HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / pc / INFORM_2.ZIP / INFORM-2

Wrap

Text File | 1993-03-31 | 172.7 KB | 2,228 lines

+=============================================================================+ | ## ## ## ###### ###### ###### ### ### ###### ###### ## ## ## | | ## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## | | ## ## ### ##### ## ## ###### ## ## ###### ## ## #### | | ## ## ## ## ###### ## ## ## ## ## ## ## ## ## ## | +=============================================##==============================+ | Jan 10, 1992| | [ The Journal of Privileged Information ] | | | +-----------------------------------------------------------------------------+ | Issue 02 By: 'Above the Law' | +-----------------------------------------------------------------------------+ | | |Informatik--Bringing you all the information you should know... | | and a lot you shouldn't... | | | +=============================================================================+ /* Introduction */ By the Informatik staff Well, we're proud to present Issue #2 of Informatik Journal. Issue #1 was very well received, and we hope to continue to get good reviews >from our readers. This issue once again includes articles on a variety of subjects related to hacking and phreaking, along with a special report on HoHoCon 1991. Both of our editors were on hand at the Con, which was not to be missed. Please note, the Internet address "@shake" found in some releases of Informatik #1 no longer exists, and the owner is not affiliated with this journal, and mail should NOT be sent there. We are happy to announce that we have obtained a permanent Internet address. The address is: inform@doc.cc.utexas.edu Please direct submissions, suggestions, and subscription requests to that address. Our subscription and submissions policies are included in this issue. Informatik can also be obtained via FTP at the CUD archives, which are at the following address: ftp.cs.widener.edu Informatik is in the directory /pub/cud/misc. Back issues of Informatik, along with many other t-files, including Phrack, CUD, and NIA can be found at the site. Enjoy, Mack Hammer & Sterling [Editors] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *DISCLAIMER* Informatik Journal is printed for informational purposes only. We do not recommend or condone any illegal or fraudulent application of the information found in this electronic magazine. As such, we accept no liability for any criminal or civil disputes arising from said information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - =========================================== ============== - CONTENTS - =============== ================ Issue 02 ================= ======= Release date January 10, 1991 ===== =========================================== 01) Issue #2 Introduction By: Mack Hammer & Sterling 02) HoHoCon 1991 By: Mack Hammer 03) The HP3000's 'SECURITY/3000' system (part 1) By: Sterling 04) Inside NORAD By: Anonymous NORAD Insider 05) Magnetic Strip Technology By: Count Zero 06) Tid-Bytes By: the Informatik Staff 07) Hot Flashes--The Underground News Report By: Various Sources 08) Submission and Subscription Information By: the Informatik Staff - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ::*::*::*::*::*::*::*::*::*::*::*::*::*::*::*:: :*: :*: :*: HohoCon '91: The Sordid Details :*: :*: :*: :*: by: Mack Hammer :*: :*: :*: ::*::*::*::*::*::*::*::*::*::*::*::*::*::*::*:: December 27 - 29, 1991, Houston was invaded by some 80 plus hackers and telecommunications enthusiasts from around the country. HohoCon '91 was a marked success, unlike its predecessor, HohoCon '90. The con, sponsored by NIA and dFx, was very well organized, with Drunkfux, Judge Dredd, and Lord MacDuff taking the brunt of the organizing on their shoulders. Vision was also acknowledged as one of the organizers, but was out of town and couldn't make the Con. The Con was held at the Airport Hilton near Intercontinental Airport in Houston, Texas, and was a three-day event, although almost all of the business was taken care of on Saturday the 28th. Thanks to the organizers' securing an entire wing separate from the rest of the hotel and a large conference room, the conferees went unmolested for the whole of the weekend. Friday the 27th ~~~~~~~~~~~~~~~ Most of the guests started arriving during the afternoon of Friday the 27th. After laying around/getting acquainted for most of the day, Hunter (who provided valuable assistance with entertainment all weekend) contacted Rogue, who provided spirits (at cost) for the night. After bringing in some 300 dollars worth of hard liquor, the party began. While the events that ensued that evening are somewhat foggy for this writer, I will attempt to detail some of the highlights. Everyone wandered in and out of the conference room (where the liquor was located) and basically got smashed and swapped hacker war stories. It was then that Doc Cypher made the unofficial introductory address of the Con. The entire group cheered and jeered as Doc, in a drunken stupor, took a nostalgic look back at some of the great NUIs, systems, services, etcetera that marked hacking in the Eighties. The party then moved to the room of MC Allah (who was passed out on the bed after drinking beer all day and capping it off with some mixed drinks that night). A VCR was set up, and a group of about 20 people watched "Necromantic," a European porn flick featuring, you guessed it, the dead. After the movie, everyone split up and either went to bed or drank the night away, talking about the old times. Saturday the 28th ~~~~~~~~~~~~~~~~~ The actual conference was scheduled to begin at noon on Saturday, but due to massive hangovers, was postponed until 2 pm. At 2 pm somewhere between 80 and 100 people made their way into the conference room to hear speeches by various members of the hack/phreak community. Drunkfux started things off with a few introductions and some general announcements about the Con, and then introduced Bruce Sterling, the first speaker. Bruce, the writer of several cyberpunk novels including his most recent release, The Difference Engine (with William Gibson), was basically the celebrity of the Con, and spoke as a member of the Austin Branch of the Electronic Frontiers Foundation. As you should know, the EFF is concerned with protecting the civil liberties of computer users and telecommunications enthusiasts. Mail can be sent to the EFF at eff.org, or the Austin Branch can be contacted at eff-a.tic.com. The next speaker was Steve Ryan from World View Magazine. World View is an electronic magazine which also concerns civil liberties, especially those involving computers. One of the primary concerns of the magazine's writers is freedom of speech, and Steve spoke about the suspension of this right during the sixties, and warned that it may happen again. The guys from Phrack (Crimson Death and Dispater) then took the podium and basically told the story of what had been going on with Phrack over the last year or two. They explained the editorial conflict surrounding Phrack 34, and gave everyone a short history of who had edited Phrack when. Crimson Death and Dispater finally put to rest any controversy concerning Phrack, and did an excellent job of clarifying the situation. They also explained why Phrack has "sucked" as of late, blaming it on poor submissions. Now that the editorship is once again on stable ground, we're once again expecting big things from hacking's most famous electronic publication. Everyone's favorite ex-LODers, Chris (Erik Bloodaxe) and Scott (Doc Holiday) were the next speakers. Now known as Comsec Data Security, and trying to shake that evil hacker stigma, Scott and Chris have joined corporate America as security consultants. The two explained that they hadn't gotten an especially warm welcome from anyone already in the security field, and that they had been blackballed by every trade organization. Rather than taking advantage of the huge body of knowledge possessed by the ex-hackers, established security experts and publications have chose to ignore them due to their colored past. Furthermore, it seems that they have also been spurned by much of the hacking community. Overall, the speech provided an interesting look into the way the computer security field operates, and was very reassuring to the hackers still on the other side of the fence. Scott and Chris did report, however, that business was good. They then shifted gears and reported on New York's MOD, perhaps the most unpopular group in the history of hacking. First they reported on MOD's activities in general, ie; the posting of personal information of other hackers on IRC and Lutzifer, general harassment of many noted members of the hacking community, and the destructions of private systems on various networks. They then announced the best news of the day, five MOD members (including Corrupt, Phiber Optik, and Outlaw) were raided on December 6. After the Comsec guys finished their speech, Count Zero of RDT presented a film, starring himself and the other RDT guys, exploring the campus of MIT. The film included extensive footage of the steam tunnels running under the campus, and a great shot of a physical plant employee. After the MIT film, about a third of the attendees left, and the conferees who remained saw the episode of "And Now It Can Be Told" about hackers. Geraldo Rivera, along with just about everyone else on the show, got a lot of boos and hisses from the crowd. The conference then took about a four hour lull while everyone ate, drank, and watched the pay-per-view channels for free (see Tid-Bytes for more info). About 9 pm, Hunter and Rogue once again came through with the liquor, and yet another night of revelry began. Everyone once again began to indulge heavily in the alcohol, and most of the conferees staying in the hotel found their way into the hallway, where a horrified couple was being hustled from our wing. The couple, mistakenly assigned to the HohoCon wing by the hotel staff, was quite amazed to find some 40 odd drunken and raucous hackers partying in the hallways. Just when things once again died down a bit, Hunter came through once again, this time with a couple of strippers he picked up somewhere. While the live performance put on by the strippers couldn't compare with Necromantic, it was the main entertainment of the night. Eventually, everyone ended up either going to bed or working on CDC File #200, and HohoCon '91 was all but through. Sunday the 29th ~~~~~~~~~~~~~~~ As always, there wasn't much going on Sunday, with most people checking out and departing for home. Overall, it seems that HohoCon '91 was a smashing success, and we're looking forward to next year. Now... for the first