- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Security Audit on OpenVMS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 02:00 AM
04-28-2005 02:00 AM
Security Audit on OpenVMS
I am researching products such as Pedestal-Security Expressions<> for semi-automated security audit of various systems.
For those that are not interested in wading through the marketing bull: Security Expressions use a remote login via ssh/telnet to audit supported systems. Essentially, it has a batch of scripts that check for security problems by logging in remotely and running the sh scripts and then builds a nice report out of the findings.
Security Expressions does not have a module for OpenVMS and I need to find a tool similar in nature to use on OpenVMS.
Any suggestions?
Thanks
EW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 02:13 AM
04-28-2005 02:13 AM
Re: Security Audit on OpenVMS
was once used by audit over here.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 02:20 AM
04-28-2005 02:20 AM
Re: Security Audit on OpenVMS
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 08:39 PM
04-28-2005 08:39 PM
Re: Security Audit on OpenVMS
http://www.pointsecure.com/products/pointaudit.asp
HP sell a security sevice.
CA ePCM has some support for a few versions of VMS.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 10:08 PM
04-28-2005 10:08 PM
Re: Security Audit on OpenVMS
Many products in the *XIX world check for a list of vulnerabilities. Unfortunately (or fortunately, depending on one's perspective I suppose), many of these problems are specific to *XIX implementations. OpenVMS systems have a fairly different potential set of problems, so I would be VERY surprised if the sh scripts written for a *XIX were of any real use on an OpenVMS platform (e.g., *XIX systems typically use sendmail, which has had numerous vulnerabilities, see the applicable CERT warnings available through http://www.cert.org).
That said, the checklists in the back of the Guide to System Security are a good place to start a security audit. The Pointsecure products are certainly a good start.
Having been involved on both sides of security audits, the tools can only tell you the "What", documenting the "Why" is often more important when the security audit is part of the ongoing package designed to increase the integrity of corporate processes.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2005 01:53 AM
04-29-2005 01:53 AM
Re: Security Audit on OpenVMS
You are completely correct in the matching of business case with system configuration. A thorough security policy should always be used as a guide to system setup.
My task is to find a tool that automates the checking of common issues in OpenVMS the same way that Security Expressions does for AIX/Linux.
I would expect the tool to be specific enough to not check an OpenVMS system for sendmail type configurations. My familiarity is with linux and Solaris making this task more challenging. Hence my post to this forum.
Thanks
EW