LJK Software
233 Needham Street, Suite 300
Newton, MA 02464-1502
Phone: 617-558-3270
Email: Sales@LJK.com
Web: www.LJK.com

vms security assessment

LJK/Security is a software tool for assessing the security of VMS systems, including both VAX and Alpha. It uses privileged access to the system to assess security but does NOT alter the state of system security. Thus it supports separation of duties between those who implement security (typically autonomous VMS system managers) and those charged with reviewing it (a central security staff).

for distributed environments

While distributed VMS operations are peer-to-peer, LJK/Security provides a hierarchical approach to assessing the security of those distributed operations. A single machine (or single VAXcluster or VMScluster, if you prefer) is designated as the master node for LJK/Security. On that machine are kept policy and assessment files which you tailor to match your own security rules (or use our default values for a start).

All other VMS systems covered by your LJK/Security license are designated as tributary nodes, where a smaller piece of LJK/Security software is installed for performing assessments and reporting back to the master node.

management by exception

LJK/Security defaults to "management by exception" reporting, producing violation messages only for cases where a condition violates security policy. Alternatively, if your own procedures mandate against "management by exception", you can set policy limits to report all measured conditions .

wide range of tests

LJK/Security tests over 200 separate elements affecting VMS security, many of them in multiple instances for various devices and usernames. We feel we have an outstanding battery of tests, but we are always open to suggestions for additions. (Of course all customers get copies of all new software releases during the term of their license.)

your choice of interface

To allow security personnel to concentrate on security rather than their tools, LJK/Security includes a DECwindows graphical user interface (GUI) for making policy changes, scheduling the assessment of various nodes, and reviewing results. Those using the DECwindows interface can also access the comprehensive LJK/Security reference manual with the VMS Bookreader utility as an alternative to the PDF, HTML or printed copy.

For situations where a character-cell terminal must be used, LJK/Security has a Menu interface to lead the user through the options available for performing policy changes, assessment scheduling and other activities.

LJK/Security also provides a DCL command interface, so experienced VMS users who wish to perform certain steps from batch jobs or command procedures have access to all functions of LJK/Security.

your choice of media

For simplicity of operation, DECnet is the default communications medium for transmission of assessment requests to tributary nodes, and transmission of results back to the master node.

You have the option, however, of using magnetic media (tape or removeable disk) or locally managed TCP/IP transfers for either or both of these transmissions.

assessment scheduling

Our automatic scheduling mechanism allows clock-driven assessments without human intervention. Results of assessments are stored on disk on the master node, with automatic retry attempts if DECnet transmissions are blocked by circuit failures.

what you get

Software is provided on CDROM by default, but it is also available on TK50 tape cartridge or 1600 bpi magnetic tape (according to customer preference) in standard VMS installation format.

The software medium provided by LJK Software is required only for installation of software on the master node. After installation, that software is used to generate software copies for installation on tributary nodes. Distribution to those nodes is done via media of the customer's choice (DECnet or TCP/IP in many cases).

Starter Policy Command Procedures are provided to simplify creation of policies matching common standards:

Null policy: Settings to remove all Factory Defaults from a new policy.

NIST Special Publication 800-53: Settings to conform to the details specified by FIPS 200 in compliance with US FISMA legislation.

SHA-1 Checksums of VMS component images: Settings to exhaustively check against the factory-shipped images for VMS Versions 6.1 and above.

Simple Checksums of VMS component images: Settings to efficiently check against the factory-shipped images for VMS Versions 6.1 and above.

Complete documentation is provided for customer personnel working at the master node. The only documentation required for personnel at the tributary node pertains to installation and is provided via release notes in the standard VMS installation format as generated on the master node. (Note that no tributary node commands are required after installation, since operation is controlled from the master node.)

Software and documentation updates are provided to the customer for each new version of the software released during the term of the license.

Voice telephone user support is available during normal business hours.

Internet email user support is available via a private dedicated priority email address.

required software

VAX processors must be running VMS or MicroVMS versions 4.2 or greater. Alpha systems can be running any VMS version from 1.0 upward.

Minimum disk space requirements for system disks and data disks vary between master node and tributary nodes between the VAX and Alpha architectures, according to LJK/Security features selected at installation time, and between LJK/Security releases. Consult the current LJK/Security documentation for details.

optional support software

In addition to optional use of DECnet, LJK/Security can use the optional Encryption for OpenVMS facility to protect the transmission of assessment requests and results.

licensing

LJK/Security is available only through a fixed-term license. Standard license sizes are for 1, 10 machines, 100 machines and unlimited machines, all for any number of months. Special requests for intermediate numbers of machines must be for license durations of 12 months or more.