annual... :: Informatik HohoCon Awards :: Least constructive use of time: Crimson Death, for watching approximately six hours of pornos free of charge on Saturday night. Most disgusting drink: Ronnie, who mixed rum, tequila, grenadine, blue Hawaiian mix, vodka, and lime juice. Hard-day's-night award: M.C. Allah, for drinking all day, drinking most of the night, passing out, and puking on his hotel room floor and Siegfried's foot. Most distasteful video presentation: Erik Bloodaxe, for showing the most vile porno known to man, Necromantic. Should have been drowned in the pool award: Rou Tisten, the most annoying personality in the world and a voice to match. Hard Luck Award: The whole crew from Memphis whose transmission went out in their truck. I sure hope you made it home, guys. I get paid for this? Award: Wile E. Security Guard. For marching around our wing approximately 11,000 times and never saying ANYTHING about our raucous conduct. Logistical genius Award: The guy who put the Baptist-Revival-Worship-Meeting-Thing next to the Con on Friday night. :: Unofficial HohoCon '91 Guest List :: Allanon Lord MacDuff Amateur M.C. Allah Analog Assassin Mack Hammer Archangel Macross the Black Battery Material Man Beowulf Minor Threat Black Night Misanthrope Bryan O'Blivian Morpheus Bundy Mustang Cabbage Truck Nihilator Chizz Omega Circle Jerk Phaedrus Colin Campbell Psionic Infiltrator Count Zero Purple Hayes Count Zero Rambo Crimson Death Razorback Cross Connect Rev. Scott Free Cyndre The Grey Rogue Lord of the Swastika Dark Piper Ronnie Devereuax Rou Tisten Dispater Search 'n Seizure Doc Cypher Siegfried Doc Holiday Snow Blind Drunkfux Split Elrond of Rivendell Spoink Erik BloodAxe Sterling Format C: Swamp Rat Frosty Technysis G.A. Ellsworth Terminator Holistic Hacker Terry-Scientist of Confusion Hunter The Brain Informant The Butler Jabba The Chairman Joe Rockhead The Conflict Johnny Rotten The Desert Fox Judge Dredd The Master Junk Master The Pope Kable Borks The Prisinor Knightlife White Knight Loki Winter's Ice Please note: This list was compiled mainly from a sign-in sheet passed around at the conference on Saturday. If you missed being on the list, we apologize. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*>*> *> <* <* The HP3000's 'SECURITY/3000' System (part 1) *> *> <* <* by Sterling *> *> <* <*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*<*< SECURITY/3000 is a third party security package for use on HP 3000 series computers. It replaces several commands and bundles several utility programs to monitor system security. In part 1, I will try to provide an overview of the obstacles that the SECURITY/3000 package presents for any would be intruders, and discuss the usages of the LOGON system. SECURITY/3000 is popular because it attempts to shore up the security weaknesses found in the basic HP MPE Operating System. In order to insure user ID integrity, HP's logon security system uses passwords. However, these passwords provide only an illusion of security because: * There is only one password for each level (user, group, or account) of security. Thus, knowledge of this password guarantees that level of security is penetrable. * On many HP3000 systems, several users log on with the same USERNAME.ACCTNAME which means they share the same passwords--this reduces security and provides no auditability. * Many users treat passwords as a dispensable nuisance, and therefore readily reveal their passwords to unauthorized persons. * Passwords are stored in the system in clear text. Thus, they may be readily found in job streams, discarded LISTDIR listings, or on :SYSDUMP tapes. SECURITY/3000 provides several new features: USER ID INTEGRITY ~~~~~~~~~~~~~~~~~ In addition to conventional MPE passwords, SECURITY/3000 can use a system of personal profile passwords -- answers to personal questions such as "WHAT IS YOUR MOTHER'S MAIDEN NAME?", "WHAT IS YOUR FIRST LOVE'S NAME?", etc. Instead of asking the same question all the time, SECURITY/3000 asks a random one out of a number of questions (up to 30, user-configurable). And, instead of keeping the answers stored in clear text, it encrypts them using a special one-way encryption system, through which the answers cannot be decrypted by anybody (not even VESOFT). By this, DP personnel are relieved of problems associated with having readable passwords on the system. Thus, passwords are automatically given a psychological security significance; knowledge of all personal passwords is required to be sure of being able to access the system, even though the user is asked only one at logon time; and, passwords are made impossible to determine. Even voluntary disclosure is made difficult. (The default questions can be configured with custom ones, or SECURITY/3000 can be configured to instead prompt for a single question rather than a random personal question). Furthermore, SECURITY/3000 can be configured to differentiate users by session name by expanding the USER ID to include session name in addition to user and account name. This feature permits a better account structure by allowing "generic" users to be created with user names describing the users' function and session names identifying the user (e.g. JOHN,ENTRY.PAYROLL and MARY,CLERK.AP). Thereby, several users could be set up under a common user name but with different session names, and each one would have unique personal profile answers, time and day restrictions, menu files, etc. SECURITY/3000 can therefore enforce the use of correct session name by requiring that a user logs on using the same session name which was configured when added to the security system. In addition, SECURITY/3000 permits the system manager to configure a user with a wildcard ("@") representing the session name and/or user name and/or account name, which allows authorization of an Account Manager to log on as any valid user in his account, or the System Manager to log on as any valid user on the system, or an ordinary user to log on to several different accounts, etc. This permits greater flexibility while still maintaining a high level of security and providing positive user identification. SECURITY/3000 may be activated for the entire system, for selected accounts, for only certain users, or for only those logons to certain LDEVs (terminals, DIAL-UPs, DS lines, etc.). TIME OF DAY, DAY OF WEEK, AND TERMINAL RESTRICTIONS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Most security violations will not occur on Tuesday afternoon at 2:30 in the middle of the company's payroll department; they will most likely be done in the dead of night on a weekend across a telephone line. If the payroll clerks work only on weekdays from 9 to 5 on terminals 31, 32, 33, and 35, any attempt to access the PAYROLL account at any other time from any other place is inherently a security violation. HP's logon security system does not protect against this, but SECURITY/3000 does! LOGON MENUS VS ':' ~~~~~~~~~~~~~~~~~~ After a user has logged on successfully, it is often undesirable, for reasons of security and/or user-friendliness, for the user to converse with MPE by typing MPE commands. Rather, one would want a menu of allowed commands and programs the user is permitted to access to be displayed on the terminal; then, the user could choose one of them. Of course, restricting users from MPE (so that they never get a ':') vastly improves system security because users are prevented from attempting to breach security using various "holes" existing in MPE (e.g. :FCOPYing a file containing a password to the terminal, reading passwords in :RELEASEd job streams [a hole that doesn't exist if the supplied STREAMX utility is installed] or even doing :LISTFs in sensitive groups and accounts). This approach is far more common than the often-used method of blocking out MPE commands by setting up UDC's with the same name, (which can be circumvented with little effort, such as executing the commands from within EDITOR or FCOPY) because it is far easier to implement and maintain a system which INCLUDES the things a user is allowed rather than EXCLUDES the things a user is not allowed. VIOLATION REPORTING ~~~~~~~~~~~~~~~~~~~ Unlike HP's logon security system, which reports security violations only to the system console, SECURITY/3000 reports them to the system console (in inverse video, to distinguish them from ordinary console messages), prints a user-definable memo to the system line printer, and logs them to its own log file for future reference (thus providing a permanent record for further interrogation). This "three-alarm" system makes sure that attempted security violations are acted upon, not ignored. [supposedly] AUDIT TRAIL ~~~~~~~~~~~ Although an Account Manager ID should be able to add, change, or remove user security within his own account, there must be some means provided to keep track of his actions. Under HP's logon security system, an Account Manager ID can be used to create a fictitious user ID, log on to the system under it, and do something that he shouldn't be doing without being afraid of getting caught. With SECURITY/3000, all user additions, changes, and deletions are logged to the SECURITY log file, thus allowing an auditor or System Manager to determine who created, altered, or removed a given user ID. ENFORCING REGULAR PASSWORD CHANGES BY OBSOLETING MPE PASSWORDS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OBSOL, SECURITY/3000's MPE Password Obsolescence System, ensures that MPE passwords are changed on a regular basis, which can be defined for each password. Users are warned before a password will expire (configurable as to the number of days) to get their password changed. PERMITTING USERS TO CHANGE THEIR OWN MPE PASSWORDS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MPE's security makes changing user passwords quite difficult. Since only an Account Manager can change a user password, changing passwords is actually discouraged! A user will feel reluctant to take the time to get hold of his Account Manager to have his password changed (even if he, the user, suspects it has been compromised); an Account Manager is very likely to put off changing passwords if it means changing them for all 100 users in his account. The SECURITY/3000 package contains "PASCHG" a program that allows users to change their own passwords (not other users' unfortunately); this poses no security threat; in fact, it actually improves security by making it easier for users to get their own password changed. ELIMINATING PASSWORDS IN JOB STREAMS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The requirement of keeping passwords in clear text in job streams is a big security flaw because anyone with READ access to the job stream can