Personal Computer Security
SECURE BOUNDED EXECUTION ALLOWS A PROFESSIONAL MICRO USER
TO RACK UP ALL HIS TOP SECRET DATA
JUST LIKE ON A MAINFRAME
COMPUTER
V-PHAGE SYSTEMS MANAGER'S GUIDE
by: APPLICATION CONFIGURED COMPUTERS, INC.
Baldwin, NY and Columbus, OH
for
Thomas V. Sobczak, Consultants
PRELIMINARY FOR RESEARCH AND EVALUATION
(Stand-alone and Network enterprise systems)
READ THIS MANUAL THOROUGHLY BEFORE ATTEMPTING TO BEGIN THE V-
PHAGE PROCESS. SECURITY IS NOT A HIT OR MISS PROCESS. AS SYSTEM
MANAGER YOU CAN OPTIMIZE V-PHAGE EFFECTIVENESS BY TAKING
ADVANTAGE OF THE FEATURES AND OPTIONS EXPLAINED HEREIN. V-PHAGE
SCRAMBLES EXECUTABLE FILES -- BE SURE BACKUP EXISTS BEFORE ADDING
PROGRAMS TO A SECURE LEVEL OF PRIVILEGE WITHIN THE V-PHAGE UNIVERSE
OF PROTECTED PROGRAMS.
V-PHAGE SECURITY OVERVIEW
INHERENT WITHIN V-PHAGE ARE THE FOLLOWING FEATURES NOT TYPICAL TO
A DESKTOP MICROCOMPUTER.
1. ACCESS LIMITATION EQUAL TO MAINFRAME SECURITY SYSTEMS
* ENCRYPTED ID AND PASSWORD
* SCRAMBLED EXECUTABLE PROGRAMS
* BOUNDED EXECUTION BY LEVEL OF AUTHORIZATION
* SPECIFIC AUTHORIZATION TO A LEVEL
* ONLY ONE SUPER USER, THE SYSTEM MANAGER
2. EXECUTION OF APPLICATION PROGRAMS IS ASSOCIATED WITH THE
COMBINATION OF SPECIFIC LEVELS UTILIZED AND BY INDIVIDUALS WITH A
VERIFIED NEED TO KNOW. UNAUTHORIZED DISK BROWSING IN OTHER LEVELS
IS IMPOSSIBLE.
3. THE ALGORITHM, WHICH SECURES THE V-PHAGE, WARRANTEES KEY
ENTRY DATA SECURITY AT A LEVEL EQUIVALENT TO THE NATIONAL SECURITY
AGENCY DATA ENCRYPTION STANDARD (DES)
4. CHANGE DETECTION OF EVERY CHATACTERISTIC IMPLEMENTED BY DOS
ASSURES THAT ALL UNANTICIPATED CHANGE WILL BE LOGGED AND AVAILABLE
TO THE SYSTEM MANAGER AS FREQUENTLY AS HE CHOOSES TO VIEW/PRINT
THE LOGGED INFORMATION.
5. AUDIT TRAILS OF EVERY ACTIVITY FROM LOGON TO LOGOFF ARE
MAINTAINED. UNSUCCESSFUL ATTEMPTS ARE NOTED BY TERMINAL AND
ID/PASSWORD USED. COUNTS OF REJECTED LOG ONS ARE KEPT.
6. HIDDEN LOGS MUST MATCH TO ASSURE SYSTEM ENFORCEMENT OF V-
PHAGE SECURITY POLICY.
7. SCRAMBLED FILES CANNOT BY PROCESSED ON ANY OTHER
COMPUTING DEVICE, INCLUDING THOSE OPERATING UNDER ANOTHER COPY OF
V-PHAGE. THE INSTAL (purposefully misspelled) START-UP ROUTINE GENERATES
A UNIQUE KEY FOR THE SPECIFIC SYSTEM UPON WHICH V-PHAGE IS INSTALLED.
8. DETECTION CAN BE PROCESSED AT ANY TIME INCLUDING AFTER AN
EXIT TO THE O/S. V-PHAGE DETECTION IS A FULL TIME CAPABILITY AVAILABLE
FROM STARTUP TO POWER DOWN.
9. V-PHAGE IS UNFORGIVING IN THE INTEREST OF SECURITY. SLOPPY
KEYING WILL CAUSE AN EXIT IN THE SAME MANNER AS WRONG ID AND
PASSWORD.
10. CRITICAL MANAGER OPTIONS ARE ADDITIONALLY PASSWORD
PROTECTED TO ASSURE THAT A FAILURE TO LOG OUT OF SUPER PRIVILEGE
DOES NOT MAKE V-PHAGE SUSPECT.
INDEX OF CONTENTS
COVER
i V-PHAGE SECURITY OVERVIEW
ii INDEX
iv DISCLAIMER
1 INTRODUCTION
2 HOW TO USE THIS MANUAL
2 KEYBOARD CHARACTERISTICS
3 INITIAL INSTALLATION
5 BEGINNING TO USE THE V-PHAGE SECURITY SYSTEM
10 STRUCTURING SECURITY IN A V-PHAGE/DOS ENVIRONMENT
16 A LOOK AT THE MANAGER SCREEN OPTIONS
16 RUN DETEKT
16 INSTALLATION (DETEKT OUTSIDE V-PHAGE)
16 FILE OPTIONS
17 CHECK OPTIONS
18 QUIT (DETEKT OPTION)
18 CLOSING THE LOOPHOLES (SAVEZONE/NEWZONE)
19 HOW TO RUN DETEKT OUTSIDE THE V-PHAGE SHELL
21 COMMAND LINE SHORTCUTS (DETEKT IN DOS)
22 LOGGING DETEKT DIFFERENCES
22 CONCLUSION CONCERNING THE RUN DETEKT OPTION
24 RUN SAVEZONE
26 ADD NEW USER (V-PHAGE)
29 CHANGE USER (V-PHAGE)
30 DELETE USER (V-PHAGE)
31 LIST USERS (V-PHAGE)
32 PRINT USERS (V-PHAGE)
33 RUN PROGRAMS (V-PHAGE)
34 FILE ACCESS (V-PHAGE)
34 TOGGLE DRIVE
35 TOGGLE LEVEL
36 ADD FILES
37 DELETE FILES
38 EXIT TO O/S (FROM V-PHAGE)
39 QUIT (V-PHAGE)
40 V-PHAGE HIDDEN SUB-DIRECTORIES AND HIDSDEN FILES
41 AUDIT REPORTS AND TECHNIQUES
41 PRINTED AUDIT MESSAGES
41 AUDIT MESSAGES DISPLAYED TO SCREEN
41 DETEKT AUDIT LOG SAMPLE
42 V-PHAGE SYSTEM USE AUDIT LOG SAMPLE
44 DISCRETIONARY ACCESS CONTROL
46 LIST OF INTERNET MOST FREQUENT PASSWORDS
48 ENCRYPTION DEFINITIONS
49 DISCUSSION OF V-PHAGE ENCRYPTION PHILOSOPHY
50 DETECTION THE BEST PROTECTION
50 DEFINITIONS
52 HOW VIRUS WORKS
52 IS DETECTION NECESSARY
55 VIRUS FORMATS
59 RULES FOR SAFE COMPUTER USAGE
62 RECOVERY FROM THE LOSS OF ONE OR A FEW FILES
63 RECOVERY FROM THE LOSS OF THE ENTIRE SYSTEM
DISCLAIMER
Sobczak, Consultants and ACC, Inc. makes no representation or warrantees with
respect to the contents or use of V-PHAGE software and associated documentation.
