View TOC
Index

A B C D E F G H I J K L M N O P Q R S T U V W Z Symbols 

return to top A

Access
auditing of processes
BYPASS privilege
class-specific overrides
denying
how the system determines
object-oriented
performance impact of auditing
privileges bypassing ACLs
privileges bypassing protection codes
subject-oriented
through ACLs
through GRPPRV privilege
through protection codes
through READALL privilege
through SYSPRV privilege
to deleted file data
Accesscategories
Access control
ACE order, importance of
assigning file defaults
Accesscontrol
bypassing ACLs
Access control
bypassing protection codes
comparing security profiles
controlling in network environment
default application account
default for inbound connection
denying a class of users
denying access through an ACL
evaluating a user's access request
explicit
for a network
for applications
for connections
for protected objects
Accesscontrol
Identifier ACEs and
Access control
in a network environment
limited-access accounts
limiting access to an environment
limiting device access
limiting logins
matrix
object security profiles
object-specific considerations
protection code processing rules
protection code user categories
proxy
proxy
routing initialization passwords
through ACLs
using Identifier ACEs
Accesscontrol
using Identifier ACEs
Access control
using the NCP
with Identifier ACEs
Access control strings
Accesscontrol strings
Access control strings
command procedures and
exposing password in
Access controlstrings
protecting information in
Accesscontrol strings
secondary passwords with
Access requirements
allocating devices
Accessrequirements
capability object
Access requirements
common event flag clusters
directories
files
file-oriented devices
global sections
I/O channel
logical name tables
non-file-oriented devices
queues
resource domains
security class objects
shareable devices
spooled devices
unshareable devices
volumes
Accesstypes
ACLs
Access types
abbreviations of
associate
capability class
class-dependency of
common event flag clusters
control
files
objects in general
Accesstypes
create
logical name tables
Access types
create
volumes
delete
common event flag clusters
files
logical name tables
queues
volumes
directories
execute
files
global sections
files
global sections
lock
logical I/O
logical name tables
manage
physical I/O
protection codes and
queues
read
devices
files
global sections
Accesstypes
read
logical name tables
Access types
read
queues
resource domains
security class
volumes
resource domains
security audit and
security class
shared devices
submit
Accesstypes
unshared devices
Access types
volumes
write
devices
files
Accesstypes
write
files
Access types
write
global section
Accesstypes
write
logical name tables
Access types
write
resource domains
security class
volumes
Accounting logs
as security tool
Accounting logs as security tool
Accounts
accessing after password expires
application
auditing access
captive
designing secure accounts
disabling with DISUSER flag
disguising identity
DECNET account, removing
expiration
first login
group
guest
initial password
interactive
limited-access
network objects
open
password expiration and
password requirements for
passwords for multiple
privileged
project
project
proxies for groups
proxy
renewing expired
restricted
secondary password
setting duration of
setting up to use project identifiers
types of
user passwords for
ACE attributes
Default
ACEattributes
Hidden
ACE attributes
None
Nopropagate
Protected
ACEattributes
Protected
ACEs (access control entries)
adding
Alarm ACEs
Audit ACEs
creating
Creator ACEs
deleting
Default Protection ACEs
ACEs(access control entries)
generating audit event messages
ACEs (accesscontrol entries)
inserting in a list
ACEs (access control entries)
order of
replacing
ACEs (accesscontrol entries)
security auditing
ACEs (access control entries)
sensitive files and
ACEs(access control entries)
Subsystem ACEs
ACEs (access control entries)
subsystem ACEs
ACEs(access control entries)
subsystem ACEs
ACEs (access control entries)
types of
ACL editor
displaying ACLs
modifying ACLs
ACLs (access control lists)
ACLs(access control lists)
ACLs (access control lists)
ACE order
alarms generated by
assigning by default to new files
ACLs (accesscontrol lists)
auditing in C2 systems
ACLs (access control lists)
bypassing with special rights
ACLs (access controllists)
copying
ACLs (access control lists)
creating
deleting
ACLs (accesscontrol lists)
deleting obsolete identifiers
ACLs (access control lists)
designing
disadvantages of
displaying
ACLs (access controllists)
displaying
ACLs (access control lists)
effect of privileges
effect on performance
granting access
interaction with protection codes
ACLs (accesscontrol lists)
management overview
ACLs (access control lists)
modifying
ACLs(access control lists)
network file sharing
priority in access evaluation
ACLs (access control lists)
protection codes and
queue access rights
reordering entries
replacing ACEs
restoring default ACL
restoring file default
security element of an object
setting file protection
system program files
ACME agent ordering
ACMEagents
ACME subsystem
ACME_SERVERprocess
ACNT privilege
ADD/IDENTIFIER commandin Authorize utility
ADD/PROXY command in Authorize utility
Alarm ACEs
how to use
position in ACL
Alarm messages
ACL event
Alarmmessages
authorization database modification
Alarm messages
break-in event
INSTALL event
login
login failure
logout
network connection
object access event
object creation
object deaccess
object deletion
privilege use
process control event
system parameter modification
SET AUDIT use
time modification
volume mount/dismount
Alarms
enabling for security
Alphanumeric UICs
ALF (automatic login facility)
ALF (automaticlogin facility)
AUTOLOGIN flag
ALF (automatic login facility)
Autologin account as security problem
cluster requirements for ALF files
ALF (automatic loginfacility)
C2 systems and
ALLSPOOL privilege
ALTPRI privilege
Announcementmessages
Announcement messages
security disadvantages
ANALYZE/AUDIT command
ANALYZE/AUDITcommand
qualifier summary
APPEND command, /PROTECTION qualifier
Applications, setting access control
Archive files
analyzing security-relevant events
enabling remote
for security event messages
Archive flush
Associate access
ASCII output from Audit Analysis utility
Asynchronous connection, dynamic
Asynchronous DDCMP driver
Attacks, types of system
Audit ACEs
how to use
Audit Analysis utility (ANALYZE/AUDIT)
Audit Analysis utility(ANALYZE/AUDIT)
Audit Analysis utility (ANALYZE/AUDIT)
analyzing archive files
Audit Analysis utility(ANALYZE/AUDIT)
ASCII output from
Audit Analysis utility (ANALYZE/AUDIT)
binary output from
determining criteria of the analysis
example
generating daily reports
interactive commands
Audit Analysisutility (ANALYZE/AUDIT)
invoking
Audit Analysis utility (ANALYZE/AUDIT)
overview
prerequisites
report formats
types of output
when to ignore events
Audit listener mailboxes
capturing audit event messages
Auditlistener mailboxes
disabling
Audit listener mailboxes
example of programs for
Audit server databases
Audit server processes
changing disk transfer rate
controlling message flow
delaying delivery of event messages
disabling
enabling
error handling
Audit serverprocesses
final server action
Audit server processes
managing
memory limitations and
pre-extending log files
tasks performed by
Audit trails
in security models
Auditing
applications
as security feature
of security events
Authentication and credentials management extensions (ACME)
Authentication cards
C2 system requirements
Authentication, external
Authority-basedsystems
Authorization databases
access matrix
adding users
Authorizationdatabases
auditing
Authorization databases
auditing modifications to
contents
synchronizing authorization on clustered systems
Authorize utility (AUTHORIZE)
ADD/FLAG command
ADD/IDENTIFIER command
Authorize utility(AUTHORIZE)
ADD/IDENTIFIER command
Authorize utility (AUTHORIZE)
ADD/PROXY command
CREATE/PROXY command
CREATE/RIGHTS command
EXTAUTH flag
GRANT/IDENTIFIER command
GRANT/IDENTIFIER command
MODIFY/FLAG command
MODIFY/SYSTEM_PASSWORD command
Authorizeutility (AUTHORIZE)
REMOVE/IDENTIFIER command
Authorize utility (AUTHORIZE)
SHOW/IDENTIFIER command
SHOW/RIGHTS command
/GENERATE_PASSWORD qualifier
Autodial protocol
Automatic password generation
disadvantages
example
minimum length
AUDIT privilege

