openvms and security getting even more grip on your
play

OpenVMS and Security getting even more grip on your security with - PowerPoint PPT Presentation

Aug 06, 2023 •937 likes •1.61k views

OpenVMS and Security getting even more grip on your security with Pointsecure or NDC Gerrit Woertman VSI Professional Services Alliance member VSI OpenVMS trainer EMEA & VSI OpenVMS Ambassador gerrit.woertman@vmsconsultancy.com

  1. OpenVMS and Security getting even more grip on your security with Pointsecure or NDC Gerrit Woertman VSI Professional Services Alliance member VSI OpenVMS trainer EMEA & VSI OpenVMS Ambassador gerrit.woertman@vmsconsultancy.com www.vmsconsultancy.com

  2. Agenda • OpenVMS and Security • EU security laws to report security issues • Non‐HPE/VSI Security packages • Pointsecure – PointAudit – System Detective • Networking Dynamics Corporation (NDC) – Peek & Spy – KEY Capture – Assassin • Questions

  3. OpenVMS and Security ‐ 1 • OpenVMS – secure by design • No viruses • One of the first to become US DoD C2‐rating • Declared “Cool and Unhackable” at 2001 DefCon9 as described in 4AA0‐2896ENW.pdf (HP, 11/2005) Alpha OpenVMS with the help of Pointsecure System Detective

  4. OpenVMS and Security ‐ 2 • OpenVMS has got optional security solutions – OpenSSL (Secure Socket Layer) https://www.openssl.org/ – Common Data Security Architecture (CDSA) – Kerberos • Everything fine? Seems so, but there is still need for more and better implementation – On VSI’s research list

  5. OpenVMS and Security – 3 • OpenVMS ‐ Linux – Windows • With 100% OpenVMS no problems – fine – That’s not real; today’s softwarestacks complex – Splendid isolation? • OpenSource – is that safe? ?

  6. OpenVMS and Security – 4 • From http://vmssoftware.com/products.html Unmatched Security Compare OpenVMS' security vulnerability record against other operating systems at CVE Details: http://www.cvedetails.com. The following are direct links to reports for OpenVMS, Linux and Windows: • OpenVMS http://www.cvedetails.com/product/4990/HP‐Openvms.html?vendor_id=10 • Linux http://www.cvedetails.com/product/47/Linux‐Linux‐Kernel.html?vendor_id=33 • Windows • http://www.cvedetails.com/product/23546/Microsoft‐Windows‐Server‐2012.html?vendor_id=26 • • http://www.cvedetails.com/product/11366/Microsoft‐Windows‐Server‐2008.html?vendor_id=26 • • http://www.cvedetails.com/product/7108/Microsoft‐Windows‐Server‐2003.html?vendor_id=26 • • http://www.cvedetails.com/product/2594/Microsoft‐Windows‐2003‐Server.html?vendor_id=26 • • http://www.cvedetails.com/product/107/Microsoft‐Windows‐2000.html?vendor_id=26

  10. OpenVMS and Security ‐ 5 • Cybersecurity • More and more security breaches must be reported (EU legislation) • How good do you know your security‐status? • Regularly with audit‐reports, and ad hoc? • Audit‐alarm  OPCOM, do you notice? – You might have CockpitMgr with real‐time security event monitoring, and you see a security event in the display, but otherwise? – Analyze/audit for reporting

  11. OpenVMS and Security ‐ 6 • With Digital we had DECInspect Compliance Manager to compare with Security Standards • DEC sold Polycenter to CA, and the Polycenter security products to http://www.ttinet.com • What now? • Pointsecure PointAudit can help • PointAudit presentation and demo

  12. OpenVMS and Security ‐ 7 • PointSecure – System Detective • Rules – capture trails/advise, etc. • System Detective presentation and demo

  13. OpenVMS and Security ‐8 • Networking Dynamics Corporation (NDC) • Peek&Spy and KeyCapture • Peek&Spy exist for many years – Peek with beep; Spy without notice – Log own terminal • Assassin – idle terminal management • NDC securityproducts presentation and demo

