(security category), Protection Code, Format of a Protection CodeGroupsdesign of, Displaying the Databaseguidelines for organization, Designing User GroupsUIC design, Designing User Groups
GRPNAM privilege, Privilege Requirements, GRPNAM Privilege (Devour)GRPPRV privilege, GRPPRV Privilege (Group)description, GRPPRV Privilege (Group)effect on protection mechanisms, How Privileges Affect Protection Mechanismsgiving rights of system
user, How the System Determines if a User Can Access a Protected Object, Format of a Protection Codegranting control access, How Privileges Affect Protection Mechanisms
Guest accountsas limited-access accounts, Guest Accounts
HHardcopy outputdisposal of, Disposing of Hardcopy Output
Hardcopy terminals, logout considerations, Disposing of Hardcopy OutputHidden
attribute, Displaying ACLsHigh-water
marking, Protecting Information When Disk Space Is Reassigned, Setting a High-water Mark, Prevention Through High-Water Markingperformance and, Prevention Through High-Water Marking
History, History ListsHolder
Hidden attribute, Holder Hidden AttributeHolders
of a rights identifierassociating with identifier, Assigning Identifiers to Usersdisplaying records, Displaying the Databasegranting access to, Granting Access to Particular Usersremoving from rights database, Removing Holder Records
II/O channels, access requirements, Access Requirements for I/O OperationsI/O operations, access requirements for devices, Access Requirements for I/O OperationsIdentifier ACEs, Using Identifier Access Control Entries (ACEs), Adding ACEs to an Existing ACL, Building the SubsystemACE order, Ordering ACEs Within a Listadding to an ACL, Adding ACEs to an Existing ACLconditionalizing access, Limiting Access to an Environmentcreating, Using Identifier Access Control Entries (ACEs)Default attribute, Establishing an Inheritance Scheme for Filesdenying access, Preventing Users from Accessing an Objectformat, Using Identifier Access Control Entries (ACEs)interpreting, Using Identifier Access Control Entries (ACEs)protected subsystems and, Building the Subsystemusing general identifiers, Granting Access to Particular Users
Identifier
attributes, Customizing Identifiers, Subsystem Attributedescription of, Customizing IdentifiersDynamic, Dynamic AttributeHolder Hidden, Holder Hidden AttributeName Hidden, Name Hidden AttributeNo Access, No Access AttributeResource, Resource AttributeSubsystem, Subsystem Attribute
Identifiersadding to rights database, Adding Identifiersas
directory owners, Setting Up the Resource Identifieras
file owners, Access Requirements, Rules for Assigning a Protection Code and ACLassigning
to users, Assigning Identifiers to Usersauditing use of, Kinds of System Activity the Operating System Can Reportcreating, Granting Access to Particular Userscustomizing, Conditionalizing Identifiers for Different Usersdisplaying process, Displaying the Rights Identifiers of Your Processenvironmental, Types of Identifiers, Displaying the Rights Identifiers of Your Process, Conditionalizing Identifiers for Different Usersfacility, Types of Identifiersformat, Types of Identifiers general, Major Types of Rights Identifiers, Displaying the Rights Identifiers of Your Process, Granting Access to Particular Usersin ACEs, Using Identifier Access Control Entries (ACEs)of a process, Protecting Dataprotected
subsystems and, Giving Users Accessremoving, Removing Identifiersreserved, How Protected Subsystems Workresource and directory ownership, Controlling File Access
security audit reports and, How Rights Identifiers Appear in the Audit Trailtypes, Types of IdentifiersUIC, Major Types of Rights Identifiers, Displaying the Rights Identifiers of Your Processuniqueness requirement, Synchronizing Authorization Data
Images installingsecurity ramifications, Installing Images with Privilege
Images, installingsecurity ramifications, Installing Images with Privilege, Advantages of Protected Subsystemssubsystem images, Advantages of Protected Subsystems, Design Considerations
IMPERSONATE
privilege, IMPERSONATE Privilege (All) (Formerly DETACH)IMPORT
privilege, IMPORT Privilege (Objects)INBOUND parameter for node type specification, Establishing a Dynamic Asynchronous ConnectionIncoming
proxy access, enabling or disabling, Enabling and Disabling Incoming Proxy AccessINITIALIZE command/ERASE qualifier, Overwriting Disk Blocks
INITIALIZE
command, /ERASE qualifier, Overwriting Disk Blocks, Erasing TechniquesInstall utility
(INSTALL)alarms, Alarm Messagesauditing changes made through, Kinds of System Activity the Operating System Can Reportsecurity ramifications, Installing Images with Privilege, Advantages of Protected Subsystems
Interactive
accounts, Types of System AccountsInteractive
identifiers, Major Types of Rights IdentifiersInteractive
logins, Types of Logins and Login Classesclasses, Logging In Interactively: Local, Dialup, and Remote Loginsdialup, Logging In Interactively: Local, Dialup, and Remote Logins, Failing to Enter the Correct Password During a Dialup Loginlocal, Logging In Interactively: Local, Dialup, and Remote Loginsremote, Logging In Interactively: Local, Dialup, and Remote Loginssystem message, Local Login Messages
Interactive modeprocesses, Types of Logins and Login Classes
Intrusion
databases, Understanding the Intrusion DatabaseIntrusionsattempts, Failing to Enter the Correct Password During a Dialup Login detection, Detecting Intrudersclusterwide, clusterwide Intrusion Detectioncounteraction through dual passwords, Secondary Passwordsdatabase, Understanding the Intrusion Databaseevasive procedures, Knowing When Break-In Evasion Procedures Are in Effectreporting events, Additional Events to Auditsetting exclusion period, Setting the Exclusion Periodsystem parameters for, How Intrusion Detection Works
LLast login messages, Observing Your Last Login Timedisabling, Last Login Messages
LGI system parameters, Parameters for Controlling Login Attemptscontrolling login
attempts, System Parameters Controlling Login AttemptsLGI_BRK_DISUSER, Parameters for Controlling Login AttemptsLGI_BRK_LIM, Parameters for Controlling Login AttemptsLGI_BRK_TERM, Parameters for Controlling Login AttemptsLGI_BRK_TMO, Parameters for Controlling Login AttemptsLGI_HID_TIM, Parameters for Controlling Login AttemptsLGI_RETRY_LIM, Parameters for Controlling Login AttemptsLGI_RETRY_TMO, Parameters for Controlling Login AttemptsLGI_TWD_TMO, Parameters for Controlling Login Attempts
Lifetime of accounts, Renewing an Expired AccountLifetime of
passwords, Changing Your Password, Changing a Secondary PasswordLimited-access accounts, Types of System AccountsLINK command,
/NOTRACEBACK qualifier, Installing Images with PrivilegeLinksterminating
dynamic asynchronous, Establishing a Dynamic Asynchronous Connection
Listener devices,
example of programs for, Using a Listener MailboxLocal identifiers, Major Types of Rights IdentifiersLock access, Types of AccessLOCKPWD flag, Password Requirements for Different Types of AccountsLOG_IO privilege, Privilege Requirements, LOG_IO Privilege (All)Loggingaccess to protected objects, Auditing Protected Objectssecurity
audit events, Ways to Generate Audit Information, Methods of Capturing Event Messagesterminal sessions, Logging a User's Session
Logging outbreaking
dialup connection, Breaking the Connection to a Dialup Linedeciding when it is necessary, Logging Out Without Compromising System Securityfrom disconnected processes, Removing Disconnected Processesreasons
for, Logging Out Without Compromising System Securitysecurity considerations, Logging Out Without Compromising System Security, Clearing Your Terminal Screen
Logical I/O
access, Types of AccessLogical
name tablesas protected objects, Classes of Protected Objectsevents audited, Kinds of Auditing Performedprivilege requirements, Privilege Requirementsreestablishing security profile, Permanence of the Objectsecurity elements of, Logical Name Tablestemplate profiles, Template Profiletypes of access, Types of Access
Logical
namesdefining for external authentication, Enabling External Authentication
Login alarms, Alarm Messagesenabling, Kinds of System Activity the Operating System Can Report
Login classes, Types of Logins and Login Classesbatch, When the System Logs In for You: Network and Batch Loginsdialup, Logging In Interactively: Local, Dialup, and Remote Loginsinteractive, Logging In Interactively: Local, Dialup, and Remote Loginslocal, Logging In Interactively: Local, Dialup, and Remote Loginsnetwork, When the System Logs In for You: Network and Batch Loginsnoninteractive, When the System Logs In for You: Network and Batch Loginsremote, Logging In Interactively: Local, Dialup, and Remote Loginsrestrictions on, Observing Your Login Class Restrictions
Login command
proceduresfor restricted accounts, Privileged Accounts, Guidelines for Captive Command Proceduresproper protection for, Potentially Harmful Programs
Login failuresalarms, Alarm Messagesauditing, Kinds of System Activity the Operating System Can Reportbreak-in evasion and, Knowing When Break-In Evasion Procedures Are in Effectcauses of, Login Failures: When You Are Unable to Log Indialup logins, Failing to Enter the Correct Password During a Dialup Loginexpired accounts, Renewing an Expired Accountlogin class restrictions and, Observing Your Login Class Restrictionsmessages, Local Login Messages, Observing Your Last Login Timepassword grabber programs, Guidelines for Protecting Your Passwordretries and, Failing to Enter the Correct Password During a Dialup Loginsecurity audit report and, Examining the Reportshift restrictions, Using an Account Restricted to Certain Days and Timessystem passwords and, Using a Terminal That Requires a System Password
Login