WE SPECIFICALLY DISCLAIM ANY EXPRESS OR IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE.
We warrant that the program will perform in substantial compliance with the
associated documentation. If you report a significant defect, in writing, to ACC, Inc.
and ACC, Inc. is unable to correct it within 120 days, you may return the software
and associated documentation along with a bill of sale and your purchase price will
be refunded. You agree that the only remedy available to you is a refund of the
validated purchase price of the program.
IN NO EVENT WILL SOBCZAK OR ACC, INC. BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY LOSS OF PROFITS, LOST SAVINGS, OR OTHER INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF YOUR USE OR INABILITY TO USE
V-PHAGE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY.
INTRODUCTION
Welcome to a new way of securing your computer using the V-PHAGE security system to
accomplish secure bounded execution of your software assets.
The V-PHAGE system consists of four major components, the V-PHAGE.EXE shell,
PASSWORD.EXE, the change detector program -- DETEKT.EXE and the file scrambling
routine PROT.EXE. They are resident on the floppy disk which accompanies this manual.
The V-PHAGE shell controls the execution of the other component parts thereby reducing
the overhead lost to V-PHAGE operations during normal program execution.
The PASSWORD program is the key to establishing access level privilege, stating which
programs and files may be accessed by each level and performing the maintenance
normal to the security process in your organization.
The DETEKT program builds the structure for change analysis of software executables and
data that you use frequently and therefore want analyzed daily. We call these SPECIAL
FILES. You can as easily monitor changes to all files on the default drive/server and/or all
files on all disk drives/servers in your system.
PROT processes in conjunction with the password program. Every time you select a file
to a level it is scrambled so as to be both unique and execution prohibited outside of this
specific V-PHAGE security shell.
As you will see in later sections the installation of V-PHAGE is designed to make your
encryption key unique from that of any other purchaser of the V-PHAGE product and its
planned enhancements.
HOW TO USE THIS MANUAL
V-PHAGE is a complex system of security and protections designed for the Microsoft
based computer and network. The manual is written in a step by step format. As with any
manual, we have tried to define every possible situation. We therefore respectfully suggest
that you keep the manual at hand and reference its contents as you begin the V-PHAGE
process. If we have ommitted anything you consider important to you use of V-PHAGE
please feel free to write or call our technical support center.
KEYBOARD CHARACTERISTICS
The V-PHAGE security system accomplishes most of its manipulative functions using six
keys. In the System Manager's menu the END key puts you at QUIT. The RETURN key
tells the V-PHAGE that the highlighted command is to be executed. If you make a mistake
and enter a selection in error, simply press the ESC key to go back to the Managers menu.
HOME brings you to the top of the menu. You may step through the menu using the UP
and DOWN arrows. Typing is as normal.
PLEASE NOTE that you must wait for the instruction to appear before you can type your
input. The slight hesitation is caused by the fact that V-PHAGE is logging all your actions.
If you try to out pace the directions displayed you will find that you are requested to repeat
your input. V-PHAGE will lock-up the terminal/computer if the intrernal security criteria,
placed there to protect your programs and data, sense an attempt at unauthorized activity.
When the terminal locks-up you must reboot by physically shutting down the machine and
then restarting it, i.e., turn it off, wait twenty seconds and then turn the machine back on.
The control keys normal to the O/S have been disabled. You cannot warm boot, i.e.,
control-alt-del. The control - whatever and Shift print screen also do not function. You must
follow the V-PHAGE instructions. These instructions assure the security of your operation.
The delete key allows you to correct typing errors in ID and PASSWORD entry. The screen
looks a bit strange as characters are added rather than deleted.
ID: XXXXXXXX was typed. Now you want to remove it because the telephone made
you forget where you were. To remove all you hit back space four times. One for each
letter/number you entered in you ID. You now see:
ID: XXXXXXXXXXXX
When you input the ID again you see a still longer chain of X's.
ID: XXXXXXXXXXXXXXXXXXXXXX
Our goal is not to confuse you, but to confuse the person who looking
over your shoulder who may fancy him/herself an amateur cryptologist.
INITIAL INSTALLATION
Place the V-PHAGE floopy disk which accompanies this manual in Disk Drive A:. Be sure
that the drive door is properly closed and locked in its normal closed position. (Put the disk
in the A:\ Drive the way you normally do.)
Type DIR A: in order to verify that this floppy disk has not been corrupted. The directory
must read as follows:
INSTAL.EXE 33136
DETEKT.EXE 83824
PASSWORD.EXE 106400
PROT.EXE 14633
V-PHAGE.EXE 8938
NEWZONE.EXE 17792
SAVEZONE.EXE 17744
Be sure these programs and file sizes match those on on your floppy disk prior to typing
A:INSTAL
(note that the install command has but one "l". This is a purposeful omission. The
computer will take a few seconds before it displays:
ACC, INC
V-PHAGE
SECURE BOUNDED EXECUTION
INSTALLATION PROGRAM
Press any key to continue...
on the video monitor. When you press any key, the screen blanks and
returns with the question:
Drive to install V-PHAGE on:
V-PHAGE must be installed upon your hard disk drive. If you have more
than one hard disk drive than you should choose the hard disk from which your computer
starts. When the start-up process completes, a prompt is displayed at the left side of the
screen with a flashing white line to its right. If the prompt says C: then your default (start-
up) drive is C:. Type c and press the RETURN key. (The RETURN and Left bent arrow
keys are synonymous with what this manual calls RETURN). Now you will see:
Drive to install V-PHAGE on: c
Creating Directories
Once again the screen will blank and return with a question. Let's take a monment to
understand what is happening. V-PHAGE is a secure system. As such, it hides directories
and files from anyone who might use them to steal the programs and knowledge you are
trying to protect. Further V-PHAGE encypts the passwords, ID's and files to minimize any
mis-use. The questions you are about to answer work in concert with an algorithm
(formula) to make this copy of V-PHAGE uniquely different from any othe copy in use. The
first question:
Mother's Maiden Name?
Type in your answer i.e., Smith, Jones or Knowski. Certain of the
characters you enter will be chosen, converted to ASCII code format, and used to create
your unique encryption. The logic of unique encryption is important in that if someone
steals your backup copies of data and programs, and if he/she has V-PHAGE, he will be
unable to execute your programs. They will never know your unique encryption.
Next you will be asked to input:
Favorite Color?
It is quite alright to enter "lemon-yellow blue". The answers are not saved. Again they are
the basis for your unique security encryption. The final two questions you must answer
are:
Political Party?
and
Favorite Animal?