Each license is for a single master node (or VAXcluster or VMScluster) which treats the remaining nodes as tributary nodes. Situations where the customer wants multiple distinct master nodes require multiple licenses. Note that no tributary node can serve two masters.

The license allows for transfer of the software to a different machine owned by the same licensee no more often than once per month. Use of different hardware with the same system disk (or a backup copy thereof) during periods of hardware failure does not count as a transfer.

pricing


License size
(Number of machines)
Price of 1 year license
Price of 1 month license


Effective cost
per machine
per month
1
$ 2,400
$ 200
$ 200
10
$ 12,000
$ 1,000
$ 100
100
$ 60,000
$ 5,000
$ 50
unlimited
$ 150,000
$ 12,500
$ ??

ordering information

Purchase Order or Letter of Authorization must be accompanied by a signed copy of our standard License Agreement.

LJK/Security and the LJK/Security logo are trademarks of LJK Software.

The following are trademarks of Hewlett-Packard Company: Alpha, VAX, VMS, DECnet, DECwindows, VAXcluster, VMScluster.

Brochure Version 5, January 2007

LJK Software

233 Needham Street, Suite 300

Newton, MA 02464-1502

Phone: 617-558-3270
Email: Sales@LJK.com
Web: www.LJK.com

order form and license agreement

Your Purchase Order or Letter of Authorization for the correct price (including Massachusetts sales tax where applicable) must be accompanied by a signed copy of this License Agreement. You are responsible for all other taxes that might apply.

terms and conditions

Software provided under this license agreement may only be used in accordance with the terms herein. Variances to these terms may only be made in writing, and no representative of LJK Software is empowered to do otherwise.

LJK/Security is available only through a fixed-term license. No ownership or interest in the software is provided by that license. License is valid only for use on machines owned by or leased to licensee.

Each license is for a single master node (or VAXcluster or VMScluster) which treats the remaining nodes as tributary nodes. Situations requiring multiple distinct master nodes require multiple licenses. Note that no tributary node can serve two masters.

The license allows for transfer of the software to a different machine owned by the same licensee no more often than once per month. Use of different hardware with the same system disk (or a backup copy thereof) during periods of hardware failure does not count as a transfer.

All aspects of license compliance are subject to technical enforcement procedures (e.g., expiration date at end of license term).

Licensee agrees to pay full license price (as outlined on separate schedule) within 30 days after receipt of initial software shipment. In case of any dispute, the maxi

mum liability of LJK Software shall be the price paid by the licensee for the license. Governing law shall be the laws of the Commonwealth of Massachusetts.

Consistent with FAR 12.211 and 12.212, licenses to the U.S. Government are under standard commercial license terms. Any references to FAR or DFARS sections are the version of that section present on Internet site http://farsite.hill.af.mil as of the date the initial order is shipped.

deliverables

Software for installation on the master node on CDROM (or optionally TK50 tape cartridge or 1600 bpi magnetic tape according to customer preference) in standard VMS installation format.

Documentation for use of the software.

Software and documentation updates for each new version of the software released during the term of the license.

Voice telephone user support in English during US East Coast business hours with a maximum of one simultaneous conversation per license.

Internet email user support in English.

license type

q new license

suggested unique license text identification:

(e.g. Acme Widget Veebelfetzer Plant B)

q renewal

serial number

q increase in license size

serial number

desired license size

q 1 machine q 10 machines

q 100 machines q unlimited machines

q custom size (only available for 12 months or longer)

_____ machines

desired license duration

___ months

desired effective date

(if left blank, expiration date shall be assumed for renewals, and "as soon as possible" shall be assumed for increase of license size or new licenses)

old license

q Check here if master node will be a VAX running a VMS version prior to V5.0.

alternate medium if CDROM is unacceptable

q 1600 bpi magnetic tape

q TK50 tape cartridge

1. shipping address for software delivery

(if different from license being

renewed or increased in size)


2. mailing address for technical contact

(if different from 1)

3. mailing address for renewal notices

if different from 2)

4. billing address

(if different from 3)

Licensee agrees to the above terms and conditions.

Signature

Typed Name

Position

Date

Acceptance by LJK Software shall be indicated by shipment of software or license PAK as specified by this order.

Order Form Version 5, January 2007