read the passwords, and any listing of the job contains the password. More importantly, since changing a password means having to change every single job that contains it, these passwords are virtually guaranteed never to be changed. STREAMX eliminates the need to embed passwords, lockwords, and other sensitive information in job streams, while adding additional flexibility to jobs by permitting parameter passing. DIAL-UP, TERMINAL AND DS SECURITY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also desirable is the ability to put a password on a DIAL-UP line, DS line, or terminal, regardless of the user trying to log on. That way, if a hacker or "inside" violator attempted to log on to a DIAL-UP, he would have to know the password for the DIAL-UP, which could be changed every day. In addition, the high level of user authentication that the logon procedure in SECURITY/3000 provides can be linked with the terminal and DIAL-UP security by conditionally invoking the SECURITY/3000 logon security based on LDEV to which a user is logging on. This type of terminal security is provided by the TERMPASS utility. AUTOMATIC LOGOFF OF INACTIVE USERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Another threat to system security is a very common one: a user goes on a break or to lunch without logging off. By this, a would-be thief could just walk up to a terminal and use it--without even having to log on. There are times when users forget to sign off even before going home for the day, (which holds up system backups. The LOGOFF utility allows automatic log off of terminals on which users have been inactive for a given period of time. Now that we have had a general overview of SECURITY/3000's many features, lets take a much more detailed look into the logon security system. WHAT HAPPENS AT LOGON TIME ~~~~~~~~~~~~~~~~~~~~~~~~~~ With the Logon Security System if SECURITY/3000 invoked, whenever a user logs on (before he gets the ':' prompt and after he types in his MPE passwords [if he has any]), SESSION, TIME, DAY, and TERMINAL restrictions which may have been placed on the user are verified--if the user is not within the allowed time and day limits or if he is attempting to log on from a terminal he is not authorized to use, he is denied access to the system (i.e. logged off), an inverse-video message describing the failed logon attempt is sent to the console, a memo is printed off the line printer, and an entry is logged to the SECURITY log file. If the user, for some reason, replies incorrectly to the original question, he is given as many more chances as are configured (two by default); he is asked to reply to the SAME QUESTION additional times--if he does not give the correct answer on any of these attempts, he is logged off and the violation reporting described above is done. If, however, he replies correctly to any of the question prompts, he is allowed on the system. Here is an example of the logon conversation: :HELLO JOHN,CLERK.PAYROLL WHERE WAS YOUR FATHER BORN? << incorrect answer entered >> Error: The answer given was INCORRECT WHERE WAS YOUR FATHER BORN? << now a correct answer is entered >> Welcome! You are now signed on. END OF PROGRAM : << you have signed on successfully, you are now in MPE >> An Account or System Manager can set up a special LOGON MENU for some or all users. If this has been done, a menu will roll up on the screen immediately after the logon question is answered. At this point, the user should enter the number of the selection that he wishes to invoke, or 'E' to exit. If he enters a selection number, that selection is invoked, and, when it is done, the menu is redisplayed. When the user types 'E', he is logged off the system. How to ADD users to the Logon Security System ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Of course, before the system can ask users questions at logon time, it must know the correct answers. So, the Account or System Manager must add each user to the Logon Security System data base (ANSWER.DATA.SECURITY), specifying the user name, account name, and session name (which comprise the "USER ID") and time, day, and terminal restrictions, the menu file name (WHICH MUST HAVE BEEN CREATED ALREADY) and then have the user input the answers to the personal profile questions. To enter users, log on as Account Manager (to add users under an account) or System Manager (to add any user) and then :RUN USER.PUB.SECURITY,ADD Following are the items that this option prompts for: (type '?' for help any time you don't know what to enter or how to enter it) Enter user name: Enter the MPE user name of the user to be added into the Logon Security System. This user must exist in MPE already. Or you may enter an "@", which means "any user" (or hit <return> to exit). Enter account name: You are asked this only if you are the System Manager; if you are an Account Manager, this will default to your account name. You may enter an "@" which means any account (or hit <return> to exit). Enter session name: The system permits securing users by session name as well as user name and account name. Enter the session name which the user should use at logon or hit <return> if the user will not use a session name, or enter an "@" if the user may log on with different session names. NOTE: This feature may be used to create a better account structure -- instead of creating MPE users by first name (JOHN, MARY, etc.) the Account Manager can create "generic" user names based on the functions existing within a department (CLERK, SUPER, MANAGER, etc.). When several people share the same function, the Logon Security System will differentiate them by session name which can be the person's first name. Example of such logons are :HELLO MARY,MANAGER.PAYROLL and :HELLO JOHN,CLERK.PAYROLL. The session name may be retrieved by your application programs and then carried through your application system along with the transaction record. Enter user's real name: This is the real name of the user (for instance, JOHN Q. DOE). This information is used on the printed security violation memo and some log file entries. Enter the permitted terminal numbers: Enter up to 30 logical device numbers on which the user is to be permitted to log on, separated by commas (for instance, '220,55,73'). Hit <return> to permit access by the user on all terminals. (See the "REMOTE" section of this manual for details about putting a password on a dial-up, DS line, or other terminal, regardless of where the user is logging on to.) Enter the day-of-week access restrictions: To permit the user to log on only on certain days of the week, enter a day of the week (e.g. 'WEDNESDAY' means the user can log on only on Wednesdays) or two days of the week separated by a '-' (e.g. 'MON-FRI' means the user can log on only on Monday through Friday). Days may be spelled out or abbreviated to 3 characters. Hit <return> to permit access on all days. Abbreviations allowed: 'SUN', 'MON', 'TUE', 'WED', 'THU', 'FRI', 'SAT' Enter the time-of-day access restrictions: To allow the user to log on only at certain times of the day, enter the starting hour followed by a '-' followed by the ending hour (e.g. '9-17' means that the user can sign on from 9 am to 5 pm). Hit <return> to permit access at any time of day. Enter the menu filename: If you wish to set up a logon menu for this user, enter the name of the menu file. THE MENU FILE MUST HAVE ALREADY BEEN CREATED (see "LOGON MENUS FOR SECURITY AND CONVENIENCE" in this manual for details on how to set up a menu). If you wish the user to instead be allowed to access MPE directly, just hit <return>. If you did not create the menu file already, hit <return> (for none), continue entering the user info, and add the menu file later (see "How to CHANGE users in the Logon Security System" later in this file). Should the user be asked personal profile questions (Y/N)? If you want the user to be asked a personal profile question at logon, type 'Y'. If you do not want a personal profile question to be asked (but still have all other access restrictions apply), type 'N'. The user is then added to the Logon Security System, a message is printed acknowledging the addition of the user, and you are prompted for another user (hit <return> to exit). Note that all successful user additions are logged to the SECURITY log file. NOTE: The ADD option requires Account/System Manager capability! Following is an example of this option: :RUN USER.PUB.SECURITY,ADD SECURITY/ADD Version 0.5 (VESOFT (C) 1981) For help type '?' Enter user name: CLERK Enter account name: PAYROLL Enter session name: JOHN Enter user's real name: JOHN Q. DOE Enter permitted terminal numbers: 34,35,36,37,50,52,53,54 Enter day of week access restrictions: MON-FRI Enter time of day access restrictions: << <return> hit >> Enter menu filename: CLERK.MENU.PAYROLL Should the user be asked personal profile questions (Y/N)? Y WHAT IS YOUR MOTHER'S MAIDEN NAME? << user answers, no echo >> WHAT ELEMENTARY SCHOOL DID YOU GO TO? << user answers, no echo >> WHERE WAS YOUR FATHER BORN? << user answers, no echo >> WHAT IS YOUR FIRST LOVE'S NAME? << user answers, no echo >> *** User has been added *** Enter user name: << <return> hit to exit >> Note that all successful user ADDs are logged to the SECURITY log file. ANOTHER NOTE: Before starting the ADD option you may wish to get HELP. To do so say :FILE CICAT.PUB.SYS=USER.HELP.SECURITY :HELP IMPORTANT: Before this user attempts to log on, the Logon Security System must be activated--see "ACTIVATING THE LOGON SECURITY SYSTEM" later in this file. How to CHANGE users in the Logon Security System ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It may occur that an incorrect response was given to the ADD-time configuration and personal profile questions or you may want to permit a user to change his answers to the personal profile questions (which is all he is permitted to do in this option); so to make changes to existing user profiles: :RUN USER.PUB.SECURITY,CHANGE The CHANGE option prompts you for: (type '?' for help at any prompt) Enter user name: Enter the user name of the user to be changed. If you are not an Account or System Manager, this defaults to the logon user, (or hit <return> to exit). Enter account name: Enter the account of the user ID to be changed. If you are not System Manager, this defaults to the logon account, (or hit <return> to exit). Enter session name: Enter the session name entered at user ADD time. If none was entered, hit <return>. This option now displays a menu of items corresponding to the configuration and personal profile questions, and you are prompted for the item to be changed. After you change an item, it continues to prompt you until you hit <return>. (If the menu rolls off the screen, type 'R' to redisplay it.) An Account or System Manager can change anything; an ordinary user can change only his answers to the personal profile questions. Following is an example of the CHANGE option: :RUN USER.PUB.SECURITY,CHANGE SECURITY/CHANGE Version 0.5 (VESOFT (C) 1981) For help type '?' Enter user name: CLERK Enter account name: PAYROLL Enter session name: JOHN R: Redisplay this menu U: User info (user, account, session) N: User's real name T: Permitted terminal numbers D: Day-of-week access restrictions H: Time-of-day access restrictions M: Menu file name A: Ask personal profile questions? 