Technical data

ManualsBrandsCompaq ManualsPrinterLA36

461

462

463

464

465

466

467

468

469

470

Security Considerations

12.1 Understanding Security Management

software plans, and computer time. These measures can also protect equipment,

software, and ﬁles from damage caused by tampering.

Types of Security Problems

Security problems on most systems are generally caused by irresponsibility,

probing, or penetration. The tolerance that your site might have to a breach of

security depends on the type of work that takes place at your site.

Environmental Considerations

A secure system environment is a key to system security. Compaq strongly

encourages you to stress environmental considerations when reviewing site

security.

Operating System Protections

In the OpenVMS operating system, managing system security is concerned with

three major areas:

• Controlling access to the system; for example, interactively, through batch

processing jobs, or over the network

• Controlling access to information and resources that are kept on the system;

for example, ﬁles, application programs, or system utilities

• Managing the auditing system so security-relevant events are logged, the log

ﬁle is reviewed on a regular basis, and the log is kept to a reasonable size

The following sections describe measures to control access to your system and its

resources.

12.2 Managing Passwords

A site needing average security protection always requires the use of passwords.

Sites with more security needs frequently require generated passwords and

system passwords. Highly secure sites sometimes choose to use secondary

passwords to control network access.

For information about external authentication (also known as single sign-on),

refer to the Authorize section in the OpenVMS System Management Utilities

Reference Manual and the Managing System Access section in the OpenVMS

Guide to System Security.

12.2.1 Initial Passwords

When you open an account for a new user with the Authorize utility, you must

give the user a user name and an initial password. When you assign temporary

initial passwords, observe all guidelines recommended in Section 12.2.5. You

should consider using the automatic password generator. Avoid any obvious

pattern when assigning passwords.

Using the Automatic Password Generator

To use the automatic password generator while using the Authorize utility to open

an account, add the /GENERATE_PASSWORD qualiﬁer to either the ADD or the

COPY command. The system responds by offering you a list of automatically

generated password choices. Select one of these passwords, and continue setting

up the account.

12–2 Security Considerations