HP OpenVMS Systems

ask the wizard
Content starts here

OpenVMS System Security?

» close window

The Question is:

I know this might be a little silly, because I can't remember the last time
 that  there was a "potemtial", or real Intrusion to my
system ( I run Audits bimonthly: analyze/audit), but is there a
Viral Detection product from Digital/Compasq that could be
installed on my Alpha, if management won't take my
analysis seriously that the Alpha isn't threatened?
Thanks for any reply.
Anne Pemberton
Systems Manager
Host Operations, NASA Hq.
Washington, D.C.

The Answer is :

  While it is technically possible to launch a targeted attack against
  particular users or against most any operating system platform or
  network, the OpenVMS Wizard is unaware of any wide-spread instance
  of a virus attack launched against OpenVMS.  Network and DCL-based
  (virus-like) worms have very occasionally been seen, as have the
  occasional and isolated Trojan Horse.
  The typical PC anti-virus packages are based on comparing signatures
  from known attacks, and the lack of active virii for OpenVMS makes
  this approach (obviously) relatively difficult.  Because of this,
  sites that are concerned about modification to OpenVMS images can
  choose to run one of the products that takes cryptographic checksums
  of key images, and compares the checksums to their proper values.
  Similar results can be achieved by making a CD-ROM copy of critical
  files and using the OpenVMS DIFFERENCES command on a periodic basis.
  A significant difference between a secure multi-user operating
  system and a personal computer involves the level of system access
  available to individual users -- the personal computer user often
  has full access rights to change the system, load software from
  questionable sources, activate VBS applications, and otherwise
  mismanage the security.  On a secure multi-user operating system,
  there is more typically a trained system manager -- someone who
  knows to beware of such pitfalls.  The individual users of a
  well-run multi-user system do not generally have the privilege(s)
  needed to make changes to the system -- no matter how ill- or
  well-intentioned these changes might be -- that will affect the
  programs run by others.
  For a perpetrator to launch an effective Trojan Horse attack
  (where a program has unpublicized adverse side effects) against
  an entire OpenVMS system, the perpetrator would have to trick
  the system manager into loading and running the Trojan Horse
  program.  Other than that, an individual user of the system can
  only jepardize those programs and data files over which they have
  control access.
  DECnet network worms are generally defeated through the use of
  default network configuration settings.  (OpenVMS is very careful
  about what code is executed -- directly by the local network
  software or by the local user -- on behalf of a remote user.)
  Local worms are defeated via UIC-based protection masks and ACLs
  on files and objects.
  Over ten years ago, OpenVMS Development assembled an experimental
  Trojan Horse attack against an application, for demonstration at
  a DECUS Conference in Las Vegas.  The purpose of that was to
  demonstrate the Mandatory Access Control defenses in the SEVMS
  (Security Enhanced OpenVMS) offering, and how they prevent such
  attacks.   If you want to run in an OpenVMS environment with
  Mandatory Access Controls, you should consider SEVMS, which has
  been evaluated at NCSC level B1 (as contrasted with Class C2 for
  ordinary OpenVMS).  Be aware, however, that to operate in a Class
  B1 environment does require greater system management effort.
  The result of this situation has been that OpenVMS has provided
  a relatively unattractive target for virus authors.

answer written or last revised on ( 23-MAY-2000 )

» close window