openvms security update openvms security update openvms
play

OpenVMS Security Update OpenVMS Security Update OpenVMS Security - PDF document

Apr 17, 2023 •430 likes •754 views

OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut Ammer CSSC Mnchen CSSC Mnchen 1F06 1F06 25. DECUS Mnchen Symposium Bonn 2002 1 berblick berblick berblick OpenVMS Security

  1. OpenVMS Security Update OpenVMS Security Update OpenVMS Security Update Helmut Ammer Helmut Ammer CSSC München CSSC München 1F06 1F06 25. DECUS München Symposium Bonn 2002 1 Überblick Überblick Überblick � OpenVMS Security Roadmap � Rückblick � OpenVMS V7.3-1 � Zukunft � ACLs 2 *Previously announced; subject to change 1

  2. OpenVMS Security Roadmap OpenVMS Security Roadmap OpenVMS Security Roadmap 2005 2003 2004 2002 ITSEC C2 Security Evaluation on V7.2-2 Version 7.3-1 Version 7.x (Alpha only) (Alpha and VAX) • CDSA (For IPSEC) • Full external • OpenSSL API Published Authentication • SYS$ACM API Published support • Kerberos integration External Authentication Early Adopters Kit (EAK) Alternative Encryption for OpenVMS V1.6 Authentication • BIOMETRIC support 3 • Smartcard OpenVMS DECwindows MUP OpenVMS DECwindows MUP OpenVMS DECwindows MUP DECwindows Motif Server has a potential Security vulnerability that could be exploited to allow existing users unauthorized access to data and system resources. � CDs sind ausgeliefert. ECOs auf Webseiten � Reboot notwendig � Betroffen sind nur Systeme, welche DECwindows Server installiert haben � Alle supporteten Versionen von OpenVMS Alpha, OpenVMS VAX, SEVMS VAX or SEVMS Alpha wurden darauf untersucht. Alle supporten Versionen mit Ausnahme von OpenVMS VAX Version V5.5-2 sind betroffen 4 2

  3. DECwindows MUP MUP DECwindows DECwindows MUP � Betroffene supportete Versionen: – OpenVMS Alpha Version 6.2 einschl. aller zugeh. Hardware Releases (z.B. Version 6.2-1H1) – OpenVMS Alpha Version 7.1-2 – OpenVMS Alpha Version 7.2-1H1 – OpenVMS Alpha Version 7.2-2 – OpenVMS Alpha Version 7.3 – OpenVMS VAX Version 6.2 – OpenVMS VAX Version 7.1 – OpenVMS VAX Version 7.2 – OpenVMS VAX Version 7.3 – SEVMS Alpha Version 6.2 – SEVMS VAX Version 6.2 5 OpenVMS V7.3 OpenVMS V7.3 OpenVMS V7.3 � Kerberos V1.0 – based on MIT Kerberos Version 5 Release 1.0.5 – Client & KDC Server � Clusterwide Intrusion Detection � OpenSSL integrated in CSWS (mod_ssl) 6 3

  4. OpenVMS V7.3 OpenVMS V7.3- -1 1 OpenVMS V7.3-1 7 Kerberos Kerberos Kerberos � Kerberos V1.0 Security Client integriert in OpenVMS V7.3-1 � Zuvor ein Layered Product 8 4

  5. OpenSSL for OpenVMS Alpha OpenSSL for OpenVMS Alpha OpenSSL for OpenVMS Alpha � Portierung von OpenSSL 0.9.6B – Layered Product (ab V7.2-2 installierbar) – PCSI Kit beinhaltet � 32-bit SSL & Crypt libraries � 64-bit SSL & Crypt libraries � Eigenschaften: – 64-bit SSL und Crypto APIs (32 bit API’s as well) – Dokumentation & Beispiele � Neues Manual – Open Source Security on OpenVMS Alpha � ~200 SSL APIs (60 zuvor undokumentiert) � ~40 Crypt APIs (10 zuvor undokumentiert) – Certificate Tool 9 Common Data Security Architecture Common Data Security Architecture Common Data Security Architecture (CDSA) (CDSA) (CDSA) CDSA CDSA definiert definiert eine eine 4- 4 -layer layer Architektur Architektur Applications für für cross cross- -platform, platform, high- -level Security Services level Security Services high Layered Security Services CSSM definiert definiert ein ein CSSM common API & SPI common API & SPI CSSM Security API für Security Services Security Services für Common Security Services Manager and Integrity Base and Integrity Base Service Provider Interfaces Service Provider Service Provider implementieren implementieren selek selek- - Security Service Modules tierbare Security Services tierbare Security Services http://developer.intel.com/ial/security/ 10 http://sourceforge/projects/cdsa 5

