VMS security failures

VMS security failures

Post by Pedro Vien » Thu, 29 Jan 1998 04:00:00



Please, I'd like to know where I can get information about VMS securi-

ty failures. Is VMS totally secure ?

I'm not a hacker ! Only a curious guy !

thank you for your information !


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

 
 
 

VMS security failures

Post by Arne Vajh? » Fri, 30 Jan 1998 04:00:00



> Please, I'd like to know where I can get information about VMS securi-
> ty failures.

There is no tradition in the VMS world for sharing this information.
Those that find a hole reports it to Digital. Digital makes a fix and
send it out as a mandatory update. People install it without knowing
the details.

Quote:>                Is VMS totally secure ?

No. No OS is. But there has been very few reported security hole sin VMS
comparing with how widespread its usage still is.

Quote:> I'm not a hacker ! Only a curious guy !

Oh we have got your word as a gentleman !  :-)

                                                     Arne

 
 
 

VMS security failures

Post by Hoff Hoffm » Fri, 30 Jan 1998 04:00:00


:...I'd like to know where I can get information about VMS security failures.

  Please see the _OpenVMS Guide to System Security_ manual, part of the
  OpenVMS documentation set, for information on OpenVMS system security.

  As for discussions of specific security failures, these are generally
  not discussed publicly -- regardless of the operating system and vendor.
  Sites that have experienced security problems or security-related losses
  are understandibly reluctant to discuss them.  (There have been various
  books on this topic -- the Cuckoo's Egg, by Clifford Stoll, is one.)

:Is VMS totally secure ?

  Engineers will generally not provide "absolutes" as answers to open-ended
  questions.

  OpenVMS holds NCSC Class C2 and (with SEVMS) Class B1 security evaluations.
  For what an NCSC security evaluation indicates, check with the NCSC folks.

  A properly-configured OpenVMS system is quite secure -- OpenVMS engineering
  takes system security and any security problem reports very seriously.

:I'm not a hacker ! Only a curious guy !

  This can be difficult to differentiate remotely.  Particularly when asking
  this question in this forum in this fashion.  (No offense is intended.)

        --

  Please send any reports of problems directly to DIGITAL -- while most folks
  following this newsgroup are upstanding and honest individuals and should
  be notified of security holes quickly, there are a few nefarious folks that
  following this and other newsgroups that will (mis)use any security reports.
  Making direct reports to DIGITAL means that OpenVMS engineering can assess
  and react to the security problem, before the problem (potentially) becomes
  widespread among many customers...

 -------------------------- pure personal opinion ---------------------------

  note to those folks not contributing spam -- there is no ZZ in my address

 
 
 

VMS security failures

Post by Jim Becke » Sat, 31 Jan 1998 04:00:00



> Please, I'd like to know where I can get information about VMS securi-
> ty failures. Is VMS totally secure ?
> I'm not a hacker ! Only a curious guy !
> thank you for your information !

Hmmm, perhaps questions like this belong in the FAQ.
My usual response to such queries goes along these lines...

Please, I'd like to know where I can get information
about security weaknesses at your house. Is your
house totally secure? I'm not a burglar! Only a
curious guy!

Jim Becker
System Solutions Incorporated (http://www.syssol.com)
Rockville, MD & Herndon, VA

ESILUG Chair (http://www.decus.org/decus/lugs/esilug)
Washington, DC area

 
 
 

1. VMS Security (in Relation to Unix Security)

My supervisor is of the mind that VMS security is near unbreakable.
I'm not so sure.  I do believe that there are probably fewer holes in
the VMS system than there are in Unix systems (we are constantly
hearing of new Unix holes every week)....

Are there any glaring security holes existing in VMS?  What might they
be (read: I'm not asking how to exploit them)?

I'm really curious how secure our system may/may not be.

Cheers,

MH.

2. Cisco 2509, 56k async ...

3. Formal security advisory now issued for POP server security issue

4. Renaming My SBS

5. Speaking of security... was Re: Security 'n' Stuff

6. how to open a cgi file in win 98?

7. DECnet security (was: DECNet Mail a security threat?)

8. Looking for Dave Haynie's 'Deathbed' video!

9. VMS Security Challenge; Was: Why VMS?

10. Hobbyist VMS V7.2 TK50 DECnet-Plus installation failure?

11. VMS 5.2 SORT failure (long)