Logging out of a session conserves system resources
and protects your files. Leaving a terminal on line represents one
of the greatest sources of inside intrusions. When you leave your
terminal on line and your office open, you have effectively given
away your password and your privileges and have left your files and
those of the other members of your group unprotected. Any user can
easily and quickly transfer all files accessible through your account.
A malicious insider could rename and delete your files and any other
files to which you have write access. If you have special privileges,
especially privileges in the Files or All category, a malicious user
can do major damage.
Log out when you leave your office even for a
brief period of time. If you have performed remote logins, you must
log out of each node. The following sections describe security considerations
for logging out of specific types of terminals or sessions.
Clearing Your Terminal Screen |
 |
You may want to clear your screen each time you
log out from a terminal to ensure that your user name, node name,
and operating system are not revealed to anyone else. If you are logging
out after a remote login, the name of the node to which you return
(the local node) is also revealed. If you access multiple accounts
remotely (over the network), the final sequence of logout commands
reveals all the nodes and user names that are accessible to you on
each node (excluding the name of the furthest node reached). To those
who can recognize the operating system from the prompt or a logout
message, these displays also reveal the operating system.
At some sites, it may be important to leave nothing
but the logout message on your screen, as follows:
If you are using a VT200-
or later series terminal, you can clear the screen by pressing the
Set-Up key and selecting the item from the resulting menu that corresponds
to the DECwindows Clear Display menu option on the Commands menu.
If you are using a VT100-series
terminal, press the Set-Up key. Then press the key marked for reset
(the 0 key) followed by the Return key.
Alternatively, to preserve temporary parameters, press the Set-Up
key, and then press the key marked 80/132 columns (the 9 key) twice.
After the screen clears, the cursor is positioned
at the top of the screen, next to the DCL prompt. Enter the DCL command
LOGOUT at the prompt. The only information remaining after you log
out is your logout command and the logout completion message, for
example:
$ LOGOUT
RDOGWOOD logged out at 14-AUG-2008 19:39:01.43
|
Disposing of Hardcopy Output |
|
After you log out from a hardcopy terminal, properly
remove, file, or dispose of all hardcopy output that might reveal
sensitive information. Your security administrator should provide
direction on preferred procedures. Many sites use paper shredders
or locked receptacles for this purpose. Handle output that you plan
to save just as carefully.
You should also dispose of hardcopy output if
the system fails before you log out. In addition, if you will not
be present when the system is initialized, turn your terminal off.
Removing Disconnected Processes |
|
The system automatically removes your disconnected
processes after a certain interval. You can conserve system resources,
however, if you directly log out of any disconnected processes, as
follows:
Enter the DCL command
SHOW USERS to determine if you have other disconnected jobs.
Enter the DCL command
CONNECT/LOGOUT to log out of the current process. Connect back through
each of the associated virtual terminals (as noted by the terminal
prefix of VTA) until you reach the last existing process.
Enter the DCL command
LOGOUT.
Turning Off a Terminal |
|
If your site has moderate or high security requirements,
your security administrator may ask you to turn off your terminal
after logging out. This resets terminal characteristics and clears
memory buffers. Some Trojan horse attacks use hardware frame buffers
and the answerback capabilities that are built into newer terminals.
