HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Security Audit on OpenVMS
Operating System - OpenVMS
1830366
Members
2163
Online
110001
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 02:00 AM
04-28-2005 02:00 AM
Security Audit on OpenVMS
Hi all,
I am researching products such as Pedestal-Security Expressions<> for semi-automated security audit of various systems.
For those that are not interested in wading through the marketing bull: Security Expressions use a remote login via ssh/telnet to audit supported systems. Essentially, it has a batch of scripts that check for security problems by logging in remotely and running the sh scripts and then builds a nice report out of the findings.
Security Expressions does not have a module for OpenVMS and I need to find a tool similar in nature to use on OpenVMS.
Any suggestions?
Thanks
EW
I am researching products such as Pedestal-Security Expressions<> for semi-automated security audit of various systems.
For those that are not interested in wading through the marketing bull: Security Expressions use a remote login via ssh/telnet to audit supported systems. Essentially, it has a batch of scripts that check for security problems by logging in remotely and running the sh scripts and then builds a nice report out of the findings.
Security Expressions does not have a module for OpenVMS and I need to find a tool similar in nature to use on OpenVMS.
Any suggestions?
Thanks
EW
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 02:13 AM
04-28-2005 02:13 AM
Re: Security Audit on OpenVMS
http://www.windowsitpro.com/Windows/Article/ArticleID/209/209.html
was once used by audit over here.
Wim
was once used by audit over here.
Wim
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 02:20 AM
04-28-2005 02:20 AM
Re: Security Audit on OpenVMS
Here are my findings/notes from 1998 (or was it 97).
Wim
Wim
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 08:39 PM
04-28-2005 08:39 PM
Re: Security Audit on OpenVMS
I've not tried it but there is
http://www.pointsecure.com/products/pointaudit.asp
HP sell a security sevice.
CA ePCM has some support for a few versions of VMS.
http://www.pointsecure.com/products/pointaudit.asp
HP sell a security sevice.
CA ePCM has some support for a few versions of VMS.
____________________
Purely Personal Opinion
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-28-2005 10:08 PM
04-28-2005 10:08 PM
Re: Security Audit on OpenVMS
Ed,
Many products in the *XIX world check for a list of vulnerabilities. Unfortunately (or fortunately, depending on one's perspective I suppose), many of these problems are specific to *XIX implementations. OpenVMS systems have a fairly different potential set of problems, so I would be VERY surprised if the sh scripts written for a *XIX were of any real use on an OpenVMS platform (e.g., *XIX systems typically use sendmail, which has had numerous vulnerabilities, see the applicable CERT warnings available through http://www.cert.org).
That said, the checklists in the back of the Guide to System Security are a good place to start a security audit. The Pointsecure products are certainly a good start.
Having been involved on both sides of security audits, the tools can only tell you the "What", documenting the "Why" is often more important when the security audit is part of the ongoing package designed to increase the integrity of corporate processes.
- Bob Gezelter, http://www.rlgsc.com
Many products in the *XIX world check for a list of vulnerabilities. Unfortunately (or fortunately, depending on one's perspective I suppose), many of these problems are specific to *XIX implementations. OpenVMS systems have a fairly different potential set of problems, so I would be VERY surprised if the sh scripts written for a *XIX were of any real use on an OpenVMS platform (e.g., *XIX systems typically use sendmail, which has had numerous vulnerabilities, see the applicable CERT warnings available through http://www.cert.org).
That said, the checklists in the back of the Guide to System Security are a good place to start a security audit. The Pointsecure products are certainly a good start.
Having been involved on both sides of security audits, the tools can only tell you the "What", documenting the "Why" is often more important when the security audit is part of the ongoing package designed to increase the integrity of corporate processes.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2005 01:53 AM
04-29-2005 01:53 AM
Re: Security Audit on OpenVMS
Bob,
You are completely correct in the matching of business case with system configuration. A thorough security policy should always be used as a guide to system setup.
My task is to find a tool that automates the checking of common issues in OpenVMS the same way that Security Expressions does for AIX/Linux.
I would expect the tool to be specific enough to not check an OpenVMS system for sendmail type configurations. My familiarity is with linux and Solaris making this task more challenging. Hence my post to this forum.
Thanks
EW
You are completely correct in the matching of business case with system configuration. A thorough security policy should always be used as a guide to system setup.
My task is to find a tool that automates the checking of common issues in OpenVMS the same way that Security Expressions does for AIX/Linux.
I would expect the tool to be specific enough to not check an OpenVMS system for sendmail type configurations. My familiarity is with linux and Solaris making this task more challenging. Hence my post to this forum.
Thanks
EW
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP