[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | VAX and Alpha VMS |
| Notice: | This is a new VMSnotes, please read note 2.1 |
| Moderator: | VAXAXP::BERNARDO |
|
| Created: | Wed Jan 22 1997 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 703 |
| Total number of notes: | 3722 |
580.0. "Security in minimal system boot mode ?" by DECPRG::AMBLER (ambler) Mon May 12 1997 09:58
Hello,
one of our customers, a large bank with more than 120 remote branches, is
migrating from VAX to Alpha. One of his concerns is about a potential
security problem on a future branch AlphaServer doing the standalone system
backup. While on VAX there was just the standalone backup with a very
limited backup features, now with Alpha the operator or anyone on the
console can do several things with the minimal system ($$$ prompt), for
instance copy, read or even modify important data, and that without any
mandatory audit processing. I would like to ask if there is any discussion
or recommendations about this topics or if somebody has a customer with
similar environments/problems/concerns. I have some ideas how to solv this,
like to create a special boot CD with modified DCL tables, or alternate
system root with Audit Server startup and alternate journal file on a
separate disk, but I wonder if anybody proposed any solution that works already.
Martin Ambler
OVMS support
DIGITAL Prague
| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 580.1 | Keep Console Log | XDELTA::HOFFMAN | Steve, OpenVMS Engineering | Mon May 12 1997 11:02 | 8 |
|
Keep the boot disks locked up, and set a console password, and use
a hardcopy or VCC console with a seperately-protected logfile on
the console.
Anything you can do with the customized CD-ROM, I can very likely
bypass, either directly or with another US$15 bootable CD-ROM disk.
|
| 580.2 | Surveillance | EVMS::KILGALLEN | ZK0 4x13, DTN 381-2879 | Mon May 12 1997 12:27 | 15 |
| The only effective security technique against a skilled person with
physical access to a system is surveillance external to the system.
Sites should certainly _never_ get themselves into the position where
there is only one person on duty. They should avoid situations with a
significant difference in skill levels between the most skilled person
on duty and the second most skilled person on duty. (Beware of skills
you don't know about.)
Video cameras feeding a physically controlled recorder could help also,
not to monitor keystrokes but to ensure that the other rules pertaining
to not allowing unaccompanied access are being followed.
But remember this is only Auditing. It can only act as a deterrent,
having no power against someone who does not mind being detected.
|