openvms and security getting even more grip on your
play

OpenVMS and Security getting even more grip on your security with - PowerPoint PPT Presentation

OpenVMS and Security getting even more grip on your security with Pointsecure or NDC Gerrit Woertman VSI Professional Services Alliance member VSI OpenVMS trainer EMEA & VSI OpenVMS Ambassador gerrit.woertman@vmsconsultancy.com


  1. OpenVMS and Security getting even more grip on your security with Pointsecure or NDC Gerrit Woertman VSI Professional Services Alliance member VSI OpenVMS trainer EMEA & VSI OpenVMS Ambassador gerrit.woertman@vmsconsultancy.com www.vmsconsultancy.com

  2. Agenda • OpenVMS and Security • EU security laws to report security issues • Non‐HPE/VSI Security packages • Pointsecure – PointAudit – System Detective • Networking Dynamics Corporation (NDC) – Peek & Spy – KEY Capture – Assassin • Questions

  3. OpenVMS and Security ‐ 1 • OpenVMS – secure by design • No viruses • One of the first to become US DoD C2‐rating • Declared “Cool and Unhackable” at 2001 DefCon9 as described in 4AA0‐2896ENW.pdf (HP, 11/2005) Alpha OpenVMS with the help of Pointsecure System Detective

  4. OpenVMS and Security ‐ 2 • OpenVMS has got optional security solutions – OpenSSL (Secure Socket Layer) https://www.openssl.org/ – Common Data Security Architecture (CDSA) – Kerberos • Everything fine? Seems so, but there is still need for more and better implementation – On VSI’s research list

  5. OpenVMS and Security – 3 • OpenVMS ‐ Linux – Windows • With 100% OpenVMS no problems – fine – That’s not real; today’s softwarestacks complex – Splendid isolation? • OpenSource – is that safe? ?

  6. OpenVMS and Security – 4 • From http://vmssoftware.com/products.html Unmatched Security Compare OpenVMS' security vulnerability record against other operating systems at CVE Details: http://www.cvedetails.com. The following are direct links to reports for OpenVMS, Linux and Windows: • OpenVMS http://www.cvedetails.com/product/4990/HP‐Openvms.html?vendor_id=10 • Linux http://www.cvedetails.com/product/47/Linux‐Linux‐Kernel.html?vendor_id=33 • Windows • http://www.cvedetails.com/product/23546/Microsoft‐Windows‐Server‐2012.html?vendor_id=26 • • http://www.cvedetails.com/product/11366/Microsoft‐Windows‐Server‐2008.html?vendor_id=26 • • http://www.cvedetails.com/product/7108/Microsoft‐Windows‐Server‐2003.html?vendor_id=26 • • http://www.cvedetails.com/product/2594/Microsoft‐Windows‐2003‐Server.html?vendor_id=26 • • http://www.cvedetails.com/product/107/Microsoft‐Windows‐2000.html?vendor_id=26

  7. OpenVMS and Security ‐ 5 • Cybersecurity • More and more security breaches must be reported (EU legislation) • How good do you know your security‐status? • Regularly with audit‐reports, and ad hoc? • Audit‐alarm  OPCOM, do you notice? – You might have CockpitMgr with real‐time security event monitoring, and you see a security event in the display, but otherwise? – Analyze/audit for reporting

  8. OpenVMS and Security ‐ 6 • With Digital we had DECInspect Compliance Manager to compare with Security Standards • DEC sold Polycenter to CA, and the Polycenter security products to http://www.ttinet.com • What now? • Pointsecure PointAudit can help • PointAudit presentation and demo

  9. OpenVMS and Security ‐ 7 • PointSecure – System Detective • Rules – capture trails/advise, etc. • System Detective presentation and demo

  10. OpenVMS and Security ‐8 • Networking Dynamics Corporation (NDC) • Peek&Spy and KeyCapture • Peek&Spy exist for many years – Peek with beep; Spy without notice – Log own terminal • Assassin – idle terminal management • NDC securityproducts presentation and demo

  11. Q & A

  12. Auditing Your OpenVMS System With PointAudit Gerrit Woertman Gerrit.Woertman@VMSConsultancy.com www.vmsconsultancy.com

  13. PointAudit ‐ Overview • Leading auditing product for securing OpenVMS systems • Auditing OpenVMS sites for over 15 years • Comply with security policies and government regulations • Audit disabling of accounts of users no longer authorized • Report on unused accounts or infrequently used accounts • Report on privileged accounts • Audit system patches ! • Audit system generation parameters • Audit system licenses • Audit the system audit server • 96 provided reports and custom reports easily generated