When you press RETURN to indicate the animal of your choice, the V-PHAGE will instantly
create your unique encryption key.
As a part of the process you will see four files copied, one at a time.
Favorite Animal? plattypusasourus
1 file copied
1 file copied
1 file copied
1 file copied
You have completed the installation of V-PHAGE to your computing system. The Prompt
will reappear at the left side of your video display. The flashing white line (cursor) will be
immediately to its right. Type C:\V-PHAGE\V-PHAGE to begin your process of
customization of users, the programs which they might use and the process of change
detection.
BEGINNING TO USE THE V-PHAGE SECURITY SYSTEM
The first screen you see is the V-PHAGE logo.
ACC, INC
V-PHAGE
SECURE BOUNDED EXECUTION
Press any key...
Press any key to begin.
The next screen is the menu screen. It gives you the option to LOGON or QUIT.
****MENU*****
* *
* LOGON *
* *
* QUIT *
* *
****************
If you choose to quit, for whatever reason, you will be required to power down (SHUT OFF
THE COMPUTER) prior to a restart.
Press the RETURN key while the LOGON option is highlighted.
Wait for the display ID: to appear on your video display.
ID:
When the display appears type in capitals FCD. The result of your input will appear as X's
in order to protect the security of your ID.
ID: XXXXXXXX
The V-PHAGE ID/PASSWORD logic is character independent. This means that each
position has 255 ASCII options. If you fail to follow this procedure the ID: will reappear. If'
in error, you clip two keys the ID: will reappear. V-PHAGE is very particular in the interest
of securing your computer. Should you mis-enter the ID twice you will be removed from
the system and be forced to shutdown and restart. While this may seem cumbersome,
ACC Inc research has determined that most aggressors play the ID repeat game when
seeking unauthorized entry. If the security program does not count attempts and force an
exit, those trying to steal your resources are free to repeat their attempts forever. V-
PHAGE believes two chances at ID entry are sufficient.
When you enter the proper ID you will next see the display PASSWORD:
PASSWORD:
Wait for the prompt to appear. If it seems slow, be patient, as every action is logged for
future analysis. Type ACC and press RETURN. Agin your input will be hidden.
PASSWORD: XXXX
Capital letters are required in both cases otherwise your input, although alphabetically
proper, will be rejected. If your PASSWORD is incorrect for any reason you will be
terminated and forced to restart. V-PHAGE prevents someone who guesses your ID or
sees a part of your entry from continuing the guessing game.
NOTE: EVERY ID IN YOUR SYSTEM MUST BE DIFFERENT. IF YOU CHOOSE AN ID
WHEN ADDING NEW USERS THAT EXISTS YOU WILL BE NOTIFIED THAT THE
CHOICE IS UNACCEPTABLE.
ID: XXXXXXXX
ID not acceptable
ID:
IF YOU CHOOSE CERTAIN COMMON TERMS AS THE ID THEY WILL BE REJECTED.
ACC INC HAS LEARNED FROM THE 250 ID/PASSWORD COMBINATIONS OF THE
INTERNET INTERDICTION. WE SUGGEST THAT YOU FOLLOW THE EXCELLENT
INSTRUCTIONS IN THE NATIONAL COMPUTER SECURITY CENTER ACCESS
CONTROL STANDARD AVAILABLE FROM NSA/NCSC, FORT MEADE, MD 20755.
Proper first time use ID/PASSWORD (FCD/ACC) allows you into the third screen, the
MANAGERS SCREEN. Notice that the managers screen allows you to:
MANAGER
A -- RUN DETEKT
B -- RUN SAVEZONE
C -- ADD NEW USER
D -- CHANGE USER
E -- DELETE USER
F -- LIST USER
G -- PRINT USER
H -- RUN PROGRAMS
I -- FILE MAINTENANCE
J -- EXIT TO DOS
K -- QUIT
Using the DOWN arrow move to the CHANGE USER line.
MANAGER
A --
B --
C --
D -- CHANGE USER
E --
When it is highlighted press RETURN. The prompt ID will appear.
ID:
When it is displayed type, in capitals, FCD.
ID: XXXXXX
The ID prompt will reappear.
ID:
Type the new ID that you have chosen for yourself.
REMEMBER!!!!! Choose an ID which is UNIQUE to you but not representative of your job,
avocation or family. Enter your choice and press the RETURN key.
ID: XXXXXXXXX
When PASSWORD appears, repeat the process, i.e. type a unique password.
PASSWORD: XXXXX
Success will be rewarded by the display LEVEL.
LEVEL:
If you enter the level zero (0) you will be told that the privilege may not be deleted.
LEVEL: 0
(THIS IS NOT ALLOWED TO CHANGE)
THERE IS ONLY ONE HIGHEST PRIVILEGE LEVEL ALLOWED BY V-PHAGE AND THE
SYSTEM MANAGER IS THE ONLY ONE WITH THAT PRIVILEGE.
Next the display NAME: will appear.
NAME:
Type your name.
NAME: Serenity Safely
NAME is a requirement of V-PHAGE for later audit reporting purposes. At this point you
have unique privilege to manage V-PHAGE. No one but you can enter the system as a
manager.
DEPT:
The final entry requested is the Department (DEPT) code. In many corporations data is
shared within the corporation across the enterprise. In others it is compartmentalized. V-
PHAGE allows the user the best of both worlds. You have the option to structure your
corporation/agency in the manner you find most ameniable to your operations. During an
Audit of data use one might compare department to level to determine if unauthorized
sharing or inappropriate use has occurred.
DEPT: SALES
V-PHAGE is only as secure as your ability to keep your ID and PASSWORD secret
from all others.
HOLD IT!! Secure bounded execution becomes reality when you use the O/S command
EDLIN to delete the existing AUTOEXEC.BAT and create the new file:
PATH C:\
TIMER /S
C:\V-PHAGE.EXE
Now turn off your machine. Restarting the machine will cause the modified
AUTOEXEC.BAT to execute, thereby achieving the V-PHAGE initial screen. You must
enter your new ID as it was entered when you made the change which selected the
replacement for FCD/ACC.
Remember to wait for the display requesting your ID to appear. Next enter the new
PASSWORD when you see the request, PASSWORD. You will now see the MANAGERS
SCREEN.
MANAGER
A -- RUN DETEKT
B -- RUN SAVEZONE
C -- ADD NEW USER
D -- CHANGE USER
E -- DELETE USER
F -- LIST USER
G -- PRINT USER
H -- RUN PROGRAMS
I -- FILE MAINTENANCE
J -- EXIT TO DOS
K -- QUIT
STRUCTURING SECURITY IN A V-PHAGE/O/S ENVIRONMENT
The MANAGERS SCREEN provides you all the options you need to structure your system
security. The task is twofold, i.e., identifying the users authorized to access specific
programs at specific levels and identifying the programs at each level. Users are limited
to a single level but programs can reside at multiple levels. WE RECOMMEND THAT THE
SYSTEM MANAGER BUILD A PAPER MODEL AS REFERENCE DURING THE
STRUCTURING PROCESS. REMEMBER TO PROPERLY DISPOSE OF THE PAPER
MODEL WHEN YOU HAVE FINISHED SET UP PROCESS.
