CONTENTS Title Page Copyright Page Preface 1 Overview of POLYCENTER Security ID Introduction In this Chapter The POLYCENTER Security Family of Products POLYCENTER Security ID POLYCENTER Security CM POLYCENTER SRF System Security and Intrusion Detection Summary POLYCENTER Security ID Recommendation Intrusion Detection Typical Intrusion Events POLYCENTER Security ID and OpenVMS Auditing Recommendations OpenVMS Audit Events Further Information Components of POLYCENTER Security ID Summary Main Components Output How POLYCENTER Security ID Works Summary Clusters and Nodes Audit Events and Clusters Example Message Types Hostile Users Failure Limits Countermeasures Recommendation Intruder Scenario Summary Getting Started Summary Starting POLYCENTER Security ID Cluster Start-up Changing Audit Server Settings Summary Specifying Listener Mailboxes Audit Event Listener Mailboxes Example User Interface Summary POLYCENTER Security ID Interface DCL Commands Fault Finding 2 Configuring POLYCENTER Security ID Introduction In this Chapter Configuration Overview Summary OpenVMS Audit Events Controlling Report Size Controlling the Database Size Controlling Mail Messages Classifying Event Types Setting Failure Limits Specifying Hostile Users and Nodes Alarm Characteristics Enabling Countermeasures Report Generation Sending Alarm Tokens Specifying Security Managers Managing the Distribution List Recommendations Which OpenVMS Audit Events to Enable Summary The SET AUDIT Command Recommendation Further Information OpenVMS and POLYCENTER Security ID Events Summary OpenVMS to POLYCENTER Security ID events Classifying POLYCENTER Security ID Events Summary Event Type Classifications Configuring Event Types Alarms Alerts Events Ignore Example Invalid Entries Filtering Mail Summary Ignore Security Managers Ignore Username Delta Time Example Absolute Time Examples Re-instating Users Ignore Process_ID Ignore Process_ID Examples Re-instating the Process Ignore Process_Name Ignore Process_Name Examples Re-instating the Process Setting Failure Limits Summary Default Values Setting Failure Limits Recommendation Specifying Hostile Users and Nodes Summary Types of Hostile Records Nodename Node Address Remote Username Local Username Specifying Hostile Users and Nodes Adding and Removing a Node Adding and Removing a Node by Address Adding/Removing a Remote Username Adding/Removing a Local Username Monitoring Hostile Users and Nodes Setting the Monitoring Time Intruder Notification Summary Setting the Intruder Notify Option Recommendation Setting Alarm Characteristics Summary Restricting Alarm Messages Specifying the Time Between Messages Setting Password Alarms Setting Password Alarms Recommendation Countermeasures What Countermeasures Do Exceptions Automatic Monitoring Summary Monitoring Times Login Failure Object Access UAF Modifications Network Proxy Database Modifications Rights Database Modifications Enabling/Disabling Countermeasures Recommendation Specifying Security Managers Summary Restrictions Adding/Removing Security Managers Specifying Alarm Tokens Summary Setting Alarm Tokens Nominating the POLYCENTER SRF Site Security Manager Details on a Token Adding Security Manager Details to a Token The Distribution List File Summary Editing the Distribution List File Providing Messages for Non-Security Managers Selective Reporting Selective Reporting on a Cluster Automatic Running of Commands POLYCENTER Security ID Reports and Alarm Messages Summary Daily Login Failure Report Setting the Daily Login Failure Report Current Settings Report Generating the Settings Report Sample Current Settings Hostile Users Report Generating the Hostile Users Report Sample List of Hostile Users and Nodes Login Failures Report Generating the Login Failures Report Sample Login Failure Summary Reading Reports and Alarm Messages Restricting Report Size Sample Alarm Message Shutting Down POLYCENTER Security ID Summary Shutting Down POLYCENTER Security ID Shutting Down POLYCENTER Security ID on a Cluster Checking System Integrity A POLYCENTER Security ID DCL Commands B Troubleshooting Techniques Glossary