Sunday, January 15, 2012

Anonymity in OpenVMS Clusters?

Alright, I admit it. I love OpenVMS clusters, I enjoy having a DECWindows session and impressed by its Common Desktop Environment. Not only is it cool to use Digital Command Lines but this Operating System survived the DEFCON 9 CTF which proves to be one of the most secured operating systems. Some OpenVMS clusters have programming languages like ADA, PASCAL, C, MACRO-11, FORTRAN, BASIC, etc.

And because of its security, there are some misconceptions like “you are anonymous and safe when you login to a public OpenVMS cluster just because it is secured”. But is it really the case? But the Internet itself is not anonymous by definition but let’s not discuss about that anonymous thingy since we are talking about OpenVMS clusters here. It’s just like free Linux and Unix shell accounts, wherein your IP is also visible by other users who are login to the cluster. Even guest and demo accounts in public OpenVMS clusters, can issue the commands like 'SHOW USERS’ and ‘FINGER’. The user has also the option to list the specific information of a certain user by typing  the command “FINGER USERNAME” which may show the IP, the real name, email address of the user and also his last login.


I trust my fellow users in public OpenVMS clusters but because there is a possibility that some people who have malicious intentions will try to login in a  guest account that’s why I really don’t consider it as safe. Thus, the rumors about OpenVMS clusters as being a private-user oriented is not true but hey, it is still a secured operating system but that also depends on the lock-down. My point here is that users should use chain socks tunnels or VPN when logging in to SSH servers like shell accounts and OpenVMS clusters just to be safe.

About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section. 

ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.