ADDING USERS FOR THE FIRST TIME
Use the DOWN arrow to reach the ADD NEW USER.
MANAGER
A --
B --
C -- ADD NEW USER
D --
When it is highlighted press RETURN. Wait for the display to show ID:.
ID:
Type the ID chosen for this user and press RETURN. The screen will repeat the ID you
have entered exactly as you input it with the comment Y/N?.
ID: SERENITY (Y/N?)
If the ID is exactly as you wish type Y. If you are dissatisfied for any reason type N. N
repeats the process.
When you type Y and press RETURN the request PASSWORD will appear.
PASSWORD:
enter the password of your choice. BE UNIQUE. USE TERMS OR RANDOM STRINGS
WHICH ARE NOT TYPICAL TO ANYTHING ASSOCIATED WITH THE ASSIGNED USER.
After you enter the PASSWORD the display will say "again".
again
Repeat the chosen PASSWORD at the prompt. If you are successful the display will say
LEVEL. If you err the PASSWORD process will repeat, but only once before it exits you
to the Managers screen forcing a repetition of this ADD.
LEVEL:
At the LEVEL prompt choose from 1 - 16. Level 0 is limited to the super privilege. The 0
will cause the message
LEVEL: 0
"ONLY ONE SYSTEM MANAGER"
to appear. Be careful not to repeat level 0 requests as V-PHAGE
will cause an exit which requires a restart. We took this precaution based upon experience
with undocumented features in some operating system environments which could lock-up
the server and cause an unscheduled branch into the operating system bypassing the
internal security system.
The final display will ask for the new users NAME.
NAME:
This feature is beneficial to you as system Manager when tracking auditable actions by ID,
Terminal used and programs executed. When the name is entered and you press the
RETURN key you will be returned to the top of the MANAGERS MENU. Repeat the
process for each user that you wish to register.
As you continue be aware that V-PHAGE is tracking your activities. You may not repeat
an ID or a PASSWORD. Should you repeat inadvertantly, V-PHAGE will advise you "ID
not acceptable".
ID: XXXXXXXX
ID not acceptable
After all users are entered at the chosen level you should begin to choose the programs
accessible by each level. BE ADVISED -- If you attempt to execute the RUN PROGRAMS
command from a legal access but no programs are assigned you will see the comment
ask your Manager to authorize application programs
You will then be exited from the system. The logic for this harsh measure is too limit
vunerability, i.e., if you do not have something to process you should not be an active user.
PROGRAM ACCESS BY ASSIGNED LEVEL OF PRIVILEGE
The next task to properly implement V-PHAGE is that of identifying the programs to be
assigned at each level.
BE CAREFUL TO HAVE BACKUP COPIES OF EVERY PROGRAM BEING SELECTED.
V-PHAGE SCRAMBLES EACH FILE WHEN IT ASSIGNS THAT FILE TO A LEVEL
THEREFORE THE EXECUTABLE CANNOT BE PROCESSED IF YOU START YOUR
MACHINE USING AN DOS FLOPPY DISK IN THE A: DRIVE.
The security system scrambles files to assure that is not kind to software pirates.
Experience shows that an in-house thief can steal/has stolen backup disks to obtain vital
information concerning operations. Scrambling minimizes the loss because the executable
and associated files are useless without your specific copy of the V-PHAGE, the hidden
control files, ID file and the Password file. When you installed V-PHAGE everything but
the shell script was hidden. A thief will not find them without a sector by sector review of
the full backup. A 30 MB hard drive can require as many as 74 floppy disks for a backup,
a thief would need the patience of JOB to locate hidden files. The law of deminishing gain
applies. He must locate, decrypt, dissamble, unscramble, assemble and recompile. It is
not worth the effort.
Let's begin. Move the DOWN arrow to FILE ACCESS.
MANAGER
A --
B --
C --
D --
E --
F --
G --
H --
I -- FILE ACCESS
J --
Press RETURN to achieve the menu which says:
TOGGLE DRIVE
TOGGLE LEVEL
ADD
DELETE
QUIT
This option allows the addition of executables and BAT files to a LEVEL.
WE RECOMMEND THAT YOU DECIDE WHICH PROGRAMS ARE ASSIGNED TO EACH
LEVEL BEFORE YOU BEGIN THE PROCESS OF ADDING PROGRAMS. BE SURE TO
MAKE BACKUP COPIES OF THE PROGRAMS TO BE ASSIGNED OR HAVE THE
ORIGINAL SOURCE DISKS STORED AS RECOMMENDED LATER IN THIS MANUAL.
WHEN A PROGRAM IS ADDED TO ANY LEVEL IT IS SCRAMBLED TO PREVENT
FUTURE EXECUTION OUTSIDE OF THE V-PHAGE SECURITY SYSTEM.
TOGGLE DRIVE will show the default hard drive. As system Manager you know how many
hard drives you have in your system. If more than one exists you can move from drive to
drive by pressing the RETURN key when DRIVE is highlighted. If only one drive is present
DO NOT press the RETURN key, rather use the DOWN arrow to move to TOGGLE
LEVEL. Should you press the RETURN key V-PHAGE will verify the number of drives
available on ypur system.
Toggle Drive C
Toggle LEVEL 0
Add
Delete
Quit
Now press RETURN. Notice the level changes to the next higher digit after a few seconds
of blank screen.
Toggle Drive c
Toggle LEVEL 1
Add
Delete
Quit
During this time the hidden level access file is created. Notice the highlight has remained
at the Level position. Repeat the above, i.e., press RETURN key each time you finish
adding the programs chosen for that level to increase the level by one. When you have
arrived at the level of your choice move the highlight to ADD. The fifteen (15) levels must
be stepped through in ascending order, i.e., one, two, three, etc.
T
T
Add
D
Q
Press RETURN. The contents of the Root Directory will appear in an upper half window.
A lower half window is blank. You must navigate down the DOS path structure to the
program you wish to designate. To do this you need to use the arrow keys and the
RETURN key.
**********************************************************************
* io.sys ms-dos.sys command.com config.sys ansi.sys *
* \wp \123 \dbms \cad \ai \case *
* *
* *
**************************LEVEL 0***********************************
* *
* *
* *
* *
***********************************************************************
Let's suppose your root contains the directories WP, 123, dbms, cad, ai and case. To
place a program from the WP directory in LEVEL 2 you must first follow the toggle
instruction to achieve LEVEL 2. Next using the DOWN arrow move to highlight ADD. Press
return. The root will appear as it does above. Move the arrows to highlight WP and press
RETURN. The WP directory subdirectories and programs are listed on your screen.
********************************************************************
* wp.exe convert.exe sort.com merge.exe list.com *
* find.exe *
* *
* *
******************LEVEL 2*** ***********************************
* *
* *
* *
* *
********************************************************************
If you wanted to bound two programs called CONVERT.EXE and WP.EXE you would first
choose CONVERT.EXE by moving the arrows to highlight it. Now Press RETURN. In a
few seconds the name CONVERT.EXE will appear in the lower window. The upper window
will return to the root directory. Bounding secures the execution to the level chosen. Only
those authorized to the LEVEL may access them.
