ICAM System Security

VMS, the operating system that ICAM runs under, has been analyzed by the United States Department of defense and designated with a C2 security rating. This means that the operating system protects individual objects, such as files, disks, print queues, and batch queues, on a user-by-user basis. In addition, groups of users can be set up to ease the management of the security. ICAM uses the security features of VMS to secure the ICAM server against break-ins and unauthorized access.

ICAM administrators granted access to the ICAM system are set up with a set of menu files and access files that control their access to ICAM data. These files control what parts of the database and logs a user can see. Because the administrator accounts are run under VMS captive accounts,. even in the event of a program failure, the VMS operating system will detect that the user process is attempting to work outside of its captive environment and will terminate it.

Passwords on VMS are also highly secured. Passwords are stored in a protected area and it is not possible for anyone on the system to extract another person's password from the system. In the event of a forgotten password, the password is changed by a system level administrator to a known password, and the user is forced to change that password on their next login. A password history is kept. This means that when a password is changed it cannot be set to a password that has been used recently. A password dictionary is available (and enabled by default). This means that there are over 40,000 commonly used words that cannot be used for a password. The user also cannot use a part of their name for their password. Expiration dates can be set on password (normally 90 to 180 days) to force password changes on a regular basis.

VMS also provides break-in detection. If a person repeatedly fails in logging in, the system will sound an alert at the console and will disable logins from that port. On the disabled port the system will act as if it is processing the login request and responds with an attempt failed message. Thus a hacker will not know that he has tripped the feature and that his actions are being monitored while the system is being protected.

Both ICAM and VMS provide extensive system audit capability. Database logging can be enabled within ICAM to allow the logging in the system of what changes were made, who made them, and when they were made. With VMS logging, the system can monitor who ran what programs and when they were run.

All of these features combine to provide a very rich set of security features that thwarts unwanted access to the ICAM system, while at the same time providing a system that is not unreasonably burdensome to manage.