HPE Community
Operating System - OpenVMS
1826325 Members
3459 Online
109692 Solutions
New Discussion

Is OpenVMS the most secure/stable OS around?

 
comarow
Trusted Contributor

‎03-13-2007 12:14 AM

‎03-13-2007 12:14 AM

Re: Is OpenVMS the most secure/stable OS around?

My last bunch of posts, no one awarded points.
to anyone.
It's the only way a user can judge someone's ability to answer questions.

Come on folks, you work with computers, you may be able to work your phone, and if you're a real systems engineer, maybe you can set my watch.
0 Kudos
Reply
John Travell
Valued Contributor

‎03-13-2007 12:35 AM

‎03-13-2007 12:35 AM

Re: Is OpenVMS the most secure/stable OS around?

> Finally, we have the fact that the hackers coming from the universities
> don't know how to get into the thing. It's considered unhackable.

You imply that a hacker WITH suitable expertise COULD break in. While anyone can compromise security, I do not believe that anyone (even Hoff :-), could break into a properly configured (current) VMS system without having physical access to the console.

> Now the big hole. By default, passwords are sent over the network in plain
> text, but there are protections one can add.

Yes, but this is really an artefact of the NETWORK and it affects all OSs' equally.
Is there any OS that by default demands an encrypted password on an otherwise unencrypted connection ? I suspect not.
JT:
0 Kudos
Reply
Hoff
Honored Contributor

‎03-13-2007 03:18 AM

‎03-13-2007 03:18 AM

Re: Is OpenVMS the most secure/stable OS around?

OpenVMS is not the most secure operating system around.

Operating systems are not monuments.

Operating systems are a component of a product.

A product that must be created and sold at a profit, and purchased and used for some purpose.

The area of security is itself a product or a product feature, though one rather analogous to insurance.

It's often marketed in similar ways, too.

Do you really want to buy insurance? At all?

The crux of effective (technical) security is that the defenders have to protect everything, and the attackers have to find just one hole.

The crux is that increasing security is increasingly costly; more costly to build and to buy and to use.

There are operating systems that have far higher security ratings around. These are arguably or are actually more secure than OpenVMS. These operating systems are usually also more expensive to buy or use.

There are systems that have lower security, too. These systems can be and are appropriate for many applications.

The crux of public security vulnerability discussions is that the various folks that know various different parts of system security are not likely to discuss details. This for any of various reasons.

The crux of the business discussion of security is whether or not the security features of OpenVMS -- whether NCSC Class C2 or (with SEVMS) Class B1 -- are or can be "good enough" and "cheap enough" for the particular business applications and business requirements. Higher security is more expensive.

And the crux of the business case for higher security products: the higher the security, the more limited the market becomes.

If you're interested in the topic area for more than just fodder for ITRC or newsgroup discussions, there are security-relevant postings in the blog over at the new HoffmanLabs web site, and specific available security checklists and techniques for locking down an OpenVMS system are referenced there. This in addition to the NCSC Class C2 appendix of the OpenVMS security manual. And the NCSC manuals themselves -- the old Rainbow Books series -- are dated, but are (still) a good read.

Stephen Hoffman
HoffmanLabs

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.