Order Number: AA-PGBXD-TE

This guide describes the POLYCENTER Security Compliance Manager for OpenVMS product and provides information on its use.

Revision Information: This manual has been revised for V3.1.

Operating System: OpenVMS Alpha or OpenVMS VAX Version 6.2 or higher.

Software Version: POLYCENTER Security Compliance Manager for OpenVMS, Version 3.1

The information in this document is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. Digital Equipment Corporation assumes no responsibility for any errors that may appear in this document.

Possession, use, dissemination, or duplication of the software described in this documentation is authorized only pursuant to a valid written license from Digital or the third-party owner of the software copyright.

No responsibility is assumed for the use or reliability of software or equipment that is not supplied by Digital Equipment Corporation.

Digital Equipment Corporation makes no representations that the interconnection of its products in the manner described in this document will not infringe existing or future patent rights, nor do the descriptions contained in this document imply the granting of licenses to make, use, or sell equipment or software in accordance with the description.

The product described in this document is intended to assist customers in maintaining an appropriately secure systems environment when used in conjunction with customers' vigilant operational security practices. Digital does not guarantee or warrant that the use of this product will provide complete security protection for customers' systems.

Copyright ©1992, 1999 Digital Equipment Corporation

Copyright ©1999 Touch Technologies, Inc.

The following are trademarks of Digital Equipment Corporation: AXP, DEC, DECinspect, DECnet, DEC SecurityGate, Digital, OpenVMS, POLYCENTER, ULTRIX, VAX, and the DIGITAL logo.

Microsoft and Windows are registered trademarks of Microsoft Corporation.

Motif is a registered trademark of the Open Software Foundation, Inc.

UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Ltd.

All other trademarks and registered trademarks are the property of their respective holders.

Contents

Index

This guide describes POLYCENTER^tm Security Compliance Manager (POLYCENTER Security CM) for OpenVMS^tm and provides information to help you to use it effectively.

POLYCENTER Security CM is a software product that you can use to automate the implementation of your security policy.

Audience

This guide is intended for system administrators, and others who are responsible for system security.

Associated Documents

The following documents contains more information about POLYCENTER Security CM:

POLYCENTER Security Compliance Manager for OpenVMS Installation Guide --- This document describes how to install POLYCENTER Security CM on OpenVMS Alpha and OpenVMS VAX systems.

POLYCENTER Security Console for Microsoft Windows Installation and User's Guide --- This document describes POLYCENTER Security Console, a PC tool that you can use to manage POLYCENTER Security CM on a group of nodes. It provides information on its use.

Structure of This Guide

This guide is organized as follows:

Chapter	Title	Contents
1	Overview of POLYCENTER Security CM	Gives an overview of POLYCENTER Security CM and how you can use it to improve the security of computer systems.
2	User-Defined Tests	Describes how to create your own test collections.
3	The Command Line Interface	Describes how to carry out POLYCENTER Security CM tasks using the command line interface.
A	Distributing Inspectors	Describes how to use a sample inspector to implement your security policy and how to distribute the inspector.
B	Troubleshooting	Describes troubleshooting techniques and typical problems and solutions.
C	Tokens	Provides information about tokens generated by POLYCENTER Security CM.

Conventions

The following conventions are used in this guide:

Convention	Description
Note	A note contains information that is of special importance to the reader.
Caution	A caution contains information to prevent damage to the equipment.
Monospace type	Monospace type indicates system displays and user input. It also indicates keywords and literal strings in text.
Boldface type	Boldface type in text indicates the first instance of terms defined in the text, in the glossary, or both.
italic type	Italic type indicates variables and indicates the complete titles of manuals.
Ctrl/ X	Ctrl/ X indicates that you hold down the Ctrl key while you press another key (indicated here by X).
[ ]	In format descriptions, brackets indicate optional elements. You can choose none, one, or all of the options.
nn nnn.nnn nn	A space character separates digits in numerals with 5 or more digits. For example, 10 000 equals ten thousand.
n.nn	A period in numerals signals the decimal point indicator. For example, 1.75 equals one and three-fourths.