  6. CDSA for OpenVMS CDSA for OpenVMS CDSA for OpenVMS � Auslieferung als Teil von V7.3-1 � Installierbar ab OpenVMS V7.2-2 � Basiert auf Intel CDSA V2.0 Release 3 � Voraussetzung für IPSEC � Enthält RSA & OpenSSL als Crypto Service Provider 11 CDSA for OpenVMS CDSA for OpenVMS CDSA for OpenVMS � CDSA beinhaltet: – CSSM Shared Library (Common Security Services Manager) – Header Files definieren CSSM APIs – CSPs (Cryptographic Service Provider) – MDS (Module Directory Services) ermöglicht Applikationen Service Provider zu lokalisieren 12 6

  7. OpenVMS Common User Authentication and Credential Management Model OpenVMS ACM SYSUAF..DAT LOGINOUT Extension Native Authentication Agent Authentication Common User External Authentication Agent and Credential Authentication Management Interface (ACM) Authority NT ACM PATHWORKS SYS$ACM Extension Kerberos ACME LOGIN ACM Extension LAN Manager The ability to have alternate external agents X.509 Public- supported by the OpenVMS Common User Key ACM Authentication Model will be in a future release. Extension SYS$ACM SYS$ACM SYS$ACM � Veröffentlicht und supportet in V7.3-1 � Reduziert Authentication Calls/Schritte von 12 auf 1! � Beispiel: CSWS for OpenVMS wird dies verwenden für Mod_Auth_vms � Teil 1 der vollen External Authentication Lösung – Teil 2 � NDA Document/EAK “ACME Developers Guide” � ACME Loginout & Set Password 14 7

  8. ACLs ACLs ACLs 15 Was Was sind sind ACLs ACLs und und ACEs ACEs Was sind ACLs und ACEs � ACL = Access Control List � Attribut eines Objekts � ACL ist eine geordnete Liste von Access Control Entries, oder ACEs � ACE Typ definiert – Erlaubt oder verbietet Zugriff aufs Objekt – Security Alarm oder Security Audit – Aktion beim Kreieren oder Benutzung des Objekts { ACE ACE ACL ACE 16 ACE 8

  9. Objekte die die ACLs ACLs unterstützen unterstützen Objekte Objekte die ACLs unterstützen � Files - Default � Logical Name Tables � Batch/Print Queues � Common Event Flag Clusters � Devices � Resource Domains � Volumes � Security Classes � System and Group � Capabilities Global Sections 17 Objekte die Objekte die ACLs ACLs unterstützen unterstützen Objekte die ACLs unterstützen � Resource Domains – Namespace controlling lock manager resources – $SET_RESOURCE_DOMAIN system service � Security Classes – Parent of all classes of protected objects – Protects template profiles for objects – See OpenVMS Guide to System Security manual 18 9

  10. Beispiele Beispiele Beispiele � ACL einer Logical Name Table LNM$SYSTEM_TABLE object of class LOGICAL_NAME_TABLE Owner: [SYSTEM] Protection: (System: RWC, Owner: RWC, Group: R, World: R) Access Control List: (IDENTIFIER=[PROXY,*],ACCESS=READ+WRITE) � RESOURCE_DOMAIN Security Class RESOURCE_DOMAIN object of class SECURITY_CLASS Owner: [SYSTEM] Protection: (System: RW, Owner: RW, Group: R, World: R) Access Control List: (IDENTIFIER=[TESTS],ACCESS=READ+WRITE+DELETE+CONTROL) 19 Typen Typen von von ACEs ACEs Typen von ACEs � Identifier ACE � Default Protection ACE � Creator ACE � Alarm and Audit Journal ACE � Subsystem ACE � Application ACE 20 10