  14. Q & A

  15. Auditing Your OpenVMS System With PointAudit Gerrit Woertman Gerrit.Woertman@VMSConsultancy.com www.vmsconsultancy.com

  16. PointAudit ‐ Overview • Leading auditing product for securing OpenVMS systems • Auditing OpenVMS sites for over 15 years • Comply with security policies and government regulations • Audit disabling of accounts of users no longer authorized • Report on unused accounts or infrequently used accounts • Report on privileged accounts • Audit system patches ! • Audit system generation parameters • Audit system licenses • Audit the system audit server • 96 provided reports and custom reports easily generated

  17. PointAudit primary functions • Create security related audit reports • Assist the system manager • Provide separation of audit data from systems • Separation of audit and system management duties

  18. Why does security matter? • What would happen if your systems are compromised? • Financial cost of recovery • Business disruption • Corporate embarrassment • Regulatory difficulties

  19. Why use PointAudit? • OpenVMS is the most secure operating system • Security on any system can be improved • Many system managers are overworked and under educated • PointAudit enhances and simplifies OpenVMS security reporting and auditing

  20. PointAudit Planning • Where to locate the PointAudit system • In the audit office with physical security • Outside the access area of operational personnel • At the disaster recovery site • Communications protocol to use • SSH is recommended • TELNET is available if needed • Create PointAudit accounts on all the systems to be audited • Grant privileges: NETMBX, SECURITY, SYSLCK, SYSPRV, TMPMBX • Use a complex password – nobody has to remember it • The username and password may be different on each audited system • Setup the accounts to not use any menus or ask questions during login • There is no agent to install on the audited system

  21. PointAudit Configuration • Use the Add Server Wizard to create the server entries • Connection settings – server name, host IP, license key • Server properties – Company, manager, location, department • Use the New Scan Wizard to create scans • Select the servers to run the scan • Name the scan and select the connection protocol and port • Optionally enter a description • Optionally enter email addresses to be notified when the scan completes • Enter the username, password, and test the connection • Select the data to be gathered • Optionally enable scan to run at a specified interval

  22. PointAudit Scanning • Scan on demand • Scan unattended on a schedule • Scan data is stored in a database

  23. Predesigned Reports • 96 modifiable reports predesigned • Accounts with specific privileges • Accounts in privilege groups • Accounts used/unused for a period of time • Accounts never used • Passwords not changed for a period of time • Accounts with flags set

  24. Predesigned Reports ‐ continued • Identifiers • Audit server settings • Patches applied/needed • System generation parameters • License inventory • Compare differences between scans or servers

  25. Custom Reports • Modified standard reports • New reports using any gathered data • Create them any time • Use them on any scanned data in database • Match your site specific policies

  26. Summary Screen

  27. Management Screen

  28. Online Report

  29. PDF Report

  30. Spreadsheet Report

  31. Patch Installed/Available Report

  32. Suggestions are appreciated! Gerrit.Woertman@vmsconsultancy.com or Warren Kahle, CSA, CSE, Security+, CISSP PointSecure Technologies Inc 802 Lovett Blvd Houston, TX 77006‐3906 Warren.Kahle@PointSecure.com Cell: 713‐906‐5600 Office: 713‐868‐1222 ext 2

  33. Protecting Your OpenVMS System With System Detective Gerrit Woertman CTO OpenVMS VMSConsultancy Gerrit.Woertman@vmsconsultancy.com www.vmsconsultancy.com

  34. System Detective ‐ Overview • Leading security product for protecting OpenVMS systems • Versions protecting OpenVMS sites for over 15 years • Declared “virtually unhackable” at Defcon • Comply with security policies and government regulations • Host based intrusion detection • Real time observation and selective logging of user sessions • Inactivity monitoring and protective action initiation • Implemented as execlet code • Rules defined using language‐like block structure

  35. System Detective primary functions • Create security events • Log interactive user activity • Restrict access to sensitive files and information • Secure or terminate idle sessions • Monitor or take control of interactive sessions • Create customized alerts and notifications • Generate comprehensive reports