messages, Reading Informational Messagesannouncement, Local Login Messagescontrolling, Informational Display During Login, New Mail Announcementsdisconnected job, Local Login Messagesexpired password, Changing Your Password As You Log In, Changing an Expired Passwordlast successful interactive login, Local Login Messageslast successful noninteractive login, Local Login Messagesnew mail, Local Login Messagesnumber of login failures, Local Login Messagessuppressing, Reading Informational Messages, Observing Your Last Login Timewelcome, Local Login Messages
Login programs,
authentication by secure terminal server, Guidelines for Protecting Your PasswordLoginsauditing, Kinds of System Activity the Operating System Can Reportbatch, When the System Logs In for You: Network and Batch Loginschanging password, Obtaining Your Initial Passwordchanging password during, Changing Your Password As You Log Incontrolling, Types of Passwordsdefault
process protection and, Rules for Assigning a Protection Code and ACLdialup, Logging In Interactively: Local, Dialup, and Remote Loginssupplying password, Failing to Enter the Correct Password During a Dialup Login
disabledby break-in evasion, Knowing When Break-In Evasion Procedures Are in Effectby shift
restriction, Using an Account Restricted to Certain Days and Times
 expired accounts, Renewing an Expired Accountflags, Enforcing Change of Expired Passwordinteractive, Types of Logins and Login Classesclasses of, Logging In Interactively: Local, Dialup, and Remote Loginsmost recent, Local Login Messages
local, Logging In Interactively: Local, Dialup, and Remote Loginsmonitoring
last, Observing Your Last Login Timenetwork, When the System Logs In for You: Network and Batch Loginsnoninteractive, Types of Logins and Login Classesclasses of, When the System Logs In for You: Network and Batch Loginsmost recent, Local Login Messages
permitted time periods, Using an Account Restricted to Certain Days and Timesremote, Logging In Interactively: Local, Dialup, and Remote Loginslogging out, Clearing Your Terminal Screensystem passwords and, System Passwords
restricting
with system passwords, System Passwordssecure terminal
server, Guidelines for Protecting Your Password, Using the Secure Serversecurity
implications, Obtaining Your Initial Passwordsimplifying
for user with ALF (automatic login facility), Automatic Login Accountssystem parameters controlling, System Parameters Controlling Login Attemptstime out, Entering a Secondary Passwordwith external authentication, Logging In Using External Authentication
Logout alarms, Alarm MessagesLogout auditing, Kinds of System Activity the Operating System Can ReportLOGOUT
command, Clearing Your Terminal Screen/HANGUP qualifier, Breaking the Connection to a Dialup Line
MMACsecurity, Authenticating Filesspecifying database, Specifying a File for MACs Generated from File Contents
Mail files, recommended protection
for, Suggestions for Optimizing File SecurityMAIL objects, recommended access, Summary of Network ObjectsMail
utility (MAIL)controlling notification messages, New Mail Announcementstransferring text files, Sharing Files in a Network
MAIL.EXEreinstalling with privileges, Protecting System Files
Mailboxesdefault security elements, Template Profilefor audit event messages, Methods of Capturing Event Messagesmodifying
security profiles, Setting Up Profiles for New Devicesprivilege requirements, Privilege Requirements
Maintenance tasks for secure systems, Ongoing Tasks to Maintain a Secure SystemManage access, Types of AccessMandatory access
controls, BYPASS Privilege (All), IMPORT Privilege (Objects), UPGRADE Privilege (All)MAXSYSGROUP system parameter, Format of a Protection CodeMedia initializationaccess requirements, Volumesrestricting with ACLs, Protecting System Files
Member numbers in UICs, Format of a UICMember UIC names, Format of a UICMemory consumption by ACLs, Designing ACLsMessagesannouncement, Local Login Messagessecurity disadvantages, Announcement Message
auditing, Reporting Security-Relevant Eventsauditing
security-relevant events, Auditing File Accessdisabling last login, Last Login Messageslast successful
interactive login, Local Login Messageslogin, Reading Informational Messageslogin
failures, Observing Your Last Login Timesuppressing, Reading Informational Messages, Informational Display During Loginsuppressing
last login, Observing Your Last Login Timewelcome, Local Login Messages
MFD (master
file directory), Rules for Assigning a Protection Code and ACLMIRROR objects, Summary of Network ObjectsModems, Establishing a Dynamic Asynchronous ConnectionMODIFY user/FLAG=AUDIT command in Authorize
utility, Modifying a User Authorization Record, Considering the Performance ImpactMODIFY/SYSTEM_PASSWORD command in Authorize
utility, System PasswordsMOM (maintenance operations module) objects, Summary of Network ObjectsMOUNT
command, alarms, Alarm MessagesMOUNT
privilege, MOUNT Privilege (Normal)Mounting volumesaccess requirements, Volumessecurity audits and, Additional Events to Auditwith protected subsystems, Enabling Protected Subsystems on a Trusted Volume
NName
Hidden attribute, Name Hidden AttributeNaming conventionscapability objects, Naming Rulescommon event flag clusters, Naming Rulesdevices, Naming Rulesfiles, Naming Rulesglobal sections, Naming Ruleslogical name tables, Naming Rulesqueues, Naming Rulesresource domains, Naming Rulessecurity class, Naming Rules
Naming
rulescapability objects, Naming Rulescommon event flag clusters, Naming Rulesdevices, Naming Rulesfiles, Naming Rulesglobal sections, Naming Ruleslogical name tables, Naming Rulesqueues, Naming Rulesresource domains, Naming Rulessecurity class, Naming Rules
NCP (Network Control Program)auditing database modifications, Kinds of System Activity the Operating System Can Report
NET PASSWORD command, Setting a New PasswordNET$PROXY.DAT
files, Setting Up a Proxy Databaseauditing, Auditing Categories of Activity
NETMBX
privilege, NETMBX Privilege (Normal)NETPROXY.DAT files, Setting Up a Proxy Databaseauditing, Auditing Categories of Activitynormal protection, Password Protection Checklist
Network access control strings, Guidelines for Protecting Your Password, Protecting Information in Access Control Strings, Secondary Passwords, Using Explicit Access ControlNetwork accountsDECNET account, removing, Removing Default DECnet Access to the Systemnetwork objects, Configuring Network Objects Manually
Network databases, Establishing a Dynamic Asynchronous ConnectionNetwork identifiers, Major Types of Rights IdentifiersNetwork logins, Types of Logins and Login Classes, When the System Logs In for You: Network and Batch LoginsNetwork
security, Network Security Considerations, Managing Network Security, Establishing a Dynamic Asynchronous Connectionevents audited, Auditing in the Networklimitations, Security in a Network Environmentnetwork object configuration, Configuring Network Objects Manuallyrequirements for, Requirements for Achieving Security
Networksaccess
control, Hierarchy of Access ControlsINBOUND parameter, Establishing a Dynamic Asynchronous Connectionproxy login for applications, Using Proxy Logins
NML (network management listener) objects, Summary of Network ObjectsNo
Access attribute, No Access AttributeNodes, types of, Establishing a Dynamic Asynchronous ConnectionNon-file-oriented devices, access requirements, Access Requirements for I/O OperationsNone attribute (ACEs), Preventing Users from Accessing an Object, Limiting Access to a DeviceNoninteractive logins, Types of Logins and Login Classes, When the System Logs In for You: Network and Batch Loginsbatch, When the System Logs In for You: Network and Batch Loginsclasses, When the System Logs In for You: Network and Batch Loginsnetwork, When the System Logs In for You: Network and Batch Logins
Nopropagate attribute, Copying an ACL, Restoring a File's Default Security Profile, Rules for Assigning a Protection Code and ACLNumeric UICs, Format of a UIC
OObject classesdescriptions of, Descriptions of Object Classessecurity attributes of, Specifying an Object's Class
Object ownershipassigning during file creation, Controlling File Accessby resource identifiers, Access Requirementschanging, Owner, Modifying a Security Profileexceptions to the rules, Owner files, Rules for Assigning Ownershipmanaging defaults, Setting Default Protection and Ownership, Controlling File Accessmanaging directory defaults, Setting Up the ACLqualifying for, Ownerreassigning, Ownerrestoring file defaults, Restoring a File's Default Security Profilesecurity element of an object, Contents of an Object's Profilezero UICs in protection checks, How the System Determines if a User Can Access a Protected Object
Object permanencecapability object, Permanence of the Objectcommon event flag cluster, Permanence of the Objectdevices, Permanence of the Objectglobal sections, Permanence of the Objectlogical name tables, Permanence of the Objectqueues, Permanence of the Objectresource domains, Permanence of the Objectsecurity class object, Permanence of the Objectvolumes, Permanence of the Object
Objects, Protecting Dataaccess
arranged by, Authorization Database Represented as an Access Matrixaccess to, comparing security profiles, Contents of a User's Security ProfileACLs and, Access Control List (ACL)adding ACEs for security auditing, Adding Security-Auditing ACEsalarms for creation, Alarm Messagesalarms for deaccess, Alarm Messagesalarms for deletion, Alarm Messagesauditing
access, Auditing Protected Objects, Enabling Auditing for a Class of Objects, Kinds of System Activity the Operating System Can Reportcapability
