HP OpenVMS Guide to System Security: OpenVMS Version 8.4

Part II Security for the User

Security for the User

The chapters in this part describe the following topics:

Table of Contents

3 Using the System Responsibly
Choosing a Password for Your Account
Obtaining Your Initial Password
Observing System Restrictions on Passwords
Knowing What Type of Password to Use
Entering a System Password
Entering a Secondary Password
Password Requirements for Different Types of Accounts
Types of Logins and Login Classes
Logging In Interactively: Local, Dialup, and Remote Logins
Logging In Using External Authentication
Reading Informational Messages
When the System Logs In for You: Network and Batch Logins
Login Failures: When You Are Unable to Log In
Using a Terminal That Requires a System Password
Observing Your Login Class Restrictions
Using an Account Restricted to Certain Days and Times
Failing to Enter the Correct Password During a Dialup Login
Knowing When Break-In Evasion Procedures Are in Effect
Changing Your Password
Selecting Your Own Password
Using Generated Passwords
Changing a Secondary Password
Changing Your Password As You Log In
Password and Account Expiration Times
Changing an Expired Password
Renewing an Expired Account
Guidelines for Protecting Your Password
Network Security Considerations
Protecting Information in Access Control Strings
Using Proxy Login Accounts to Protect Passwords
Auditing Access to Your Account and Files
Observing Your Last Login Time
Adding Access Control Entries to Sensitive Files
Asking Your Security Administrator to Enable Auditing
Logging Out Without Compromising System Security
Clearing Your Terminal Screen
Disposing of Hardcopy Output
Removing Disconnected Processes
Breaking the Connection to a Dialup Line
Turning Off a Terminal
Checklist for Contributing to System Security
4 Protecting Data
Contents of a User's Security Profile
Per-Thread Security
Persona Security Block Data Structure (PSB)
Previous Security Model
Per-Thread Security Model
User Identification Code (UIC)
Rights Identifiers
Privileges
Security Profile of Objects
Definition of a Protected Object
Contents of an Object's Profile
Owner
Protection Code
Access Control List (ACL)
Displaying a Security Profile
Modifying a Security Profile
Specifying an Object's Class
Access Required to Modify a Profile
How the System Determines if a User Can Access a Protected Object
Controlling Access with ACLs
Using Identifier Access Control Entries (ACEs)
Granting Access to Particular Users
Preventing Users from Accessing an Object
Limiting Access to a Device
Limiting Access to an Environment
Ordering ACEs Within a List
Establishing an Inheritance Scheme for Files
Displaying ACLs
Adding ACEs to an Existing ACL
Deleting an ACL
Deleting ACEs from an ACL
Replacing Part of an ACL
Restoring a File's Default ACL
Copying an ACL
Controlling Access with Protection Codes
Format of a Protection Code
Types of Access in a Protection Code
Processing a Protection Code
Changing a Protection Code
Enhancing Protection for Sensitive Objects
Providing a Default Protection Code for a Directory Structure
Restoring a File's Default Security Profile
Understanding Privileges and Control Access
How Privileges Affect Protection Mechanisms
Using Control Access to Modify an Object Profile
Object-Specific Access Considerations
Auditing Protected Objects
Kinds of Events the System Audits
Enabling Auditing for a Class of Objects
Adding Security-Auditing ACEs
5 Descriptions of Object Classes
Capabilities
Naming Rules
Types of Access
Template Profile
Kinds of Auditing Performed
Permanence of the Object
Common Event Flag Clusters
Naming Rules
Types of Access
Template Profile
Privilege Requirements
Kinds of Auditing Performed
Permanence of the Object
Devices
Naming Rules
Types of Access
Access Requirements for I/O Operations
Template Profile
Setting Up Profiles for New Devices
Privilege Requirements
Kinds of Auditing Performed
Permanence of the Object
Files
Naming Rules
Types of Access
Access Requirements
Creation Requirements
Profile Assignment
Kinds of Auditing Performed
Protecting Information When Disk Space Is Reassigned
Suggestions for Optimizing File Security
Global Sections
Naming Rules
Types of Access
Template Profile
Privilege Requirements
Kinds of Auditing Performed
Permanence of the Object
Logical Name Tables
Naming Rules
Types of Access
Template Profile
Privilege Requirements
Kinds of Auditing Performed
Permanence of the Object
Queues
Naming Rules
Types of Access
Template Profile
Privilege Requirements
Kinds of Auditing Performed
Permanence of the Object
Resource Domains
Naming Rules
Types of Access
Template Profile
Privilege Requirements
Kinds of Auditing Performed
Permanence of the Object
Security Classes
Naming Rules
Types of Access
Template Profile
Kinds of Auditing Performed
Permanence of the Object
Volumes
Naming Rules
Types of Access
Template Profile
Privilege Requirements
Kinds of Auditing Performed
Permanence of the Object