Again Travel using the keys to the WP directory and press RETURN. Highlight the
program WP.EXE and press RETURN. It too will appear in the lower window.
The logic of the path enforces an audit on the execution which is logged for later analysis
should that be required. Additionally it requires you as the System Manager be assured
that you select the proper program. When level 1 is complete you then move on to level
2. And then level 3. You have sixteen levels available to you (0 - 15). Upon successful
completion of the assignment of programs to each level move the highlight to QUIT to
return to the Manager's Screen.
You are now ready to proceed. Distribute the ID's and associated PASSWORDS to the
designated owner. Accomplish this task privately so as to assure the appropriate level of
confidentiality. If a user leaves delete his/her ID/PASSWORD. Issue a new
ID/PASSWORD to the replacement in that position.
NEVER REPEAT/REUSE EITHER ID OR PASSWORD AS THIS IS POTENTIAL FOR A
SECURITY BREACH ( THE OLD ID/PASSWORD ) ACTIVE IN YOUR SYSTEM.
A LOOK AT THE MANAGER SCREEN OPTIONS
A --RUN DETEKT
Our reason for the development of this program is to provide the typical computer user
early warning against a virus attack or defective software. DETEKT provides a
bounding of the problem, allowing your computer security contingency plan to respond
prior to program execution. Should you not have a computer security contingency plan,
consider following the orderly process suggested at the completion of these operational
instructions. The DETEKT tool executed after the entry of any software or data to your
system from any outside source, including trusted computer software. Use DETEKT as
the cornerstone of your software quality program. It reduces the potential for major
problems. DETEKT BOUNDS THE PROBLEM AREA TO MINIMIZE THE POSSIBILITY
FOR CORRUPTION.
The introductory screen tells you that the program File Corruption Detection has begun.
Press the return key again.
You will now see three choices displayed across the top of the screen. They are FILE,
CHECK and QUIT.
FILE OPTIONS
Under the FILE choice five options are listed (DRIVE SELECTION, ADD FILES, DELETE
FILE, PRINT AUDIT and CHANGE NAME ).
DRIVE SELECTION allows you to choose drives A: through I: the drive must physically
exist and be configured into the computer system. In the case of floppy disk drives the
drive door must be properly closed with a formated disk mounted in the drive. If you utilize
a hard drive choose drive C:.
Using the Arrow keys drop down one level to ADD FILES. Press the return key. Notice
that the upper window now shows are Directories and Files in the root directory. The
Cursor shell now highlights the first item (left most,top most). Were you to choose this item
simply press the return key. The chosen file name will appear in the lower window.
DETEKT has calculated both a checksum and CRC for file name, file size, path, date
stamp, time stamp and file attributes. The CRC/Checksum is added to the control file.
The cursor is back in its original position. Use the arrows to move to the next file you wish
protected. For your protection, the cursor always returns to its home position and creates
a unique traceable path. In this way path derviations, which substitute a duplicate named
program, will not be allowed to distort your original intent.
Should you choose a directory, DETEKT will display the programs in that directory.
DETEKT can drop down to the lowest subdirectory on your drive. Choose the file to be
protected by moving the arrow keys to your selection. Press return to invoke DETEKT.
NOTE: In order to assure that the proper path is chosen and encoded in the DETEKT file
tracking scheme you must begin from the root directory each time. This method is a bit
more time consuming but it provides your system with the maximum unique protection
available. The ADD FILES logic within DETEKT is a balance between user friendliness
and encryption effectiveness.
When you are satisfied that the appropriate files are protected press the ESCape key
to return to the choices.
The DELETE FILE option helps those who make mistakes to remove them. Choose
the file to be unprotected by moving the arrows. Press the return key and the file will be
highlighed with an asterik. When all files to be unprotected are so highlighted press
ESCape. They will be removed from the lower window. The ESCape key will return you
to the option choices.
At this point you have created a set of controls for the files. Those files are specially
identified so if corruption, willful or negligient occurs you will be notified at the next
DETEKT execution. The control file is in the hidden subdirectory in encrypted form on
drive C:.
The option to PRINT AUDIT allows the system manager to print for analysis purposes
a report from YYMMDD to YYMMDD. When you choose this option simpley follow the
instruction prompts. enter the start date as YEAR-MONTH-DAY and press RETURN. Then
when the second prompt appears enter finish date as YEAR-MONTH-DAY. and press
RETURN. BE SURE YOUR PRINTER IS ON LINE, TURNED ON, HAS PAPER LOADED
AND IS READY TO GO. If your printer is not ready DETEKT will wait for you to make the
printer ready. ESCape will cancel the PRINT AUDIT command.
The CHANGE NAME option allows you to specify the name which will appear in the
heading block of the Audit Report. Move the highlight to the option and press RETURN.
Follow the instructions on the screen.
CHECK OPTIONS
The CHECK command requires you to move the right arrow one position. The options
available are SPECIAL FILES, DISK FILES, ALL FILES, UPDATE DISK AND UPDATE
ALL. Move the highlight down to SPECIAL FILES and press the return key. A window
opens in the center of your screen as all the SPECIAL FILES you chose are verified and
validated. This is probably the most use command in the schema.
DETEKT is designed to afford full disk protection. Move the bounded cursor to the
middle line, UPDATE DISK. This command causes DETEKT to build a disk control file.
First DETEKT verifies itself then it proceeds to establish controls for every file on the drive
currently specified. The command UPDATE ALL will create a control for every file on every
installed and active (loaded and on-line) drive from A: through I:. The initial processing of
a fully loaded 32MB drive takes approximately 25 minutes. A 362k floppy requires
approximately one minute.
The command DISK FILES performs a validation of the full current disk against the
control file created by the ALL FILES process. Verification requires about 5 minutes for the
32MB drive described above. We recommend that DISK FILES be invoked immediately
after any new software is added. The UPDATE ALL examines all disks installed and
active (loaded and on-line) from A: through I:
The ESCape key returns you to the highest command level.
QUIT OPTION
To exit DETEKT move the right arrow to QUIT mode. Questions concerning hard copy
logs will be asked based upon the actions you initiated. If you processed any CHECK
function you will be asked "Do you want a report of current activity?(Y/N)". If you answer
Y you obtain a report of this processing. You then are asked, "Do you want a complete
change history?(Y/N)". If you choose Y a full report is printed. If you choose N you exit to
the REMINDER screen. If you press the ESCape key you return to the MANAGER"S
SCREEN.
CLOSING CORRUPTION LOOPHOLES (SAVEZONE)
Corruption which enters your system in data files can be executed when that file,i.e.,a
spreadsheet or word processor file or text is called. This corruption is limited to two
specific parts of your system, the BOOT track (track 0) and the FILE ALLOCATION TABLE
(FAT). SAVEZONE allows you to backup both areas on a clean, formatted floppy disk.