class, Capabilitieschanging security profile, Modifying a Security Profilecharacteristics of protected objects, Definition of a Protected Objectclass descriptions, Descriptions of Object Classesclass specification, Specifying an Object's Classclass-specific access overrides, Object-Specific Access Considerationsclasses of, Specifying an Object's Classclasses protected by operating system, Specifying an Object's Class, Descriptions of Object Classescontrolling access with Identifier ACEs, Using Identifier Access Control Entries (ACEs), Limiting Access to a Devicedisplaying default protection and ownership, Setting Defaults for Objects Other Than Filesdisplaying security profiles, Displaying a Security Profileglobal sections, Global Sectionsgranting access through protection codes, Controlling Access with Protection Codesin security
models, Reference Monitor Conceptkinds of events audited, Kinds of Events the System Auditslogical name tables, Logical Name Tablesmanaging
default protection and ownership, Setting Default Protection and Ownershipmodifying class templates, Modifying Class Templatesprotection codes, Protection Code, Controlling Access with Protection Codesqueues, Queuesreassigning ownership, Ownerresource domains, Resource Domainsrole in security models, Objectsrules for
determining access, How the System Determines if a User Can Access a Protected Objectsecurity class, Security Classessecurity elements source, Contents of an Object's Profilesecurity management overview, Descriptions of Object Classes security profiles, Security Profile of Objects, Access Required to Modify a Profilevolumes, Volumes
OPCOM
(operator communication manager), security auditing and, Disabling and Reenabling Startup of the Audit ServerOpen accounts, Password Requirements for Different Types of Accounts captive accounts and, Qualifiers Required to Define Captive Accountscaptive
recommendation, Password Protection Checklist
Open files
and ACL consumption of memory, Designing ACLsOpenSSL, Secure Sockets Layer (SSL)OpenVMS Cluster
environmentsbuilding single security domain, Building a Common Environmentmanaging audit log file, Managing the Audit Log Fileprotected object databases, Storing Profiles and Auditing Informationsecurity considerations, Securing a Clustersecurity implementation, Using the System Management Utilitysynchronizing authorization data, Synchronizing Authorization Datasystem file recommendations, Recommended Common System Filessystem file requirements, Required Common System Files
OpenVMS Cluster
environments, protected objects, Protecting ObjectsOPER privilege, OPER Privilege (System)overriding access controls, How the System Determines if a User Can Access a Protected Objectqueue access, Object-Specific Access Considerations queue management, Privilege Requirements
Ownercategory of user access, Format of a Protection Code
PPaper shredders, Disposing of Hardcopy OutputPassword
generatorsobtaining initial password, Primary Passwordswhen to require, Generated Passwords
Password grabber programs, Guidelines for Protecting Your Password, Using the Secure Server catching with auditing ACEs, Attaching a Security-Auditing ACE
Password history, History ListsPassword
protection, Guidelines for Protecting Your Password, Password Protection ChecklistPassword
synchronization, Password SynchronizationPasswordsacceptable, Observing System Restrictions on Passwordsautomatically
generated, Selecting Your Own Password, Using Generated Passwordsavoiding
detection, Using Generated Passwords, Unsuccessful Intrusion Attempts, Identifying the Perpetratorchances
to supply during dialups, Failing to Enter the Correct Password During a Dialup Loginchanging, Changing Your Password, Selecting Your Own Passwordat login, Changing Your Password As You Log Inexpired, Changing an Expired Passwordfrequency guidelines, Guidelines for Protecting Your Passwordsecondary, Changing a Secondary Passwordusing /NEW_PASSWORD qualifier, Changing Your Password As You Log In
 cluster membership management, Managing Cluster Membershipconsole passwords, Console Passwordsdialup
retries, Failing to Enter the Correct Password During a Dialup Logindual, Types of Passwords, Types of Passwordseliminating for networks, Special Security Measures with Proxy Accessencoding, Subjectsencryption algorithms, Site Password Algorithmsexpiration, Password and Account Expiration Times, Changing an Expired Passwordexpiration time, Expiring Passwordsfailure
to change, Changing an Expired Passwordfirst, Obtaining Your Initial Passwordforced change, Changing an Expired Password, Enforcing Change of Expired Passwordformat, Choosing a Password for Your Accountgenerated, Using Generated Passwords, Primary Passwordsguessing, Obtaining Your Initial Passwordhistory
list, Observing System Restrictions on Passwordshow to preexpire, Primary Passwordsincorrect, Local Login Messagesinitial, Obtaining Your Initial Password, Primary Passwordslength, Choosing a Password for Your Account, Obtaining Your Initial Password, Requiring a Minimum Password Lengthlifetime of, Changing Your Password, Changing a Secondary Passwordlocked, Password Requirements for Different Types of Accounts, Qualifiers Required to Define Captive Accounts, Generated Passwordsminimum length, Observing System Restrictions on Passwords, Changing Your Password, Requiring a Minimum Password Length multiple systems and, Guidelines for Protecting Your Passwordnew, Changing Your Password As You Log In null
as choice for captive account, Qualifiers Required to Define Captive Accountsopen accounts and, Password Requirements for Different Types of Accountspassword
grabber programs, Guidelines for Protecting Your Passwordprimary, Types of Passwords, Entering a Secondary Password, Primary Passwordsproxy logins, Using Proxy Login Accounts to Protect Passwordsreason for changing, Observing Your Last Login Time, Additional Events to Auditreceive, Establishing a Dynamic Asynchronous Connectionrestrictions, Observing System Restrictions on Passwords, Enforcing Minimum Password Standardsreuse, Choosing a Password for Your Accountrisky, Choosing a Password for Your Accountrouting
initialization, Specifying Routing Initialization Passwordsscreeningagainst dictionary, System Dictionaryagainst history list, History Listswith site-specific filter, Site-Specific Filters
secondary, Types of Passwords, Secondary Passwordsadvantages, Secondary Passwordschanging, Changing a Secondary Passwordchanging expired, Changing an Expired Passwordentering, Entering a Secondary Passwordmanaging, Secondary Passwords
secure, Choosing a Password for Your Accountsecure choices for, Choosing a Password for Your Accountsecure terminal servers and, Guidelines for Protecting Your Passwordsharing, Guidelines for Protecting Your Password, Sharing Files in a Networksystem, Types of Passwords, Entering a System Password, System Passwordscausing login failures, Using a Terminal That Requires a System Passworddictionary, Observing System Restrictions on Passwordsdisadvantages, System Passwordsguidelines, System Passwordsminimum length requirement, Requiring a Minimum Password Lengthmodifying, System Passwordsrecommended change frequency, Expiring Passwordssetting up, System Passwords
transmit, Establishing a Dynamic Asynchronous Connectiontypes, Knowing What Type of Password to Useuniqueness for each account, Guidelines for Protecting Your Passworduser, Subjects, Knowing What Type of Password to Useuser guidelines, Choosing a Password for Your Accountverifying
change of, Selecting Your Own Passwordwhen account is created, Obtaining Your Initial Passwordwhen
to change, Obtaining Your Initial Password
Performance ACL length and, Designing ACLs high-water marking and, Prevention Through High-Water Markingsecurity-auditing impact, Considering the Performance Impact
PFMGBL privilege, Privilege RequirementsPFNMAP privilege, Privilege Requirements, PFNMAP Privilege (All)PHONE objects, Summary of Network ObjectsPHY_IO privilege, Privilege Requirements, PHY_IO Privilege (All)Physical I/O
access, Types of AccessPhysical security, Building a Secure System Environmentrestricting system access, Controlling Access to System Data and Resourcesviolation indicators, Reports from Userswhen logging out, Logging Out Without Compromising System Security, Clearing Your Terminal Screen
PIPE command,
impact on subprocess auditing events, Considering the Performance ImpactPIPE subprocess, analyzing audit messages, Recommended ProcedurePlaintext, Encryption ProcessPort, terminal, Establishing a Dynamic Asynchronous ConnectionPrimary passwords, Types of PasswordsPrintersdefault security elements, Template Profile
Privilege
requirements common event flag clusters, Privilege Requirementsdevices, Privilege Requirements global sections, Privilege Requirements logical name tables, Privilege Requirements queues, Privilege Requirements resource domains, Privilege Requirements volumes, Privilege Requirements
Privileged
accounts, Privileged Accounts, Limiting User PrivilegesPrivilegesACNT, ACNT Privilege (Devour)affecting
object access, How the System Determines if a User Can Access a Protected ObjectAll category, Categories of PrivilegeALLSPOOL, ALLSPOOL Privilege (Devour)ALTPRI, ALTPRI Privilege (System)AUDIT, AUDIT Privilege (System)auditing
use of, Additional Events to Audit, Kinds of System Activity the Operating System Can Reportauthorized process, Privileges, Giving Users PrivilegesBUGCHK, BUGCHK Privilege (Devour)BYPASS, How the System Determines if a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms, Using Control Access to Modify an Object Profile, BYPASS Privilege (All)bypassing
ACLs, How Privileges Affect Protection Mechanismsbypassing protection codes, How Privileges Affect Protection Mechanismscaptive accounts and, Privileged Accountscategories of, Giving Users Privileges, Categories of PrivilegeCMEXEC, CMEXEC Privilege (All)CMKRNL, CMKRNL Privilege (All)default