  11. Identifier ACE Identifier ACE Identifier ACE � Der gebräuchlichste ACE � Zum Erlauben oder Verbieten von bestimmten Zugriffsrechten für Personen oder Gruppen (UIC) oder Besitzer eines bestimmten Identifiers oder environmental Identifiers 21 Identifier ACE Format - Identifier ACE Format - Identifiers Identifiers Identifier ACE Format - Identifiers (IDENTIFIER= identifier [+ identifier ...] [,OPTIONS= attributes [+ attributes ...]], ACCESS= access-type +[ access-type ...]) � ACE Identifier: – UICs – General identifiers – Environmental identifier � batch, network, interactive, local, dialup, remote 22 11

  12. Identifier ACE Format - - Options Options Identifier ACE Format Identifier ACE Format - Options (IDENTIFIER= identifier [+ identifier ...] [,OPTIONS= attributes [+ attributes ...]], ACCESS= access-type +[ access-type ...]) � Identifier ACE Options: – Default – Hidden – Protected – Nopropagate – None � default case meaning “no attributes” 23 Identifier ACE Format Identifier ACE Format - - Options Options Identifier ACE Format - Options � Default – Applies to directory files only – Describes ACE to be placed on a file created in this directory – DEFAULT attribute removed from the ACE when propagated – Has no effect on object access � Hidden – Indicates only application that created ACE ‘ should ’ change it – Valid for all ACE types, but intended for application ACE – Need SECURITY privilege to display a hidden ACE 24 12

  13. Identifier ACE Format - - Options Options Identifier ACE Format Identifier ACE Format - Options � Protected – Protects the ACE against casual deletion – Can only be deleted by � ACL Editor � $ SET SECURITY /ACL=<ace> /DELETE � $ SET SECURITY /ACL /DELETE=ALL � Nopropagate – Indicates that the ACE cannot be copied by operations that usually propagate ACEs � $ SET SECURITY /LIKE � $ SET SECURITY /DEFAULT 25 Identifier ACE Format Identifier ACE Format - - Access types Access types Identifier ACE Format - Access types (IDENTIFIER= identifier [+ identifier ...] [,OPTIONS= attributes [+ attributes ...]], ACCESS= access-type +[ access-type ...]) � Identifier ACE Access Types for Files: – READ – WRITE – EXECUTE – DELETE – CONTROL – NONE 26 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OpenVMS and Security getting even more grip on your security with Pointsecure or NDC Gerrit

OpenVMS and Security getting even more grip on your security with Pointsecure or NDC Gerrit

OpenVMS and Security getting even more grip on your security with Pointsecure or NDC Gerrit Woertman VSI Professional Services Alliance member VSI OpenVMS trainer EMEA &amp; VSI OpenVMS Ambassador gerrit.woertman@vmsconsultancy.com

1.61k views • 65 slides
VSI Strategic Update Terry R. Holmes / December 13, 2017 1 Commitment to OpenVMS $1B

VSI Strategic Update Terry R. Holmes / December 13, 2017 1 Commitment to OpenVMS $1B

Welcome to OpenVMS VSI Strategic Update Terry R. Holmes / December 13, 2017 1 Commitment to OpenVMS $1B Substantial installed base 63K OpenVMS servers sold 2003 - 2013 2 Life begins at 40! DEC VAX DEC/Compaq HPE Integrity Intel

679 views • 30 slides
OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -&gt; Common

OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -&gt; Common

Agenda Agenda Security Ratings Security Ratings ITSEC E3 ITSEC E3 C2 &amp; E3 B1 update on C2 &amp; E3 B1 update on V6 V6.2 .2 OpenVMS Security Update OpenVMS Security Update TCSEC C2 Ramp TCSEC C2 Ramp - -&gt; Common &gt;

570 views • 7 slides
Porting OpenVMS to x86-64 Update Clair Grant Camiel Vanderhoeven April 8, 2016 Porting OpenVMS

Porting OpenVMS to x86-64 Update Clair Grant Camiel Vanderhoeven April 8, 2016 Porting OpenVMS

Porting OpenVMS to x86-64 Update Clair Grant Camiel Vanderhoeven April 8, 2016 Porting OpenVMS to x86-64 Update This information contains forward looking statements and is provided solely for your convenience. While the information herein

346 views • 19 slides
Running de.OpenVMS.org Martin Vorlnder HP OpenVMS Technical Update Days 2007 Bad Homburg

Running de.OpenVMS.org Martin Vorlnder HP OpenVMS Technical Update Days 2007 Bad Homburg