return to top B

Backup operations
general recommendations
performed from captive privileged account
Backup utility (BACKUP)
general recommendations
performed from captive privileged account
Batch identifiers
Batch jobs
affected by shift restrictions
authorization
password protection and cardreaders
Batch logins
Binary output from Audit Analysis utility
Break key and secure servers
Break-in alarms
Break-in attempts
Break-inattempts
Break-in attempts
auditing
counteraction through dual passwords
detecting
evading
security audit report and
Buses,default security elements
BUGCHK privilege
BYPASS privilege
description
effect on control access
overriding access controls

return to top C

Capability objects
as protected objects
elements of
Capabilityobjects
reestablishing profile
Capability objects
template profile
types of access
Capability-based systems
Captive accounts
Ctrl/Y key sequence and
command procedures
disabling mail and notification of delivery
example of production account
locked passwords and
when to use
Captiveaccounts
when to use
Card readers, default security elements
Case sensitivity
in passwords and user names
CDSA
Cluster environments
building single security domain
C2 system restrictions
managing audit log file
protected object databases
protected objects
security considerations
security implementation
synchronizing authorization data
system file recommendations
system file requirements
SYSMAN requirements
Cluster managers and security administrators
Clusterwide intrusion detection
CLUSTER_AUTHORIZE.DAT files
CMEXEC privilege
CMKRNL privilege
Command mode for Audit Analysis utility,manipulating the display
Command procedures
access control strings in
Commandprocedures
STARTNET.COM
Command procedures
SYSTARTUP_VMS.COM
Commands, usage restrictions
Common Data Security Architecture(CDSA)
Common eventflag clusters
as protected objects
Common event flag clusters
events audited
privilege requirements
reestablishing security profile
Common eventflag clusters
security elements of
Common event flag clusters
system modifications of templates
template profile
types of access to
Communications devices
C2 system requirements
default security elements
Compilers, restricting use with ACLs
Confidential files, security auditingand
CONNECT command, /LOGOUT qualifier
Connections
auditing
Connections, auditing of
Console terminals
C2 system requirements
C2 systems and
HSC and C2 system requirements
Consoles, enabling passwords for
Control access
acquiring
common event flag clusters
devices
files
global sections
limitations
COPYcommand
security profile assigned
Control access
logical name tables
queues
Controlaccess
resource domains
Control access
security class
volumes
COPY command
/PROTECTION qualifier
Create access
logical name tables
volumes
Creator ACEs
CREATE/PROXYcommand in Authorize utility
CREATE/RIGHTS command in Authorize utility
Creator ACEs
example
with resource identifiers
Ctrl/B key sequence
Ctrl/Y key sequence andrestricted accounts
C2 environments
C2 security systems
C2 security, systems
checklist for generating
criteria
documentation
object protection and
physical security requirements
C2security, systems
software not included
C2 security, systems
system parameters
C2 security,systems
system startup

