Auditing For Changes

Sometimes it is necessary to review the history of system accounts, files, identifiers, products, licenses, etc.  OpenVMS does not keep a history or audit trail of changes to critical system information except in very limited cases and the information on the OpenVMS system may be altered by someone on those systems.  It is important to keep a record of critical security information on a different system for audit purposes.

PointAudit provides a capability to capture security information on the target system and retain it in a database on a PC which may be protected from access by users of the OpenVMS system.  The PointAudit program runs on a Microsoft Windows PC and audits OpenVMS systems.  The system security information is downloaded from the OpenVMS system by use of a TELNET or SSH connection without requiring an agent on the OpenVMS system.  The user simply selects a scan and then selects the appropriate tab to bring up a listing or report.

For example, the site security officer is investigating a user who has a privilege that the site security officer does not believe was properly approved.  The site security officer asks the auditor to review the PointAudit scans of the system going back in time to see when the privilege was granted.  By selecting older scans the auditor is able to determine the time the privilege was granted and then review the System Detective logs to determine who granted the privilege and exactly when.  Then the helpdesk logs confirm the reason for the additional privilege once the original case is found.