Conference koolit::vms_curriculum

    	A draft of the nineth Sysnet III chapter entitled:
    
    		 Maintaining System Security
    
    		is available for review in:
    
    		SUPER::ES$REVIEW:[SYSNET_III]SYSNETIII_CHAP9.ps
    
    			Bonnie

	SYSNETIII-MAINTAINING SYSTEM SECURITY
	Chapter 9

Page 1-8a.	What does it mean under RESOURCE when it states "Allows
		holders of the identifier to charge disk space"?

Page 1-10a.	How does one know ADMIN is an identifier already created?

Page 1-10	The table 1-5 that is mentioned has nothing to do with
		rights list.  That table is the audit event classes.

Page 1-12	On the instructor's page please put in a comment as to the
		why and how you can assign a different value for an
		identifier.  (UAF>ADD/IDENTIFIER function makes reference
		to this.)

		Under the RENAME function. Does that paragraph mean in all
		file headers that contain that identifier?


Page 1-16	Typo REMOTE should have  a hexadecimal value of %X80000006

Page 1-18	In the instructor's page please show how to remove a
		protected ACE.

		HIDDEN option makes reference to "the application that
		added it." What does this really mean?

Page 1-22a	Move the /[NO]RECOVER[=filespec] up about 5 lines so it
		is opposite the definition.

Page 1-22	The last bullet makes reference to Figure 1-1 the ACL
		editor keypad layout. Where is it?

Page 1-25	I don't understand the first bullet. When was the /ACL
		qualifier used that is being referenced?
		Also the last bullet. "THIS qualifier cannot be used with
		the /EDIT qualifier." What are you really saying?
 		What is THIS?

Page 1-34	You mention that if NETPROXY.DAT doesn't exist it must
		be created. Please show the customer how to create it.

Page 1-39a	Typo at the fourth bullet "to prevent t loss"

Page 1-53	I very much like the list of passwords but my question
		is how to I do these things? What commands do I have to
		use to set up and then use the different types of passwords?

Page 1-54	Add notes on the instructor's page as to the how and why of 
		this page.

Overall comment - I really liked this chapter.  You might consider
	putting in the additional topics of secondary passwords, system
	passwords, and when you are a suspect vs an intruder on the system.
	(I honestly can't remember if these topics were included in
	SYSNETI or SYSNETII.  If so I apology and you can ingore this
	comment.)


Lynn White
Washington D.C.

    
    
        In order to make the pilot schedule, Monday 9/23/91 will be the 
        review cutoff date. 
    
    	Any comments entered after that date will be considered after the
        pilot.

                     Thanks for all of your comments,
        			Bonnie
    	

    
    
    Oops, I did not see the security items refering to the network.
    (No, we never have security problems accross the network. Because we
    cut the off the network (BTW: this is a joke))
    
    In this course I see a few network security items included.
    There is only talked globally about DECnet security. I think thats
    correct, because this need to be discussed into depth in a specialist
    course.
    
    A problem here, that these pages have copied out of the Network
    Management I course, where a lot more of information had been included,
    and that will occur several nice effects:
    
    page 8-29/31: Ok, very introductionary, and clear. 
    
    page 8-32: 
    	About Advantages:
    	- Be clear about the first one. Refer to AUTHORIZE how you
    	  will restrict it, and revise it.
    	- Second one: masquerading doesn't say anything to the users at
    	  this moment. So leave it away.
    
    page 8-33:
    	Waht is OUTBOUND disadvantages?
        It is clear that this part is copied from the old course, but in
    	this chapter this item is NOT discussed, so leave it away!
    
    Only talk about:
    
    (quote)
    
    Default Access Control
    
    Advantages:
    - if default ACI is supplied by the target node, no password are sent 
      over the network
    
    Disadvantages:
    - Privileged users (with BYPASS) can easily read passwords with NCP.
    
