Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!decvax!ucbvax!TAMVENUS.BITNET!SMH1420 From: SMH1420@TAMVENUS.BITNET.UUCP Newsgroups: mod.computers.vax Subject: VMS Virtual Terminal Security Considerations Message-ID: <8612131527.AA10588@ucbvax.Berkeley.EDU> Date: Fri, 12-Dec-86 12:45:00 EST Article-I.D.: ucbvax.8612131527.AA10588 Posted: Fri Dec 12 12:45:00 1986 Date-Received: Mon, 15-Dec-86 22:35:43 EST Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 27 Approved: info-vax@sri-kl.arpa > Also, what are the disadvantages (system security wise) of Virtual > > terminals? Many people have asked the same question about the security disadvantages of virtual terminals. Since the only way to re-connect to a disconnected terminal is to have the correct/username password or suitable privileges (I believe that CMEXEC would be required - to modify the process header UIC or USERNAME fields) the level of security on your system should be the same as if you did not use virtual terminals. The only possible exception I can think of would be, for example, if someone had removed some level of security within a login, disconnected, and then someone else re-connected (for instance: Top Dog opens classified file after decrypting with VAX ENCRYPTION and then disconnects. Later his secretary [with his password] reconnects and may view the file because he did not re-encrypt). Virtual terminals can be a nice feature of VMS, but can also be easily used improperly. If you set the default timeout in sysgen to longer that 15 min (TTY_TIMEOUT = 900 seconds) you may end up with many disconnected processes on your system. A solution (if you wanted longer disconnect time - or only certain users to access virtual terminals) would be to enable virtual terminals, and then SET TERMINAL/NODISCONNECT on terminals you want to exclude from virtual terminal capability (there are other ways to do this also e.g. TTY_DEFCHAR in sysgen etc...) Steve Hicks SMH1420@TAMVENUS.BITNET