Discussion:
How can I block a user? (EX)
(too old to reply)
Schraub Issachar (Tami)
2007-07-11 09:26:26 UTC
Permalink
Hello!

I have 2 simple questions(Maybe they belong to general VMS management):

1. Can I block a user (by turning UAF flag to DISUSER) after X
unsuccessfull tries to enter into the system?
2. Can I close the session after a pre-defined period (for example - 30
minutes) of no use?

Thank you

Issachar Schraub
Vax/OpenVMS System administrator & P.C. Support
IMI(TAMI) Institute for Research & Development Ltd.
P.Box 10140, Haifa Bay 26111 Israel
Phone: 972-4-8469502
Fax: 972-4-8450078
Mobile: 972-52-4709766
Email: ***@tami-imi.icl-ip.com
Marc Chametzky
2007-07-11 11:30:22 UTC
Permalink
Post by Schraub Issachar (Tami)
1. Can I block a user (by turning UAF flag to DISUSER) after X
unsuccessfull tries to enter into the system?
Yes, but this is a system-wide setting. Take a look in SYSMAN and do a
"PARAMETERS SHOW /LGI". Specifically, you want to look at LGI_BRK_LIM
and LGI_BRK_TMO to determine the number of unsuccessful login attempts
within how many seconds determine a breakin attempt. Then,
LGI_BRK_DISUSER determines whether accounts tried after a breakin
attempt has been determined will be DISUSERed.

However, it's usually a bad thing to set LGI_BRK_DISUSER because a
breakin attempt on the SYSTEM or other service accounts can result in a
very easy denial of service.
Post by Schraub Issachar (Tami)
2. Can I close the session after a pre-defined period (for example - 30
minutes) of no use?
I don't know whether VMS has this functionality itself at this point. I
remember that there used to be third-party products that one could get
to do this, but I don't recall VMS having the capability itself. Then
again, my VMS knowledge is somewhat out-of-date.

--Marc
Ken Connelly
2007-07-11 11:29:27 UTC
Permalink
Post by Schraub Issachar (Tami)
Hello!
1. Can I block a user (by turning UAF flag to DISUSER) after X
unsuccessfull tries to enter into the system?
See the SYSGEN parameter LGI_BRK_DISUSER, but think twice and use with
extreme caution as this can be used against you as a denial of service
attack vector.
Post by Schraub Issachar (Tami)
2. Can I close the session after a pre-defined period (for example -
30 minutes) of no use?
There is nothing directly in VMS to do this, but there are (or at least
used to be) several free programs available. I used to use one called
WATCHER.

-ken
Post by Schraub Issachar (Tami)
Thank you
Issachar Schraub
Vax/OpenVMS System administrator & P.C. Support
IMI(TAMI) Institute for Research & Development Ltd.
P.Box 10140, Haifa Bay 26111 Israel
Phone: 972-4-8469502
Fax: 972-4-8450078
Mobile: 972-52-4709766
--
- Ken
=================================================================
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa
email: ***@uni.edu p: (319) 273-5850 f: (319) 273-7373
Boczenowski, Derek
2007-07-11 11:38:22 UTC
Permalink
For the second part of your question, look at Assassin from Networking
Dynamics. It will do exactly what you want, and you can set it up on not
just users, but processes as well.

NDC has a lot of third party VMS tools.

-----Original Message-----
From: Marc Chametzky [mailto:***@bluevine.net]
Sent: Wednesday, July 11, 2007 7:30 AM
To: info-***@process.com
Subject: Re: How can I block a user? (EX)
Post by Schraub Issachar (Tami)
1. Can I block a user (by turning UAF flag to DISUSER) after X
unsuccessfull tries to enter into the system?
Yes, but this is a system-wide setting. Take a look in SYSMAN and do a
"PARAMETERS SHOW /LGI". Specifically, you want to look at LGI_BRK_LIM
and LGI_BRK_TMO to determine the number of unsuccessful login attempts
within how many seconds determine a breakin attempt. Then,
LGI_BRK_DISUSER determines whether accounts tried after a breakin
attempt has been determined will be DISUSERed.

However, it's usually a bad thing to set LGI_BRK_DISUSER because a
breakin attempt on the SYSTEM or other service accounts can result in a
very easy denial of service.
Post by Schraub Issachar (Tami)
2. Can I close the session after a pre-defined period (for example -
30
minutes) of no use?
I don't know whether VMS has this functionality itself at this point. I
remember that there used to be third-party products that one could get
to do this, but I don't recall VMS having the capability itself. Then
again, my VMS knowledge is somewhat out-of-date.

--Marc
Bob Koehler
2007-07-11 12:27:52 UTC
Permalink
Post by Schraub Issachar (Tami)
1. Can I block a user (by turning UAF flag to DISUSER) after X
unsuccessfull tries to enter into the system?
This is built into VMS. It's called evasion. There are SYSGEN
parameters to congtrol it, it's on by default with fairly good
values.
Post by Schraub Issachar (Tami)
2. Can I close the session after a pre-defined period (for example - 30
minutes) of no use?
There are a variety of products and freeware tools which will do
this. VMS by itself will not. Quite often network routers are
capable of this so the host might not need to do it.

Loading...