return to top D

Database
volatile network
Databases
authorization
protected objects
rights
synchronizing authorization on clustered systems
volatile network
DBG$ENABLE_SERVER identifier
C2 system restriction
DCL commands
SET HOST/DTE in network operations
SET TERMINAL in network operations
DCL tables, modifications for security
DDCMP (Digital Data Communications MessageProtocol)
asynchronous driver
DECamds
software not in C2 evaluation
DECamds, software not in C2 evaluation
DECdns distributed name service, notin C2 evaluation
DECdns (Digital Distributed Name Service)
not in C2 evaluation
DECnet
cluster nodes and
C2 system restrictions
dynamic asynchronous connection
installing dynamic asynchronous connection
INBOUND parameter
network objects
nonprivileged user name
receive password
receive passwords
removing
transmit password
transmit passwords
DECnet-Plus for OpenVMS
full names
not in C2 evaluation
DECnet-Plus for OpenVMS, full namesnot in C2 evaluation
DECwindows screens, clearing
Debug server identifier, C2 system restriction
Decryption
Default attribute for ACEs
Default ownership
for directories
for files
for protected objects
Default Protection ACEs
Default protection
Alpha system files
for directories
for files
DefaultProtection ACEs
Default Protection ACEs
examples
generating default file protection
Default ProtectionACEs
generating default file protection
Default protection
for processes
Defaultprotection
for processes
Default protection
for system files
Defaultprotection
management
Delete access
common event flag clusters
files
granting through protection codes
logical name tables
queues
through ACLs
through protection codes
volumes
Devices
access requirements
as protected objects
controlling access through ACLs
default security elements
events audited
modifying security profiles of
privilege requirements
profile storage
protecting BACKUP save sets
reusing in C2 systems
security elements of
spooled, access requirements
template security profiles
DECwindows software
not in C2 evaluation
DECwindows software, not in C2 evaluation
DELETE command, /ERASE qualifier
Devices
terminal configuration
DETACH privilege
Dialup identifiers
Dialup lines
connection security
controlling access to
using for dynamic asynchronous connection
Dialuplines
using in a public area
Dialup logins
breaking connections
controlling retries
Dialuplogins
failures
Dialup logins
retries
Directories
access control through ACLs
access requirements
assigning a security profile
controlling access to files
controlling access to files
creating
events audited
ownership
by resource identifier
changing access to files
setting default
setting default file protection
setting file protection
Disconnected job messages
Discretionary access controls
Disk quotas
as restriction for users
charging to identifiers
Disk scavenging
discouraging
preventing
Disk space
charging to identifier
requirements for security audit log file
usage and charging
Disk volumes
controlling access
protecting
restrictions
Disks
accessing deleted data
changing message transfer rate
default security elements
erase-on-allocate
erasing
erasure patterns
high-water marking
managing security profiles
protecting
after file deletion
protecting after file deletion
DIAGNOSE privilege
DIRECTORY command
/SECURITY qualifier
DIRECTORY command, /SECURITY qualifier
DISFORCE_PWD_CHANGE flag
DISMOUNT command, alarms
DOWNGRADE privilege
DSE (data security erase)
tailoring
Dual passwords
Dynamicasynchronous connections
automatic switching of terminal line
Dynamic asynchronous connections
connection example
manual switching of terminal line
Dynamic asynchronousconnections
passwords for
procedure for establishing
Dynamic asynchronous connections
security
switching of terminal line
Dynamic asynchronousconnections
terminating the link
Dynamic asynchronous connections
verifier
Dynamic attribute for identifiers
Dynamic attributes
for identifiers

return to top E

Echoing, passwords and
Editing ACLs
Emergency accounts and privileges
Emulator
terminal
Encryption
Environmental factors insecurity
Environmental identifiers
Environmentalidentifiers
conditionalizing general identifiers
Environmental identifiers
example
Identifier ACEs and
Erase-on-allocate
Erase-on-delete
C2 systems and
Erasing disks
Erasure patterns
Event toleranceand security levels
Execute access
files
global sections
granting through protection codes
Expiration
of account
of password
of secondary password
password system messages
Expired passwords, system message
External authentication
defining logical names
disabling when network is down
DECnet-Plus and NET_CALLOUTs parameter
DECnet-Plus requirement
failed connection attempts on POP server
impact on layered products and applications
marking user accounts
EXQUOTA privilege
EXTAUTH flag
External authentication
NET PASSWORD command
password verification
setting a password
specifying SYS$SINGLE_SIGNON logical name bits
using the /LOCAL_PASSWORD qualifier

return to top F

Facility identifiers
FAL (file accesslistener) recommendations
File browsers
File protection
Fileprotection
File protection
auditing
C2 systems
DCL commands for
setting default ACLs
Files
access control through ACLs
access requirements
accessing
allocated disk blocks
by file identifier
adding ACEs for security auditing
applying an alarm to
as protected objects
assigning protection codes
assigning security profiles
assigning security profiles
auditing access to
changing security profiles
confidential, protecting
controlling access with Identifier ACEs
copying
from remote account
creating
dependency on directory ownership
requirements for
default protection
encrypting
erasing data from disks
events audited
exceptions to ownership rules
managing directory defaults
naming rules
optimizing security
owned by resource identifier
ownership rules
protecting data after deletion
protecting mail
protection required for proxy access
restoring default security elements
restoring default security profiles
security auditing and
security elements of
setting default protection and ownership
sharing and exchanging in network environment
sharing for a cluster system
transfers with MAIL
Flush interval
Flushing messages to disk
Foreign volumes, access requirements
Formats
Identifier ACE
protection code
rights identifiers
security-auditing ACE
UIC (user identification code)
FYDRIVER, C2 systems and
F$MODE lexical function

return to top G

General identifiers
Generalidentifiers
design considerations
General identifiers
example
format
Generated passwords
disadvantages
example
Generatedpasswords
initial passwords
length
Generated passwords
minimum length
requiring
Global sections
default protection
events audited
group
privilege requirements
Globalsections
reestablishing security profile
Global sections
restricting access
security elements of
system
template profiles
types of access
Group accounts, C2 systems and
Group numbers
in UICs
reserved UICs
uniqueness requirement for clustered systems
Group numbers and passwords
Group numbers and passwords, settingup for cluster
Group UIC names
Group users (security category)
GROUP privilege
GRPNAM privilege
GRPNAMprivilege
GRPPRV privilege
description
effect on protection mechanisms
giving rights of system user
GRPPRVprivilege
granting control access
Groups
design of
guidelines for organization
UIC design
GRPPRV privilege
trusted users and
Guestaccounts
as limited-access accounts
C2 systems and

return to top H

Hardcopy output
disposal of
Hardcopy terminals, logout considerations
Hiddenattribute
High-water marking
C2 systems and
High-watermarking
performance and
History
Holder Hidden attribute
Holders of a rights identifier
associating with identifier
displaying records
granting access to
removing from rights database
HSC console terminals
C2 system requirements
C2 system restrictions
HSM (HierarchicalShelving Manager)
not in C2 evaluation
HSM (Hierarchical Shelving Manager),not in C2 evaluation