Running de.OpenVMS.org Martin Vorlnder HP OpenVMS Technical Update Days 2007 Bad Homburg 28-Sep-2007 PDV-Systeme GmbH, Bornhardtstr. 3, D-38644 Goslar Telefon +49 5321-3703-0, Fax + 49 5321-8924 info@pdv-systeme.de, www.pdv-systeme.de A

296 views • 13 slides
Open SSL in OpenVMS und STunnel Helmut Ammer OpenVMS Support CSSC Mnchen 2F06 Presentation

Open SSL in OpenVMS und STunnel Helmut Ammer OpenVMS Support CSSC Mnchen 2F06 Presentation

26. DECUS Symposium Bonn Open SSL in OpenVMS und STunnel Helmut Ammer OpenVMS Support CSSC Mnchen 2F06 Presentation Overview Product information What is the secure sockets layer (SSL)? Overview of SSL/OpenSSL/SSL on OpenVMS

657 views • 26 slides
Modern OpenVMS Systems Management Johan Michiels CockpitMgr Product Manager Johan

Modern OpenVMS Systems Management Johan Michiels CockpitMgr Product Manager Johan

Modern OpenVMS Systems Management Johan Michiels CockpitMgr Product Manager Johan Independent OpenVMS Consultant Worked 32 years at Digital/Compaq/HP 35 years of experience on OpenVMS OpenVMS Ambassador since 1997

709 views • 51 slides
Application Modernization for OpenVMS Customers Brett Cameron May 2018 Abstract Many OpenVMS

Application Modernization for OpenVMS Customers Brett Cameron May 2018 Abstract Many OpenVMS

5/4/2018 Application Modernization for OpenVMS Customers Brett Cameron May 2018 Abstract Many OpenVMS users run large, complex, business-critical custom written software applications that have served them exceptionally well for many years and

526 views • 19 slides
IT-Symposium 2007 18 April 2007 When you are running an OpenVMS centric environment, you most

IT-Symposium 2007 18 April 2007 When you are running an OpenVMS centric environment, you most

IT-Symposium 2007 18 April 2007 When you are running an OpenVMS centric environment, you most probably want to manage it using OpenVMS. CockpitMgr is the OpenVMS based system management environment fit for this task. The product is developed

314 views • 20 slides
Migration auf VSI OpenVMS Ein Erfahrungsbericht Martin Vorlnder PDV-Systeme

Migration auf VSI OpenVMS Ein Erfahrungsbericht Martin Vorlnder PDV-Systeme

OpenVMS Spring 2018 Migration auf VSI OpenVMS Ein Erfahrungsbericht Martin Vorlnder PDV-Systeme Geschftsstellen in Goslar und Dachau ~ 80 Mitarbeiter Consulting Managed Services IT- und OEM-Lsungen Kooperation

406 views • 26 slides
Open Source Integration Options and Ideas for OpenVMS 1 18/05/2018 Abstract This talk will

Open Source Integration Options and Ideas for OpenVMS 1 18/05/2018 Abstract This talk will

18/05/2018 Open Source Integration Options and Ideas for OpenVMS 1 18/05/2018 Abstract This talk will examine several Open Source products and open standard protocols that can be used on OpenVMS to integrate new and existing OpenVMS-based

842 views • 58 slides
Running and Managing Oracle Databases on OpenVMS (Apr 2016) Maklee Engineering Christian

Running and Managing Oracle Databases on OpenVMS (Apr 2016) Maklee Engineering Christian

Running and Managing Oracle Databases on OpenVMS (Apr 2016) Maklee Engineering Christian Moser Chief Technology Officer cmos@maklee.com Agenda Oracle 11g on OpenVMS Configuration and Tuning Performance monitoring tools Oracle

637 views • 39 slides
Neuer SMTP MTA auf OpenVMS (3E05) John.Dite@compinia.de Compinia GmbH &amp; Co. KG Dornacher

Neuer SMTP MTA auf OpenVMS (3E05) John.Dite@compinia.de Compinia GmbH &amp; Co. KG Dornacher

HP IT-Symposium 2006 Neuer SMTP MTA auf OpenVMS (3E05) John.Dite@compinia.de Compinia GmbH &amp; Co. KG Dornacher Str. 3c 85622 Feldkirchen Tel: +49.89.90.5067.55 Topics OpenVMS SMTP Messaging Alternatives CommuniGate Systems