1: WHAT IS YOUR MOTHER'S MAIDEN NAME: 2: WHERE WAS YOUR FATHER BORN: 3: WHAT ELEMENTARY SCHOOL DID YOU GO TO: 4: WHAT IS YOUR FIRST LOVE'S NAME: Enter item number to change: M << change menu file name >> Menu file name is now: PAYCLERK.MENU.PAYROLL Enter NEW menu file name: PAYSUPER.MENU.PAYROLL Enter item number to change: << <return> hit to exit >> *** User has been changed *** Enter user name: << <return> hit to exit >> Note that all successful user CHANGEs are logged to the SECURITY log file. How to COPY users in the Logon Security System ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On some systems a certain user (System Manager, for example) may be required to access more than one account and therefore may log on with more than one user ID. This is where the copy option will save you time because it allows an Account or System Manager to copy a given user's security configuration and personal profile answers to a new user in the data base. An Account Manager can copy only users within his account, whereas the System Manager can copy users anywhere on the system. To enter copy mode, execute a: :RUN USER.PUB.SECURITY,COPY Following are the items that this option will ask for (type '?' for help at any prompt) Enter original user name: The user name of the user to be copied. This user must exist in the data base already, (or hit <return> to exit). Enter original account name: The account of the user to be copied. If you are not System Manager, this defaults to the logon account. (Hit <return> to exit.) Enter original session name: The session name with which the user is configured in the user data base (the session name that was specified at ADD time). If no session name was specified, hit <return>. Enter new user name: The user name to which the original user's security parameters (configuration and personal profile answers) should be copied. This user must exist in MPE already, (or hit <return> to exit). Enter new account name: The account to which the original user's security parameters should be copied. This account must exist in MPE already. If you are not System Manager, defaults to the logon account, (or hit <return> to exit). Enter new session name: The session name which the user should use at logon, or hit <return> if the user will not use a session name. Following is an example of the copy option: :RUN USER.PUB.SECURITY,COPY SECURITY/COPY Version 0.5 (VESOFT (C) 1981) For help type '?' Enter original user ID Enter user name: CLERK Enter account name: PAYROLL Enter session name: JOHN Enter new user ID Enter user name: CLERK Enter account name: ORDER Enter session name: JOHN *** User information has been copied *** Enter original user ID Enter user name: << <return> hit to exit >> Note that all successful user COPYs are logged to the SECURITY log file. How to DELETE users from the Logon Security System ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ When you delete users from MPE, you should delete them from the Logon Security System as well. Users must exist in MPE in order to be deleted from the Logon Security System, so if you wish to delete a user from both, you should delete him from the Logon Security System by using this option BEFORE doing a :PURGEUSER. To do this: :RUN USER.PUB.SECURITY,DELETE This option prompts you for (type '?' for help at any prompt) Enter user name: The user name of the user to be deleted, (or hit <return> to exit). Enter account name: The account of the user to be deleted. If you are an Account Manager and not the System Manager, this will default to the logon account, ( or hit <return> to exit). Enter session name: The session name specified at user ADD time. If none was specified, hit <return>. NOTE: This option requires Account/System Manager capability! Following is an example of the DELETE option: :RUN USER.PUB.SECURITY,DELETE SECURITY/DELETE Version 0.5 (VESOFT (C) 1981) For help type '?' Enter user name: CLERK Enter account name: PAYROLL Enter session name: JOHN *** User has been deleted *** Enter user name: << <return> hit to exit >> Note that all successful user DELETEs are logged to the SECURITY log file. How to SET UP users who use MULTIPLE LOGON IDs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Users are normally defined in the Logon Security System with the specific session name, user name, and account name (user ID) with which they log on. In some environments, a user may be authorized to use more than one user ID to log on, depending on the function he is performing. For example, a user who uses the Payroll, Accounts Payable, and General Ledger systems may log on with three user IDs, i.e. JOHN,CLERK.PAYROLL, JOHN,CLERK.AP and JOHN,CLERK.GL. For this, the COPY option of the USER.PUB.SECURITY program is useful because one user may be set up with the proper security parameters and the information may be COPYd to the other two user IDs. It is also possible that an Account Manager will want to be allowed to log on as any user in his account; or the System Manager will want to log on as any user on the system. The Logon Security System permits you to set up a user who is authorized to log on using many different user IDs by specifying "@" as the session name and/or user name and/or account name. For example, if you wanted to set up the System Manager, Mike, so that he could log on as any user on the system, you could create a user called MIKE,@.@ by responding to the prompts of the ADD option as follows: Enter user name: @ Enter account: @ Enter session name: MIKE If you wanted to set up the Account Manager of the PAYROLL account, Jane, so that she could log on as any user in her account, you would create a user called JANE,@.PAYROLL by responding to the ADD prompts as follows: Enter user name: @ Enter account: PAYROLL Enter session name: JANE Jane would be allowed to log on using any valid user name in the account, and the same personal profile and security restrictions would be used. ACTIVATING THE LOGON SECURITY SYSTEM ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The Logon Security System may be imposed on the entire system, for selected accounts, for only certain users, or for only logons to certain LDEVs (terminals, dial-up lines, DS lines, etc.). To activate the Logon Security System for selected accounts or users, the Account or System Manager must set up an "OPTION LOGON" UDC that will invoke the USER.PUB.SECURITY program. The UDC is stored in the file SECURUDC.PUB.SECURITY SECURUDC OPTION LOGON, NOBREAK comment comment ******************************************* comment JCW is set 1717 by TERMPASS when $SECURITY comment keyword is specified for the logon port. comment Please see the TERMPASS.DOC.SECURITY. comment ******************************************* comment IF JCW<>1717 THEN SETJCW SECURITYANSWER=0 CONTINUE RUN USER.PUB.SECURITY,LOGON IF SECURITYANSWER = 1 THEN BYE ENDIF ENDIF Because the Logon Security System is activated by a UDC, you can limit the system's scope by setting the UDC at the level (either user, account, or system) where it is appropriate. So to invoke the Logon Security System for the logon account, the Account Manager can do the following: WARNING: DO NOT PERFORM THE FOLLOWING UNLESS YOU HAVE AUTHORIZED YOURSELF AS A USER (see "How to ADD users to the Logon Security System" in this section). OTHERWISE, YOU MAY LOCK UP YOUR ACCOUNT! :SETCATALOG SECURUDC.PUB.SECURITY;ACCOUNT (In spite of this warning, if you DID lock up your account, log on to some other account, create the following file in your editor: !JOB MGR/password.ACCOUNT/password << the locked-up account >> !SETCATALOG;ACCOUNT !EOJ and :STREAM it.) Once the SECURUDC is set, whenever a user who is affected by this UDC tries to sign on, the Logon Security System is invoked and the time, day, and terminal restrictions, etc., will be applied. If the account or a user in the account has a logon UDC, that UDC should be changed to do as its first command the execution of SECURUDC; e.g. if you want to have a logon UDC that does a SHOWJOB, use the following UDC: LOGONUDC OPTION LOGON, NOBREAK SECURUDC SHOWJOB *** Note that the UDC SECURUDC must have also been set for the user or account in question, e.g. :SETCATALOG MYUDC, SECURUDC.PUB.SECURITY It is also recommended that you :ALLOCATE USER.PUB.SECURITY to speed things up when logging on, and also so that it will function during backups. LOGON MENUS FOR SECURITY ~~~~~~~~~~~~~~~~~~~~~~~~ Of course, by restricting users from MPE (so that they never get a ':') you are vastly improving security on your system because users are prevented from attempting to breach security using various "holes" existing in MPE (e.g. :FCOPYing a file containing a password to the terminal, :SHOWCATALOGs, or even doing :LISTFs in sensitive groups and accounts). SECURITY/3000's menu subsystem implements this kind of closed system where you specify what the user is allowed to do. If you, the Account or System Manager, want to limit a user's access via a menu, you must first build a file (the "menu file") in your editor describing the menu (the user must have READ access to it). A menu file consists of: *HEADER Optionally, any number of '*HEADER' lines, which contain text to be printed when the menu is invoked. A common use for this is to print some form of menu identification, e.g. *HEADER **************************** *HEADER MAIN ACCOUNTS PAYABLE MENU *HEADER **************************** You may also put escape sequences to control the display on a *HEADER line (e.g. <escape-H> <escape-J> to home the cursor and clear the screen before displaying the menu). *CAPTION Up to 24 selection descriptors. Each section descriptor consists of one '*CAPTION' line followed by a number of body lines. The '*CAPTION' line defines what this selection should be identified as on the menu, e.g. *CAPTION INVOICE ADDITION The body lines contain the commands to be executed when the selection is chosen. A body line can be: MPE Any MPE command or commands, including :RUN, command :IF, :ELSE, and :ENDIF, e.g. FILE D=DATA.PUB.AP RUN INVADD.PUB.AP LISTF XYZ.PUB;$NULL IF CIERROR = 907 THEN RUN UPDATE.PUB;PARM=1 ELSE DISPLAY