    (unquote)
    
    page 8-34:
    
    Leave the last advantage-item. Not usefull for the student.
    
    page 8-40:
    
    These Securing-items concerning the DECnet account are of no use, or
    are already included during NETCONFIG.
    Why talk about the MAXSYSGROUP parameter, in my opinion it is of no
    use.
    Better: skip this paragraph. Even in the current DECnet security
    course, where these items are taken from, these items apear to be of no
    use.
    
    page 8-41:
    	Skip it. Of no use. Who has EVER secured DECnet account by using
    	the [3000,1]-UIC? Not in a situation the SYSNET III-student will see.
    
    Ok, that's it
    
    
    Joop

  So far chapter 8 looks relatively smooth.  I've never taught the Security
  Seminar, so I can't compare the material very well, but I've noticed that
  many pages are copied almost exactly from the VMS Security manual.

  8-10, 3rd bullet --
       Don't forget SYS$NODE_your-node-name (i.e. SYS$NODE_BROWNY) which
       is created in STARTUP.COM.

  8-11 --
       Why does an example 6 pages ahead get referenced on the student
       page.  This causes the student to flip pages to see this info even 
       if I'm lecturing on some other topic!  Please put the example
       reference closer to 8-11 or move the comment to the instructor's
       page.

  8-13, 5th "UAF>" --
       This is not exactly accurate.  The GRANT issues an identifier to
       the Username referenced by the UIC-based identifier.  Huh?  Well,
       let me give you an easy example:
           
          UAF> ADD FREDDY/UIC=[x,y] (FREDDY identifier created at this time)
          UAF> REM/ID FREDDY        (Just pull the identifier of "FREDDY")
          UAF> ADD/ID TEST          (Any random, unused identifier)
          UAF> GRANT/ID TEST FREDDY (Fails -- can't find Identifier error)
           
  8-19a, 3rd bullet --
        Item HIDDEN shows the ACE if you have SECURITY priv.

  8-30, example 8-7
        We are discussing ACCOUNTS on this page -- so the 2 accounts you  
        can get this way is FAL$SERVER (notice the "$" compared to the "_"
        on this page) if they are installed with the new defaults settings
        from NETCONFIG, and DECnet default if using the pre-5.2 NETCONFIG.

  Labs, 11-18, #7 --
        Correct answer is "B".

  More to go on this chapter after I finish prepping for it.

  $

  Continuing the module 8 review...
  
  8-38 --
       UIC proxies?  Where do I use these?  Only thing I'm aware of is any
       other DECnet Phase IV+ node that uses UICs instead of Usernames
       (like RSTS/e and RSX used to use).  Drop this page entirely and
       leave it for either the VMS or DECnet Security Courses.  If you are
       going to keep it, how about something like the following on the 
       instructor's page:
  
     Prior to VMS Version 5.0 proxy access was not supported from a
     operating system other than VMS.  For VMS Version 5.0 and later
     users on any remote systems that implement DECnet Phase IV+ can
     be granted proxy access into the VMS node.  For these non-VMS 
     systems, specify the remote user's User Identification Code (UIC) 
     in the normale Username field.

  8-39, 2rd bullet --
       Slight redundancy -- /FLAG=RESTRICTED disables Control-Y implicitly.
       (although it was broken from 5.2-5.3-1)
  
        last line --
       Why should we not use NL: in LGICMD?  NETCONFIG does this, I've 
       always done this, and the DECnet grubby I called does this.  
  
  8-40 --
       Example flags used do not match the previous lecture page.  Also
       /NOLOCAL /NOREMOTE are redundant if you specify /NOINERACTIVE.
  
  More later...
  
  $

  12-45, top of page
  
     SET AUDIT/SERVER=SERVER should be SET AUDIT/SERVER=START 
  
  $

  Some more items...
  
8-30, DCL command --
     I assume the USERNAME should be HOLMES, not HOMES.
  
8-34, diagram --
     To be complete you should add 'DIR BOSTON""::' explaining this is the
     way to avoid using any proxies that you may have and to force the use
     of a default account.

8-40, example 8-13 --
     /NOLOCAL /NOREMOTE are redundant to /NOINTERACTIVE.

