HP OpenVMS Systems

ask the wizard
Content starts here

OpenVMS System and Network Security?

» close window

The Question is:

Limited access via ftp
We supply an administration systems for mobile telephone networks. Within the
 networks there may be several different platforms that are required to talk to
 each other. Included amongst these platforms there may be systems that are run
 by our competitors.
 If at all possible we would like to provide these other platforms with FTP
 access to a single directory (read and write)and effectively disable the cd
 (or set def) command. So far we have tried
setting directory permissions and ACL but to no avail. Do you know how we can
 achieve this.

The Answer is :

  The OpenVMS Wizard recommends first determining your critical data,
  then designing a security model (ACLs, protection masks, etc) that
  will protect it.
  Though you indicate that your have tried ACLs, you do not indicate
  what ACLs were tried, nor what problems were seen.  The OpenVMS
  Wizard would typically use the broadest of ACLs and protections
  possible at the first and highest level (eg: device ACLs), then
  working downward to more specific granularities (eg: file ACLs).
  The same holds for the sequence of ACEs within ACLs, start with
  the broad permissions and broad denials at the top of the ACL,
  then followed by ACEs in the ACL that provide specific permissions
  and denials.
  SET DEFAULT is not a security-relevent event, is not audited, and
  is not part of the OpenVMS security model.  The only way to prevent
  use of the SET DEFAULT command is to maintain the user as captive.
  Use of security-relevent events and security features is strongly
  recommended here, rather than attempting to use obscurity -- use
  of SET DEFAULT and then DIRECTORY is no different than directly
  issuing a DIRECTORY command (from another default device and
  directory) on the target device and directory.
  The OpenVMS Wizard will make a few general recommendations in the
  area of security and security management:
    o determine what data is truely valuable, and protect that.
    o determine what will allow access to your data, and protect that.
    o don't neglect human factors and human engineering:
      - security must be easy to use, or it will be bypassed
      - many security breaches are "inside jobs"
      - many security violations are "inside jobs"
    o beware network connects, tunnels, and firewalls
      - avoid allowing trusted network tunnels from untrusted hosts
      - firewalls must operate bidirectional
      - use multiple (different) firewalls
      - include (silent) network activity monitors
    o use skilled staff knowledgeable in OpenVMS security
      - use this staff to try to bypass your own security
      - keep this staff current on security vulnerabilities
    o use automatic analysis tools to monitor activity
      - monitor for (unusual) network activity
      - monitor for (unusual) system activity
      - monitor for (unusual) user activity
    o partition your data
      - avoid allowing all users access to all data
      - keep the closest track of your critical data
    o disable and avoid tools containing built-in scripting languages
      - avoid SMTP mailers with debug enabled
      - avoid integrated word processing tools
      - avoid any mail system that permits transfering executable
        code, as somebody is going to accidently activate it.
    o use operating system security features
      - auditing and alarms
      - ACLs
      - subsystem identifiers on images
      - user identifiers
      - educate users on reasonable passwords
  Please read the Guide to System Security for an overview of OpenVMS
  security features, as well as for information on how to configure and
  operate OpenVMS in an NCSC Class C2 environment.
  Various service and contracting organizations are available that
  can help educate you in system and network security.
  Also see topics 4282, 4481, 4612, 4653.

answer written or last revised on ( 10-AUG-2000 )

» close window