Update system in use ENDIF DISPLAY which causes the specified string to be displayed to the terminal, e.g. DISPLAY This system inoperative until Friday DISPLAY Contact Joe Martin at ext. 283 VEMENU which invokes VEMENU with the specified menu file. This permits "nested menus", e.g. VEMENU NEWORDER.ENTRY.PURCH << menu file >> USE which executes commands from the specified file, e.g. USE ENTRY.PROC.GL << file containing set of file equations and commands for entry of GL information >> EXIT which exits VEMENU and logs the user off the system. Thus, a simple menu file may be created as follows: :EDITOR /ADD 1 *HEADER ************************************* 2 *HEADER ACCOUNTS PAYABLE SYSTEM 3 *HEADER CHOOSE ONE OF THE FOLLOWING: 4 *HEADER ************************************* 5 *HEADER 6 *CAPTION VENDOR MAINTENANCE 7 FILE APDB=APDB.DATABASE.AP 8 RUN AP010 9 *CAPTION INVOICE MAINTENANCE 10 FILE APDB=APDB.DATABASE.AP 11 RUN AP020 12 *CAPTION CHECK PRINTING 13 FILE STRMFILE=CHKPRINT.JOB.AP << job stream 14 RUN STREAMX.PUB.SECURITY;PARM=1 << which asks 15 *CAPTION ARCHIVE << for starting check # >> 16 DISPLAY Sorry, archive system not yet ready 17 DISPLAY -- see system management 18 *CAPTION GO TO ACCOUNTS RECEIVABLE MENU 19 VEMENU ARMENU.PUB.AR /KEEP MAINMENU.PUB.PAYROLL /EXIT Then, add the user to the Logon Security System, entering the name of the menu file when prompted for it; if the user has already been set up in the Logon Security System, use the CHANGE option to change his menu file name to the menu file he is to use. If you decide that a user should go directly into MPE when he logs on instead of using a menu, just hit <return> when prompted for the name of the menu file. Whenever a user who is configured in the Logon Security System with a menu file logs on, the menu contained in that file is displayed and he is asked to choose a selection or hit 'E' to exit. When a selection is chosen, the commands specified in the selection body are executed. When that menu option has completed, the user is returned to the menu and asked to choose another selection. This continues until either the user enters 'E' or a selection chosen by the user executes an 'EXIT' command. When the user exits the menu, he is automatically logged off. AT NO TIME IS THE USER EVER LET INTO MPE! Of course, different users can have different menu files. For instance, if you have an Accounts Payable system--in which you have clerks who can add and delete invoices; supervisors who can add and delete vendors as well as invoices; and a manager who can add and delete vendors, add and delete invoices, and print checks--you can have one menu file for clerks, another menu file for supervisors, and a third for the manager. (Remember that if several users share the same function, you can have them all use a common user name and differentiate them by their session) ATTEMPTED SECURITY VIOLATION LOGGING ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ When an attempted violation occurs, the Logon Security System makes it possible to catch the violator "in the act" by immediately providing the necessary information about the attempted security breach. If a violation attempt occurs--meaning a user has responded incorrectly to a logon question or has attempted to log on at an unauthorized time, on an unauthorized day, or from an unauthorized terminal--the Logon Security System will immediately: * Send a descriptive message to the system console, in inverse video, to distinguish it from other console messages * Print a violation memo off the system line printer (device class LP) or a designated printer (see "SETTING ATTEMPTED SECURITY VIOLATION MEMO ROUTING PARAMETERS" in this section). * Log an entry to the SECURITY log file. LOG.DATA.SECURITY This file is initially built as a 5,000-record circular file, so if the file fills up, new entries will be appended while the oldest entries are dropped. This provides sufficient information for the System Manager to immediately respond to the attempted security breach. The System Manager may also "hang" the terminal at this point (while someone is waiting to be logged on) for a while to give himself more time to respond, or to disable that device so that additional logon attempts are disallowed. How to LIST the security LOG FILE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Information about all changes to user status (add, change, delete) and all violation attempts are logged to the SECURITY/3000 log file with pertinent information about the time and date of the action, terminal on which the action took place, and the user who performed the action (including session name). SECURITY/3000 may be configured to log all successful logons, providing an excellent audit trail of system access. The following violation messages are logged: BAD USER Logon attempted by unauthorized user BAD RESPONSE Question was answered incorrectly BAD DAY Logon attempted on unauthorized day BAD TIME Logon attempted at unauthorized time BAD TERMINAL Logon attempted on unauthorized terminal INVALID TERMINAL PASSWORD Invalid terminal password was entered (see the "REMOTE" section of this manual for details). and the following update messages are logged: Add Addition of a user to the Logon Security System Change Change made to a user in the Logon Security System Copy Security profile copies from one user to another Delete User deleted from Logon Security System and the following successful logon messages are optionally logged: 'SUCCESSFUL LOGON' Valid logon through LOGON SECURITY 'SUCCESSFUL TERMINAL LOGON' Valid logon through the TERMPASS This file can be later listed to the terminal or line printer, and can be cleared after review. An Account Manager can list messages in his account, and the System Manager can list the entire file; (only the System Manager can clear the file.) An ordinary user is not permitted to use this option. :RUN USER.PUB.SECURITY,LISTLOG When you run this option, you are prompted for whether the listing is to go to the line printer (reply 'L') or to the terminal (reply 'T'). If the line printer is selected, the log file is dumped (in a readable format) to the line printer (device class LP). If the terminal is selected, the same printout is generated except that users' real names are not printed. To redirect the listing from the default (DEV=LP) to some other device or a disc file, issue a file equation for SECLIST, e.g. :FILE SECLIST=MYLOGLST;ACC=OUT;DEV=DISC;NOCCTL;REC=,,,ASCII;SAVE Following is an example of the use of this option: :RUN USER.PUB.SECURITY,LISTLOG SECURITY/LISTLOG Version 0.5 (VESOFT (C) 1981) For help type '?' Listing to (L)ine printer or (T)erminal: T Type : Date Time Dev Logon Target user/ Violatn type Add :20JUL85 5:17PM 33 DON,MANAGER.PAYROLL ENTRY.PAYROL Violat:21JUL85 9:23AM 117 READER,LABOR.PAYROLL BAD USER Violat:21JUL85 9:23AM 117 SALLY,ENTRY.PAYROLL BAD RESPONSE Change:21JUL85 10:17AM 25 BILL,MANAGER.SYS ENTRY.PAYROL Violat:24JUL85 2:33PM 117 R1,ENTRY.PAYROL BAD DAY Violat:26JUL85 1:54PM 103 R1,ENTRY.PAYROL BAD TERMINAL Logon :26JUL85 2:00PM 25 ENTRY.PAYROL SUCCESSFUL LOGON *** Log file has been printed *** How to CLEAR the security LOG FILE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Of course you may have good reason to clear the SECURITY log so: :RUN USER.PUB.SECURITY,CLEARLOG to clear the log file. This option will not prompt you for any input. NOTE: This option can be used by the System Manager only. A sample run of this option follows: :RUN USER.PUB.SECURITY,CLEARLOG SECURITY/CLEARLOG Version 0.5 (VESOFT (C) 1981) For help type '?' *** Log file has been cleared *** CONFIGURING SECURITY/3000 ~~~~~~~~~~~~~~~~~~~~~~~~~ Several configuration options (described below) may be specified in the security configuration file, SECURMGR.PUB.SECURITY This file is created at installation time with default values, which may be modified as described in the options below. DISALLOWING CONCURRENT SESSIONS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ As you may know, MPE allows several users with an identical user/account name (e.g. USER.PAYROLL) to be logged on simultaneously. A user is therefore permitted to be logged on to more than one terminal and have more than one session running concurrently, which may be undesirable. As one of our users pointed out, "No individual could fully control the activity on two terminals at a time and hence while on one terminal, unauthorized use could be made of the other." The Logon Security System may be configured to disallow more than one session with a given user ID to be logged on concurrently. Remember that we consider session name to be part of the user ID, so JOE,USER.GL and MARY,USER.GL are recognized as being different, even though the MPE user name is the same. With concurrent sessions disallowed, if someone attempts to log on with a user ID exactly the same as a user who is already logged on, he is not let on the system. Furthermore, a message is sent to the already-logged-on terminal to let that user know that someone is attempting a secondary logon. To disallow concurrent sessions, add the following line to the SECURMGR file: CONCURRENT-SESSION=NO Of course we would rather allow concurrent sesseons, so change it to: CONCURRENT-SESSION=YES By default, concurrent sessions are permitted. ELIMINATING SESSION NAME CHECK ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SECURITY/3000 differentiates users by session name by expanding the user ID to include session name in addition to user and account name. This feature permits a better account structure by allowing "generic" users to be created with user names describing the users' function and session names identifying the individual user (e.g. JOHN,ENTRY.PAYROLL and MARY,CLERK.AP). Thereby, several users could be set up under a common user name but with different session names, and each one would have unique personal profile answers, time and day restrictions, menu files, etc. SECURITY/3000 therefore enforces the use of correct session name by requiring that a user log on using the same session name with which he was configured when added to the security system. If he was configured with a session name of JOHN, for example, and tries to log on using no session name or a different session name, he will not be recognized as an authorized user and therefore will not be let on the system. For those who do not wish to enforce session name or set up "generic" users and would rather use MPE's approach of optional session name, it is possible to instruct the Logon Security System to ignore the session name at logon by adding the following to the SECURMGR file: SESSION-NAME=OFF However, if you choose not to enforce session name, all users must have been set up in the Logon