  14. PointAudit primary functions • Create security related audit reports • Assist the system manager • Provide separation of audit data from systems • Separation of audit and system management duties

  15. Why does security matter? • What would happen if your systems are compromised? • Financial cost of recovery • Business disruption • Corporate embarrassment • Regulatory difficulties

  16. Why use PointAudit? • OpenVMS is the most secure operating system • Security on any system can be improved • Many system managers are overworked and under educated • PointAudit enhances and simplifies OpenVMS security reporting and auditing

  17. PointAudit Planning • Where to locate the PointAudit system • In the audit office with physical security • Outside the access area of operational personnel • At the disaster recovery site • Communications protocol to use • SSH is recommended • TELNET is available if needed • Create PointAudit accounts on all the systems to be audited • Grant privileges: NETMBX, SECURITY, SYSLCK, SYSPRV, TMPMBX • Use a complex password – nobody has to remember it • The username and password may be different on each audited system • Setup the accounts to not use any menus or ask questions during login • There is no agent to install on the audited system

  18. PointAudit Configuration • Use the Add Server Wizard to create the server entries • Connection settings – server name, host IP, license key • Server properties – Company, manager, location, department • Use the New Scan Wizard to create scans • Select the servers to run the scan • Name the scan and select the connection protocol and port • Optionally enter a description • Optionally enter email addresses to be notified when the scan completes • Enter the username, password, and test the connection • Select the data to be gathered • Optionally enable scan to run at a specified interval

  19. PointAudit Scanning • Scan on demand • Scan unattended on a schedule • Scan data is stored in a database

  20. Predesigned Reports • 96 modifiable reports predesigned • Accounts with specific privileges • Accounts in privilege groups • Accounts used/unused for a period of time • Accounts never used • Passwords not changed for a period of time • Accounts with flags set

  21. Predesigned Reports ‐ continued • Identifiers • Audit server settings • Patches applied/needed • System generation parameters • License inventory • Compare differences between scans or servers

  22. Custom Reports • Modified standard reports • New reports using any gathered data • Create them any time • Use them on any scanned data in database • Match your site specific policies

  23. Summary Screen

  24. Management Screen

  25. Online Report

  26. PDF Report

  27. Spreadsheet Report

  28. Patch Installed/Available Report

  29. Suggestions are appreciated! Gerrit.Woertman@vmsconsultancy.com or Warren Kahle, CSA, CSE, Security+, CISSP PointSecure Technologies Inc 802 Lovett Blvd Houston, TX 77006‐3906 Warren.Kahle@PointSecure.com Cell: 713‐906‐5600 Office: 713‐868‐1222 ext 2

  30. Protecting Your OpenVMS System With System Detective Gerrit Woertman CTO OpenVMS VMSConsultancy Gerrit.Woertman@vmsconsultancy.com www.vmsconsultancy.com

  31. System Detective ‐ Overview • Leading security product for protecting OpenVMS systems • Versions protecting OpenVMS sites for over 15 years • Declared “virtually unhackable” at Defcon • Comply with security policies and government regulations • Host based intrusion detection • Real time observation and selective logging of user sessions • Inactivity monitoring and protective action initiation • Implemented as execlet code • Rules defined using language‐like block structure

  32. System Detective primary functions • Create security events • Log interactive user activity • Restrict access to sensitive files and information • Secure or terminate idle sessions • Monitor or take control of interactive sessions • Create customized alerts and notifications • Generate comprehensive reports

  33. Why use System Detective? • OpenVMS is the most secure operating system out of the box • Security on any system can be improved • System Detective enhances OpenVMS security: • Demonstrate regulatory compliance • Protect the system from privileged users • Maintain audit trails • Assist users

  34. System Detective Configuration • Defaults for System Detective parameters • Optionally encrypt session logs • Change the session lock character • Optionally inhibit user’s ability to lock their own sessions • Optionally inhibit user’s ability to permit others to advise • Locations for databases and files • Table of remote or local locations • Proxy access to remote systems • Suggested session log file names • List of users who can shut down System Detective

  35. Rules and how they work • Rules are language‐like block structures containing triggers and actions • Select a rule for a process • Trigger the rule by a process activity • Qualify a rule based on its environment • Primary actions • Secondary actions

Recommend


More recommend