| P |
|
Paper shredders
|
|
Password generators
|
|
obtaining initial password
|
|
when to require
|
|
Password grabber programs #1
|
|
Password grabber programs #2
|
|
Password grabber programs #3
|
|
catching with auditing ACEs
|
|
Password history
|
|
Password protection #1
|
|
Password protection #2
|
|
Password synchronization
|
|
Passwords
|
|
acceptable
|
|
automatically generated #1
|
|
automatically generated #2
|
|
avoiding detection #1
|
|
avoiding detection #2
|
|
avoiding detection #3
|
|
chances to supply during dialups
|
|
changing #1
|
|
changing #2
|
|
at login
|
|
expired
|
|
frequency guidelines
|
|
secondary
|
|
using /NEW_PASSWORD qualifier
|
|
cluster membership management
|
|
console
|
|
C2 system requirements
|
|
console passwords
|
|
dialup retries #1
|
|
dialup retries #2
|
|
dual #1
|
|
dual #2
|
|
eliminating for networks
|
|
encoding
|
|
encryption algorithms
|
|
expiration #1
|
|
expiration #2
|
|
expiration #3
|
|
expiration time
|
|
failure to change
|
|
first
|
|
forced change #1
|
|
forced change #2
|
|
format
|
|
generated #1
|
|
generated #2
|
|
generated #3
|
|
guessing
|
|
history list
|
|
how to preexpire
|
|
incorrect
|
|
initial #1
|
|
initial #2
|
|
length #1
|
|
length #2
|
|
length #3
|
|
lifetime of #1
|
|
lifetime of #2
|
|
locked #1
|
|
locked #2
|
|
locked #3
|
|
minimum length #1
|
|
minimum length #2
|
|
minimum length #3
|
|
multiple systems and
|
|
new
|
|
null as choice for captive account
|
|
open accounts and
|
|
password grabber programs
|
|
primary #1
|
|
primary #2
|
|
primary #3
|
|
proxy logins
|
|
reason for changing #1
|
|
reason for changing #2
|
|
receive
|
|
restrictions #1
|
|
restrictions #2
|
|
reuse
|
|
risky
|
|
routing initialization
|
|
screening
|
|
against dictionary
|
|
against history list
|
|
with site-specific filter
|
|
secondary #1
|
|
secondary #2
|
|
changing
|
|
changing expired
|
|
entering
|
|
secure
|
|
secure choices for
|
|
secure terminal servers and
|
|
sharing #1
|
|
sharing #2
|
|
system #1
|
|
system #2
|
|
system #3
|
|
dictionary
|
|
transmit
|
|
types
|
|
uniqueness for each account
|
|
user #1
|
|
user #2
|
|
user guidelines
|
|
verifying change of
|
|
when account is created
|
|
when to change
|
|
Performance
|
|
ACL length and
|
|
high-water marking and
|
|
security-auditing impact
|
|
PFMGBL privilege
|
|
PFNMAP privilege #1
|
|
PFNMAP privilege #2
|
|
PHONE objects
|
|
Physical I/O access
|
|
Physical security
|
|
C2 systems and
|
|
encrypting files
|
|
restricting system access
|
|
violation indicators
|
|
when logging out #1
|
|
when logging out #2
|
|
PHY_IO privilege #1
|
|
PHY_IO privilege #2
|
|
PIPE command, impact on subprocess auditing events
|
|
PIPE subprocess, analyzing audit messages
|
|
Port, terminal
|
|
/PRCLM qualifier in AUTHORIZE
|
|
Primary passwords
|
|
/PRIMEDAYS qualifier, example
|
|
Printers
|
|
C2 systems and
|
|
default security elements
|
|
Privilege requirements
|
|
common event flag clusters
|
|
devices
|
|
global sections
|
|
logical name tables
|
|
queues
|
|
resource domains
|
|
volumes
|
|
Privileged accounts #1
|
|
Privileged accounts #2
|
|
Privileges
|
|
ACNT
|
|
affecting object access
|
|
All category #1
|
|
All category #2
|
|
ALLSPOOL
|
|
ALTPRI
|
|
AUDIT
|
|
auditing use of #1
|
|
auditing use of #2
|
|
authorized process #1
|
|
authorized process #2
|
|
BUGCHK
|
|
BYPASS #1
|
|
BYPASS #2
|
|
BYPASS #3
|
|
BYPASS #4
|
|
BYPASS #5
|
|
bypassing ACLs
|
|
bypassing protection codes
|
|
captive accounts and
|
|
categories of #1
|
|
categories of #2
|
|
CMEXEC
|
|
CMKRNL
|
|
default process #1
|
|
default process #2
|
|
definition
|
|
DETACH
|
|
Devour category #1
|
|
Devour category #2
|
|
DIAGNOSE
|
|
disabling
|
|
DOWNGRADE
|
|
enabling through SETPRV
|
|
EXQUOTA
|
|
file sharing and
|
|
GROUP #1
|
|
GROUP #2
|
|
Group category #1
|
|
Group category #2
|
|
GRPNAM #1
|
|
GRPNAM #2
|
|
GRPPRV #1
|
|
GRPPRV #2
|
|
GRPPRV #3
|
|
GRPPRV #4
|
|
GRPPRV #5
|
|
GRPPRV #6
|
|
GRPPRV #7
|
|
IMPERSONATE
|
|
IMPORT
|
|
influence on object access
|
|
LOG_IO
|
|
MOUNT
|
|
NETMBX
|
|
network requirements
|
|
Normal category #1
|
|
Normal category #2
|
|
Objects category #1
|
|
Objects category #2
|
|
OPER #1
|
|