Security System with the session name the same as the user name or with a session name of '@'. For example, if you are adding a user who should log on as JOHN.PAYROLL, he must be set up at ADD time with a user name of 'JOHN', an account name of 'PAYROLL' and a session name of 'JOHN' or '@'. When he logs on, however, he should not use the session name but rather just JOHN.PAYROLL. (When SESSION-NAME=OFF, the SECURITY data base is checked for an authorized user with a session name which is the same as the user name.) By default, session name is a valid part of the user ID. DISABLING A TERMINAL ON WHICH AN ATTEMPTED VIOLATION HAS OCCURED ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If a user is unsuccessful in logging on (either by not responding properly to personal profile question, attempting to log on at an unauthorized time or day, etc.), it is often desirable to "hang" that user's terminal so that he is unable to attempt further logons. To do this, determine the time in seconds for which you would like the terminal hung and then add a line to the SECURMGR file in the format: PAUSE=numseconds where 'numseconds' is the number of seconds for which the terminal will be hung. Then, when a user has an unsuccessful logon attempt, he will be hung for the amount of time specified. By default, 'numseconds'=0, which means that the user will not be hung at all. SPECIFYING NUMBER OF ATTEMPTS TO ANSWER QUESTION AT LOGON ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You may specify the number of attempts users are allowed to answer the question at logon by adding a line to the SECURMGR file in the format: TIMES=attempts where 'attempts' is the number of times the question will be asked. By default, 'attempts'=2. LOGGING SUCCESSFUL LOGONS ~~~~~~~~~~~~~~~~~~~~~~~~~ You may wish to know who is logging on through the dial-up line, or whether a particular logon is being utilized. For how to log successful logons which come through your dial-in lines or are specific to a port. You may enable SECURITY/3000 to log successful logons which pass through the USER program by adding a line to the SECURMGR.PUB.SECURITY file in the format: LOG-LOGON=ON This keyword will be seen by the LOGON security program and cause all successful logons to be written to the LOG.DATA.SECURITY file for later review. No other configuration is required and this keyword may be added or removed at any time. When the log file is reviewed later the message: SUCCESSFUL LOGON will be displayed. SETTING ATTEMPTED SECURITY VIOLATION MEMO ROUTING PARAMETERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The security violation memo which is generated when a violation attempt has occurred is a useful tool for immediately taking corrective action. You may change the memo parameters--device to which the memo is routed, outpri of the memo, and number of copies to generate--by adding a line to the SECURMGR file in the format: DEV=device,outpri,copies where 'device' is the device to which the memo is routed. 'outpri' is the output priority with which the memo will be generated. 'copies' is the number of copies of the memo which will be printed. Therefore, if you want the memo routed to a special printer in the DP Auditor's office where someone will be able to take immediate investigative action, declare this on the 'device' parm. If you want to give the memo top priority to ensure that it is printed right away, specify an outpri of 13; if you want to defer printing the memo, specify an outpri of 1, which will cause the memo to remain in the spooler for later printing or purging. If you do not declare a 'DEV=' line in the SECURMGR file, the memo will be created with default attributes (dev=LP, outpri=8, copies=1). If you do not want the security violation memo at all (but will still have the attempted violation console message and log file entry), do not declare a 'DEV=' line in the SECURMGR file, and add this file equation: :FILE SECLIST=$NULL to SECURUDC (the UDC which invokes the Logon Security System before the command which :RUNs USER.PUB.SECURITY.) HOW SECURITY VIOLATIONS ARE REPORTED ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Whenever an attempted violation occurs, a security memo is printed to the line printer; the default format of it is: TO: SYSTEM MANAGER FROM: SECURITY/3000 RE: SECURITY VIOLATION WE WOULD LIKE TO CALL TO YOUR ATTENTION THE FACT THAT THERE WAS A vvvvvvvvvvvvvvvvvvvvvvvvvvvvvv VIOLATION BY: USER: uuuuuuuu ACCOUNT: aaaaaaaa GROUP: gggggggg SESSION NAME: ssssssss USER NAME: nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn LOGICAL DEVICE: lll ON wwwwwwwwwwwwwwwwwwwwwwwwwww PLEASE INVESTIGATE. where 'uuuuuuuu' represents the user name 'aaaaaaaa' represents the account name 'gggggggg' represents the group name 'ssssssss' represents the session name 'lll' represents the logical device number 'nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn' represents the user's real name 'wwwwwwwwwwwwwwwwwwwwwwwwwww' represents the time and date when the violation (attempt!) occurred 'vvvvvvvvvvvvvvvvvvvvvvvvvvv' represents the type of violation (BAD USER, BAD DAY, BAD TIME, BAD TERMINAL, or BAD RESPONSE). By using the above abbreviations ('uuuuuuuu', 'aaaaaaaa', etc.), you can modify the memo format as you please. The format is stored in MEMOFORM.DATA.SECURITY NOTE: If you have :HEADON on your LP, the header on the memo will indicate the user name (in this case, the violator!) on it, and the operator may deliver this memo to the violator! HOW THE QUESTIONS FILE IS MAINTAINED ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The personal profile questions that are asked at logon time of all users in the system are not fixed by SECURITY/3000; they can be set up with custom questions--up to 30 of them (remember, only ONE of the questions, at random, will be asked at logon time). The questions are stored in the editor-format file called QUESTION.DATA.SECURITY When SECURITY/3000 is installed from VESOFT, there are already some sample questions in this file, so it may not be changed at all. So, if you want to add a question to the file, just do the following: :EDITOR /TEXT QUESTION.DATA.SECURITY /ADD 6 HOW LONG DID YOU LIVE IN THE PLACE WHERE YOU WERE BORN? 7 // /KEEP /EXIT If you must delete a question from the file, do: :EDITOR /TEXT QUESTION.DATA.SECURITY /REPLACE 6 6 HOW LONG DID YOU LIVE IN THE PLACE WHERE YOU WERE BORN? 6 DELETED << you type >> /KEEP /EXIT Again, NEVER execute an actual DELETE command! You may want to have only ONE question in the file--this question will be the only one asked at logon time. Therefore, if you would like to use an MPE-like password rather than personal profile questions, you can have the one question in the file be Enter USER password: which looks just like MPE's password prompt; but don't forget that the passwords in SECURITY/3000's Logon Security System, unlike MPE passwords, are stored in one-way encrypted format. If the QUESTION file is empty (zero records, not just only 'DELETED' records), no questions will be asked at logon time; this is useful in case you do not want SECURITY/3000's personal profile questions, but only its other features. Remember that you can impose the questions on only selected users by answering 'N' to the "Should the user be asked personal profile questions?" prompt when you ADD the user. NOTE: The maximum number of questions is 30. ACCESSING THE USER PROFILE DATA BASE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Information about all the users you have authorized in the Logon Security System (i.e. answers, permitted terminal numbers, permitted times of day/days of week, real user names, etc.) is stored in the IMAGE data base ANSWER.DATA.SECURITY To write reports against this data base (e.g. show the user names and the permitted days of week for all users, sorted by user ID), merely access this data base with QUERY or any of your programs. Of course, the personal profile answers are one-way encrypted, and therefore cannot be determined. Note that you can open the data base through QUERY in READ mode only! Also, as an added security feature, you may change the data base password (as follows) and SECURITY/3000 will still be able to (magically!) access the data base: :HELLO MANAGER.SECURITY,DATA :RUN DBUTIL.PUB.SYS >>SET ANSWER PASSWORD 1=password >>EXIT CONCLUSION: PART 1 ~~~~~~~~~~~~~~~~~~~ That's it for the particulars on how the LOGON portion of SECURITY/3000 works. In Part 2, I will discuss various utilities and security logs associated with SECURITY/3000. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - /\ /\ / \ / \ / / \ / Inside NORAD \ /\ /\ / \ / \ / \ by: Anonymous / \ / \ \ _ _ /_ _ _ _ _ _ \_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _\_ _ Note: The information below was compiled through research and personal interviews with Air Force personnel who were stationed at NORAD Headquarters. The officers that we talked wished for their names to be withheld. Aerospace Defense Structure ~~~~~~~~~~~~~~~~~~~~~~~~~~~ The military defense of North America is a joint effort of the United States and Canada. All forces directly assigned to aerospace defense by the two nations are organized as the North American Air Defense Command (NORAD). The major elements of NORAD are the Canadian Forces Air Defence Command (CFADC), the U.S. Air Force's Air Defense Command (USAD ADC), and the U.S. Army's Air Defense Command (ARADCOM). Headquarters of NORAD, USAF ADC, and ARADCOM are in Colorado Springs, Colorado. While the CFADC headquarters are in St. Hubert, Quebec. The primary jobs of NORAD is to serve as an early warning system in the event of nuclear attack. NORAD is primarily concerned with the detection, identification, and tracking of hostile bombers, ballistic missiles, and space vehicles. Defense Against Manned Bombers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Defense against manned bombers includes ground-based and airborne radars to warn of the approach of hostile aircraft; supersonic fighter-interceptor aircraft capable of operating in any type of weather, and surface-to-air interceptor missiles. Detection and tracking of bombers is accomplished by ground-based radars located along the Arctic Circle from the Aleutians to Greenland and, in greater concentrations, in southern Canada and the United States. Radar equipped aircraft on continuous patrol off the Atlantic and Pacific coasts extend surveillance seaward. Any aircraft detected must of course be identified. Flights penetrating designated Air Defense Identification Zones (ADIZ) must be identified by correlating their flight plans submitted in advance with the precise position of the aircraft or, when this fails, through visual identification by interceptor