Specifications
OpenVMS Operating System for Alpha and VAX (Versions 7.1, 7.1–1H1, 7.1–1H2, and 7.1–2) SPD 41.87.06
OpenVMS provides a password dictionary filter that
screens password choices for common words, and a
user password history filter that prevents users from
reusing passwords that they have used within the past
year. In addition to these built-in filters, a site can design
and install its own filter to screen passwords according
to a site-specific password policy.
The system password hash algorithm can also be re-
placed with a private algorithm for those sites that have
contractual obligations to use specific public or private
password encryption algorithms. The system manager
can enable this feature on a per-user, per-password ba-
sis.
Login security includes break-in detection, which dis-
ables terminals when password guessing is detected.
Users retain a secure login path, which can thwart Tro-
jan horse attacks against local terminals. Additionally,
the system manager can associate a system password
with dial-in terminal lines to prevent the display of any
operating system-specific identification that might yield
clues to possible attack methods. When a user logs in,
the system displays a message stating when the last
login for the account occurred and the number of failed
attempts since the last successful login.
Every security-relevant system object is labeled with the
UIC of its owner along with a simple protection mask.
The owner UIC consists of two fields, the user field and a
group field. System objects also have a protection mask
that allows read, write, execute, and delete access to
the object’s owner, group, privileged system users, and
to all other users. The system manager can protect sys-
tem objects with access control lists (ACLs) that allow
access to be granted or denied to a list of individual
users, groups, or identifiers. ACLs can also be used to
audit access attempts to critical system objects.
OpenVMS applies full protection to the following system
objects:
• Capabilities (VAX only)
• Common event flag clusters
• Devices
• Files
• Group global sections
• Logical name tables
• Batch/print queues
• Resource domains
• Security classes
• System global sections
• Volumes (ODS-2)
• Spiralog volumes
OpenVMS provides security attribute defaults in the
form of security profile templates. These templates are
referenced whenever a new object is created and pro-
vide a means of associating default security information
with each system object class, except for files. Protec-
tion information for files is inherited from the previous
version of an existing file, the parent directory, or the
default protection of the creating process.
Data scavenging protection can be enabled in the form
of high-water marking and erase-on-delete attributes.
These attributes ensure that the contents of a file can-
not be read after the file has been deleted. The system
manager can enforce file erasure on a per-volume basis.
The system manager can also replace the disk erasure
pattern with a private pattern for those sites that have
contractual obligations to use a specific pattern.
Security auditing is provided for the selective recording
of security-related events. This auditing information can
be directed to security operator terminals (alarms) or
to the system security audit log file (audits). Each au-
dit record contains the date and time of the event, the
identity of the associated user process, and additional
information specific to each event.
OpenVMS provides security auditing for the following
events:
• Login and logout
• Login failures and break-in attempts
• Object creation, access, deaccess, and deletion; se-
lectable by use of privilege, type of access, and on
individual objects
• Authorization database changes
• Network logical link connections for DECnet for
OpenVMS, DECnet-Plus, DECwindows, IPC, and
SYSMAN
• Use of identifiers as privileges
• Installed image additions, deletions, and replace-
ments
• Volume mounts and dismounts
• Use of the Network Control Program (NCP) utility
• Use or failed use of individual privileges
• Use of individual process control system services
• System parameter changes
• System time changes and recalibrations
Note: Because no system can provide complete secu-
rity, Compaq cannot guarantee complete system secu-
rity. However, Compaq continually strives to enhance
the security capabilities of its products. Customers are
strongly advised to follow all industry-recognized secu-
rity practices.
8