return to top I

Identifier ACEs
ACE order
adding to an ACL
conditionalizing access
creating
denying access
Default attribute
format
interpreting
protected subsystems and
using general identifiers
Identifier attributes
description of
Dynamic
Holder Hidden
Name Hidden
No Access
Resource
Subsystem
Identifiers
adding to rights database
as directory owners
as file owners
assigning to users
auditing use of
creating
customizing
displaying process
environmental
facility
format
general
general
in ACEs
of a process
protected subsystems and
removing
reserved
resource
and directory ownership
security audit reports and
types
UIC
uniqueness requirement
Images
installing
security ramifications
Images, installing
security ramifications
subsystem images
IMPERSONATE privilege
IMPORT privilege
Incoming proxy access, enablingor disabling
Install utility (INSTALL)
alarms
auditing changes made through
security ramifications
Interactive accounts
Interactive identifiers
Interactive logins
Interactivelogins
classes
Interactive logins
dialup
local
remote
system message
Interactive mode
processes
Intrusiondatabases
Intrusions
attempts
detection
detection
clusterwide
counteraction through dual passwords
detection
database
evasive procedures
detection
reporting events
INBOUNDparameter for node type specification
INITIALIZE command
/ERASE qualifier
INITIALIZE command, /ERASE qualifier
Intrusions
detection
setting exclusion period
detection
system parameters for
I/O channels, access requirements
I/O operations, accessrequirements for devices

return to top J

Job controllers
affected by shift restrictions
enforcing work time restrictions
Job terminations
imposed by shift restrictions
Job terminations imposed by shift restrictions
Journal flush

return to top K

Kerberos

return to top L

Last login messages
disabling
LASTport and LASTport/DISKprotocols
not in C2 evaluation
LATprotocol, not in C2 evaluation
LGI system parameters
controlling login attempts
LGI systemparameters
LGI_BRK_DISUSER
LGI system parameters
LGI_BRK_LIM
LGI_BRK_TERM
LGI_BRK_TMO
LGI_CALLOUTS
LGI_HID_TIM
LGI_RETRY_LIM
LGI_RETRY_TMO
LGI_TWD_TMO
Lifetime of accounts
Lifetime of passwords
Limited-access accounts
LINK command, /NOTRACEBACKqualifier
Links
terminating dynamic asynchronous
Listener devices, example of programsfor
Local identifiers
Lock access
Logging
access to protected objects
security audit events
terminal sessions
Logging out
breaking dialup connection
deciding when it is necessary
from disconnected processes
reasons for
security considerations
Logical I/O access
Logical name tables
as protected objects
events audited
privilege requirements
Logicalname tables
reestablishing security profile
Logical name tables
security elements of
template profiles
types of access
Logical names
defining for external authentication
Login alarms
enabling
Login classes
batch
dialup
interactive
local
network
noninteractive
remote
restrictions on
Login command procedures
for restricted accounts
proper protection for
Login failures
alarms
auditing
break-in evasion and
causes of
dialup logins
expired accounts
login class restrictions and
messages
password grabber programs
Loginfailures
retries and
security audit report and
Login failures
shift restrictions
system passwords and
Login messages
Loginmessages
announcement
Login messages
controlling
Loginmessages
controlling
Login messages
disconnected job
expired password
last successful interactive login
Loginmessages
last successful noninteractive login
Login messages
new mail
number of login failures
suppressing
welcome
Login programs, authentication by secureterminal server
Logins
auditing
batch
changing password
changing password during
controlling
default process protection and
dialup
supplying password
disabled
by break-in evasion
by shift restriction
expired accounts
flags
interactive
classes of
most recent
local
monitoring last
network
noninteractive
classes of
most recent
permitted time periods
remote
logging out
system passwords and
restricting with system passwords
secure terminal server
security implications
simplifying for user with ALF (automatic login facility)
system parameters controlling
time out
LOAD_PWD_POLICY system parameter
LOCKPWD flag
Logins
with external authentication
LOGOUT command
/HANGUP qualifier
LOG_IO privilege
Logout alarms
Logout auditing

return to top M

MAIL objects,recommended access
MAIL.EXE
reinstalling with privileges
MAXSYSGROUP system parameter
Mail files, recommended protection for
Mail utility (MAIL)
controlling notification messages
transferring text files
Mailboxes
default protection
default security elements
for audit event messages
modifying security profiles
privilege requirements
Maintenance tasks for securesystems
Manage access
Mandatory access controls
Mediainitialization
access requirements
Media initialization
restricting with ACLs
Member numbers in UICs
Member UIC names
Memory consumption by ACLs
Messages
announcement
security disadvantages
auditing
auditing security-relevant events
disabling last login
last successful interactive login
login
login failures
suppressing
suppressing last login
welcome
MFD (master file directory)
MicrosoftACME agent
MIRROR objects
MME (MediaManagement Extension)
not in C2 evaluation
MME (Media Management Extension), notin C2 evaluation
Modems
C2 system requirements
Mounting volumes
access requirements
security audits and
MODIFY user/FLAG=AUDIT command in Authorizeutility
MODIFY/SYSTEM_PASSWORDcommand in Authorize utility
MOM (maintenanceoperations module) objects
Mounting volumes
with protected subsystems
MOUNT command, alarms
MOUNT privilege

return to top N

Name Hidden attribute
Naming conventions
capability objects
common event flag clusters
devices
files
global sections
logical name tables
queues
resource domains
security class
Naming rules
capability objects
common event flag clusters
devices
files
global sections
logical name tables
queues
resource domains
security class
NCP (Network Control Program)
auditing database modifications
Network access control strings
Network access controlstrings
Network accounts
DECNET account, removing
network objects
Network databases
Network identifiers
Network logins
Network security
Networksecurity
NET PASSWORD command
NETMBX privilege
NETPROXY.DATfiles
NETPROXY.DAT files
auditing
normal protection
NET$PROXY.DAT files
auditing
Network security
C2 systems and
events audited
limitations
network object configuration
Networksecurity
requirements for
Networks
access control
INBOUND parameter
proxy login for applications
NISCS_CONV_BOOT system parameter
NML (networkmanagement listener) objects
No Access attribute
Nodes, types of
None attribute (ACEs)
Noninteractive logins
Noninteractivelogins
Noninteractive logins
batch
Noninteractivelogins
classes
Noninteractive logins
network
Non-file-oriented devices, access requirements
Non-file-oriented devices, accessrequirements
Nopropagate attribute
Numeric UICs

