HP OpenVMS Guide to System Security > Part III  Security for the System Administrator

Chapter 10 System Security Breaches

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Table of Contents

Forms of System Attacks
Indications of Trouble
Reports from Users
Monitoring the System
Routine System Surveillance
System Accounting
Security Auditing
Handling a Security Breach
Unsuccessful Intrusion Attempts
Successful Intrusions

Along with developing a security policy and selecting appropriate security measures to implement that policy, a site needs to establish and test procedures for handling system, site, or network compromises. The procedure should address two areas:

  • Appropriate responses once a breach is suspected or confirmed. Site guidelines should help determine whether to increase site security (eliminating all possibility of further compromise), put proactive measures in place to apprehend the offender, or collect evidence to initiate a criminal or civil suit. Each decision has its own set of rules and guidelines.

  • Appropriate contacts and resources outside of the site that may be needed should such an event occur. For example, a company might want to become familiar with local, state, and federal authorities (as applicable), local phone carriers (security division), and the HP support groups.[4]

This chapter describes how to recognize when an attack on the system is in progress or has taken place and what countermeasures can be taken.


[4] HP support groups include the Software Security Response Team (SSRT) in the United States and the European Security Program Office (ESPO).



Managing the Auditing Subsystem
  		 


Forms of System Attacks