  36. Why use System Detective? • OpenVMS is the most secure operating system out of the box • Security on any system can be improved • System Detective enhances OpenVMS security: • Demonstrate regulatory compliance • Protect the system from privileged users • Maintain audit trails • Assist users

  37. System Detective Configuration • Defaults for System Detective parameters • Optionally encrypt session logs • Change the session lock character • Optionally inhibit user’s ability to lock their own sessions • Optionally inhibit user’s ability to permit others to advise • Locations for databases and files • Table of remote or local locations • Proxy access to remote systems • Suggested session log file names • List of users who can shut down System Detective

  38. Rules and how they work • Rules are language‐like block structures containing triggers and actions • Select a rule for a process • Trigger the rule by a process activity • Qualify a rule based on its environment • Primary actions • Secondary actions

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut

OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut

OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut Ammer CSSC Mnchen CSSC Mnchen 1F06 1F06 25. DECUS Mnchen Symposium Bonn 2002 1 berblick berblick berblick OpenVMS Security

754 views • 31 slides
Open SSL in OpenVMS und STunnel Helmut Ammer OpenVMS Support CSSC Mnchen 2F06 Presentation

Open SSL in OpenVMS und STunnel Helmut Ammer OpenVMS Support CSSC Mnchen 2F06 Presentation

26. DECUS Symposium Bonn Open SSL in OpenVMS und STunnel Helmut Ammer OpenVMS Support CSSC Mnchen 2F06 Presentation Overview Product information What is the secure sockets layer (SSL)? Overview of SSL/OpenSSL/SSL on OpenVMS

657 views • 26 slides
VSI Strategic Update Terry R. Holmes / December 13, 2017 1 Commitment to OpenVMS $1B

VSI Strategic Update Terry R. Holmes / December 13, 2017 1 Commitment to OpenVMS $1B

Welcome to OpenVMS VSI Strategic Update Terry R. Holmes / December 13, 2017 1 Commitment to OpenVMS $1B Substantial installed base 63K OpenVMS servers sold 2003 - 2013 2 Life begins at 40! DEC VAX DEC/Compaq HPE Integrity Intel

679 views • 30 slides
Modern OpenVMS Systems Management Johan Michiels CockpitMgr Product Manager Johan

Modern OpenVMS Systems Management Johan Michiels CockpitMgr Product Manager Johan

Modern OpenVMS Systems Management Johan Michiels CockpitMgr Product Manager Johan Independent OpenVMS Consultant Worked 32 years at Digital/Compaq/HP 35 years of experience on OpenVMS OpenVMS Ambassador since 1997

709 views • 51 slides
OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -> Common

OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -> Common

Agenda Agenda Security Ratings Security Ratings ITSEC E3 ITSEC E3 C2 & E3 B1 update on C2 & E3 B1 update on V6 V6.2 .2 OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -> Common >

570 views • 7 slides
Application Modernization for OpenVMS Customers Brett Cameron May 2018 Abstract Many OpenVMS

Application Modernization for OpenVMS Customers Brett Cameron May 2018 Abstract Many OpenVMS

5/4/2018 Application Modernization for OpenVMS Customers Brett Cameron May 2018 Abstract Many OpenVMS users run large, complex, business-critical custom written software applications that have served them exceptionally well for many years and

526 views • 19 slides
IT-Symposium 2007 18 April 2007 When you are running an OpenVMS centric environment, you most

IT-Symposium 2007 18 April 2007 When you are running an OpenVMS centric environment, you most

IT-Symposium 2007 18 April 2007 When you are running an OpenVMS centric environment, you most probably want to manage it using OpenVMS. CockpitMgr is the OpenVMS based system management environment fit for this task. The product is developed

314 views • 20 slides
Migration auf VSI OpenVMS Ein Erfahrungsbericht Martin Vorlnder PDV-Systeme

Migration auf VSI OpenVMS Ein Erfahrungsbericht Martin Vorlnder PDV-Systeme

OpenVMS Spring 2018 Migration auf VSI OpenVMS Ein Erfahrungsbericht Martin Vorlnder PDV-Systeme Geschftsstellen in Goslar und Dachau ~ 80 Mitarbeiter Consulting Managed Services IT- und OEM-Lsungen Kooperation