return to top O

Object classes
descriptions of
Objectclasses
security attributes of
Object ownership
assigning during file creation
by resource identifiers
changing
exceptions to the rules
files
managing defaults
Objectownership
managing directory defaults
qualifying for
Object ownership
reassigning
restoring file defaults
security element of an object
zero UICs in protection checks
Object permanence
capability object
common event flag cluster
devices
global sections
logical name tables
queues
resource domains
security class object
volumes
Objects
access arranged by
access to, comparing security profiles
ACLs and
adding ACEs for security auditing
alarms for creation
alarms for deaccess
alarms for deletion
auditing access
capability class
changing security profile
characteristics of protected objects
class descriptions
class specification
classes of
classes protected by operating system
class-specific access overrides
controlling access with Identifier ACEs
C2 systems and
displaying default protection and ownership
displaying security profiles
global sections
granting access through protection codes
in security models
kinds of events audited
logical name tables
managing default protection and ownership
modifying class templates
protection codes
queues
reassigning ownership
resource domains
role in security models
rules for determining access
security class
security elements source
security management overview
security profiles
security profiles
volumes
Open accounts
captive accounts and
captive recommendation
Openaccounts
C2 systems and
Open files and ACL consumption of memory
OpenSSL
OPCOM (operator communicationmanager), security auditing and
OPER privilege
overriding access controls
queue access
OPERprivilege
queue management
OpenVMS Cluster environments
building single security domain
C2 system restrictions
managing audit log file
protected object databases
security considerations
security implementation
synchronizing authorization data
system file recommendations
system file requirements
OpenVMS Cluster environments, protectedobjects
OpenVMSManagement Station
not in C2 evaluation
OpenVMS Management Station, not in C2evaluation
Owner
category of user access

return to top P

Paper shredders
Password generators
obtaining initial password
when to require
Password grabber programs
catching with auditing ACEs
Password history
Passwordprotection
Password synchronization
Passwords
acceptable
automatically generated
avoiding detection
chances to supply during dialups
changing
at login
expired
frequency guidelines
secondary
using /NEW_PASSWORD qualifier
cluster membership management
console
C2 system requirements
console passwords
dialup retries
dual
eliminating for networks
encoding
encryption algorithms
expiration
expiration time
failure to change
first
forced change
format
generated
guessing
history list
how to preexpire
incorrect
initial
length
lifetime of
locked
minimum length
multiple systems and
new
null as choice for captive account
open accounts and
password grabber programs
primary
proxy logins
reason for changing
receive
restrictions
reuse
risky
routing initialization
screening
against dictionary
against history list
with site-specific filter
secondary
advantages
changing
changing expired
entering
managing
secure
secure choices for
secure terminal servers and
sharing
system
causing login failures
dictionary
disadvantages
guidelines
minimum length requirement
modifying
recommended change frequency
setting up
transmit
types
uniqueness for each account
user
user guidelines
verifying change of
when account is created
when to change
Performance
ACL length and
high-water marking and
security-auditing impact
PFMGBL privilege
PFNMAP privilege
Physical I/O access
Physical security
C2 systems and
encrypting files
restricting system access
violation indicators
when logging out
PHONE objects
PHY_IO privilege
PIPE command, impact on subprocess auditing events
PIPE subprocess, analyzing audit messages
Port, terminal
Primary passwords
Printers
C2 systems and
default security elements
Privilegerequirements
common event flag clusters
Privilege requirements
devices
global sections
logical name tables
queues
resource domains
volumes
Privileged accounts
Privileges
affecting object access
auditing use of
authorized process
ACNT
All category
ALLSPOOL
ALTPRI
AUDIT
BUGCHK
BYPASS
bypassing ACLs
bypassing protection codes
captive accounts and
categories of
CMEXEC
CMKRNL
default process
definition
disabling
Devour category
DETACH
DIAGNOSE
DOWNGRADE
enabling through SETPRV
EXQUOTA
file sharing and
GROUP
GRPNAM
GRPPRV
Group category
influence on object access
IMPERSONATE
IMPORT
LOG_IO
MOUNT
NETMBX
Normal category
network requirements
Objects category
OPER
process
PFNMAP
PHY_IO
PRMCEB
PRMGBL
PRMMBX
PSWAPM
READALL
recommendations for different users
related to group UIC
reporting use with $CHECK_PRIVILEGE
requirements
common event flag clusters
devices
global sections
logical name tables
queues
resource domains
volumes
SECURITY
SET PROCESS/PRIVILEGES
SETPRV
SHARE
SHMEM
SYSGBL
SYSLCK
SYSNAM
SYSPRV
controlling access through
effect on protection mechanisms
giving rights of system user
security administrator requirements
storage in UAF record
summary of
System category
SYSPRV
tasks requiring
TMPMBX
trusted users and
UAF records and
UPGRADE
untrusted users and
VOLPRO
WORLD
Probers, catching
Probing, as security problem
Process exclusion list
Processes
access rights of
activities permitted by privileges
adding to exclusion list
audit server
auditing of
auditing system services controlling
connecting restrictions
creating with different UICs
default protection for
disconnected
displaying default protection
displaying process rights identifiers
enabling privileges
interactive mode
logging out of current
modifying the rights list
reconnecting
security profiles of
suspending
UIC identifiers
Project accounts
as protected subsystems
setting up
Prompts, passwords and
Propagating protection,example
Protected attribute
Protectedattribute
Protected attribute
deleting ACEs with
Protected object databases
Protected subsystems
advantages of
applications for
constructing
description of
design requirements
enabling
example
file protection
mounting volumes with
printer protection
Protectedsubsystems
subsystem ACEs
Protected subsystems
system management requirements
user access
Protection
ACL-based
capability
command procedures and
common event flag clusters
deleted data
deleted data
devices
global sections
logical name tables
managing defaults
objects
queues
resource domains
security class
through protected subsystems
UIC-based codes
volumes
Protection checking
evaluating an object access request
exception with zero UICs
influenced by ownership
Protection codes
access specification
access types
assigning during file creation
bypassing with special rights
changing
Protectioncodes
default file protection
Protection codes
definition
Protectioncodes
definition
Protection codes
denying all access
effect of privileges
evaluation sequence
format
granting control access
interaction with ACLs
interpreting
Identifier ACEs and
multiple user categories and
null access specification
priority in access evaluation
processing
queue access rights
reading
restoring file default
security element of an object
sequence of checking categories
user categories
Protocols
autodial/master
Protocols, autodial/nomaster
Proxies
access control
removing
Proxy access
access control
removing
setting up a proxy database for
to applications
Proxyaccess
to nodes
Proxy accounts
Proxyaccounts
as captive accounts
Proxy accounts
as restricted accounts
Proxyaccounts
C2 systems and
Proxy accounts
default
example
Proxyaccounts
example
Proxy accounts
general-access
maximum number allowed
multiple-user
naming
recommended restrictions
selecting from multiple
single-user
Proxy database
setting up
Proxy logins
access control
account
establishing and managing
network applications
Proxylogins
NETPROXY.DAT
Proxy logins
NET$PROXY.DAT
security benefits
PRMCEB privilege
PRMGBL privilege
PRMMBX privilege
PSWAPM privilege
PURGE command, /ERASE qualifier