Introduction

This chapter gives an overview of POLYCENTER Security CM and explains how you can use it to enhance the security of computer systems.

In This Chapter

This chapter contains the following sections:

• Enhancing the security of computer systems
• Components of POLYCENTER Security CM
• POLYCENTER Security CM tests
• New features in Version 3.1
• Getting Help and more information

1.1 Enhancing the Security of Computer Systems

Summary

The ability to protect the integrity of confidential data and programs is vital in every enterprise. Distributed computing and an increased reliance on computer networks present a possible threat to the security of computer systems. A computer must be secure enough to withstand attacks from external unauthorized parties and to protect users from accidental or malicious actions of other users.

POLYCENTER Security CM and System Security

POLYCENTER Security CM allows you to monitor and analyze operating system and network settings periodically to ensure that they comply with your organization's security standards. You can use POLYCENTER Security CM to design and implement your organization's security policy. You use the POLYCENTER Security CM tests as building blocks to do this task.

The POLYCENTER Family of Security Products

POLYCENTER Security CM is a member of the POLYCENTER family of security products. Other security products in the POLYCENTER family include:

• POLYCENTER Security Console allows you to manage the use of POLYCENTER Security CM on a group of nodes. It has a graphical user interface (GUI) to allow you to create and download test inspectors and get an overall view of the security of a network of nodes. The POLYCENTER Security Console for Microsoft Windows NT 4.0 Installation and User's Guide provides information on POLYCENTER Security Console.
• POLYCENTER Security Reporting Facility (POLYCENTER SRF) collects security reports from network machines running POLYCENTER Security CM and provides a central point for identifying problem machines.
• POLYCENTER Security Intrusion Detector allows you to constantly monitor your system to detect and report suspicious or hostile activity.

1.2 Components of POLYCENTER Security CM

Summary

This section describes the components of POLYCENTER Security CM and the output that it produces.

Main Components

POLYCENTER Security CM comprises the following main components:

Component	Description
Inspectors	An inspector is an entity that executes a designated set of tests on specified nodes. An inspector contains one or more collections of tests.
Executor	The executor is a process that runs the tests specified in the inspectors. The executor: Executes inspectors at scheduled intervals or when requested to do so by a user. Generates reports, lockdown and unlockdown files, and tokens. Updates the POLYCENTER Security CM inspector database with an inspector's results after every inspection.
User interfaces	You can use either of the following user interfaces to manage POLYCENTER Security CM. However, it is recommended that you use the POLYCENTER Security Console GUI. POLYCENTER Security Console GUI. POLYCENTER Security Console is a separate PC product, which provides an interface to POLYCENTER Security CM. POLYCENTER Security Console has a GUI, which allows the user to manage POLYCENTER Security CM and view the results of inspections for a group of nodes. See the POLYCENTER Security Console for Microsoft Windows NT 4.0 Installation and User's Guide for more information on POLYCENTER Security Console. POLYCENTER Security CM command line interface. POLYCENTER Security CM has a limited command line interface, which allows you to carry out basic POLYCENTER Security CM tasks on a local OpenVMS node.
Portal	The portal accepts messages from POLYCENTER Security Console sent using either DECnet tm or TCP/IP. It can respond to requests, for example, to send a report to the PC, or, it can pass the request to the executor.
Inspector database	The inspector database stores the inspector data and the system configuration files.