442 views • 18 slides
OpenVMS hypervised as-is artedi e.U. Agenda I so what is Hypervision ? and why is

OpenVMS hypervised as-is artedi e.U. Agenda I so what is Hypervision ? and why is

OpenVMS hypervised as-is artedi e.U. Agenda I so what is Hypervision ? and why is it needed/used ? Types of Hypervision why not OpenVMS ? Processor Architectures artedi e.U. Mai-16 2 Agenda - II what else is

660 views • 38 slides
NXTware Remote Advanced Development and Maintenance Environment for OpenVMS and other Strategic

NXTware Remote Advanced Development and Maintenance Environment for OpenVMS and other Strategic

NXTware Remote Advanced Development and Maintenance Environment for OpenVMS and other Strategic Platforms Gerrit Woertman CTO OpenVMS www.VMSConsultancy.com Gerrit.Woertman@vmsconsultancy.com +31 6 51341600 Introduction to NXTware Remote

673 views • 53 slides
Emulator for OpenVMS on Windows Platform Introduction of Charon-VAX, possibilities,

Emulator for OpenVMS on Windows Platform Introduction of Charon-VAX, possibilities,

Emulator for OpenVMS on Windows Platform Introduction of Charon-VAX, possibilities, configuration and use. Why a VAX Emulator? Hardware is end-of-life and failing Service costs have increased significantly Application rewriting

485 views • 27 slides
Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption

Building Applications with Homomorphic Encryption A Presentation from the Homomorphic Encryption Standardization Consortium HomomorphicEncryption.org 0.1 Presenters Roger A. Hallman (SPAWAR Systems Center Pacific; Thayer School of

1.36k views • 91 slides
Cyber Command and Control with CyberBML Mr. Bo Vargas Raytheon 4601 North Fairfax Drive Suite

Cyber Command and Control with CyberBML Mr. Bo Vargas Raytheon 4601 North Fairfax Drive Suite

2/4/09 Cyber Command and Control with CyberBML Mr. Bo Vargas Raytheon 4601 North Fairfax Drive Suite 1200 Arlington, VA 22203 bvargas@hai.com Outline Overview CyberBML Visualization Summary Page 2 1 2/4/09 Integrated

286 views • 7 slides
CSCE 790 Computer Systems Security Security Policy Models Professor Qiang Zeng Spring

CSCE 790 Computer Systems Security Security Policy Models Professor Qiang Zeng Spring

CSCE 790 Computer Systems Security Security Policy Models Professor Qiang Zeng Spring 2020 Previous Class Concepts Access Control, Subject, Object Goals of Access Control Confidentiality, Integrity Access Matrix

702 views • 26 slides
Best practices for Security Management in Supercomputing Cray User Group meeting, CUG 2008

Best practices for Security Management in Supercomputing Cray User Group meeting, CUG 2008

Best practices for Security Management in Supercomputing Cray User Group meeting, CUG 2008 Helsinki, Finland 2008-05-05 Urpo Kaila &lt;urpo.kaila@csc.fi&gt; CSC - Scientific Computing Ltd. Urpo Kaila &lt;urpo.kaila@csc.fi&gt; Slide 1 of

541 views • 18 slides
Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute, Spain Computer-aided cryptography Develop tool-assisted methodologies for helping the design, analysis, and implementation of cryptographic

533 views • 26 slides
Can DREs Provide Long- Lasting Security? The Case of Return-Oriented Programming and the AVC

Can DREs Provide Long- Lasting Security? The Case of Return-Oriented Programming and the AVC

Can DREs Provide Long- Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage Stephen Checkoway, * Ariel J. Feldman, Brian Kantor, * J. Alex Halderman, Edward W. Felten, Hovav Shacham * * UCSD, Princeton,

641 views • 40 slides
Transport Layer Security Chester Rebeiro IIT Madras Some of the slides borrowed from the book

Transport Layer Security Chester Rebeiro IIT Madras Some of the slides borrowed from the book

Transport Layer Security Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du TLS: Protocol to achieve secure communication TLS provides secure communication channel

834 views • 66 slides
Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1,

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1,

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1, 2015 Introduction Two models of cryptography: Computational: strong guarantees but complex proofs Symbolic: automated proofs but weak

1.42k views • 26 slides

More recommend