return to top Q

Queues
access granted by OPER privilege
as protected objects
ACL access rights
events audited
privilege requirements
profile storage
protection code access rights
security elements of
template profiles
types of access

return to top R

Read access
devices
files
global sections
granting through ACLs
granting through protection codes
logical name tables
queues
through ACLs
queues
through protection codes
resource domains
security class
volumes
Recall buffers
Receive passwords
Reconnection to processes
Records displaying holder of a rightsidentifier
Referencemonitors
Reference monitors
applying to networks
Referencemonitors
concept in security
implementation
Reference monitors
requirements on
Remotediagnostics, C2 system requirements
Remote identifiers
Remote logins
logging out
system passwords and
Removing proxy access
Reserved UIC group numbers
Resource attribute
Resource attributes
Resource domains
events audited
privilege requirements
Resourcedomains
profile storage
Resource domains
security elements of
template profile
types of access
Resource identifiers
as file owners
Resource monitoring
disabling
Restricted accounts
READALL privilege
RECALLcommand, /ERASE qualifier
REMOVE/IDENTIFIER command in Authorizeutility
RENAME command
/INHERIT_SECURITY qualifier
RENAME command, /INHERIT_SECURITYqualifier
Restricted accounts
danger of process spawning
Restrictedaccounts
setting up
Restricted accounts
when to use
Rights database
adding identifiers
assigning identifiers to users
creating and maintaining
Rightsdatabase
displaying
Rights database
removing identifiers and holders
Rights databases
adding identifiers
assigning identifiers to users
creating and maintaining
displaying
removing identifiers and holders
Rights lists
access arranged by capability
Rights list, access arranged by capability
RIGHTSLIST.DAT files
auditing
creating and maintaining
RIGHTSLIST.DATfiles
how UICs are stored
Rights of users
displaying
RMS_FILEPROT system parameter
RMS_FILEPROT systemparameter
Routinginitialization passwords