Should you experience a disk problem you need only shut down the system, wait thirty (30)
seconds and reboot using you original DOS boot disk. When the reboot is complete mount
the SAVEZONE FLOPPY DISK in drive A: and type the command NEWZONE. The
damaged BOOT track and FAT will be replaced. Your system is as it was prior to the
attack.
Be sure to copy the offending file to a floppy disk prior to deleting the file from your
computer system. In this way a computer security professional can analyze the culprit.
Upon deleting the corrupt file process DETEKT using the Command CHECK and the sub-
command ALL FILES. This will assure that the corruption is no longer present.
HOW TO RUN DETEKT OUTSIDE OF V-PHAGE
DETEKT is normally placed in the V-PHAGE directory and executed from the V-PHAGE
system path in order that it is accessible to the System Manager at any time. You will
notice that you can use DETEKT to check for changes in itself. This protection mechanism
assures detection of corruption.
When DETEKT is invoked two work windows will appear a upper and a lower. The
upper window is the selection or pick window where those files you wish DETEKT to
validate will appear and/or you can select additional files for review. The lower window will
always contain the selected files.
At the top of these two screens are your menu controls which are as follows, FILE,
CHECK, or QUIT.
FILE SELECTIONS ARE:
Drive Select
Allows you to select between drives A- I if they are installed and available for use. A
floppy disk drive will not be selected if the drive door is open or if a disk is missing from the
drive.
Add File
Allows you to select any file from the drive or sub-directory selected. Once the desired
drive and directory has been selected, the up/down arrows are used to move the highlight
bar about to select the file. Press return and the file will appear in the lower window to
indicate the file has been added.
Delete File
Allows you to delete selected files from the selected drive or sub-directory. Up/down
arrows can be used to move the highlight bar to the file you wish to delete. Once file has
been highlighted press the return key to select the file. Selected will have an asterisk (*)
to the right of the file name. Press the escape key to complete the operation.
Print Audit
Allows you to print the audit trail hidden upon this disk from any date to any date.
Change Name
Allows the user to place a name in the audit report heading.
CHECK SELECTIONS ARE:
Special Files
Using this selection only allows selected files to be checked. Should you happen to
delete a file which appears in the TO BE CHECKED lower window and not remove it, i.e.,
not practice proper maintenance of your files, you will be told NO LONGER EXISTS next
to the file name. You must press the RETURN key to continue the CHECKing process.
DETEKT assures that you recognize that a difference has been detected.
Disk Files
Using this selection allows files on selected drives with .COM, .EXE, .SYS, .OBJ, and
.BAT extensions to be checked. Message NO FILES HAVE BEEN CHANGED SINCE
LAST UPDATE appears if your disk control file matches the hidden control file for that
drive.
All Files
Using this selection causes all files on every drive in use to be verified
Update Disk
Permits the update of the control file which was created during the setup exercise
explained in the detail above.
Update All
Causes all files on every drive in use to be updated.
QUIT (exiting the program)
Allows the user to exit from the program. Upon leaving the program <RETURN> you will
receive a final warning:
REMEMBER TO PERFORM DAILY BACKUP ROUTINE
FOR OPTIMUM DATA AND FILE INTEGRITY
This is a very important procedure. Press the return key to get back into the DOS
system.
WARNING MESSAGES:
POSSIBLE INFECTION !!
This warning message will appear during file checking if any one of the following is true.
File size has been altered.
File date/time has been altered.
File checksum has been altered.
File CRC has been altered
New unvalidated file has been added
WARNING THE ABOVE FILE HAS BEEN ALTERED!!
DO YOU WISH TO UPDATE CONTROL FILE?
These messages will follow a possible infection warning. The user will be asked if the
file is ok to update. Answering * YES * (i.e., typing "Y") to this question will update the
control file to the current status of the file that has been identified as changed. Answering
* NO * (i.e., typing "N")to this question leaves the control settings for that file just the way
they were before the user was alerted to the possible infection. When a warning
message is encountered an action must be taken by the user to avoid possible
problems.
COMMAND LINE SHORTCUTS
(MAY BE USED ONLY AFTER YOU EXIT TO DOS)
Many times users seek the friendliness of checking their status during an application's
progress. DETEKT allows you to RETURN the DOS shell and execute from the command
line without the detailed step by step process described above.
COMMAND ACTION
DETEKT/CD (drive) VALIDATES ALL FILES IN THE CONTROL
FILE WHICH YOU ESTABLISHED DURING
SETUP FOR THE ENTIRE DRIVE.
IF YOU DO NOT SPECIFY A DRIVE THE
CURRENT DRIVE IS THE DEFAULT DRIVE.
DETEKT/CA VALIDATES ALL FILES ON EVERY WORKING
DRIVE.
DETEKT/UD UPDATES ALL FILES ON THE CURRENT
DRIVE.
DETEKT/UA VALIDATES ALL FILES ON EVERY DRIVE
AVAILABLE TO THE COMPUTER SYSTEM.
DETEKT/S UPDATES THE SPECIAL FILES SELECTED
DURING THE SETUP PROCESS.
DETEKT <PATH> <FILENAME> will validate the specific program on the specific path
you have chosen. DETEKT IS VERY PRECISE. You must carefully and accurately define
the command line parameters.
If you make a mistake or if the file does not exist you will be informed:
<PATH> <FILENAME> HAS NOT BEEN FOUND!
When the proper path and filename is RETURNed you will be notified by the initial
comment:
CHECKING <PATH> <FILENAME> , at completion, you should see:
<PATH> <FILENAME> HAS NOT BEEN ALTERED
If changes to the control file were noted you will receive the error message telling you
precisely what has been detected as different. You will be given the opportunity to accept
the changes. ACCEPT THE CHANGE ONLY IF YOU KNOW WHAT CAUSED THE
CHANGE. DO NOT GAMBLE WITH YOUR MACHINE'S SOFTWARE INTEGRITY.
WHEN IN DOUBT BE PRUDENT.
LOGGING DETEKTED DIFFERENCES (VIDEO AND PRINTED COPY)
V-PHAGE allows the user to see all detected differences at one time in one place.
Should differences be found, they will be written to a file named OSERROR.TXT in the
\root of the disk being evaluated. Some users copy this file to a security sub-directory with
the name changed to dif<mmddy>.doc. In this way they can combine results to determine
if trends and/or patterns exist which require further investigation. To delete those historical
disk files Type the command PRINT OSERROR.TXT and produce hardcopy for review,
analysis and historical purposes or copy the files to a floppy disk for storage.
CONCLUSION CONCERNING THE RUN DETEKT OPTION
DETEKT IDENTIFIES A DIFFERENCE in the software residing on your disk drives
since the last time it was analyzed, LOCATES THE DIFFERENCE, and provides a warning
of a possible infection or software bug. DETEKT should be part of a well planned backup
routine to be fully effective. Use SAVEZONE as suggested to keep your risk level at
minimum. Once in operation, DETEKT minimizes the user's exposure to the risks
associated with unidentified change.