Diagram

The following diagram shows the components of POLYCENTER Security CM and how it interacts with POLYCENTER Security Console:

Output

POLYCENTER Security CM can produce the following output:

Output	Description
Report	When an inspection finishes, POLYCENTER Security CM produces a report. The report provides details of the inspection results for nodes in the inspector's domain. It lists possible security weaknesses and indicates the tests that failed. POLYCENTER Security CM sends reports by electronic mail to the names on an inspector's report recipient list. Use the POLYCENTER Security Console GUI to add names to the report recipient list. Use the GUI also to view reports and a graphical summary of the compliance of your systems. Reports are stored on the OpenVMS node in the directory pointed to by the INSPECT$REPORTS logical.
Token	If POLYCENTER SRF is installed on your network, you can configure one or more inspectors on your node to generate a security status message called a token after each inspection. The token contains a summary of results for test collections on the nodes that an inspector tests. POLYCENTER Security CM sends the token, using either the DECnet or the TCP/IP protocol, to a POLYCENTER SRF node. POLYCENTER SRF extracts the data from the token and stores it in a relational database. Designated users can access the relational database to get a global view of network security.
Lockdown file	When POLYCENTER Security CM detects system settings that cause a test to fail, it can produce a lockdown file. A lockdown file contains commands that you can use to set the system security settings to those defined by a test or inspector. You can choose to have the system automatically run the lockdown file after an inspection or you can manually run the lockdown file for an inspector or for a test. Lockdown files are stored on the OpenVMS node in the directory pointed to by the INSPECT$LOCKDOWNS logical.
Unlockdown file	When POLYCENTER Security CM produces a lockdown file, it also produces a corresponding unlockdown file. You can use the unlockdown file to reset the system settings to the values that they had before you ran the lockdown file. POLYCENTER Security CM never locks down settings that you cannot unlock down using an unlockdown file. Unlockdown files are stored on the OpenVMS node in the directory pointed to by the INSPECT$LOCKDOWNS logical.

1.3 POLYCENTER Security CM Tests

Summary

POLYCENTER Security CM stores its tests in a hierarchical structure. This section describes the test hierarchy and the available subsystems.

Hierarchy Elements

The following table describes the elements of the test hierarchy:

Element	Description
Inspector	The object that POLYCENTER Security CM uses to hold tests and related information needed to test the system's security settings.
Subsystem	A category of related system settings to be tested, for example, accounts.
Test Collection	A subcategory of the related system settings. This is represented on the POLYCENTER Security Console GUI as a test dialog in which you can specify values.

Test Subsystems

The following table provides a summary description of the available subsystems. See the POLYCENTER Security Console GUI online help for detailed information on subsystems and tests.

Subsystem	Description
Auditing	Allows you to check that security auditing and accounting are implemented correctly on your system. It also allows you to check that the AUDIT_SERVER process and the OPCOM process are running.
SYSGEN	Allows you to check that settings for system parameters related to system security are secure.
Accounts	Allows you to check that accounts on your system are secure.
Files	Allows you to check that files on your system are secure. You can specify which file protection, UIC, and ACL are required for each file.
Passwords	Allows you to check that password security is enforced on your systems.
Network	Allows you to check DECnet proxies and banner messages displayed on your system.
Miscellaneous	Allows you to include your own programs.

1.4 New Features in Version 3.1

Summary

Version 3.1 is a maintenance release of POLYCENTER Security CM V3.0. New date formats have been changed to 4-digit years to insure Y2K compliance.

1.5 Getting Help and More Information

Summary

This section describes where to find more information to help you to use POLYCENTER Security CM.

Tutorial

The POLYCENTER Security Console GUI includes a tutorial. The tutorial is accessible from the Help menu.

GUI Help

Detailed help on all aspects of POLYCENTER Security CM is available from the POLYCENTER Security Console GUI on the PC. The help includes information on the following:

• How to use POLYCENTER Security CM to secure your system.
• Parameters, lockdown action, and security suggestions for each test.
• How to carry out all tasks, for example, how to build an inspector, view and interpret lockdown files and reports.
• Context-sensitive help on dialogs.

See the POLYCENTER Security Console for Microsoft Windows NT 4.0 Installation and User's Guide for more information.