return to top S

Save set (BACKUP), protection of
Screen clearing
Screenclearing
Secondary passwords
advantages
changing
changing expired
disadvantages
entering
login expiration
managing
minimum length
Secure Sockets Layer (SSL)
Secure terminal servers
Secureterminal servers
password protection and
Security
assessing auditing requirements
clusterwide intrusion detection
data protection mechanisms
definition of levels
environmental factors
erasing data on disk
high-water marking
managing auditing
managing default protection and ownership
objects protected by system
operating system model
optimizing file security
performance impact
auditing
Trojan horse programs
Security administrators
checklist for maintaining a secure system
cluster managers and
C2 requirements
goals of
personal accounts
privilege requirements
role of
system passwords and
training users
Security alarms
audit log file
disabling on system consoles
events to enable as
events triggering
example of enabling events
sample messages
Security archive files
losing the remote link to
Security archive files, losing the remotelink to
Security attacks, forms of
Securityattacks, forms of
Security audit event messages
changing disk transfer rate
controlling delivery to server
Securityaudit event messages
delaying delivery at startup
Security audit event messages
when to ignore
Security auditlog files
Securityaudit log files
advantages of
Security audit log files
allocating disk space
changing location
changing message transfer rate
Securityaudit log files
characteristics
Security audit log files
creating
C2 systems and
description
events to report
interactive analysis
maintaining
pre-extending
Securityaudit log files
procedures
Security audit log files
selecting records from
Security audit reports
analyzing suspicious activity
brief format
creating
defining contents of
destination
detailed inspection
examples
formats
full format
rights identifiers in
routine inspections
scheduling
summary format
Security auditing
account and file access
adding ACEs to files
analyzing audit log files
archive files
assessing site requirements
audit listener mailboxes
audit server databases
audit trails
capability objects
cluster considerations
common event flag clusters
controlling event messages
Securityauditing
C2 system restrictions
default auditing events
Security auditing
default characteristics
devices
directories
disabling auditing
disabling events
disabling resource monitoring
effective use
enabling auditing
enabling event classes
enabling events
error handling
excluding processes from suspension
files
global sections
granularity of events
high security needs
logical name tables
low security needs
managing the audit server
memory limitations and
messages
moderate security needs
Securityauditing
moderate security needs
Security auditing
object class enabled
overview
performance impact
queues
reporting object access
reporting object use
resource domains
security class objects
sending event messages to archive files
sending event messages to archive files
sending event messages to mailboxes
sending event messages to operator terminals
synchronizing cluster time
volumes
Security breaches,handling
Security checklists
for C2 systems
for designing a secure system
for maintaining a secure system
for training users
for users
Security class object
definition
events audited
profile storage
template profile
types of access
Security features
access controls
Securityfeatures
access controls
Security features
account duration
auditing
automatic password generation
dialup retries
erase-on-allocate
erase-on-delete
erasure patterns
high-water marking
intrusion detection
Securityfeatures
intrusion detection
Security features
login class restrictions
Securityfeatures
login class restrictions
Security features
password changes
password expiration
password protection
Securityfeatures
password protection
Security features
password requirements
Securityfeatures
password requirements
Security features
password restrictions
passwords
protected subsystems
Securityfeatures
proxy accounts
Security features
proxy logins
secondary passwords
secure terminal servers
Securityfeatures
secure terminal servers
Security features
security alarms
shift restrictions
system passwords
Securitykernel, definition
Security levels
event monitoring and
high
low
medium
Security management
for clusters
managing audit log file
Securitymanagement
modifying cluster group number
Security management
modifying cluster password
policy development
protected objects
cluster-visible
databases
synchronizing authorization data
SYSMAN requirements
Security models
Security operator terminals
Security problems
anonymity of network and dialup users
autologin accounts, reducing
Securityproblems
categories of
SECSRV$CLIENT,reserved identifier
SECSRV$COMMUNICATION, reserved identifier
SECSRV$OBJECT, reserved identifier
SECURITY privilege
hidden ACEs and
SECURITY.AUDIT$JOURNAL files
SECURITY_POLICY system parameter
SET AUDITcommand
alarms
SETAUDIT command
enabling security-relevant events
opening new log files
SET AUDIT command
suggested auditing applications
/EXCLUDE qualifier
/INTERVAL qualifier
/LISTENER qualifier
/SERVER qualifier
/THRESHOLD qualifier
SET FILE command,/ERASE qualifier
SETHOST command
Security problems
disk scavenging
hardcopy terminal output
logging out
network access control strings
password detection
telephone system as
Security profiles
assigning to new devices
capability object
common event flag clusters
devices
displaying class defaults
files
global sections
in access evaluations
logical name tables
modification requirements
objects
ACLs
changing
contents
deleting ACLs
displaying
modifying class templates
origin of
owner element
protection codes
Securityprofiles
objects
protection codes
Security profiles
processes
displaying
identifiers
privileges
UICs
queues
resource domains
security class
users
displaying
identifiers
privileges
UICs
volumes
Security restrictions
captive command procedures
login class
on command usage
Securityrestrictions
on mode of operation
Security restrictions
shifts
time-of-day
SETHOST/DTE command, using over the network
SET PASSWORD command
automatic password generation
/GENERATE qualifier
/SECONDARY qualifier
Security Server process
Security, clusterwide intrusion detection
Security-auditingACEs
position in ACL
Security-auditing events
based on security needs
Security-auditingevents
classes of
Security-auditing events
default classes
Security-auditingevents
default classes
disabling all classes
Security-auditing events
displaying
Security-auditingevents
enabling all classes
Security-auditing events
enabling as alarms
enabling as audits
example
network
reporting
sending to audit log files
sending to listener mailboxes
sending to operator terminals
sending to remote archive files
suppressing privilege audits
suppressing process control audits
system services for
Servers
audit
secure terminals
security
Set-Up key
SET PASSWORD command
/SYSTEM qualifier
/SYSTEM/GENERATE qualifier
SET PROCESS command, /PRIVILEGES qualifier
SET PROTECTION/DEFAULT command
SET SECURITY command
changing object security profile
changing protection codes
copying ACLs
creating an ACL
SET SECURITYcommand
deleting ACEs
SET SECURITY command
example
managing site defaults
restoring defaults for files
setting default file protection
/ACL qualifier
adding Identifier ACEs
SET SECURITYcommand
/ACL qualifier
deleting
SET SECURITY command
/ACL qualifier
deleting ACEs
example
replacing ACEs
SETSECURITY command
/AFTER qualifier
SET SECURITY command
/CLASS qualifier
/CLASS=DEVICE qualifier
/COPY_ATTRIBUTE qualifier
/DEFAULT qualifier
/DELETE qualifier
/LIKE qualifier
SET SECURITYcommand
/OWNER qualifier
/PROTECTION qualifier
SETSECURITY command
/PROTECTION qualifier
SET SECURITYcommand
/PROTECTION qualifier
modifying codes
SET SECURITY command
/PROTECTION qualifier
modifying for devices
/REPLACE qualifier
SET SERVER ACME command
SET TERMINAL command
stopping password grabbers
using over the network
/DISCONNECT qualifier
/HANGUP qualifier
/NOMODEM/SECURE qualifier
SETTERMINAL command
/SECURE qualifier
SET TERMINAL command
/SYSPWD qualifier
SET VOLUME command
/ERASE_ON_DELETE qualifier
/NOHIGHWATER_MARKING qualifier
/PROTECTION qualifier
SET VOLUME command, /ERASE_ON_DELETEqualifier
SETPRV privilege
Shareable devices, access requirements
Shared files, considerationsfor a cluster system
Shift restrictions
SHARE privilege
SHMEM privilege
SHOW AUDIT command
SHOWINTRUSION command
SHOW PROCESS command
and WORLD privilege
SHOW PROTECTION command
SHOW SECURITYcommand
SHOW SECURITY command
displaying security profiles of objects
displaying site defaults
displaying the object's class
SHOW USERS command, disconnected jobsand
SHOW/IDENTIFIER command in Authorize utility
SHOW/IDENTIFIERcommand in Authorize utility
SHOW/RIGHTS command in Authorize utility
Sign-on, single
Single sign-on
Site security
Social engineering as security problem
SOGW user category abbreviation
Spawning processes, security implicationsin restricted accounts
Spooled devices, access requirements
SSL
STARTNET.COM command procedure
STARTUP_P1system parameter
Subjects in security models
Submit access
Subprocesses
analyzing audit messages
increase in auditing events
Subsystem attribute
Subsystem ACEs
SubsystemACEs
format
Surveillanceguidelines
SYSALF,ALF (automatic login facility) file
SYSECURITY.COM command procedure
SYSGBL privilege
SYSLCK privilege
SYSNAM privilege
SYSNAMprivilege
SYSNAM privilege
modifying system operations
overriding access controls
queue management
SYSPRV privilege
giving rights of system user
tasks requiring
SYSTARTUP_VMS.COMcommand procedure
SYSUAFs (system user authorization files)
marking for external authentication
SYSUAF.DAT files
account expiration
auditing modifications to
LOCKPWD flag
login class restrictions
modifications and security audit
normal protection
SYSUAF.DATfiles
password storage
Synchronization, password
System failures
disposing of hardcopy output
System failures, disposing of hardcopyoutput
System files
Alpha default protection
adding ACLs
auditing recommendations
Systemfiles
benefiting from ACLs
System files
default protection
protecting
protection codes and ownership
recommended
required
System Generation utility (SYSGEN),auditing parameter modifications
System managers
assessing auditing requirements
System Management utility (SYSMAN)
managing clusters
modifying cluster security data
modifying LGI parameters
System parameters
auditing modification of
controlling disconnected processes
defining system users (security category)
required C2 settings
System passwords
causing login failures
disadvantages
Systempasswords
entering
System passwords
guidelines
minimum length requirement
modifying
recommended change frequency
setting up
where stored
System services, auditing event information
System users (security category)
defining with MAXSYSGROUP parameter
qualifications for
Systems
controlling access to
controlling use of
SYSUAF.DAT files
privileges and
privileges and
recording privileges
synchronization with rights database
SYS$ACM system service
SYS$ANNOUNCE logical name
SYS$NODE logical name
SYS$PASSWORD_HISTORY_LIFETIME
SYS$PASSWORD_HISTORY_LIMIT
SYS$SINGLE_SIGNON logical name
SYS$SINGLE_SIGNONlogical name bits
SYS$WELCOME logical name
subsystemACEs