process, Privileges, Giving Users Privilegesdefinition, PrivilegesDETACH, IMPERSONATE Privilege (All) (Formerly DETACH)Devour
category, Categories of PrivilegeDIAGNOSE, DIAGNOSE Privilege (Objects)disabling, PrivilegesDOWNGRADE, DOWNGRADE Privilege (All)enabling through SETPRV, PrivilegesEXQUOTA, EXQUOTA Privilege (Devour)file sharing and, Sharing Files in a NetworkGROUP, GROUP Privilege (Group), GRPPRV Privilege (Group)Group category, Categories of PrivilegeGRPNAM, GRPNAM Privilege (Devour)GRPPRV, How the System Determines if a User Can Access a Protected Object, Format of a Protection Code, How Privileges Affect Protection Mechanisms, Using Control Access to Modify an Object ProfileIMPERSONATE, IMPERSONATE Privilege (All) (Formerly DETACH)IMPORT, IMPORT Privilege (Objects)influence on object access, How the System Determines if a User Can Access a Protected ObjectLOG_IO, LOG_IO Privilege (All)MOUNT, MOUNT Privilege (Normal)NETMBX, NETMBX Privilege (Normal)network
requirements, Managing Network SecurityNormal category, Categories of PrivilegeObjects category, Categories of PrivilegeOPER, Object-Specific Access Considerations, OPER Privilege (System)PFNMAP, PFNMAP Privilege (All)PHY_IO, PHY_IO Privilege (All)PRMCEB, PRMCEB Privilege (Devour)PRMGBL, PRMGBL Privilege (Devour)PRMMBX, PRMMBX Privilege (Devour)process, Assigning PrivilegesPSWAPM, PSWAPM Privilege (System)READALL, How the System Determines if a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms, READALL Privilege (Objects)recommendations
for different users, Suggested Privilege Allocationsrelated
to group UIC, Designing User Groupsreporting
use with $CHECK_PRIVILEGE, Sources of Event Informationrequirements common event flag clusters, Privilege Requirements devices, Privilege Requirements global sections, Privilege Requirements logical name tables, Privilege Requirements queues, Privilege Requirements resource domains, Privilege Requirements volumes, Privilege Requirements
SECURITY, SECURITY Privilege (System) security
administrator requirements, Account Requirements for a Security AdministratorSET
PROCESS/PRIVILEGES, PrivilegesSETPRV, SETPRV Privilege (All)SHARE, SHARE Privilege (All)SHMEM, SHMEM Privilege (Devour)storage in UAF record, Giving Users Privilegessummary
of, Categories of Privilege, Assigning PrivilegesSYSGBL, SYSGBL Privilege (Files)SYSLCK, SYSLCK Privilege (System)SYSNAM, SYSNAM Privilege (All)SYSPRV, How the System Determines if a User Can Access a Protected Objectcontrolling access through, Using Control Access to Modify an Object Profileeffect on protection mechanisms, How Privileges Affect Protection Mechanismsgiving rights of system user, Format of a Protection Codetasks requiring, SYSPRV Privilege (All)
System
category, Categories of PrivilegeTMPMBX, TMPMBX Privilege (Normal)UAF
records and, PrivilegesUPGRADE, UPGRADE Privilege (All)VOLPRO, VOLPRO Privilege (Objects)WORLD, WORLD Privilege (System)
PRMCEB privilege, Privilege Requirements, PRMCEB Privilege (Devour)PRMGBL
privilege, PRMGBL Privilege (Devour)PRMMBX privilege, Privilege Requirements, PRMMBX Privilege (Devour)Probers,
catching, Monitoring the System, Security AuditingProbing, as
security problem, Types of Computer Security ProblemsProcess exclusion list, Preventing Process SuspensionProcessesaccess
rights of, Protecting Dataactivities permitted by privileges, Giving Users Privilegesadding to exclusion list, Preventing Process Suspensionaudit server, Tasks Performed by the Audit Serverauditing of, Modifying a User Authorization Record, Kinds of System Activity the Operating System Can Reportauditing
system services controlling, Kinds of System Activity the Operating System Can Reportconnecting restrictions, Local Login Messagescreating
with different UICs, How Your Process Acquires a UICdefault
protection for, Rules for Assigning a Protection Code and ACLdisconnected, Local Login Messages, Removing Disconnected Processesdisplaying default protection, Rules for Assigning a Protection Code and ACLdisplaying process rights identifiers, Displaying the Rights Identifiers of Your Processenabling privileges, Privilegesinteractive
mode, Types of Logins and Login Classeslogging out of current, Removing Disconnected Processesmodifying the rights list, Modifying a System or Process Rights Listreconnecting, Local Login Messagessecurity
profiles of, Contents of a User's Security Profilesuspending, Preventing Process SuspensionUIC identifiers, How Your Process Acquires a UIC
Project accounts, Setting Up the Resource Identifieras protected subsystems, Applications for Protected Subsystemssetting up, Setting Up the Directory of a Resource Identifier
Prompts, passwords
and, Entering a System PasswordPropagating protection,
example, Admitting Remote Users to Multiple AccountsProtected attribute, Copying an ACL, Restoring a File's Default Security Profiledeleting ACEs with, Deleting an ACL
Protected object
databases, Storing Profiles and Auditing InformationProtected subsystemsadvantages of, Using Protected Subsystems, Advantages of Protected Subsystemsapplications for, Applications for Protected Subsystemsconstructing, Building the Subsystemdescription of, How Protected Subsystems Work, Giving Users Accessdesign requirements, Design Considerationsenabling, Enabling Protected Subsystems on a Trusted Volumeexample, Example of a Protected Subsystemfile protection, Protecting Subsystem Directories, Protecting the Images and Data Filesmounting volumes with, Enabling Protected Subsystems on a Trusted Volumeprinter protection, Protecting the Printersubsystem ACEs, Building the Subsystemsystem management requirements, System Management Requirementsuser access, Giving Users Access
Protection ACL-based, Setting Defaults for a Directory Owned by a Resource Identifiercapability, Template Profilecommand procedures and, Potentially Harmful Programscommon event flag clusters, Template Profiledeleted
data, Protecting Information When Disk Space Is Reassigned, Overwriting Disk Blocks, Setting a High-water Markdevices, Template Profileglobal sections, Template Profilelogical name tables, Template Profilemanaging
defaults, Setting Default Protection and Ownership, Controlling File Access objects, Security Profile of Objectsqueues, Template Profileresource domains, Template Profilesecurity class, Template Profilethrough
protected subsystems, Using Protected SubsystemsUIC-based codes, Protection Codevolumes, Template Profile
Protection checking, How the System Determines if a User Can Access a Protected Objectevaluating an object access request, How the System Determines if a User Can Access a Protected Objectexception with zero UICs, How the System Determines if a User Can Access a Protected Objectinfluenced by ownership, Controlling File Access
Protection codes, Protection for OpenVMS System Filesaccess specification, Types of Access in a Protection Codeaccess types, Format of a Protection Codeassigning during file creation, Controlling File Accessbypassing with special rights, Understanding Privileges and Control Access changing, Changing a Protection Codedefault file protection, Providing a Default Protection Code for a Directory Structure, Adjusting Protection Defaultsdefinition, Authorization Database, Protection Codedenying all access, Enhancing Protection for Sensitive Objectseffect of privileges, How the System Determines if a User Can Access a Protected Objectevaluation sequence, Protection Code format, Controlling Access with Protection Codesgranting control access, Types of Access in a Protection CodeIdentifier ACEs and, Preventing Users from Accessing an Objectinteraction with ACLs, Enhancing Protection for Sensitive Objectsinterpreting, Protection Codemultiple user categories and, Processing a Protection Codenull access specification, Format of a Protection Codepriority in access evaluation, How the System Determines if a User Can Access a Protected Object processing, Processing a Protection Codequeue access rights, Types of Accessreading, Processing a Protection Coderestoring file default, Restoring a File's Default Security Profilesecurity element of an object, Contents of an Object's Profilesequence of checking categories, Processing a Protection Codeuser categories, Protection Code
Protocolsautodial/master, Establishing a Dynamic Asynchronous Connection
Protocols, autodial/nomaster, Establishing a Dynamic Asynchronous ConnectionProxies access controlremoving, Removing Proxy Access
Proxy access, Using Proxy Loginsaccess control, Hierarchy of Access Controls removing, Removing Proxy Accesssetting up a proxy database for, Setting Up a Proxy Databaseto
applications, Enabling and Disabling Incoming Proxy Accessto
nodes, Enabling and Disabling Incoming Proxy Access
Proxy
accounts, Using Proxy Login Accounts to Protect Passwords, Using Proxy Logins, Using DECnet Application (Object) Accountsas captive accounts, Procedure for Creating a Proxy Accountas restricted accounts, Proxy Accountsdefault, Using Proxy Login Accounts to Protect Passwordsexample, Example of a Proxy Account, Admitting Remote Users to Multiple Accountsgeneral-access, Using Proxy Login Accounts to Protect Passwordsmaximum number allowed, Using Proxy Login Accounts to Protect Passwordsmultiple-user, Using Proxy Login Accounts to Protect Passwordsnaming, Using Proxy Login Accounts to Protect Passwordsrecommended restrictions, Procedure for Creating a Proxy Accountselecting from multiple, Using Proxy Login Accounts to Protect Passwordssingle-user, Using Proxy Login Accounts to Protect Passwords
Proxy database, Setting Up a Proxy Database setting up, Setting Up a Proxy Database