B -- RUN SAVEZONE
Savezone backs up the hard disk boot track and file allocation table (FAT). ACC, Inc.
recommends that it be executed prior to shut down each day, at minimum. SAVEZONE
protects the programs within the V-PHAGE/DOS from permanent damage by the class of
VIRUS and Trojan Horse which corrupt by manipulating or destroying the boot track and/or
FAT. When your press RETURN at the highlighted SAVEZONE choice you will see:
Executing Format in Drive A:
Insert Disk and strike Enter when ready
You will now see the normal DOS format cycle occur by head by cylinder. At
completion you will see:
Format Complete
then the screen will display a running dialog of the actions taking
place.
Creating newzone.exe
autoexec.bat
The backup floppy disk is now ready. You will have the opportunity to choose the
drive to be backed up.
Drive to Backup ?
Enter the letter of the hard drive to be backed up and, again, press RETURN.
Drive to Backup ? C or c (case is irrelevant)
The screen will blank as the following actions are accomplished. The Boot Track and
File Allocation Table (FAT) are copied to the Disk in Drive A:. At completion of this
processing the MANAGER'S MENU will reappear. Identify the disk in Drive A: as the boot
track backup and store it in a safe place.
The message:
Please remove disk from drive A: and store in a safe place.
is a documented reminder.
Processing NEWZONE
(The tool to replace your damaged boot track and FAT)
1. Reboot the computer using the backed up disk placed in drive A:.
2. Type the command NEWZONE and press the return key
3. When the system is restore to its pre-attack state, copy the corrupt file to a floppy
disk for later analysis by a software security professional.
4. Delete the corrupt file from your disk
5. Use DETEKT to validate the entire disk, i.e., process RUN DETEKT and take those
actions appropriate to the results produced.
6. Return to your normal routine
C -- ADD NEW USER
Use the DOWN arrow to reach the ADD NEW USER. When it is highlighted press
RETURN.
MANAGER
A --
B --
C -- ADD NEW USER
D --
Wait for the display to show ID: the short wait is required so that the audit trail is
maintained. If you type any characters you will be asked to repeat them. Have patience,
enforced security is worth thw wait.
ID:
Type the ID chosen for this user and press RETURN.
ID: XXXXX
The screen will repeat the ID you have entered exactly as you input it with the comment
Y/N?.
ID SERENITY (Y/N?)
If the ID is exactly as you wish type Y. If you are dissatisfied for any reason type N. N
repeats the process.
When you type Y and press RETURN the request PASSWORD will appear.
PASSWORD:
enter the password of your choice.
BE UNIQUE. USE TERMS OR RANDOM STRINGS WHICH ARE NOT TYPICAL TO
ANYTHING ASSOCIATED WITH THE ASSIGNED USER. DO NOT USE ANY OF THE
PASSWORDS LISTED IN THE COMMON PASSWORD SECTION WHICH APPEARS
LATER IN THIS MANUAL.
After you enter the PASSWORD the display will say
"again".
Repeat the chosen PASSWORD at the prompt. If you are successful the display will say
LEVEL. If you err the PASSWORD process will repeat. Do not anticipate and type before
requested to do so. V-PHAGE is logging your activities. The log takes precedence. You
will be required to retype your entry.
LEVEL:
At the LEVEL prompt choose from 1 - 15. It is a waste of time to input 0. The 0 will cause
the message
"ONLY ONE SYSTEM MANAGER"
to appear. Be careful not to repeat level 0 requests as V-PHAGE
will cause an exit which requires a restart. We took this precaution based upon experience
with hacker comments concerning some operating system undocumented features which
could lock-up the server and cause an unauthorized entry into the operating system.
The next display will ask for the new users NAME.
NAME:
Again this feature is beneficial to you as system Manager when tracking auditable actions
by ID, Terminal used and programs executed.
DEPT:
The final entry requested is the Department (DEPT) code. In many corporations data is
shared within the corporation across the enterprise. In others it is compartmentalized. V-
PHAGE allows the user the best of both worlds. You have the option to structure your
corporation/agency in the manner you find most ameniable to your operations. During an
Audit of data use one might compare department to level to determine if unauthorized
sharing or inappropriate use has occurred.
DEPT: SALES
When the department is entered you will be returned to the top of the MANAGERS MENU.
Repeat the process for each user that you wish to register.
As you continue be aware that V-PHAGE is tracking your activities. You may not repeat
an ID or a PASSWORD. Should you repeat inadvertantly, V-PHAGE will advise you
ID not acceptable
After all users are entered at the chosen level you can begin to choose the programs
accessible by each level.
BE ADVISED -- If you attempt to execute the RUN PROGRAMS command from a legal
access but no programs are assigned you will see the comment
ask your Manager to authorize application programs
You will then be exited from the system. The logic for this harsh measure is simple
security, i.e., if you do not have something to process you should not be an active user.
A system Manager can accomplish any function in his manager's menu and all executions
allowed of programs chosen at every level. Individual users added to the V-PHAGE may
function solely in their assigned level. Attempts to by pass V-PHAGE will cause the
computer to cease to function. Restart is required to continue.
D -- CHANGE USER
Using the DOWN arrow move to the CHANGE USER line. When it is highlighted press
RETURN.
MANAGER
A --
B --
C --
D -- CHANGE USER
E --
The prompt ID will appear. When it is displayed type the ID which you wish to change. The
ID prompt will reappear. Type the new ID that you have chosen to replace that now in use.
ID: XXXXXXXX
REMEMBER!!!!! Choose an ID which is UNIQUE to you but not representative of your job,
avocation or family.
enter your choice and press the RETURN key. When PASSWORD appears, repeat the
process, i.e. type a unique password.
PASSWORD: XXXXX
Upon success you will be rewarded by the display LEVEL. If you enter the level zero (0)
you will be told that the privilege may not be deleted.
LEVEL: <all but 0 accepted>
THERE IS ONLY ONE HIGHEST PRIVILEGE LEVEL ALLOWED BY V-PHAGE AND
YOU, AS SYSTEM MANAGER, ARE IT. V-PHAGE WILL DISALLOW ANY ATTEMPT TO
CREATE A SECOND SUPER PRIVILEGE.
Next the display NAME: will appear. Type the a name of the individual assigned this ID and
PASSWORD.
NAME: Constance Complainer
NAME is a requirement of V-PHAGE for later audit reporting purposes.
E -- DELETE USER
To DELETE a user move the highlight to DELETE USER and press RETURN.
MANAGER
A --
B --
C --
D --
E -- DELETE USER
F --
The display will ask for the ID: to be deleted. Type the ID you wish to remove.
ID: TalKAtive
The next prompt will ask for PASSWORD: Type the password and press RETURN.
PASSWORD: PrograMMer
You will now see the record to be deleted on your screen with the question "DELETE Y/N
?".
TalKAtive PrograMMer 1 EDP Jess Wright DELETE Y/N ?
If you type Y the item is deleted. If you type N the item is rewritten to the appropriate
hidden files and you return to the MANAGER'S SCREEN.
If you try to delete an ID which does not exist the V-PHAGE will allow you two tries and
then print
unknown ID
and return to the MANAGER'S MENU.
