|
|
Network SecurityConsiderations
Protecting Informationin Access Control Strings
Network access control strings can be included in the filespecifications of DCL commands working across the DECnet for OpenVMSnetwork. They permit a user on a local node to access a file ona remote node.
An access control string consists ofthe user name for the remote account and the user's password enclosed withinquotation marks, as follows: NODE"username password"::disk:[directory]file.typ
Because access control strings include sufficient informationto allow someone to break in to the remote account, they createserious security exposure. To protect access control string information,do the following:
To avoid the need for access control strings, you might preferto use proxy login accounts, which are described in Using Proxy Login Accounts to Protect Passwords.
Using Proxy Login Accounts to Protect Passwords
Proxy logins let you access files acrossa network without specifying a user name or password in an access controlstring. Thus, proxy logins have the following security benefits:
Before you can initiate a proxy login, the system or securityadministrator at the remote node must create a proxy account foryou. Proxy accounts, like regular accounts, are created with theAuthorize utility (AUTHORIZE). They are usually nonprivileged accounts.Security administrators can allow you access to one default proxyaccount and up to 15 other proxy accounts. Whileproxy logins require more setup effort on the part of system managers,they provide more secure network access and eliminate the need forusers to enter access control strings.
The following examples illustrate the differences betweena normal network login request and a proxy login request. For eachexample, the following conditions exist:
An account on node BIRCH with thepassword XYZ123ABC |
An account on node WALNUT with the password A25D3255 |
The following diagram illustrates these conditions:
The user KMAHOGANY could use an access control string to copythe file BIONEWS.MEM, as follows:
Notice that the password A25D3255 echoes. Anyone who observesthe screen can see it. In contrast, if KMAHOGANY has proxy accessfrom node BIRCH to the account on node WALNUT, the command for copyingthe file BIONEWS.MEM is as follows:$
COPY WALNUT"KMAHOGANY A25D3255"::BIONEWS.MEM BIONEWS.MEM
KMAHOGANY does not need to specify a password in an accesscontrol string. Instead, the system performs a proxy login fromthe account on node BIRCH into the account on node WALNUT. Thereis no exchange of passwords.$
COPY WALNUT::BIONEWS.MEM BIONEWS.MEM
Using a General Access Proxy Account
Your security administrator can also authorize groups of usersfrom foreign nodes to share in the use of a general access proxyaccount. For example, the security administrator at node WALNUTcan create a general access account with the following conditions:
If the security administrator grants BIRCH::KMAHOGANY proxyaccess to the GENACCESS account, the user KMAHOGANY can copy thefile BIONEWS.MEM by entering the following command:
Note that KMAHOGANY must specify the directory [KMAHOGANY]because the file BIONEWS.MEM is not in the default device and directoryfor the GENACCESS account (STAFFDEV:[BIOSTAFF]). In addition, the protectionfor the file BIONEWS.MEM must permit access to the GENACCESS account.Otherwise, the command fails.$
COPY WALNUT::[KMAHOGANY]BIONEWS.MEM BIONEWS.MEM
When You Need to Specify the Name of a Proxy Account
If you have access to more than one proxy account on a givennode and you do not want to use the default proxy account, specifythe name of the proxy account. For example, to use a proxy accountcalled PROXY2 instead of the GENACCESS account (the default), KMAHOGANYenters the following command:
This command uses the PROXY2 account to copy the file BIONEWS.MEMfrom the [KMAHOGANY] directory on node WALNUT.$
COPY WALNUT"PROXY2"::[KMAHOGANY]BIONEWS.MEM BIONEWS.MEM
|
|