OpenVMS Academy System, Network and Internet Security
Course Code: VM240
Length: 5 days
Schedule and Registration
- Mon, Jun 3, 2024 $3,500.00 Denver, CO
- Mon, Jun 3, 2024 $3,500.00 E-Learning
Course Description
This course teaches security theory and practice as it relates to the OpenVMS operating system, the network and the Internet to which it may be connected. The course incorporates our Lab+Lecture format.
Who Should Attend
System, Network and Security Administrators of OpenVMS systems who want to effectively manage a secure operating environment.
The instructor's expertise and experience enhanced the course. His ability to provide background information was excellent.
Prerequisites
- Completion of OpenVMS Academy Utilities and Commands (VM100)
- Completion of OpenVMS Academy System Administration (VM210)
Benefits of Attending this Class
Upon completion of this course, students will understand security and how it relates to their OpenVMS systems. They will be able to set up a secure environment that limits interference with production.
Instructor has a very logical approach to security; presented in a real world context and had excellent examples and asides.
Course Contents
Security Overview
- Need for Security
- Ignorance is Bliss - But it is Not Security
- Vulnerabilities
- Prevention vs. Detection
- Security Policy
- User Training
- OpenVMS Builtin Security
Physical and Data Security
- Console Terminal
- Separation of Duties
- Data and Device Security
OpenVMS Object Security
- Information Security
- Types of Access
- UIC
- Categories of Processes
- Classes of Objects
- UIC Based Security
- Access Control List Protection
- Privileges Affecting Object Security
- System Parameters Affecting Object Security
- Rules of Access
- File and Volume Security
- Security Templates
- Device Security
- Queue Security
- Erasing of Data on Memory-Based Objects
Account Management
- Accountability
- Managing Accounts
- Common System Accounts
- UAF Flags
- Expiring Accounts
- UAF Files
- Process Privileges
- Captive and Restricted Accounts
- Process Resources
- General Account Guidelines
- What to do When Someone Leaves
- Reviewing System UAF
Login Security
- Authentication, Authorization, Accounting and Auditing (AAAA)
- Passwords
- Programmed Control for Login Authentication
- External Authentication
- Automatic Login Facility
- Limiting Access to Accounts
- Break-in Detection
- Modem Setup
- Virtual Terminals
- Password Grabber Programs
- Process Environment
System Reliability
- Process Priority
- Process Quotas and Limits
- Avoiding System Hangs
Network Security
- Proxy Access
- Network Hubs vs. Switches
- Network Applications
- Firewalls
- Network Based Attacks
- SNORT
- Wireless Networking
Encrypted Network Communication
- Secure Shell
- Securing DECnet/IP with SSH
- Secure File Transfers
- Secure Sockets Layer (SSL)
- Configuring Secure Web Server for SSL
- STUNNEL - Universal SSL Wrapper
- Kerberos
- Virtual Private Network
- OpenVMS IPsec
Security Auditing and Reporting
- Security Data
- Components Involved in Security Auditing
- Viewing Audit Server Settings
- Preventing Changes to Security Auditing Settings
- Security Audit Log File
- Security Reporting
- Security Server
- Operator Communications
- Accounting
- Error Logs
Other Security Concerns
- Logical Names
- INSTALL Utility
- System Startup
- Applications and Procedures
- Security Enhancements
- Security Patches
- Secure Delivery
- System Files
- Cluster Security
- User Terminal Security
- Workstation Security
- COM for OpenVMS
Recovering from an Intrusion
- Scope of the Intrusion
- Restore System, Layered Products and Data
- Deter Further Attempts
- Plan Ahead
PARSEC Group CD
A CD is provided with this class that includes procedures and applications implementing many of the topics covered in this class.