You may not delete the LEVEL 0. If you attempt to do so you will upon entering the level
0 ID receive on the screen the message
Secure Level -- Deletion Prohibited
and be returned to the MANAGER'S SCREEN.
Successes, deletions and attempted deletions are logged into the secure hidden audit file.
Read the section concerning audits and reporting of activities later in this manual.
F -- LIST USERS
Periodically you will need to verify who has some level of privilege in the V-PHAGE. Move
the highlight to the line LIST USERS. Press RETURN.
MANAGER
A --
B --
C --
D --
E --
F -- LIST USERS
G --
The V-PHAGE will ask you for your password.
PASSWORD:
If you provide the proper PASSWORD you will see the listing.
FCD 0 TOM TERIFFIC MGMT
REST 3 SERENITY SAFELY ACCT
TalKAtive 1 JESS WRIGHT EDP
If you are wrong for whatever reason the attempt will be logged and you will be returned
to the managers menu. Shutdown is a security measure to assure that you, the system
Manager, haven't walked away from you terminal and an unauthorized person replaced
you. A second mistake ( two in a row) exits you from the system. You must restart your
computer to reenter V-PHAGE to try again.
G -- PRINT USERS
WARNING !!! PRINTOUTS OF ID AND PASSWORD FILE INFORMATION MUST BE
KEPT TO A MINIMUM. IT IS BEST TO NEVER LET IT HAPPEN.
Move the highlight to the PRINT USER option using the DOWN arrow.
MANAGER
A --
B --
C --
D --
E --
F --
G -- PRINT USERS
Press RETURN. You will be asked for your PASSWORD.
PASSWORD:
An erroneous input will cause an escape to the managers screen.
When V-PHAGE has accepted and logged the correct password it will next ask for your
department
DEPT:
The proper entry will allow the report to print.
ID/PASSWORD HARDCOPY
!!!! KEEP THIS DOCUMENT SECURE !!!!!
FCD ACC 0 Tom Terrific MGMT
REST NIGHTLY 3 Serenity Safely ACTG
HOLY DEVIL 2 Ida Gomez EDP
This action, like all others, is posted into the audit log.
H -- RUN PROGRAMS
The DERUN shell creates a boundary so that the programs which users process are inside
the shell. The user has no access to DOS unless you the system Manager so authorize.
He is limited to those programs which appear in his level. Users when they input their
ID/PASSWORD are shelled directly into a menu of those programs which you the system
Manager established. Attempts to circumvent the system meet with termination and
require a restart. As system Manager you have the privilege to control the structure and
freedom of the user. You pick and choose what can be processed at what level of privilege
subject to the directions of your management.
All programs which are entered into a privilege level are affected by PROT a unique
methodolgy which scrambles the program code so that the window of vunerability for an
attaching VIRUS and other code corruption is minimized. The scrambled programs cannot
execute on their own, should they be stolen. Since users are limited to execution - only,
thieves have to carry out backups of executables and data. They then must decompile,
disassemble, unscramble, analyze, restructure and finally assemble in order to use their
ill gotten gain. We recommend to you that you assure yourself that you have backup
copies before you add the programs to any level. This protects you from a frustrated
individual who damages or destroys that which he/she is prohibited from achieving.
*******************LEVEL 3*************************************
* WP *
* INVOICING *
* ORDERS *
* A/R *
* *
*******************************************************************
RUN PROGRAMS allows you to run all those programs chosen for your personal super
privilege level as well as any program chosen at any level. At completion of program
execution you return to the level menu chosen. You may execute a second program within
the level. Should you choose to change levels you must return to the MANAGERS MENU.
You exit by choosing ESCape. You return to the MANAGER'S MENU.
I -- FILE ACCESS
The FILE ACCESS option of the MANAGERS MENU provides the system Manager the
ability to establish the composition of what
executable program code is available to each level of privilege. The FILE ACCESS
privilege properly structured allows a reduction in the amount of grapevine material
available to browsers and reduces the awareness of all except those with a need to know.
MANAGER
A --
B --
C --
D --
E --
F --
G --
H --
I -- FILE ACCESS
J
Press RETURN to achieve the menu which says:
TOGGLE DRIVE
TOGGLE LEVEL
ADD
DELETE
QUIT
This is the most complex of all the options. The ADD option is purposefully so to assure
security at the proper level.
WE RECOMMEND THAT YOU DECIDE WHICH PROGRAMS ARE ASSIGNED TO EACH
LEVEL BEFORE YOU BEGIN THE PROCESS OF ADDING PROGRAMS. BE SURE TO
MAKE BACKUP COPIES OF THE PROGRAMS TO BE ASSIGNED OR HAVE THE
ORIGINAL SOURCE DISKS STORED AS RECOMMENDED LATER IN THIS MANUAL.
WHEN A PROGRAM IS ADDED TO ANY LEVEL IT IS SCRAMBLED TO PREVENT
FUTURE EXECUTION OUTSIDE OF THE V-PHAGE SECURITY SYSTEM.
TOGGLE DRIVE will show the default hard drive. As system Manager you know how many
hard drives you have in your system. If more than one exists, you can move from drive to
drive by pressing the RETURN key when the Toggle Drive is highlighted. If only one drive
is present DO NOT press the RETURN key, rather use the DOWN arrow to move to
TOGGLE LEVEL. Should you out of a sense of curiosity decide to press the RETURN key
your video screen will go blank for several seconds. If you look at you computer you will
note that the lights telling you of activity on your disk drives are working. When you
depressed the RETURN key you caused the V-PHAGE to seek out other hard disk drives.
Toggle Drive C
Toggle LEVEL 0
Add
Delete
Quit
Now press RETURN. Notice the level changes to the next higher digit after a few seconds
of blank screen.
Toggle Drive C
Toggle LEVEL 1
Add
Delete
Quit
During this time the level access hidden file is created. Notice the highlight has remained
at the Level position. Repeat the above, i.e., press return each time you finish adding the
programs chosen for that level to increase the level by one. When you have arrived at the
level of your choice move the highlight to ADD.
T
T
Add
D
Q
Press RETURN. The contents of the Root Directory will appear in an upper half window.
A lower half window is blank. You must navigate down the DOS path structure to the
program you wish to designate. To do this you need to use the arrow keys and the
RETURN key.
**********************************************************************
* io.sys ms-dos.sys command.com config.sys ansi.sys *
* \wp \123 \dbms \cad \ai \case *
* *
* *
**************************LEVEL 0***********************************
* *
* *
* *
* *
***********************************************************************
Let's suppose your root contains the directories WP, 123, DBMS, CAD, AI and CASE. To
place a program from the WP directory in LEVEL 2 you must first follow the toggle
instruction to achieve LEVEL 2. Next using the DOWN arrow move to highlight ADD. Press
return. The root will appear as it does above. Move the arrows to highlight WP and press
RETURN. The WP directory subdirectories and programs are listed on your screen.
********************************************************************
* wp.exe convert.exe sort.com merge.exe list.com *
* find.exe *
* *
* *
********************LEVEL 2**************************************
* *
* *
* &nbs