Software Product Description ___________________________________________________________________ PRODUCT NAME: DEC SecurityGate for OpenVMS[*], Version 1.1 SPD 36.20.01 DESCRIPTION DEC SecurityGate software is a VMS software product that, when installed on a DECnet Phase IV routing node, provides an additional level of ac- cess control to that part of the network served by the routing node. A system or security manager can use the DEC SecurityGate software to create a security domain consisting of a group of nodes serviced by the router. A system or security manager defines a set of access rules that ap- ply to the security domain. Access to nodes in the security domain can be specified and controlled based on source and destination nodes, source username, inbound and outbound communication lines, network object or task, and the day of week and hour of day. The DEC SecurityGate software consists of a VMS pseudo driver that pro- vides the network access control, a user interface program that cre- ates and maintains rules databases and controls the loading of net- work access control rules, and an Ancillary Control Process (ACP) that provides event logging and loads rules into the pseudo driver. DEC SecurityGate software pseudo driver software becomes part of the DECnet-VAX routing layer and examines each network packet passing through. Each packet is examined to determine if it is a Connect Request or a Reconnect Request. Only Connect and Reconnect Requests are further ex- amined; all others are passed back to the router for forwarding. ____________________ The terms OpenVMS and VMS refer to the OpenVMS Operating System. DIGITAL September 1992 AE-PH78B-TE The DEC SecurityGate forwards Connect Requests if permitted by the ac- cess rules but rejects Connect Requests if prohibited by the rules. Since only Connect Request packets and Reconnect Request packets are examined, the effect on network routing performance is small. The ACP maintains an audit event file that automatically records all failed network connections and changes to the access rules. The User Interface will display the entire audit file or create a report from selected portions which, in turn, can be either displayed or printed as a separate file. The User Interface also provides a test function. A security manager can determine if the rules that are defined will behave as expected by simulating Connect Requests and verifying that the rules either per- mit or deny access. HARDWARE REQUIREMENTS Processor and/or hardware configurations as specified in the System Support Addendum (SSA 36.20.01-x). A TK50 tape drive is required for standalone MicroVAX 2000 and VAXs- tation 2000 systems. SOFTWARE REQUIREMENTS For Systems Using Terminals (No DECwindows Interface): o VMS Operating System, with DECnet Full Function License Refer to the System Support Addendum (SSA 36.20.01-x) for availabil- ity and required versions of prerequisite/optional software and for information regarding components of VMS DECwindows. 2 ORDERING INFORMATION Software Licenses: QL-GZFA*-** Software Media: QA-GZFA*-** Software Documentation: QA-GZFAA-GZ Software Product Services: QT-GZFA*-** * Denotes variant fields. For additional information on available li- censes, services, and media, refer to the appropriate price book. SOFTWARE LICENSING This software is furnished under the licensing provisions of Digital Equipment Corporation's Standard Terms and Conditions. For more in- formation about Digital's licensing terms and policies, contact your local Digital office. License Management Facility Support This layered product supports the VMS License Management Facility. License units for this product are allocated on a CPU-capacity basis. For more information on the License Management Facility, refer to the VMS Operating System Software Product Description (SPD 25.01.xx) or the License Management Facility manual of the VMS Operating System doc- umentation set. For more information about Digital's licensing terms and policies, con- tact your local Digital office. SOFTWARE PRODUCT SERVICES A variety of service options are available from Digital. For more in- formation, contact your local Digital office. 3 SOFTWARE WARRANTY Warranty for this software product is provided by Digital with the pur- chase of a license for the product as defined in the Software Warranty Addendum of this SPD. [TM]The DIGITAL Logo, CI, DEC, DECnet, DEC SecurityGate, DECwin- dows, Digital, MicroVAX, OpenVMS, TK, VAX, VAXcluster, VAXft, VAXserver, VAXstation, and VMS are trademarks of Digital Equip- ment Corporation. 4