|
HP OpenVMS Systemsask the wizard |
|
The Question is: I know this might be a little silly, because I can't remember the last time that there was a "potemtial", or real Intrusion to my system ( I run Audits bimonthly: analyze/audit), but is there a Viral Detection product from Digital/Compasq that could be installed on my Alpha, if management won't take my analysis seriously that the Alpha isn't threatened? Thanks for any reply. Anne Pemberton Systems Manager Host Operations, NASA Hq. Washington, D.C. The Answer is : While it is technically possible to launch a targeted attack against particular users or against most any operating system platform or network, the OpenVMS Wizard is unaware of any wide-spread instance of a virus attack launched against OpenVMS. Network and DCL-based (virus-like) worms have very occasionally been seen, as have the occasional and isolated Trojan Horse. The typical PC anti-virus packages are based on comparing signatures from known attacks, and the lack of active virii for OpenVMS makes this approach (obviously) relatively difficult. Because of this, sites that are concerned about modification to OpenVMS images can choose to run one of the products that takes cryptographic checksums of key images, and compares the checksums to their proper values. Similar results can be achieved by making a CD-ROM copy of critical files and using the OpenVMS DIFFERENCES command on a periodic basis. A significant difference between a secure multi-user operating system and a personal computer involves the level of system access available to individual users -- the personal computer user often has full access rights to change the system, load software from questionable sources, activate VBS applications, and otherwise mismanage the security. On a secure multi-user operating system, there is more typically a trained system manager -- someone who knows to beware of such pitfalls. The individual users of a well-run multi-user system do not generally have the privilege(s) needed to make changes to the system -- no matter how ill- or well-intentioned these changes might be -- that will affect the programs run by others. For a perpetrator to launch an effective Trojan Horse attack (where a program has unpublicized adverse side effects) against an entire OpenVMS system, the perpetrator would have to trick the system manager into loading and running the Trojan Horse program. Other than that, an individual user of the system can only jepardize those programs and data files over which they have control access. DECnet network worms are generally defeated through the use of default network configuration settings. (OpenVMS is very careful about what code is executed -- directly by the local network software or by the local user -- on behalf of a remote user.) Local worms are defeated via UIC-based protection masks and ACLs on files and objects. Over ten years ago, OpenVMS Development assembled an experimental Trojan Horse attack against an application, for demonstration at a DECUS Conference in Las Vegas. The purpose of that was to demonstrate the Mandatory Access Control defenses in the SEVMS (Security Enhanced OpenVMS) offering, and how they prevent such attacks. If you want to run in an OpenVMS environment with Mandatory Access Controls, you should consider SEVMS, which has been evaluated at NCSC level B1 (as contrasted with Class C2 for ordinary OpenVMS). Be aware, however, that to operate in a Class B1 environment does require greater system management effort. The result of this situation has been that OpenVMS has provided a relatively unattractive target for virus authors.
|