OpenVMS Guide to System Security

This document, the "OpenVMS Guide to System Security" (April 2001, for OpenVMS Alpha/VAX Version 7.3), describes the security features available in the OpenVMS operating system, explaining their purpose and proper application to meet specific security needs. It is intended for both general users and security administrators.

The guide is structured into three main parts:

1. Security Overview: Introduces general computer security problems, discusses different levels of security requirements, and outlines the OpenVMS security model, including the "reference monitor concept" and its implementation through subjects, objects, authorization databases, and audit trails.
2. Security for the User: Provides information for general users on how to use the system responsibly. Key topics include choosing and managing secure passwords, understanding different types of logins and login failures, and an in-depth look at object protection features such as User Identification Codes (UICs), rights identifiers, privileges, and Access Control Lists (ACLs), applied across various object classes (files, devices, queues, etc.).
3. Security for the System Administrator: Offers comprehensive guidance for security administrators. This part covers their role, establishing site security policies, controlling system access (e.g., login times, account types, password enforcement, external authentication, intrusion detection), managing access to system data and resources (e.g., user groups, ACLs, privileges, default protection, file encryption, disk and terminal protection), implementing security auditing, responding to security breaches, and handling security in clustered and networked environments, including the use of protected subsystems.

Appendices supplement this information with details on user privileges, default system file protection, guidelines for operating in a C2 security environment, and examples of security alarm messages.