     Add a note that since the LOGIN.COM is in the System Manager's directory,
     it must be read-accessible by the DECnet account.

8-50, 8-51 --
     These two pages should be reversed.  Talk about the concepts and THEN the
     specifics.

8-57 --
     How about expanding the text on this page.  Talk about LOCK, Server 
     Passwords, GROUP codes, or something.  It's very sparse!

8-58a, 2nd sentence --
     "The SET TERMINAL command cannot be used on a LAT terminal" is not
     accurate.  I believe what is trying to be said here is that you cannot
     use the /PERM qualifier on SET TERM commands on LAT lines.

8-58, #1 --
     IF the value is already set in TTY_DEFCHAR2, this will screw it up.  Any
     U&C II or SM II student should appreciate this as a 'safer' way via a
     MODPARAMS entry:

        (get the current value out of SYSGEN, default value is 4098)

     TTY_DEFCHAR2 = 4098 .or. %x80000   ! 'OR' 80,000 hex to current setting
  
  $

Thank you for all of your valuable feedback. As you know it is too late for
these changes to be incorporated into this release but they will be done in the
TBI material (as time permits) and in the next revision of this course.

Thanks again,
Bonnie

    Pages 8-29 thru 8-58.  This is just way too much.  If the network
    security class is not going away, this should be taken out.  There
    is no way you can go through all of the accesses mentioned in the
    detail to describe access control, and the security aspects of each.
     I teach the 2 day Network Security class, and it takes the better
    part of the first days lecture just to get through this.  The first
    day of network security I lecture until 3:30.  It's just too much.
    and if network security is not going away they are going to see
    not only the same concepts, but the same exact pages.

    8-27  I teach the VMS security class (3 Days), and this has to be
    a typo, as it is in the SECURITY class.  It says READALL privilege
    gives you read an control access to any object.  It should say READ
    access to any object.  I have tested this myself, and have found
    no occurence of the fact that when you hold READALL privilege only
    that you can perform CONTROL functions on an object. I.E. you can't
    change ownereship, uic protection, or change ACL's on the object.

  This is *currently* a correct statement.  READALL *formerly* granted
  READ and CONTROL access, but this is *not* the case as of V5.4 where
  I have also tested it. If you look in the older versions of VMSNOTES
  conferences you will see several references where people were surprised
  at this feature being there.  

  READALL *did* grant READ and CONTROL access (see "Guide to VAX/VMS System
  Security", September 1984), but was changed sometime around or during
  V5.4.  This was indeed a 'bug' as the design of READALL was to be as it
  was stated in the manuals.  There is a PATCH available from the CSC to
  restore its old behavior.
  
  However, according to the VMS security folk (those working on Blade/C2),
  the plan is to take CONTROL away from READALL for the next major version
  of VMS.  So, we may want to make a note of this on the instructor's page
  on the next rewrite.
  
  $

>  This is *currently* a correct statement.  READALL *formerly* granted
>  READ and CONTROL access, but this is *not* the case as of V5.4 where
>  I have also tested it. If you look in the older versions of VMSNOTES
>  conferences you will see several references where people were surprised
>  at this feature being there.  
>
>  READALL *did* grant READ and CONTROL access (see "Guide to VAX/VMS System
>  Security", September 1984), but was changed sometime around or during
>  V5.4.  This was indeed a 'bug' as the design of READALL was to be as it
>  was stated in the manuals.  There is a PATCH available from the CSC to
>  restore its old behavior.
  
According to a note I saw several months ago (wish I could remember where), 
READALL was described as being "broken" in V5.4 (with CONTROL access removed).
I had several System Manager II students who were VERY unhappy about it because
it broke their backup command procedures.

I have tested it out on V5.5 and the old behavior has been restored.  I was 
able to do an incremental backup with the /RECORD qualifier with only READALL 
and I was able to change the protection on SYSUAF.DAT so that I could run 
authorize (and, of course, give myself anything else).  This is as far as I 
checked it, but I sort of figured that was enough!

As for Blade, beats me....I don't believe a thing till I see it!@#$

					Susan S.