406 views • 26 slides
GRIP TM For slippery and calcifjed lesions PTCA balloon catheter Anti-Slippery Efgect Workhorse

GRIP TM For slippery and calcifjed lesions PTCA balloon catheter Anti-Slippery Efgect Workhorse

GRIP TM For slippery and calcifjed lesions PTCA balloon catheter Anti-Slippery Efgect Workhorse Workhorse GRIP GRIP Before After In vitro tests show that GRIP TM remains stable in the lesion while workhorse balloons slip at pressure above

348 views • 7 slides
Running de.OpenVMS.org Martin Vorlnder HP OpenVMS Technical Update Days 2007 Bad Homburg

Running de.OpenVMS.org Martin Vorlnder HP OpenVMS Technical Update Days 2007 Bad Homburg

Running de.OpenVMS.org Martin Vorlnder HP OpenVMS Technical Update Days 2007 Bad Homburg 28-Sep-2007 PDV-Systeme GmbH, Bornhardtstr. 3, D-38644 Goslar Telefon +49 5321-3703-0, Fax + 49 5321-8924 info@pdv-systeme.de, www.pdv-systeme.de A

296 views • 13 slides
Open Source Integration Options and Ideas for OpenVMS 1 18/05/2018 Abstract This talk will

Open Source Integration Options and Ideas for OpenVMS 1 18/05/2018 Abstract This talk will

18/05/2018 Open Source Integration Options and Ideas for OpenVMS 1 18/05/2018 Abstract This talk will examine several Open Source products and open standard protocols that can be used on OpenVMS to integrate new and existing OpenVMS-based

842 views • 58 slides
Porting OpenVMS to x86-64 Update Clair Grant Camiel Vanderhoeven April 8, 2016 Porting OpenVMS

Porting OpenVMS to x86-64 Update Clair Grant Camiel Vanderhoeven April 8, 2016 Porting OpenVMS

Porting OpenVMS to x86-64 Update Clair Grant Camiel Vanderhoeven April 8, 2016 Porting OpenVMS to x86-64 Update This information contains forward looking statements and is provided solely for your convenience. While the information herein

346 views • 19 slides
Running and Managing Oracle Databases on OpenVMS (Apr 2016) Maklee Engineering Christian

Running and Managing Oracle Databases on OpenVMS (Apr 2016) Maklee Engineering Christian

Running and Managing Oracle Databases on OpenVMS (Apr 2016) Maklee Engineering Christian Moser Chief Technology Officer cmos@maklee.com Agenda Oracle 11g on OpenVMS Configuration and Tuning Performance monitoring tools Oracle

637 views • 39 slides
Getting a grip on the grid: Getting a grip on the grid: A know ledge base to trace grid experim

Getting a grip on the grid: Getting a grip on the grid: A know ledge base to trace grid experim

Getting a grip on the grid: Getting a grip on the grid: A know ledge base to trace grid experim ents Am m ar Benabdelkader ammarb@nikhef.nl Mark Santcroos Mark Santcroos m.a.santcroos@amc.uva.nl Victor Guevara Masis vguevara@nikhef.nl

840 views • 35 slides
Neuer SMTP MTA auf OpenVMS (3E05) John.Dite@compinia.de Compinia GmbH & Co. KG Dornacher

Neuer SMTP MTA auf OpenVMS (3E05) John.Dite@compinia.de Compinia GmbH & Co. KG Dornacher

HP IT-Symposium 2006 Neuer SMTP MTA auf OpenVMS (3E05) John.Dite@compinia.de Compinia GmbH & Co. KG Dornacher Str. 3c 85622 Feldkirchen Tel: +49.89.90.5067.55 Topics OpenVMS SMTP Messaging Alternatives CommuniGate Systems

442 views • 18 slides
GRiP Tools for Interoperability Questions and Considerations for Ethics Committees Evaluating

GRiP Tools for Interoperability Questions and Considerations for Ethics Committees Evaluating