aircraft. The simplest method of identification is to interrogate an electronic coding device, called Identification Friend of For (IFF), located in the aircraft, which replies to the interrogation with a known password. If the airborne object is hostile, it will be destroyed by fighter-interceptor jet aircraft using nuclear or conventional armament or by unmanned surface-to-air missiles such as BOMARC or NIKE. Integration of the defense systems against the manned bomber is accomplished by the electronic supersystem called Semi-Automatic Ground Environment (SAGE). In SAGE, computers receive and store data, solve problems, and display solutions to the detection station display screens. This allows air defense commanders to follow the battle situation and direct appropriate defense weapons. If interceptors or missiles are launched or committed against the target, the computer, with operator assistance, transmits information to and guides them to the hostile object. Interceptors are equipped with an automatic pilot, which can ge guided from the ground by means of data link. In the event the SAGE system should become inoperative, its functions would be taken over by BUIC, the Back-up Interceptor Control system, with widely dispersed automated control centers. Defense Against Ballistic Missiles ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Defense against ballistic missiles presents more difficult problems than defense against manned bombers. An extensive network known as the Ballistic Missile Early Warning System (BMWES), runs through Alaska, Canada, Greenland, and the British Isles, is used to detect and relay information about inbound missiles. A similar network is planned to cover the southern portion of the continent. In the event that an inbound missiles is detected, NORAD directs the use of antiballistic-missile weaponry. Defense Against Attack Through Space ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Although space vehicles are note currently employed for offensive military usage at the present, the possibility is certainly there. One of NORAD's primary responsibilities is to monitor any space born vehicles. The number of man made objects in orbit above the Earth numbers in the thousands. Continuous surveillance of these objects in space is performed by NORAD's Space Detection and Tracking System (SPADATS). SPADATS consists of two primary elements, the U.S. Navy's Space Surveillance (SPASUR) System--an electronic fence of high-powered transmitters and receivers extending across the southern United States--and the U.S. Air Force's SPACETRACK system. SPACETRACK consists of a worldwide network of radars, space-probing cameras, and communications. An operational control center with a central data-processing facility called the Space Defense Center, located at NORAD headquarters, serves to integrate the entire network. NORAD Headquarters ~~~~~~~~~~~~~~~~~~ In 1966, operations began in the new Combat Operations Center deep inside a mountain in Colorado. The center is located outside Colorado Springs at the Cheyenne Mountain Air Force Base. The complex is set inside tunnels that have been carved deep into the heart of the mountain itself. The entire structure is situated atop huge, 3-foot diameter springs to absorb nuclear shock waves. The headquarters was designed to survive a 1 megaton nuclear blast, but since this was designed to deter 1960's nuclear technology, it is questionable whether or not it would withstand attack by today's "smart" bombs, which could put a missile right in the front door. Every day, over a thousand people go to work the day shift at NORAD, commuting up from near by Peterson Air Force Base. Upon arrival at the center, they walk past the station's concertina wire topped twelve foot fences, which are surprisingly non-electrified. The exterior is constantly patrolled and observed by the Air Force Elite Security Forces, each armed to the teeth with 9mm pistols and M-16's. Scores of German Shepherd attack dogs are used as an added bit of security. Above the main tunnel entrance, is a sign that reads: "Use of Deadly Force Authorized by all Personnel." The interior of the base, built to survive a nuclear attack, is completely self-contained. Backup power is available in case of a power failure, and provides uninterupted power for lighting as well as computer systems. The base also contains food and water supplies for all personnel for over 30 days. The base itself is entirely shielded with lead and reinforced concrete, which augments the natural protection provided by the mountain. Huge blast doors provide the only entrances and exits to the base. Of course, the base is equipped with state-of-the-art communications systems, with full time links to all nuclear weapons sites in both the U.S. and Canada. The base is also linked into all major news and civil defense agencies to accept and release up-to-the-minute information on global military affairs. Surprisingly, however, the base is not equipped with today's most powerful mainframes and supercomputers. Many of the systems are somewhat archaic, as any upgrade would cause massive redesign of weapons and defense systems. Conclusion ~~~~~~~~~~ One may wonder about the usefulness of this unique command post in the interior of a mountain in light of current global events. With the evaporation of central government in the Soviet Union, and the decreased likelihood of another global war, a huge nuclear arsenal is beginning to seem worthless. However, with the capability to monitor global military situations at all times, and the ability to deter possible conflict, it still provides a valuable service to all of North America, if not the world. Better safe than sorry. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ******************************************************************************* * * * Card-O-Rama: Magnetic Stripe Technology and Beyond * * * * or * * * * "A Day in the Life of a Flux Reversal" * * * * * * * * by: ..oooOO Count Zero OOooo.. yRDTy 11/22/91 * * * ******************************************************************************* ---A production of : -=Restricted -=Data -=Transmissions : : : : "Truth is cheap, but information costs." : Look in your wallet. Chances are you own at least 3 cards that have magnetic stripes on the back. ATM cards, credit cards, calling cards, frequent flyer cards, ID cards, passcards,...cards, cards, cards! And chances are you have NO idea what information is on those stripes or how they are encoded. This detailed document will enlighten you and hopefully spark your interest in this fascinating field. None of this info is 'illegal'...but MANY organizations (government, credit card companies, security firms, etc.) would rather keep you in the dark. Also, many people will IMMEDIATELY assume that you are a CRIMINAL if you merely "mention" that you are "interested in how magnetic stripe cards work." Watch yourself, ok? Just remember that there's nothing wrong with wanting to know how things work, although in our present society, you may be labelled a "deviant" (or worse, a <gasp> "hacker!"). Anyway, I will explain in detail how magstripes are encoded and give several examples of the data found on some common cards. I will also cover the technical theory behind magnetic encoding, and discuss magnetic encoding alternatives to magstripes (Wiegand, barium ferrite). Non-magnetic card technology (bar code, infrared, etc.) will be described. Finally, there will be an end discussion on security systems and the ramifications of emergent "smartcard" and biometric technologies. *DISCLAIMER* Use this info to EXPLORE, not to EXPLOIT. This text is presented for informational purposes only, and I cannot be held responsible for anything you do or any consequences thereof. I do not condone fraud, larceny, or any other criminal activities. *A WARNING* I've noticed lately a few "books" and "magazines" for sale that were FILLED with PHILES on a variety of computer topics. These philes were originally released into the Net with the intention of distributing them for FREE. HOWEVER, these philes are now being PACKAGED and sold FOR PROFIT. This really pisses me off. I am writing this to be SHARED for FREE, and I ask no payment. Feel free to reprint this in hardcopy format and sell it if you must, but NO PROFITS must be made. Not a f**king DIME! If ANYONE reprints this phile and tries to sell it FOR A PROFIT, I will hunt you down and make your life miserable. How? Use your imagination. The reality will be worse. ** MAGSTRIPE FIELDS, HEADS, ENCODING/READING ** Whew! I'll get down to business now. First, I am going to explain the basics behind fields, heads, encoding and reading. Try and absorb the THEORY behind encoding/reading. This will help you greatly if you ever decide to build your own encoder/reader from scratch (more on that later). FERROMAGNETIC materials are substances that retain magnetism after an external magnetizing field is removed. This principle is the basis of ALL magnetic recording and playback. Magnetic POLES always occur in pairs within magnetized material, and MAGNETIC FLUX lines emerge from the NORTH pole and terminate at the SOUTH. The elemental parts of MAGSTRIPES are ferromagnetic particles about 20 millionths of an inch long, each of which acts like a tiny bar magnet. These particles are rigidly held together by a resin binder. The magnetic particles are made by companies which make coloring pigments for the paint industry, and are usually called pigments. When making the magstripe media, the elemental magnetic particles are aligned with their North-South axes parallel to the magnetic stripe by means of an external magnetic fields while the binder hardens. These particles are actually permanent bar magnets with TWO STABLE POLARITIES. If a magnetic particle is placed in a strong external magnetic field of the opposite polarity, it will FLIP its own polarity (North becomes South, South becomes North). The external magnetic field strength required to produce this flip is called the COERCIVE FORCE, or COERCIVITY of the particle. Magnetic pigments are available in a variety of coercivities (more on that later on). An unencoded magstripe is actually a series of North-South magnetic domains (see Figure 1). The adjacent N-S fluxes merge, and the entire stripe acts as a single bar magnet with North and South poles at its ends. Figure 1: N-S.N-S.N-S.N-S.N-S.N-S.N-S.N-S <-particles in stripe --------- represented as-> N-----------------------------S However, if a S-S interface is created somewhere on the stripe, the fluxes will REPEL, and we get a concentration of flux lines around the S-S interface. (same with N-N interface) ENCODING consists of creating S-S and N-N