OPER #2
|
|
PFNMAP
|
|
PHY_IO
|
|
PRMCEB
|
|
PRMGBL
|
|
PRMMBX
|
|
process
|
|
PSWAPM
|
|
READALL #1
|
|
READALL #2
|
|
READALL #3
|
|
recommendations for different users
|
|
related to group UIC
|
|
reporting use with $CHECK_PRIVILEGE
|
|
SECURITY
|
|
security administrator requirements
|
|
SET PROCESS/PRIVILEGES
|
|
SETPRV
|
|
SHARE
|
|
SHMEM
|
|
storage in UAF record
|
|
summary of #1
|
|
summary of #2
|
|
SYSGBL
|
|
SYSLCK
|
|
SYSNAM
|
|
SYSPRV #1
|
|
SYSPRV #2
|
|
controlling access through
|
|
effect on protection mechanisms
|
|
giving rights of system user
|
|
tasks requiring
|
|
System category
|
|
TMPMBX
|
|
trusted users and
|
|
UAF records and
|
|
untrusted users and
|
|
UPGRADE
|
|
VOLPRO
|
|
WORLD
|
|
PRMCEB privilege #1
|
|
PRMCEB privilege #2
|
|
PRMGBL privilege
|
|
PRMMBX privilege #1
|
|
PRMMBX privilege #2
|
|
Probers, catching #1
|
|
Probers, catching #2
|
|
Probing, as security problem
|
|
Process exclusion list
|
|
Processes
|
|
access rights of
|
|
activities permitted by privileges
|
|
adding to exclusion list
|
|
audit server
|
|
auditing of #1
|
|
auditing of #2
|
|
auditing system services controlling
|
|
connecting restrictions
|
|
creating with different UICs
|
|
default protection for
|
|
disconnected #1
|
|
disconnected #2
|
|
displaying default protection
|
|
displaying process rights identifiers
|
|
enabling privileges
|
|
interactive mode
|
|
logging out of current
|
|
modifying the rights list
|
|
reconnecting
|
|
security profiles of
|
|
suspending
|
|
UIC identifiers
|
|
Project accounts
|
|
as protected subsystems
|
|
setting up
|
|
Prompts, passwords and
|
|
Propagating protection, example
|
|
Protected attribute #1
|
|
Protected attribute #2
|
|
deleting ACEs with
|
|
Protected object databases
|
|
Protected subsystems
|
|
advantages of #1
|
|
advantages of #2
|
|
applications for
|
|
constructing
|
|
description of #1
|
|
description of #2
|
|
design requirements
|
|
enabling
|
|
example
|
|
file protection #1
|
|
file protection #2
|
|
mounting volumes with
|
|
printer protection
|
|
subsystem ACEs
|
|
system management requirements
|
|
user access
|
|
Protection
|
|
ACL-based
|
|
capability
|
|
command procedures and
|
|
common event flag clusters
|
|
deleted data #1
|
|
deleted data #2
|
|
deleted data #3
|
|
deleted data #4
|
|
devices
|
|
global sections
|
|
logical name tables
|
|
managing defaults #1
|
|
managing defaults #2
|
|
objects
|
|
queues
|
|
resource domains
|
|
security class
|
|
through protected subsystems
|
|
UIC-based codes
|
|
volumes
|
|
Protection checking
|
|
evaluating an object access request
|
|
exception with zero UICs
|
|
influenced by ownership
|
|
Protection codes
|
|
access specification
|
|
access types
|
|
assigning during file creation
|
|
bypassing with special rights
|
|
changing
|
|
default file protection #1
|
|
default file protection #2
|
|
definition #1
|
|
definition #2
|
|
denying all access
|
|
effect of privileges
|
|
evaluation sequence
|
|
format
|
|
granting control access
|
|
Identifier ACEs and
|
|
interaction with ACLs
|
|
interpreting
|
|
multiple user categories and
|
|
null access specification #1
|
|
null access specification #2
|
|
priority in access evaluation
|
|
processing
|
|
queue access rights
|
|
reading
|
|
restoring file default
|
|
security element of an object
|
|
sequence of checking categories
|
|
user categories
|
|
Protocols
|
|
autodial/master
|
|
Protocols, autodial/nomaster
|
|
Proxy access
|
|
access control
|
|
removing
|
|
setting up a proxy database for
|
|
to applications
|
|
to nodes
|
|
Proxy accounts #1
|
|
Proxy accounts #2
|
|
as captive accounts
|
|
as restricted accounts
|
|
C2 systems and
|
|
default
|
|
example #1
|
|
example #2
|
|
general-access
|
|
maximum number allowed
|
|
multiple-user
|
|
naming
|
|
recommended restrictions
|
|
selecting from multiple
|
|
single-user
|
|
Proxy database
|
|
setting up
|
|
Proxy logins
|
|
access control
|
|
account
|
|
establishing and managing #1
|
|
establishing and managing #2
|
|
NET$PROXY.DAT
|
|
NETPROXY.DAT
|
|
network applications
|
|
security benefits
|
|
PSWAPM privilege
|
|
PURGE command, /ERASE qualifier
|
|
/PWDLIFETIME qualifier
|
|
/PWDMINIMUM qualifier
|