GRiP Tools for Interoperability Questions and Considerations for Ethics Committees Evaluating Paediatric Drug Trials Allison Needham Anne Junker The Hospital for Sick Children in Collaboration with GRiP Partners 2 Aims 1) To collect and

460 views • 19 slides
Web Application Incident Response & Forensics: A Whole New Ball Game! Chuck Willis

Web Application Incident Response & Forensics: A Whole New Ball Game! Chuck Willis

Web Application Incident Response & Forensics: A Whole New Ball Game! Chuck Willis chuck.willis@mandiant.com Rohyt Belani rohyt.belani@intrepidusgroup.com Black Hat Briefings DC 2007 February 28, 2007 Company Overviews MANDIANT

1.38k views • 69 slides
INSIGHT TO GET IT RIGHT: PREPARING FOR 2017 AUDIT & TAX FILINGS June 13, 2017 Nick Wallace,

INSIGHT TO GET IT RIGHT: PREPARING FOR 2017 AUDIT & TAX FILINGS June 13, 2017 Nick Wallace,

6/12/2017 INSIGHT TO GET IT RIGHT: PREPARING FOR 2017 AUDIT & TAX FILINGS June 13, 2017 Nick Wallace, CPA Nicole Fishback, CPA Director Director nwallace@bkd.com nfishback@bkd.com 1 6/12/2017 TO RECEIVE CPE CREDIT Participate in

454 views • 32 slides
to Green Mountain Care Board October 17, 2018 Mike Smith, President & Chief Executive Officer

to Green Mountain Care Board October 17, 2018 Mike Smith, President & Chief Executive Officer

VITL Presentation to Green Mountain Care Board October 17, 2018 Mike Smith, President & Chief Executive Officer Robert Turnau, Chief Financial Officer Frank Harris, Strategic Technology Advisor Kristina Choquette, Chief Operating Officer

192 views • 18 slides
48 th Annual Meeting Best Practices in Handling Audits and Appeals Mark Holcomb Curtis Osterloh

48 th Annual Meeting Best Practices in Handling Audits and Appeals Mark Holcomb Curtis Osterloh

48 th Annual Meeting Best Practices in Handling Audits and Appeals Mark Holcomb Curtis Osterloh John Trippier Dean Mead Scott Douglass Zaino Hall Tallahassee, FL Austin, TX Columbus, OH Council On State Taxation LEARNING OUTCOMES

807 views • 48 slides
Sharing SAS programs between PC, Server and SAS Drug Development Magnus Mengelbier Director

Sharing SAS programs between PC, Server and SAS Drug Development Magnus Mengelbier Director

Sharing SAS programs between PC, Server and SAS Drug Development Magnus Mengelbier Director PhUSE 2011 1 Topics Introduction ! SAS on PC and server ! SAS Drug Development ! Common attributes ! Sharing conventions ! Process interfaces !

298 views • 25 slides
Audit Manager Project Chef: Neil Gower Overview Audit Manager is designed to monitor and log

Audit Manager Project Chef: Neil Gower Overview Audit Manager is designed to monitor and log

Audit Manager Project Chef: Neil Gower Overview Audit Manager is designed to monitor and log changes to specific documents in Lotus Notes and Domino applications. Configuration documents etc Sensitive documents etc Not

537 views • 17 slides
IDS for SAP Application Based IDS Reporting in the ERP system SAP R/3 1 Research Question How

IDS for SAP Application Based IDS Reporting in the ERP system SAP R/3 1 Research Question How

IDS for SAP Application Based IDS Reporting in the ERP system SAP R/3 1 Research Question How is the performance of this SAP IDS when running with reduction of false positives and anonymization? Hypothesis It is possible to make an

722 views • 24 slides
CDS, SDMS and LIMS considerations for Compliance, Data Integrity and Data Security Darren

CDS, SDMS and LIMS considerations for Compliance, Data Integrity and Data Security Darren

CDS, SDMS and LIMS considerations for Compliance, Data Integrity and Data Security Darren Barrington-Light Senior Manager - Product Marketing Chromatography & Mass Spectrometry Software The world leader in serving science Record Management

829 views • 53 slides

More recommend