Technical data
Security Considerations
12.3 Using Intrusion Detection Mechanisms
Displaying the Intrusion Database
The Security Server process, which is created as part of normal operating system
startup, performs the following tasks:
• Creates and manages the system’s intrusion database
• Maintains the network proxy database file (NET$PROXY.DAT)
The intrusion database keeps track of failed login attempts. This information is
scanned during process login to determine if the system should take restrictive
measures to prevent access to the system by a suspected intruder.
Use the DCL command SHOW INTRUSION to display the contents of the
intrusion database. Use the DCL command DELETE/INTRUSION_RECORD
to remove entries from the intrusion database.
The network proxy database file (NET$PROXY.DAT) is used during network
connection processing to determine if a specific remote user may access a local
account without using a password. The information contained in this database is
managed by the Authorize utility.
The following example shows the expanded expiration time field in the new
SHOW INTRUSION output.
$ SHOW INTRUSION
Intrusion Type Count Expiration Source
NETWORK SUSPECT 1 21-MAY-2000 12:41:01.07 DEC:.ZKO.TIDY::SYSTEM
12.4 Understanding Ways to Protect Objects
The OpenVMS operating system offers two primary protection mechanisms. The
first, UIC-based protection, is based on the user identification code (UIC) and
is applied to all protected objects.
The second protection mechanism uses access control lists (ACLs), which
employ a more refined level of protection than that available with UIC-based
protection. ACLs can be used to grant or deny access to individual users or
groups of users.
12.4.1 Interpreting a User Identification Code
Your user identification code (UIC) tells what group you belong to and what your
unique identification is within that group.
The Authorize utility assigns each user process in the system a unique UIC in
the user authorization file (UAF). Each object on the system is also associated
with a UIC (typically the UIC of its creator).
A UIC consists of two parts, group and member, specified in the following format:
[group,member]
A UIC can be either numeric or alphanumeric. A numeric UIC consists of a group
number in the range 0 through 37776 (octal) and a member number in the range
0 through 177776 (octal). Compaq reserves group 1 and groups 300–377.
12.4.2 Understanding Protection Codes
A protection code controls the type of access allowed (or denied) to a particular
user or group of users. It has the following format:
[user category: list of access allowed (, user category: list of access allowed,...)]
Security Considerations 12–7