VMS Help V73 Features, System Management Features, OpenVMS Cluster Systems, Clusterwide Intrusion Detection  *Conan The Librarian (sorry for the slow response - running on an old VAX)

    OpenVMS Version 7.3 includes clusterwide intrusion detection,
    which extends protection against attacks of all types throughout
    the cluster. Intrusion data and information from each system are
    integrated to protect the cluster as a whole. Member systems
    running versions of OpenVMS prior to Version 7.3 and member
    systems that disable this feature are protected individually
    and do not participate in the clusterwide sharing of intrusion
    information.

    You can modify the SECURITY_POLICY system parameter on the
    member systems in your cluster to maintain either a local or a
    clusterwide intrusion database of unauthorized attempts and the
    state of any intrusion events.

    If bit 7 in SECURITY_POLICY is cleared, all cluster members
    are made aware if a system is under attack or has any intrusion
    events recorded. Events recorded on one system can cause another
    system in the cluster to take restrictive action. (For example,
    the person attempting to log in is monitored more closely and
    limited to a certain number of login retries within a limited
    period of time. Once a person exceeds either the retry or time
    limitation, he or she cannot log in.) The default for bit 7 in
    SECURITY_POLICY is clear.

    For more information on the system services $DELETE_INTRUSION,
    $SCAN_INTRUSION, and $SHOW_INTRUSION, refer to the OpenVMS System
    Services Reference Manual.

    For more information on the DCL commands DELETE/INTRUSION_RECORD
    and SHOW INTRUSION, refer to the OpenVMS DCL Dictionary.

    For more information on clusterwide intrusion detection, refer to
    the OpenVMS Guide to System Security.