HP OpenVMS for Integrity Servers Versions 8.2-1 and 8.2, and HP OpenVMS Alpha Version 8.2 (15320)

ManualsBrandsHP ManualsSoftwareHP OpenVMS I64 v8.3 Software

HP OpenVMS for Integrity Servers Versions 8.2-1 and 8.2, and HP OpenVMS Alpha Version 8.2 SPD 82.35.08

Operations

OpenVMS allows for varying levels of privilege to be

assigned to different operators. Operators can use

the OpenVMS Help Message utility to receive online

descriptions of error messages. In addition, system-

generated messages can be routed to different terminals

based on their interest to the console operators, tape li-

brarians, security administrators, and system managers.

Security auditing is provided for the selective recording

of security-related events. This auditing information can

be directed to security operator terminals (alarms) or

to the system security audit log ﬁle (audits). Each au-

dit record contains the date and time of the event, the

identity of the associated user process, and additional

information speciﬁc to each event.

OpenVMS provides security auditing for the following

events:

• Login and logout

• Login failures and break-in attempts

• Object creation, access, deaccess, and deletion; se-

lectable by use of privilege, type of access, and on

individual objects

• Authorization database changes

• Network logical link connections for DECnet for

OpenVMS, DECnet-Plus, DECwindows, IPC, and

SYSMAN

• Use of identiﬁers or privileges

• Installed image additions, deletions, and replace-

ments

• Volume mounts and dismounts

• Use of the Network Control Program (NCP) utility

• Use or failed use of individual privileges

• Use of individual process control system services

• System parameter changes

• System time changes and recalibrations

Every security-relevant system object is labeled with the

UIC of its owner along with a simple protection mask.

The owner UIC consists of two ﬁelds: the user ﬁeld

and a group ﬁeld. System objects also have a protec-

tion mask that allows read, write, execute, and delete

access to the object’s owner, group, privileged system

users, and to all other users. The system manager can

protect system objects with access control lists (ACLs)

that allow access to be granted or denied to a list of in-

dividual users, groups, or identiﬁers. ACLs can also be

used to audit access attempts to critical system objects.

OpenVMS applies full protection to the following system

objects:

• Common event ﬂag clusters

• Devices

• Files

• Group global sections

• Logical name tables

• Batch/print queues

• Resource domains

• Security classes

• System global sections

• ODS-2 volumes

• ODS-5 volumes

OpenVMS provides optional security solutions to protect

your information and communications:

• Secure Sockets Library (SSL for OpenVMS)

• Common Data Security Architecture (CDSA)

• Kerberos

• Per-Thread Security Proﬁles

• External Authentication

Note: Users who are externally authenticated by their

LAN Manager need only remember a single user

name/password combination to gain access to their

OpenVMS and LAN Manager accounts.

Government Security Ratings

OpenVMS is committed to consistently delivering a se-

cure base operating system, and has been evaluated

and certiﬁed to be compliant with the DoD 5200.28-STD

Department of Defense Trusted Computer System Eval-

uation Criteria. Each release of OpenVMS sucessfully

completes the same test suite used to prove C2 compli-

ance to the National Computer Security Center before

it is released.

Note: Because no system can provide complete se-

curity, HP cannot guarantee complete system security.

However, HP continues to enhance the security capabil-

ities of its products. Customers are strongly advised to

follow all industry-recognized security practices. Open-

VMS recommended procedures are included in the HP

OpenVMS Guide to System Security.