[Info-vax] VSI strategy for OpenVMS
Bill Gunshannon
bill.gunshannon at gmail.com
Sun Sep 19 10:36:46 EDT 2021
On 9/19/21 9:42 AM, chris wrote:
> On 09/18/21 21:07, Bill Gunshannon wrote:
>> On 9/18/21 3:07 PM, chris wrote:
>
>
>>>
>>> Add to which, have a global security strategy that doesn't depend on
>>> the OS being secure. That means firewalling, secure subnets, access
>>> controls and much more. Have to assume that any system can be broken,
>>> given enough time and resources...
>>>
>> It's called "Defense in Depth" and as a concept has been around for
>> decades. Sadly, people in this industry seldom seem to learn from
>> previous mistakes and the same things keep on happening.
>>
>> bill
>>
>>
>
> Back in the days of NT4, there were some very good NSA documents on
> how to secure windows. Downloadable from their website, but as you
> say, every new generation seems fated to make the same mistakes of
> the past...
>
DISA STIGs are even better. At one time there even used to be one for
VMS but when VMS lost traction with DOD they stopped maintaining it.
I used them extensively when I was at the University (probably because
of my experience with them thru the Army when I was actually assigned
to DISA FSO) and attribute to them the lack of security breaches during
my tenure in the CS Department.
bill
More information about the Info-vax
mailing list