[Info-vax] Bradley Manning and OpenVMS

Paul Sture nospam at sture.ch
Mon Dec 16 00:29:44 EST 2013 

Simon Clubley wrote:

> On 2013-12-08, DTL <didier.morandi at gmail.com> wrote:
>> Hi all,
>>
>> Let's assume the system on which these diplomatic telegrams were stored was an OpenVMS system.
>>
>> How could the (Wiki)leak be detected?
>>
>> A Security ACL on the folder(s) access READ
>> A Security ACL on his CD-ROM Drive access WRITE
>> An alarm from both, gathered via a SIEM solution, giving the following alert:
>>
>> "A guy is burning a CD on his computer with a lot of sensitive data"
>>
>
> Without mandatory access controls, he could have just used his administrator
> privileges to turn them off before copying the files.

The original concept going back to VMS V4 was that everything logged by
SET AUDIT/ALARM would be sent to a physical console (hard copy
console probably assumed in those days) which was manned by a security
officer.  Any attempt to turn auditing off would have been logged on
hard copy and seen by the security officer.

That was the theory anyway.  In practice something like this can
generate an awful lot of noise in the audit logs if the wrong password
is typed

$ copy *.* node"username password"::dev:[dir]

(which is incidentally the easiest way I can think of to trigger breakin
evasion)

<insert cartoon of security officer wearing ear protectors and drowned
in listing paper here>

I don't think this idea really caught on, for practical reasons.

If you can get a hold of the V4 Security manual, there's a table
somewhere in there categorising types of computer misuse, from the
student motivated by the intellectual challenge and whose reward
is extra CPU time to the Major Government whose aim is World
Domination.

I kid you not about the World Domination bit.  Yes the Cold War was
still very much a reality and fuelled by Thatcher/Reagan rhetoric, but
we thought it was rather over the top for a computer manual.

Having said that, I don't think I'd yet come across the sense of humour
lurking in VMS Engineering. :-)

> The irony is that he managed to do this in the organisation which gave
> us SELinux. What was that again about the cobbler's children ? :-)

Even Windows has had the ability to lock down USB and optical drives for
quite some time now.

-- 
Paul Sture

This is not a commitment to deliver any material, code or functionality
and should not be relied upon in making purchasing decisions.

More information about the Info-vax mailing list