Proxy logins, When the System Logs In for You: Network and Batch Logins, Using Proxy Login Accounts to Protect Passwords, Using Proxy Loginsaccess
control, Using Proxy Loginsaccount, Using Proxy Loginsestablishing
and managing, Proxy Access Control, Special Security Measures with Proxy AccessNET$PROXY.DAT, Setting Up a Proxy DatabaseNETPROXY.DAT, Setting Up a Proxy Databasenetwork applications, Using Proxy Loginssecurity benefits, Using Proxy Login Accounts to Protect Passwords
PSWAPM
privilege, PSWAPM Privilege (System)PURGE command, /ERASE qualifier, Overwriting Disk Blocks
QQueuesaccess granted
by OPER privilege, Object-Specific Access ConsiderationsACL access
rights, Types of Accessas protected objects, Classes of Protected Objectsevents audited, Kinds of Auditing Performedprivilege requirements, Privilege Requirementsprofile
storage, Permanence of the Objectprotection code access rights, Types of Accesssecurity elements of, Queuestemplate profiles, Template Profiletypes of
access, Types of Access
RRead access devices, Types of Access files, Types of Access global sections, Types of Accessgranting
through ACLs, Establishing an Inheritance Scheme for Filesgranting through protection
codes, Format of a Protection Code logical name tables, Types of Accessqueuesthrough
ACLs, Types of Accessthrough
protection codes, Types of Access
 resource domains, Types of Access security class, Types of Access volumes, Types of Access
READALL privilege, How the System Determines if a User Can Access a Protected Object, How Privileges Affect Protection Mechanisms, READALL Privilege (Objects)Recall buffers, Protecting Information in Access Control StringsRECALL command, /ERASE qualifier, Protecting Information in Access Control StringsReceive passwords, Establishing a Dynamic Asynchronous ConnectionReconnection
to processes, Limiting Disconnected ProcessesRecords displaying
holder of a rights identifier, Displaying the DatabaseReference
monitors, Structure of a Secure Operating Systemapplying to networks, Requirements for Achieving Securityconcept in security, Structure of a Secure Operating System, Reference Monitorimplementation, Implementation of the Reference Monitorrequirements on, How the Reference Monitor Enforces Security Rules
Remote identifiers, Major Types of Rights IdentifiersRemote logins, Logging In Interactively: Local, Dialup, and Remote Loginslogging
out, Clearing Your Terminal Screensystem passwords and, System Passwords
REMOVE/IDENTIFIER
command in Authorize utility, Removing IdentifiersRemoving
proxy access, Removing Proxy AccessRENAME command/INHERIT_SECURITY qualifier, Using the COPY and RENAME Commands
RENAME command, /INHERIT_SECURITY qualifier, Using the COPY and RENAME CommandsReserved UIC
group numbers, Format of a UICResource
attribute, Resource Attribute, Setting Up the Resource IdentifierResource attributes, Resource Attribute, Setting Up the Resource IdentifierResource domains, Classes of Protected Objectsevents audited, Kinds of Auditing Performedprivilege requirements, Privilege Requirementsprofile storage, Permanence of the Objectsecurity elements of, Resource Domainstemplate profile, Template Profiletypes of access, Types of Access
Resource identifiers, Setting Up the Resource Identifieras file owners, Rules for Assigning a Protection Code and ACL
Resource
monitoring, Error Handling in the Auditing Facilitydisabling, Disabling Disk Monitoring
Restricted accounts, Password Requirements for Different Types of Accounts, Restricted Accountsdanger of process spawning, Qualifiers Required to Define Captive Accountssetting up, Types of System Accountswhen to use, Types of System Accounts
Rights
databaseadding identifiers, Adding Identifiersassigning identifiers to users, Assigning Identifiers to Userscreating and maintaining, Populating the Rights Databasedisplaying, Displaying the Databaseremoving identifiers and holders, Removing Identifiers
Rights databasesadding identifiers, Adding Identifiersassigning identifiers to users, Assigning Identifiers to Userscreating and maintaining, Populating the Rights Databasedisplaying, Displaying the Databaseremoving identifiers and holders, Removing Identifiers
Rights list, access arranged by capability, Authorization Database Represented as an Access MatrixRights lists access arranged by capability, Authorization Database Represented as an Access Matrix
Rights of usersdisplaying, Displaying the Database
RIGHTSLIST.DAT filesauditing, Auditing Categories of Activitycreating and maintaining, Displaying the Databasehow UICs are stored, Guidelines for Creating a UIC
RMS_FILEPROT system parameter, Rules for Assigning a Protection Code and ACL, Controlling File Access, Adjusting Protection DefaultsRouting
initialization passwords, Specifying Routing Initialization Passwords
SSave
set (BACKUP), protection of, Protecting a Backup Save SetSave setsencrypting, Encrypting Save Sets
Screen clearing, Clearing Your Terminal ScreenSecondary passwords, Types of Passwordsadvantages, Secondary Passwordschanging, Changing a Secondary Passwordchanging expired, Changing an Expired Passworddisadvantages, Types of Passwordsentering, Entering a Secondary Passwordlogin expiration, Entering a Secondary Passwordmanaging, Secondary Passwordsminimum length, Entering a Secondary Password
SECSRV$CLIENT, reserved identifier, How Protected Subsystems WorkSECSRV$COMMUNICATION, reserved identifier, How Protected Subsystems WorkSECSRV$OBJECT, reserved identifier, How Protected Subsystems WorkSecure Sockets
Layer (SSL), Secure Sockets Layer (SSL)Secure
terminal servers, Guidelines for Protecting Your Password, Using the Secure Serverpassword protection and, Guidelines for Protecting Your Password
Securityassessing
auditing requirements, Assessing Your Auditing Requirementsclusterwide
intrusion detection, clusterwide Intrusion Detectiondata protection mechanisms, Security Profile of Objectsdefinition of levels, Levels of Security Requirementsenvironmental
factors, Building a Secure System Environmenterasing data on disk, Protecting Information When Disk Space Is Reassignedhigh-water marking, Protecting Information When Disk Space Is Reassignedmanaging auditing, Managing the Auditing Subsystemmanaging default protection
and ownership, Setting Default Protection and Ownershipobjects
protected by system, Specifying an Object's Classoperating system model, Structure of a Secure Operating Systemoptimizing
file security, Suggestions for Optimizing File Securityperformance impactauditing, Considering the Performance Impact
Trojan horse programs, Suggestions for Optimizing File Security
Security
administratorschecklist for maintaining a secure
system, Ongoing Tasks to Maintain a Secure Systemcluster managers and, Securing a Clustergoals of, Understanding System Securitypersonal accounts, Account Requirements for a Security Administratorprivilege requirements, Account Requirements for a Security Administratorrole of, Role of a Security Administratorsystem passwords and, Entering a System Passwordtraining users, Checklist for Contributing to System Security, Training the New User
Security alarms, Asking Your Security Administrator to Enable Auditingdisabling on system consoles, Enabling a Terminal to Receive Alarmsevents to enable as, Auditing Categories of Activity, Selecting a Destination for the Event Messageevents triggering, Additional Events to Auditexample of enabling events, Assessing Your Auditing Requirementssample messages, Overview of the Auditing Process, Alarm Messages
Security
archive fileslosing the remote link to, Losing the Link to a Remote Log File
Security archive
files, losing the remote link to, Losing the Link to a Remote Log FileSecurity attacks, forms of, Types of Computer Security Problems, Forms of System AttacksSecurity audit event messageschanging disk transfer rate, Adjusting the Transfer of Messages to Diskcontrolling delivery to server, Choosing the Number of Outstanding Messages That Trigger Process Suspensiondelaying delivery at startup, Changing the Point in Startup When the Operating System Initiates Auditingwhen to ignore, Recommended Procedure
Security
audit log files, Audit Trail, Auditing File Accessadvantages of, Selecting a Destination for the Event Messageallocating disk space, Allocating Disk Space for the Audit Log Filechanging location, Moving the File from the System Diskchanging message transfer rate, Adjusting the Transfer of Messages to Diskcharacteristics, Using an Audit Log Filecreating, Maintaining the Filedescription, Using an Audit Log Fileevents to report, Selecting a Destination for the Event Messageinteractive analysis, Using the Audit Analysis Utility Interactivelymaintaining, Maintaining the Filepre-extending, Disabling Disk Monitoringprocedures, Using an Audit Log Fileselecting records from, Providing Report Specifications
Security audit reports, Analyzing a Log File, Examining the Reportanalyzing suspicious activity, Recommended Procedurebrief format, Brief Audit Reportcreating, Recommended Proceduredefining contents of, Providing Report Specificationsdestination, Qualifiers for the Audit Analysis Utilitydetailed inspection, Examining the Reportexamples, Providing Report Specifications, Examining the Reportformats, Qualifiers for the Audit Analysis Utilityfull format, One Record from a Full Audit Reportrights identifiers in, How Rights Identifiers Appear in the Audit Trailroutine inspections, Recommended Procedurescheduling, Recommended Proceduresummary format, Summary of Events in an Audit Log File
Security auditing, Auditing Access to Your Account and Files, Security Auditingaccount and file access, Auditing Access to Your Account and Filesadding ACEs to files, Adding Access Control Entries to Sensitive Filesanalyzing audit log