return to top T

Tampering with system files, detecting
Tapes
default security elements
managing security profiles
TASK objects
TCB (trusted computing base)
file protection
hardware
privileges and
software
software not included
Template devices, security elementsof
Terminal emulator
Terminal emulators
Terminal lines
Terminals
breaking dialup connection
clearing DECwindows screen
clearing the screen
controlling access
C2 system restrictions
default security elements
dialup login
failing to respond
hardcopy
disposing of output
hardcopy, disposing of output
limiting access
lines for modems, security of
logout considerations
modifying security profiles
port
requiring a system password
security alarms and
session logging
system password
requirement for
system password, requirement for
usage restrictions
user, in C2 systems
virtual
Time
auditing changes to system time
synchronizing cluster time
Time-of-day login restrictions
Time-stamps
synchronizing in cluster
Time-stamp, synchronizing incluster
TMPMBX privilege
Training
for users, importance to security
Training of users, importanceto security
Trojan horse programs
TTY_DEFCHAR2 system parameter
disabling virtual terminals
enabling system passwords for remote logins
TTY_TIMEOUT system parameter, settingreconnection time

return to top U

UAFs(user authorization files)
UAFs (user authorization files)
auditing modifications to
enabling auditing through
UAFs(user authorization files)
enabling auditing through
UAFs (user authorization files)
LOCKPWD flag
login class restrictions
modifications and security audit
MODIFY user/FLAG=AUDIT
normal protection
password storage
performance impact of enabling auditing
privileges and
privileges and
record of last login
recording privileges
synchronization with rights database
UICgroups
design limitations
UIC groups
designing
impact on user privileges
UIC identifiers
deleting when employee leaves
example
UICidentifiers
example
UICs (user identification codes)
UICs (user identificationcodes)
adding to rights database
UICs (user identification codes)
alphanumeric
changing an object's
UICs (user identificationcodes)
C2 systems and
UICs (user identification codes)
format
group restrictions
guidelines for creating
numeric
object access evaluations and
process
storage of
UICs (useridentification codes)
uniqueness requirement for clustered systems
UICs (user identification codes)
zero
Unshareable devices, access requirements
UPGRADE privilege
Use access
User accounts
security considerations
User authorization
account expiration
login class restrictions
privilege use
shift restrictions
User irresponsibility
as security problem
training as antidote
User name mapping
User names
as identifiers
as identifiers
User names as identifiers
User penetration as securityproblem
User probing as security problem
User training
Users
access through ACEs
C2 systems and
displaying process rights identifiers
displaying rights
file security and
granting privileges
introduction to system
protection code categories
requesting access
security categories of
security profiles of
setting default object protection
training
trusted
untrusted
User-written systemservices
replacing with protected subsystems

return to top V

Verification using two passwords
Virtual terminals
disabling
disconnected processes and
logging out of
Virtualterminals
LOCAL device
Viruses
VMS ACME agent
VMS$OBJECTS.DAT file
Volatile databases
network
Volatile database, network
Volumes
access requirements
as protected objects
auditing mounts or dismounts
erasing data
events audited
foreign
access requirements
privilege requirements
profile storage
protection
reusing in C2 systems
security elements of
template profile
types of access
VOLPRO privilege
VT100-series terminals
clearing screen
VT100-series terminals, clearing screen
VT200-series terminals
clearing screen
VT200-series terminals, clearing screen

return to top W

Weekday login restrictions
Welcome messages
security disadvantages
Wildcard characters
in ADD/IDENTIFIER command
in SHOW/RIGHTS command
Work restrictions
Workstations
clearing screen
default security elements
World users (security category)
WORLD privilege
impact on SHOW PROCESS command
Write access
devices
files
files
global sections
granting through ACLs
granting through protection codes
logical name tables
resource domains
security class
volumes

return to top Z

Zero UICs, protection checking and

return to top Symbols

$AUDIT_EVENT system service, reportingsecurity-relevant events
$CHECK_ACCESSsystem service, security auditing and
$CHECK_PRIVILEGE system service, reportingprivilege use
$CHKPRO system service
role in access control
security auditing and
/ACCESS qualifier in Authorize utility
/CLITABLES qualifier
/EXPIRATIONqualifier
/FLAGS=CAPTIVE qualifier
/FLAGS=DISIMAGE qualifier
/FLAGS=DISMAIL qualifier
/FLAGS=DISNEWMAIL qualifier
/FLAGS=DISPWDDIC qualifier
/FLAGS=DISPWDHIS qualifier
/FLAGS=DISRECONNECT qualifier
/FLAGS=DISREPORT qualifier
/FLAGS=DISUSERqualifier
/FLAGS=DISWELCOMEqualifier
/FLAGS=GENPWD qualifier
/FLAGS=GENPWDqualifier
/FLAGS=LOCKPWD qualifier
/FLAGS=PWD_EXPIRED qualifier
/FLAGS=RESTRICTED qualifier
/LGICMD qualifier and captive accounts
/LOCAL_PASSWORD qualifier
/PRCLM qualifier in AUTHORIZE
/PRIMEDAYS qualifier, example
/PWDLIFETIME qualifier
/PWDMINIMUM qualifier

return to top