Technical data
Security Considerations
12.2 Managing Passwords
12.2.5 Guidelines for Protecting Passwords
Observe the following guidelines to protect passwords:
• Make certain the password for the SYSTEM account, which is a standard
account on all OpenVMS systems, is secure and is changed regularly.
• Disable any accounts that are not used regularly with the AUTHORIZE
qualifier /FLAGS=DISUSER (for example, SYSTEST and FIELD).
• Do not permit an outside or an in-house service organization to choose the
password for an account they use to service your system. Such service groups
tend to use the same password on all systems, and their accounts are usually
privileged. On seldom-used accounts, set the AUTHORIZE flag DISUSER,
and enable the account only when it is needed. You can also change the
password immediately after each use and notify the service group of the new
password.
• Set appropriate account expiration dates, especially when you know a user
has only short-term requirements for an account.
• Delete accounts no longer in use.
• If you have an account on a system that stores passwords in plaintext
(unencrypted), choose a different password on all of your accounts on other
machines. Passwords should not even be shared between machines that
encrypt the password. A compromised machine can be used to read plaintext
on its way into the machine, thereby gaining access to the other machine.
• Do not leave listings of operator logs, accounting logs, or audit logs where
they could be read or stolen.
• Maintain adequate protection of authorization files. Note that the system
user authorization file (SYSUAF.DAT) and network proxy authorization file
(NETPROXY.DAT) are owned by the system account ([SYSTEM]). There
should be no other users in this group. Accordingly, the categories SYSTEM,
OWNER, and GROUP are synonymous. Normally the default UIC-based file
protection for these authorization files is adequate.
The following actions are not strictly for password protection, but they reduce the
potential of password detection or limit the extent of the damage if passwords are
discovered or bypassed:
• Avoid giving multiple users access to the same account.
• Separate users into distinct user groups.
• Protect telephone numbers for dialup lines connected to your system.
• Make all accounts that do not require a password captive accounts.
• Extend privileges to users carefully.
• Ensure that the files containing components of the operating system are
adequately protected.
Security Considerations 12–5