files, Analyzing a Log File archive files, Using a Remote Log Fileassessing site requirements, Assessing Your Auditing Requirementsaudit listener mailboxes, Using a Listener Mailboxaudit server databases, Tasks Performed by the Audit Serveraudit trails, Audit Trailcapability objects, Kinds of Auditing Performedcluster considerations, Managing the Audit Log File common event flag clusters, Kinds of Auditing Performedcontrolling event messages, Choosing the Number of Outstanding Messages That Trigger Process Suspensiondefault auditing events, Audit Traildefault characteristics, Tasks Performed by the Audit Server devices, Kinds of Auditing Performeddirectories, Kinds of Auditing Performeddisabling auditing, Disabling and Reenabling Startup of the Audit Serverdisabling events, Auditing Categories of Activitydisabling resource monitoring, Disabling Disk Monitoringeffective use, Recommended Procedureenabling auditing, Disabling and Reenabling Startup of the Audit Serverenabling event classes, Auditing Categories of Activityenabling events, Ways to Generate Audit Informationerror handling, Allocating Disk Space for the Audit Log File, Error Handling in the Auditing Facilityexcluding processes from suspension, Preventing Process Suspensionfiles, Adding Access Control Entries to Sensitive Files, Kinds of Auditing Performed global sections, Kinds of Auditing Performedgranularity of events, Enabling Auditing for a Class of Objectshigh security needs, Levels of Security Requirements, Assessing Your Auditing Requirements logical name tables, Kinds of Auditing Performedlow security needs, Levels of Security Requirements, Assessing Your Auditing Requirementsmanaging the audit server, Managing the Auditing Subsystemmemory limitations and, Reacting to Insufficient Memorymessages, Auditing File Accessmoderate security needs, Levels of Security Requirements, Assessing Your Auditing Requirements, Auditing Events for a Site with Moderate Security Requirementsobject class enabled, Enabling Auditing for a Class of Objectsoverview, Overview of the Auditing Processperformance impact, Considering the Performance Impact queues, Kinds of Auditing Performedreporting object access, Auditing Protected Objectsreporting object use, How Rights Identifiers Appear in the Audit Trail resource domains, Kinds of Auditing Performed security class objects, Kinds of Auditing Performedsending event messages to archive files, Using a Remote Log Filesending event messages to mailboxes, Using a Listener Mailboxsending event messages to operator terminals, Enabling a Terminal to Receive Alarmssynchronizing cluster time, Maintaining the Accuracy of Message Time-Stamping volumes, Kinds of Auditing Performed
Security
breaches, handling, Understanding System Security, Handling a Security BreachSecurity
checklistsfor designing a secure system, Summary: System Security Designfor maintaining a
secure system, Ongoing Tasks to Maintain a Secure Systemfor training users, Training the New Userfor users, Checklist for Contributing to System Security
Security class
object, Security Classes, Permanence of the Objectdefinition, Classes of Protected Objectsevents audited, Kinds of Auditing Performedprofile storage, Permanence of the Objecttemplate profile, Template Profiletypes of access, Types of Access
Security
featuresaccess controls, Protecting Data, Managing System Accessaccount duration, Password and Account Expiration Times, Renewing an Expired Account, Restricting Account Durationauditing, Adding Access Control Entries to Sensitive Files, Security Auditing, Security Auditingautomatic password generation, Selecting Your Own Password, Primary Passwordsdialup retries, Failing to Enter the Correct Password During a Dialup Loginerase-on-allocate, Prevention Through High-Water Markingerase-on-delete, Erasing Techniqueserasure patterns, Overwriting Disk Blockshigh-water marking, Prevention Through High-Water Markingintrusion detection, Knowing When Break-In Evasion Procedures Are in Effect, Secondary Passwordslogin class restrictions, Observing Your Login Class Restrictions, Restricting Work Timespassword changes, Changing Your Passwordpassword expiration, Password and Account Expiration Times, Expiring Passwordspassword protection, Guidelines for Protecting Your Password, Password Protection Checklistpassword requirements, Password Requirements for Different Types of Accounts, Requiring a Minimum Password Lengthpassword restrictions, Observing System Restrictions on Passwords, Using Passwords to Control System Accesspasswords, Using Passwords to Control System Access, Password Protection Checklistprotected subsystems, Using Protected Subsystemsproxy accounts, Using DECnet Application (Object) Accountsproxy logins, Using Proxy Login Accounts to Protect Passwords, Proxy Access Controlsecondary passwords, Entering a Secondary Password, Changing a Secondary Passwordsecure terminal servers, Guidelines for Protecting Your Password, Using the Secure Serversecurity alarms, Asking Your Security Administrator to Enable Auditingshift restrictions, Using an Account Restricted to Certain Days and Timessystem passwords, Entering a System Password, Using a Terminal That Requires a System Password
Security kernel, definition, How the Reference Monitor Enforces Security RulesSecurity levels, Levels of Security Requirements, Building a Secure System Environmentevent monitoring and, Assessing Your Auditing Requirementshigh, Levels of Security Requirements, Observing Your Last Login Timelow, Levels of Security Requirements, Observing Your Last Login Timemedium, Levels of Security Requirements
Security management, Role of a Security Administratorfor clusters, Building a Common Environment, Required Common System Files, Recommended Common System Filesmanaging audit log file, Managing the Audit Log Filemodifying cluster group number, Managing Cluster Membershipmodifying cluster password, Managing Cluster Membershippolicy development, Levels of Security Requirements, Role of a Security Administrator, System Security Breachesprotected objectscluster-visible, Protecting Objectsdatabases, Storing Profiles and Auditing Information
synchronizing authorization data, Synchronizing Authorization DataSYSMAN requirements, Using the System Management Utility
Security models, Structure of a Secure Operating SystemSecurity operator terminals, Enabling a Terminal to Receive AlarmsSECURITY privilege, SECURITY Privilege (System)hidden ACEs and, Displaying ACLs
Security
problemsanonymity of network and dialup users, Restricting Modes of Operationautologin accounts, reducing, Automatic Login Accountscategories of, Types of Computer Security Problemsdisk scavenging, Protecting Information When Disk Space Is Reassignedhardcopy terminal output, Disposing of Hardcopy Outputlogging out, Logging Out Without Compromising System Security, Clearing Your Terminal Screennetwork access control strings, Protecting Information in Access Control Stringspassword detection, Using Generated Passwordstelephone system as, Identifying the Successful Perpetrator
Security profilesassigning to new devices, Setting Up Profiles for New Devicescapability object, Template Profilecommon event flag clusters, Template Profiledevices, Template Profiledisplaying class defaults, Displaying Class Defaultsfiles, Restoring a File's Default Security Profile, Files, Profile Assignmentglobal sections, Template Profilein access evaluations, How the System Determines if a User Can Access a Protected Objectlogical name tables, Template Profilemodification requirements, Access Required to Modify a Profile, Using Control Access to Modify an Object Profileobjects, Security Profile of ObjectsACLs, Access Control List (ACL)changing, Modifying a Security Profilecontents, Contents of an Object's Profiledeleting ACLs, Deleting an ACLdisplaying, Displaying a Security Profilemodifying class templates, Modifying Class Templatesorigin of, Contents of an Object's Profileowner element, Owner protection codes, Protection Code, Controlling Access with Protection Codes
processes, Contents of a User's Security Profiledisplaying, Displaying the Rights Identifiers of Your Processidentifiers, Rights Identifiersprivileges, PrivilegesUICs, User Identification Code (UIC)
queues, Template Profileresource domains, Template Profilesecurity class, Template Profileusers, Contents of a User's Security Profiledisplaying, Displaying the Rights Identifiers of Your Processidentifiers, Rights Identifiersprivileges, PrivilegesUICs, User Identification Code (UIC), How Your Process Acquires a UIC
volumes, Template Profile
Security restrictionscaptive command procedures, Guidelines for Captive Command Procedureslogin class, Observing Your Login Class Restrictionson command usage, Restricting DCL Command Usageon mode of operation, Restricting Modes of Operationshifts, Using an Account Restricted to Certain Days and Times, Restricting Work Timestime-of-day, Using an Account Restricted to Certain Days and Times, Restricting Work Times
Security
Server process, Security Server ProcessSecurity, clusterwide intrusion detection, clusterwide Intrusion DetectionSecurity-auditing ACEsposition in ACL, Displaying ACLs
Security-auditing