interfaces, and READING consists of (you guessed it) detecting 'em. The S-S and N-N interfaces are called FLUX REVERSALS. ||| ||| <-flux lines Figure 2: N------------N-N-S-S-----------------S --------- flux lines -> ||| ||| The external magnetic field used to flip the polarities is produced by a SOLENOID, which can REVERSE its polarity by reversing the direction of CURRENT. An ENCODING head solenoid looks like a bar magnet bent into the shape of a ring so that the North/South poles are very close and face each other across a tiny gap. The field of the solenoid is concentrated across this gap, and when elemental magnetic particles of the magstripe are exposed to this field, they polarize to the OPPOSITE (unlike poles attract). Movement of the stripe past the solenoid gap during which the polarity of the solenoid is REVERSED will produce a SINGLE flux reversal (see Figure 3). To erase a magstripe, the encoding head is held at a CONSTANT polarity and the ENTIRE stripe is moved past it. No flux reversals, no data. | | <----wires leading to solenoid | | (wrapped around ring) /-|-|-\ / \ Figure 3: | | <----solenoid (has JUST changed polarity) --------- \ / \ N S / <---gap in ring.. NS polarity across gap N----------------------SS-N-------------------------S ^^ <<<<<-direction of stripe movement S-S flux reversal created at trailing edge of solenoid! So, we now know that flux reversals are only created the INSTANT the solenoid CHANGES its POLARITY. If the solenoid in Figure 3 were to remain at its current polarity, no further flux reversals would be created as the magstripe moves from right to left. But, if we were to change the solenoid gap polarity from NS to *SN*, then (you guessed it) a *N-N* flux reversal would instantly be created. Just remember, for each and every reversal in solenoid polarity, a single flux reversal is created (commit it to memory..impress your friends..be a tech weenie!). An encoded magstripe is therefore just a series of flux reversals (NN followed by SS followed by NN ...). DATA! DATA! DATA! That's what you want! How the hell are flux reversals read and interpreted as data? Another solenoid called a READ HEAD is used to detect these flux reversals. The read head operates on the principle of ELECTROMAGNETIC RECIPROCITY: current passing through a solenoid produces a magnetic field at the gap, therefore, the presence of a magnetic field at the gap of a solenoid coil will *produce a current in the coil*! The strongest magnetic fields on a magstripe are at the points of flux reversals. These are detected as voltage peaks by the reader, with +/- voltages corresponding to NN/SS flux reversals (remember, flux reversals come in 2 flavors). See Figure 4. magstripe---> -------NN--------SS--------NN---------SS------ Figure 4: voltage-----> .......+.........-.........+...........-..... --------- ---------- ------------- peak readout--> | | | | --------| |----------| |---- The 'peak readout' square waveform is critical. Notice that the voltage peak remains the same until a new flux reversal is encountered. Now, how can we encode DATA? The most common technique used is known as Aiken Biphase, or 'two-frequency coherent-phase encoding' (sounds impressive, eh?). First, digest the diagrams in Figure 5. Figure 5: ---------- ---------- ---------- --------- | | | | | | <- peak a) | |--------| |--------| | readouts * 0 * 0 * 0 * 0 * 0 * ----- ----- ----- ----- ----- - | | | | | | | | | | | b) | |----| |----| |----| |----| |----| * 1 * 1 * 1 * 1 * 1 * ----- ---------- ----- ----- - | | | | | | | | | c) | |----| |--------| |----| |----| * 1 * 0 * 0 * 1 * 1 * There ya have it. Data is encoded in 'bit cells,' the frequency of which is the frequency of '0' signals. '1' signals are exactly TWICE the frequency of '0' signals. Therefore, while the actual frequency of the data passing the read head will vary due to swipe speed, data density, etc, the '1' frequency will ALWAYS be TWICE the '0' frequency. Figure 5C shows exactly how '1' and '0' data exists side by side. We're getting closer to read DATA! Now, we're all familiar with binary and how numbers and letters can be represented in binary fashion very easily. There are obviously an *infinite* number of possible standards, but thankfully the American National Standards Institute (ANSI) and the International Standards Organization (ISO) have chosen 2 standards. The first is ** ANSI/ISO BCD Data format ** This is a 5-bit Binary Coded Decimal format. It uses a 16-character set, which uses 4 of the 5 available bits. The 5th bit is an ODD parity bit, which means there must be an odd number of 1's in the 5-bit character..the parity bit will 'force' the total to be odd. Also, the Least Significant Bits are read FIRST on the strip. See Figure 6. The sum of the 1's in each case is odd, thanks to the parity bit. If the read system adds up the 5 bits and gets an EVEN number, it flags the read as ERROR, and you gotta scan the card again. (yeah, I *know* a lot of you out there *already* understand parity, but I gotta cover all the bases...not everyone sleeps with their modem and can recite the entire AT command set at will, you know ;). See Figure 6 for details of ANSI/ISO BCD. Figure 6: ANSI/ISO BCD Data Format --------- * Remember that b1 (bit #1) is the LSB (least significant bit)! * The LSB is read FIRST! * Hexadecimal conversions of the Data Bits are given in parenthesis (xH). --Data Bits-- Parity b1 b2 b3 b4 b5 Character Function 0 0 0 0 1 0 (0H) Data 1 0 0 0 0 1 (1H) " 0 1 0 0 0 2 (2H) " 1 1 0 0 1 3 (3H) " 0 0 1 0 0 4 (4H) " 1 0 1 0 1 5 (5H) " 0 1 1 0 1 6 (6H) " 1 1 1 0 0 7 (7H) " 0 0 0 1 0 8 (8H) " 1 0 0 1 1 9 (9H) " 0 1 0 1 1 : (AH) Control 1 1 0 1 0 ; (BH) Start Sentinel 0 0 1 1 1 < (CH) Control 1 0 1 1 0 = (DH) Field Separator 0 1 1 1 0 > (EH) Control 1 1 1 1 1 ? (FH) End Sentinel ***** 16 Character 5-bit Set ***** 10 Numeric Data Characters 3 Framing/Field Characters 3 Control Characters The magstripe begins with a string of Zero bit-cells to permit the self-clocking feature of biphase to "sync" and begin decoding. A "Start Sentinel" character then tells the reformatting process where to start grouping the decoded bitstream into groups of 5 bits each. At the end of the data, an "End Sentinel" is encountered, which is followed by an "Longitudinal Redundancy Check (LRC) character. The LRC is a parity check for the sums of all b1, b2, b3, and b4 data bits of all preceding characters. The LRC character will catch the remote error that could occur if an individual character had two compensating errors in its bit pattern (which would fool the 5th-bit parity check). The START SENTINEL, END SENTINEL, and LRC are collectively called "Framing Characters", and are discarded at the end of the reformatting process. ** ANSI/ISO ALPHA Data Format ** Alphanumeric data can also be encoded on magstripes. The second ANSI/ISO data format is ALPHA (alphanumeric) and involves a 7-bit character set with 64 characters. As before, an odd parity bit is added to the required 6 data bits for each of the 64 characters. See Figure 7. Figure 7: --------- ANSI/ISO ALPHA Data Format * Remember that b1 (bit #1) is the LSB (least significant bit)! * The LSB is read FIRST! * Hexadecimal conversions of the Data Bits are given in parenthesis (xH). ------Data Bits------- Parity b1 b2 b3 b4 b5 b6 b7 Character Function 0 0 0 0 0 0 1 space (0H) Special 1 0 0 0 0 0 0 ! (1H) " 0 1 0 0 0 0 0 " (2H) " 1 1 0 0 0 0 1 # (3H) " 0 0 1 0 0 0 0 $ (4H) " 1 0 1 0 0 0 1 % (5H) Start Sentinel 0 1 1 0 0 0 1 & (6H) Special 1 1 1 0 0 0 0 ' (7H) " 0 0 0 1 0 0 0 ( (8H) " 1 0 0 1 0 0 1 ) (9H) " 0 1 0 1 0 0 1 * (AH) " 1 1 0 1 0 0 0 + (BH) " 0 0 1 1 0 0 1 , (CH) " 1 0 1 1 0 0 0 - (DH) " 0 1 1 1 0 0 0 . (EH) " 1 1 1 1 0 0 1 / (FH) " 0 0 0 0 1 0 0 0 (10H) Data (numeric) 1 0 0 0 1 0 1 1 (11H) " 0 1 0 0 1 0 1 2 (12H) " 1 1 0 0 1 0 0 3 (13H) " 0 0 1 0 1 0 1 4 (14H) " 1 0 1 0 1 0 0 5 (15H) " 0 1 1 0 1 0 0 6 (16H) " 1 1 1 0 1 0 1 7 (17H) " 0 0 0 1 1 0 1 8 (18H) " 1 0 0 1 1 0 0 9 (19H) " 0 1 0 1 1 0 0 : (1AH) Special 1 1 0 1 1 0 1 ; (1BH) " 0 0 1 1 1 0 0 < (1CH) " 1 0 1 1 1 0 1 = (1DH) " 0 1 1 1 1 0 1 > (1EH) " 1 1 1 1 1 0 0 ? (1FH) End Sentinel 0 0 0 0 0 1 0 @ (20H) Special 1 0 0 0 0 1 1 A (21H) Data (alpha) 0 1 0 0 0 1 1 B (22H) " 1 1 0 0 0 1 0 C (23H) " 0 0 1 0 0 1 1 D (24H) " 1 0 1 0 0 1 0 E (25H) " 0 1 1 0 0 1 0 F (26H) " 1 1 1 0 0 1 1 G (27H) " 0 0 0 1 0 1 1 H (28H) " 1 0 0 1 0 1 0 I (29H) " 0 1 0 1 0 1 0 J (2AH) " 1 1 0 1 0 1 1 K (2BH) " 0 0 1 1 0 1 0 L (2CH) " 1 0 1 1 0 1 1 M (2DH) " 0 1 1 1 0 1 1 N (2EH) " 1 1 1 1 0 1 0 O (2FH) " 0 0 0 0 1 1 1 P (30H) " 1 0 0 0 1 1 0 Q (31H) " 0 1 0 0 1 1 0 R (32H) " 1 1 0 0 1 1 1 S (33H) " 0 0 1 0 1 1 0 T (34H) " 1 0 1 0 1 1 1 U (35H) " 0 1 1 0 1 1 1 V (36H) " 1 1 1 0 1 1 0 W (37H) " 0 0 0 1 1 1 0 X (38H) " 1 0 0 1 1 1 1 Y (39H) " 0 1 0 1 1 1 1 Z (3AH) " 1 1 0 1 1 1 0 [ (3BH) Special 0 0 1 1 1 1 1 \ (3DH) Special 1 0 1 1 1 1 0 ] (3EH) Special 0 1 1 1 1 1 0 ^ (3FH) Field Separator 1 1 1 1 1 1 1 _ (40H) Special ***** 64 Character 7-bit Set ***** * 43 Alphanumeric Data Characters * 3 Framing/Field Characters * 18 Control/Special Characters The two ANSI/ISO formats, ALPHA and BCD, allow a great variety of data to be stored on magstripes. Most cards with magstripes use these formats, but occasionally some do not. More about those later on. ** Tracks and Encoding Protocols ** Now we know how the data is stored. But WHERE is the data stored on the magstripe? ANSI/ISO standards define *3* Tracks, each of which is used for different purposes. These Tracks are defined only by their location on the magstripe, since the magstripe as a whole is magnetically homogeneous. See Figure 8. Figure 8: --------- <edge of card> _________________________________________________________________ | ^ ^ ^ |------------------| 0.223"--|---------|------------------------- | | | 0.353" | ^ |..................|.........|.........| 0.493" | | Track #1 0.110" | | | |............................|.........|... <MAGSTRIPE> | | | | |............................|.........|... | | Track #2 0.110" | | |......................................|... | | | | |......................................|... | | Track #3 0.110" | |.......................................... | | | |------------------------------------------------------------------ | | <body of card> | You can see the exact distances of each track from the edge of the card, as well as the uniform width and spacing. Place a magstripe card in front of you with the magstripe visible at the bottom of the card. Data is encoded from left to right (just like reading a book, eh?). See Figure 9. Figure 9: --------- ANSI/ISO Track 1,2,3 Standards Track Name Density Format Characters Function -------------------------------------------------------------------- 1 IATA 210 bd