Security for VAX Systems

This document, "Security for VAX Systems," published by Digital Equipment Corporation in 1989, serves as a comprehensive guide to implementing and managing computer security on VAX systems running the VMS operating system.

Key aspects covered include:

1. Importance and Types of Security Problems: It emphasizes that data is a vital asset and its compromise can have severe financial and operational consequences. It outlines three main types of security problems: user irresponsibility, user probing (deliberate attempts to exploit weaknesses), and user penetration (gaining control).

2. VMS Security Features:

   • Access Control: VMS provides discretionary access controls using User Identification Codes (UICs) and Access Control Lists (ACLs), which define who can access specific files, directories, volumes, and other objects with various permissions (READ, WRITE, EXECUTE, DELETE, CONTROL).
   • Authentication: It details password management, including encryption, minimum length requirements, expiration periods, and the use of system passwords and secure terminal paths to prevent unauthorized access and "password grabbers."
   • Data Protection: Measures like "disk scavenging" countermeasures (overwriting deleted data with erasure patterns, highwater marking, erase-on-allocate) are highlighted to protect sensitive information even after deletion.
   • Auditing: VMS offers robust auditing capabilities with "security alarms" that notify security operators of events like login failures, file access attempts, and system modifications, enabling monitoring and post-breach analysis.

3. Network Security:

   • Challenges: Networks pose unique security challenges due to distributed control and the risk of data interception.
   • DECnet Security: The document extends the "reference monitor" concept to networks, using "proxy accounts" and specific authorization mechanisms for secure inter-node communication.
   • Enhanced Ethernet Security System: It introduces DESNC controllers and VAX/KDC for authentication, mandatory access policy enforcement, and data encryption on Ethernet LANs.
   • Terminal Servers: Discusses security features for terminal servers, including security status levels and various password types to control user access.

4. Roles and Responsibilities:

   • System Manager: The manager's role is critical in formulating security policies, configuring VMS features (e.g., login restrictions, user accounts, privileges), educating users, and responding to security breaches, including threats like Trojan horses and computer viruses. The document stresses that human error is a significant cause of breaches.
   • User: Users are educated on the importance of good password practices, logging off, and understanding the security implications of their actions.

5. Running VMS in a C2 Environment (and B1 considerations):

   • VMS was formally evaluated to the C2 level of the DoD Trusted Computer System Evaluation Criteria in 1986. This section details how VMS protects its Trusted Computing Base (TCB) and objects, and emphasizes strict individual accountability (e.g., unique UICs, no shared or open accounts) to maintain C2 compliance.
   • For higher B1-level security, the VMS Security Enhancement Service (VMS/SES) is presented as a consulting and software package that provides mandatory access controls, security labeling for classified data, and enhanced administrative controls and auditing capabilities.

In essence, the document serves as a detailed operational manual and policy guide for securing VAX/VMS systems in a range of environments, from basic setups to those requiring government-level security classifications, emphasizing a multi-layered approach involving technical features, administrative procedures, and user education.