events, Additional Events to Auditbased on security needs, Assessing Your Auditing Requirementsclasses of, Kinds of System Activity the Operating System Can Reportdefault classes, Overview of the Auditing Process, Auditing Categories of Activity, Assessing Your Auditing Requirementsdisabling all classes, Assessing Your Auditing Requirementsdisplaying, Auditing Categories of Activityenabling all classes, Assessing Your Auditing Requirementsenabling as alarms, Assessing Your Auditing Requirementsenabling as audits, Assessing Your Auditing Requirementsexample, Auditing Categories of Activitynetwork, Auditing in the Networkreporting, Auditing Categories of Activity, Selecting a Destination for the Event Message, Methods of Capturing Event Messagessending to audit log files, Using an Audit Log Filesending to listener mailboxes, Using a Listener Mailboxsending to operator terminals, Enabling a Terminal to Receive Alarmssending to remote archive files, Using a Remote Log Filesuppressing privilege audits, Suppression of Certain Privilege Auditssuppressing process control audits, Suppression of Certain Process Control Auditssystem services for, Sources of Event Information
SECURITY.AUDIT$JOURNAL files, Invoking the Audit Analysis UtilitySECURITY_POLICY
system parameter, Storing Profiles and Auditing InformationServersaudit, Tasks Performed by the Audit Serversecure terminals, Guidelines for Protecting Your Passwordsecurity, Security Server Process
SET AUDIT command/EXCLUDE qualifier, Preventing Process Suspension/INTERVAL qualifier, Adjusting the Transfer of Messages to Disk/LISTENER qualifier, Using a Listener Mailbox/SERVER qualifier, Reacting to Insufficient Memory, Adjusting the Transfer of Messages to Disk/THRESHOLD qualifier, Allocating Disk Space for the Audit Log Filealarms, Alarm Messagesenabling security-relevant
events, Auditing Categories of Activityopening new log files, Maintaining the Filesuggested auditing applications, Security Auditing
SET FILE
command, /ERASE qualifier, Overwriting Disk BlocksSET HOST command, Logging In Interactively: Local, Dialup, and Remote LoginsSET HOST/DTE command, using over the
network, Establishing a Dynamic Asynchronous ConnectionSET PASSWORD command, Changing Your Password, Selecting Your Own Password/GENERATE qualifier, Using Generated Passwords, Requiring a Minimum Password Length/SECONDARY qualifier, Changing a Secondary Password/SYSTEM qualifier, System Passwords/SYSTEM/GENERATE qualifier, System Passwordsautomatic password generation, Using Generated Passwords
SET PROCESS
command, /PRIVILEGES qualifier, Privileges, Giving Users PrivilegesSET PROTECTION/DEFAULT command, Controlling File AccessSET
SECURITY command/ACL qualifier, Adding ACEs to an Existing ACLadding Identifier ACEs, Using Identifier Access Control Entries (ACEs)deleting, Deleting an ACLdeleting
ACEs, Deleting ACEs from an ACLexample, Adjusting Protection Defaultsreplacing ACEs, Replacing Part of an ACL
/AFTER qualifier, Adding ACEs to an Existing ACL/CLASS qualifier, Specifying an Object's Class, Limiting Access to a Device/CLASS=DEVICE qualifier , Restricting Terminal Use
/COPY_ATTRIBUTE
qualifier, Copying an ACL/DEFAULT qualifier, Restoring a File's Default ACL, Setting Up Accounts for Local and Remote Users/DELETE qualifier, Deleting ACEs from an ACL/LIKE qualifier, Copying an ACL/OWNER qualifier, Modifying a Security Profile/PROTECTION qualifier, Modifying a Security Profile, Processing a Protection Codemodifying codes, Changing a Protection Codemodifying for devices, Restricting Application Terminals and Miscellaneous Devices
/REPLACE qualifier, Replacing Part of an ACLchanging object security profile, Modifying a Security Profilechanging protection codes, Changing a Protection Codecopying ACLs, Copying an ACLcreating an ACL, Setting Up the ACLdeleting ACEs, Deleting ACEs from an ACLexample, Setting Up Accounts for Local and Remote Usersmanaging site defaults, Setting Defaults for Objects Other Than Filesrestoring defaults for files, Restoring a File's Default Security Profilesetting default file protection, Adjusting Protection Defaults
SET TERMINAL command/DISCONNECT qualifier, Limiting Disconnected Processes/HANGUP qualifier, Breaking the Connection to a Dialup Line/NOMODEM/SECURE qualifier, Using the Secure Server/SECURE qualifier, Using the Secure Server/SYSPWD qualifier, System Passwordsstopping password grabbers, Using the Secure Serverusing over the network, Establishing a Dynamic Asynchronous Connection
SET
VOLUME command/ERASE_ON_DELETE qualifier, Overwriting Disk Blocks, Erasing Techniques/NOHIGHWATER_MARKING
qualifier, Setting a High-water Mark, Prevention Through High-Water Marking/PROTECTION qualifier, Controlling File Access
SET VOLUME
command, /ERASE_ON_DELETE qualifier, Overwriting Disk BlocksSet-Up key, Clearing Your Terminal ScreenSETPRV
privilege, SETPRV Privilege (All)SHARE
privilege, SHARE Privilege (All)Shareable
devices, access requirements, Access Requirements for I/O OperationsShared files, considerations for a
cluster system, Synchronizing Authorization DataShift restrictions, Using an Account Restricted to Certain Days and TimesSHMEM
privilege, SHMEM Privilege (Devour)SHOW AUDIT command, Auditing Categories of Activity, Tasks Performed by the Audit ServerSHOW INTRUSION command, Understanding the Intrusion DatabaseSHOW PROCESS command, Displaying the Rights Identifiers of Your Processand WORLD privilege, Restricting Command Output
SHOW
PROTECTION command, Rules for Assigning a Protection Code and ACLSHOW SECURITY command, Displaying ACLsdisplaying security profiles of objects, Displaying a Security Profiledisplaying site defaults, Setting Defaults for Objects Other Than Files, Displaying Class Defaultsdisplaying the object's class, Specifying an Object's Class
SHOW USERS command,
disconnected jobs and, Removing Disconnected ProcessesSHOW/IDENTIFIER
command in Authorize utility, Displaying the DatabaseSHOW/RIGHTS command in Authorize utility, Displaying the DatabaseSign-on, single, Enabling External AuthenticationSingle sign-on, Enabling External AuthenticationSite security, Building a Secure System EnvironmentSocial engineering as security problem, Types of Computer Security ProblemsSOGW user category abbreviation, Format of a Protection CodeSpawning processes, security implications
in restricted accounts, Qualifiers Required to Define Captive AccountsSpooled devices, access requirements, Access Requirements for I/O OperationsSSL, Secure Sockets Layer (SSL)STARTNET.COM command procedure, Establishing a Dynamic Asynchronous ConnectionSubjects in security models, Reference Monitor Concept, SubjectsSubmit access, Types of AccessSubprocessesanalyzing
audit messages, Recommended Procedureincrease
in auditing events, Considering the Performance Impact
Subsystem ACEs, System Management Requirements, Building the Subsystem, Enabling Protected Subsystems on a Trusted Volumeformat, Building the Subsystem
subsystem ACEs, Customizing IdentifiersSubsystem attribute, Subsystem AttributeSurveillance guidelines, Ongoing Tasks to Maintain a Secure SystemSynchronization, password, Password SynchronizationSYS$ACM system service, ACME Subsystem OverviewSYS$ANNOUNCE
logical name, Announcement MessageSYS$NODE logical name, Welcome MessageSYS$PASSWORD_HISTORY_LIFETIME, History ListsSYS$PASSWORD_HISTORY_LIMIT, History ListsSYS$SINGLE_SIGNON
logical name, Enabling External AuthenticationSYS$SINGLE_SIGNON
logical name bits, Specifying the SYS$SINGLE_SIGNON Logical Name BitsSYS$WELCOME
logical name, Welcome MessageSYSALF,
ALF (automatic login facility) file, Providing Automatic LoginSYSECURITY.COM command procedure, Moving the File from the System DiskSYSGBL privilege, Privilege Requirements, SYSGBL Privilege (Files)SYSLCK privilege, Privilege Requirements, SYSLCK Privilege (System)SYSNAM privilege, Privilege Requirements, SYSNAM Privilege (All)modifying system operations, Privilegesoverriding access controls, How the System Determines if a User Can Access a Protected Object queue management, Privilege Requirements
SYSPRV privilege, How the System Determines if a User Can Access a Protected Object, How Privileges Affect Protection Mechanismsgiving rights of system user, Format of a Protection Codetasks requiring, SYSPRV Privilege (All)
SYSTARTUP_VMS.COM
command procedure, Establishing a Dynamic Asynchronous ConnectionSystem failuresdisposing of hardcopy output, Disposing of Hardcopy Output
System failures,
disposing of hardcopy output, Disposing of Hardcopy OutputSystem
filesadding
ACLs, Protecting System FilesAlpha
default protection, Protecting System Filesauditing
recommendations, Security Auditingbenefiting from ACLs, Security Auditingdefault
protection, Protecting System Files, Protection for OpenVMS System Filesprotecting, Protecting System Filesprotection codes and ownership, Protection for OpenVMS System Filesrecommended, Recommended Common System Filesrequired, Required Common System Files
System Generation utility (SYSGEN),
auditing parameter modifications, Kinds of System Activity the Operating System Can ReportSystem Management utility
(SYSMAN)managing clusters, Using the System Management Utility modifying cluster security data, Managing Cluster Membership modifying LGI parameters, Building a Common Environment
System
managersassessing auditing requirements, Assessing Your Auditing Requirements
System parametersauditing modification of, Kinds of System Activity the Operating System Can Reportcontrolling disconnected processes, Limiting Disconnected Processesdefining system users (security category), Using Control Access to Modify an Object Profile
System passwords, Types of Passwordscausing login failures, Using a Terminal That Requires a System Passworddisadvantages, System Passwordsentering, Entering a System Passwordguidelines, System Passwordsminimum length requirement, Requiring a Minimum Password Lengthmodifying, System Passwordsrecommended change frequency, Expiring Passwordssetting up, System Passwordswhere stored, System Passwords
System services, auditing event information, Sources of Event InformationSystem users (security category), Protection Code, Using Control Access to Modify an Object Profiledefining with MAXSYSGROUP
parameter, Format of a Protection Codequalifications for, Format of a Protection Code
Systemscontrolling access to, Types of Logins and Login Classescontrolling use of, Types of Passwords
SYSUAF.DAT filesaccount expiration, Renewing an Expired Accountauditing modifications to, Auditing Categories of ActivityLOCKPWD flag, Password Requirements for Different Types of Accountslogin class restrictions, Observing Your Login Class Restrictionsmodifications and security audit, Additional Events to Audit, Kinds of System Activity the Operating System Can Reportnormal protection, Password Protection Checklistpassword storage, Subjects privileges and, Giving Users Privileges, Assigning Privilegesrecording privileges, Privileges synchronization with rights database, Populating the Rights Database
SYSUAFs (system
user authorization files)marking for external
authentication, Enabling External Authentication
TTampering with system files, detecting, Security AuditingTapesdefault security elements, Template Profilemanaging
security profiles, Setting Up Profiles for New Devices
TASK objects, Summary of Network ObjectsTemplate devices,
security elements of, Setting Up Profiles for New DevicesTerminal
emulator, Establishing a Dynamic Asynchronous ConnectionTerminal emulators, Establishing a Dynamic Asynchronous ConnectionTerminal lines, Establishing a Dynamic Asynchronous ConnectionTerminalsbreaking
dialup connection, Breaking the Connection to a Dialup Lineclearing DECwindows screen, Protecting Information in Access Control Stringsclearing
the screen, Protecting Information in Access Control Strings, Clearing Your Terminal Screencontrolling access, Types of Passwords, System Passwordsdefault security elements, Template Profiledialup login, Logging In Interactively: Local, Dialup, and Remote Loginsfailing to respond, Entering a System Passwordhardcopydisposing of output, Disposing of Hardcopy Output
hardcopy, disposing of output, Disposing of Hardcopy Outputlimiting access, Restricting Application Terminals and Miscellaneous Deviceslines for modems, security of, Configuring Terminal Lines for Modemslogout
considerations, Clearing Your Terminal Screenmodifying
security profiles, Setting Up Profiles for New Devicesport, Establishing a Dynamic Asynchronous Connectionrequiring
a system password, Using a Terminal That Requires a System Password security alarms and, Enabling a Terminal to Receive Alarmssession
logging, Logging a User's Sessionsystem passwordrequirement for, Entering a System Password
system password, requirement for, Entering a System Passwordusage restrictions, Restricting Terminal Usevirtual, Local Login Messages, Removing Disconnected Processes, Devices, Limiting Disconnected Processes, Establishing a Dynamic Asynchronous Connection
Timeauditing changes to system time, Kinds of System Activity the Operating System Can Reportsynchronizing cluster time, Maintaining the Accuracy of Message Time-Stamping
Time-of-day login restrictions, Using an Account Restricted to Certain Days and TimesTime-stamp,
synchronizing in cluster, Maintaining the Accuracy of Message Time-StampingTime-stampssynchronizing
in cluster, Maintaining the Accuracy of Message Time-Stamping
TMPMBX
privilege, TMPMBX Privilege (Normal)Trainingfor users, importance to security, Training the New User
Training of users, importance to security, Training the New UserTrojan horse programs, Suggestions for Optimizing File Security, Potentially Harmful ProgramsTTY_DEFCHAR2 system parameterdisabling virtual terminals, Limiting Disconnected Processesenabling
system passwords for remote logins, System Passwords
TTY_TIMEOUT
system parameter, setting reconnection time, Limiting Disconnected Processes
UUAFs (user authorization files), Obtaining Your Initial Passwordauditing modifications to, Auditing Categories of Activityenabling auditing through, Ways to Generate Audit Information, Modifying a User Authorization RecordLOCKPWD flag, Password Requirements for Different Types of Accountslogin class restrictions, Observing Your Login Class Restrictionsmodifications and security audit, Additional Events to Audit, Kinds of System Activity the Operating System Can ReportMODIFY user/FLAG=AUDIT, Modifying a User Authorization Record, Considering the Performance Impactnormal protection, Password Protection Checklistpassword storage, Subjectsperformance impact of enabling auditing, Considering the Performance Impact privileges and, Giving Users Privileges, Assigning Privilegesrecord of last
login, Observing Your Last Login Timerecording privileges, Privileges synchronization with rights
database, Populating the Rights Database
UIC
groupsdesign limitations, Limitations to UIC Group Designdesigning, Designing User Groupsimpact on user privileges, Designing User Groups
UIC identifiersdeleting when employee
leaves, Removing Identifiersexample, Displaying the Rights Identifiers of Your Process, Ordering ACEs Within a List
UICs
(user identification codes), Subjects, User Identification Code (UIC)adding to rights
database, Populating the Rights Databasealphanumeric, Format of a UICchanging
an object's, Ownerformat, Format of a UICgroup restrictions, Format of a UICguidelines for creating, Guidelines for Creating a UICnumeric, Format of a UICobject access evaluations and, How the System Determines if a User Can Access a Protected Objectprocess, How Your Process Acquires a UICstorage of, Guidelines for Creating a UICuniqueness requirement for clustered systems, Synchronizing Authorization Datazero, How the System Determines if a User Can Access a Protected Object
Unshareable devices,
access requirements, Access Requirements for I/O OperationsUPGRADE
privilege, UPGRADE Privilege (All)Use access, Types of AccessUser accounts, Training the New Usersecurity
considerations, Assigning Appropriate Accounts to Users
User authorizationaccount expiration, Renewing an Expired Accountlogin class restrictions, Observing Your Login Class Restrictions privilege use, Privilegesshift restrictions, Using an Account Restricted to Certain Days and Times
User irresponsibilityas security problem, Types of Computer Security Problemstraining as antidote, Training the New User
User
name mapping, User Name Mapping and Password VerificationUser namesas identifiers, Subjects, Major Types of Rights Identifiers
User names
as identifiers, Subjects, Major Types of Rights IdentifiersUser penetration as security problem, Types of Computer Security ProblemsUser probing as security problem, Types of Computer Security ProblemsUser training, Training the New UserUser-written system servicesreplacing
with protected subsystems, Advantages of Protected Subsystems
Usersaccess through
ACEs, Granting Access to Particular Usersdisplaying process rights identifiers, Displaying the Rights Identifiers of Your Processdisplaying
rights, Displaying the Databasefile security and, Suggestions for Optimizing File Securitygranting
privileges, Giving Users Privilegesintroduction
to system, Training the New Userprotection
code categories, Format of a Protection Coderequesting access, How the System Determines if a User Can Access a Protected Objectsecurity categories of, Protection Code, Format of a Protection Codesecurity profiles of, Contents of a User's Security Profilesetting default object protection, Setting Default Protection and Ownershiptraining, Training the New User
VVerification using two passwords, Secondary PasswordsVirtual terminals, Limiting Disconnected Processes, Establishing a Dynamic Asynchronous Connectiondisabling, Local Login Messagesdisconnected processes and, Removing Disconnected ProcessesLOCAL device, Deviceslogging out of, Removing Disconnected Processes
Viruses, Potentially Harmful ProgramsVMS$OBJECTS.DAT file, Storing Profiles and Auditing InformationVolatile database,
network, Establishing a Dynamic Asynchronous ConnectionVolatile databases network, Establishing a Dynamic Asynchronous Connection
VOLPRO privilege, Privilege Requirements, VOLPRO Privilege (Objects)Volumesaccess requirements, Access Requirements for I/O Operationsas protected
objects, Classes of Protected Objectsauditing
mounts or dismounts, Kinds of System Activity the Operating System Can Reporterasing data, Erasing Techniquesevents
audited, Kinds of Auditing Performedforeign access requirements, Access Requirements for I/O Operations
privilege
requirements, Privilege Requirementsprofile
storage, Permanence of the Objectprotection, Volumessecurity elements of, Volumestemplate profile, Template Profiletypes of
access, Types of Access
VT100-series terminalsclearing screen, Clearing Your Terminal Screen
VT100-series terminals, clearing screen, Clearing Your Terminal ScreenVT200-series terminalsclearing screen, Clearing Your Terminal Screen
VT200-series terminals, clearing screen, Clearing Your Terminal Screen
WWeekday login
restrictions, Using an Account Restricted to Certain Days and TimesWelcome messages, Local Login Messagessecurity disadvantages, Welcome Message
Wildcard charactersin ADD/IDENTIFIER command, Restoring the Rights Databasein SHOW/RIGHTS command, Displaying the Database
Work restrictions, Restricting Work TimesWorkstationsclearing screen, Clearing Your Terminal Screen default security elements, Template Profile
WORLD
privilege, WORLD Privilege (System)impact on SHOW PROCESS command, Restricting Command Output
World users (security category), Protection Code, Format of a Protection CodeWrite access devices, Types of Access files, Types of Access, Access Requirements global sections, Types of Accessgranting through ACLs, Establishing an Inheritance Scheme for Filesgranting through protection
codes, Format of a Protection Code logical
name tables, Types of Access resource domains, Types of Access security class, Types of Access volumes, Types of Access
 | 
 |