HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / pc / NAVYPASS.ZIP / MANUAL < prev next >

Wrap

Text File | 1990-05-20 | 32.9 KB | 870 lines

-------------------------------------------------------------------------- | | | | | | | | | | | USER'S MANUAL | | | | | | | | ********************************* | | * * | | * "NAVYPASS" : U. S. NAVY * | | * * | | * ADP PASSWORD PROTECTION * | | * * | | * SOFTWARE PACKAGE * | | * * | | ********************************* | | Version 1.1 (c) May 1990 | | | | Ref: OPNAVINST 5510.1 series | | | | | | | | | | | | Designed by: | | | | Dale E. Wilson, LT, USN | | Attack Squadron 128 | | NAS Whidbey Island, WA | | 98278 | | | | | | | | | | This software package is a Federal Domain Program intended | | for use by DoD personnel for official purposes. It may be copied, | | distributed, and otherwise used without any further permission | | in all offices of the U. S. Government and Armed Forces provided | | that the following conditions are met: | | | | | | - NAVYPASS.EXE may only be distributed in its original, | | unmodified state. Any modified versions may NOT be distributed. | | | | - NAVYPASS.EXE may NOT be distributed, in whole or part, as | | part of any commercial product without the expressed written | | permission of the author. | | | | | | The use or distribution of this software package for profit | | or by private persons or industry without written consent of the | | author is strictly prohibited. The author reserves all | | commercial rights. | | | | | |------------------------------------------------------------------------| NAVYPASS Users' Manual by D. E. Wilson, LT, USN T A B L E OF C O N T E N T S __________________________________________________________________ SECTION PAGE I N T R O D U C T I O N 1.1 Product Overview ........................................ 1-1 1.2 Software Contents ....................................... 1-2 1.3 Specifications .......................................... 1-3 1.4 Computer and DOS Requirements ........................... 1-3 I N S T A L L A T I O N 2.1 Hard Drive Installation ................................ 2-1 S O F T W A R E S P E C I F I C S 3.0 NAVYPASS MAIN MENU ...................................... 3-1 3.1 Password Entry ........................................ 3-2 3.2 Quick Information ..................................... 3-2 3.3 Set Configuration ..................................... 3-3 3.4 Reference Manual ...................................... 3-4 4.0 NAVYPASS TIPS & TECHNIQUES .............................. 4-1 4.1 Using "Blankall.Com" .................................. 4-2 4.2 Using "No-Reset.Com" .................................. 4-2 5.0 APPENDIX A. Technical Information ................................ A-1 B. Code Logic ........................................... A-1 C. Author's Rights ...................................... A-1 D. Acknowledgments ...................................... A-2 E. A Final Note ......................................... A-2 ii NAVYPASS Users' Manual by D. E. Wilson, LT, USN ________________________ | | | 1.1 Product Overview | |________________________| The NAVYPASS Software Package was designed to assist commands in promoting ADP Security in their work environment. The program is actually very simple, but at the same time very powerful. Loaded as the very first program in the "autoexec.bat" file, it allows normal "autoexec" execution ONLY when the user has provided the correct password to the program. NAVYPASS is NOT a ram-resident (TSR) program, but rather a single small module loaded and ran only once during computer startup ("booting" process). Since it can be executed at any time, it's convenient to run it prior to leaving the computer unattended for any period in order to keep unauthorized users from accessing the system. Written in Turbo C version 2.0, NAVYPASS is lighting-fast and exceptionally easy to use. A clear, simple menu format drives all functions. The intent of this program is to enhance ADP security without burdening valid users from performing their work. HOW NAVYPASS WORKS: ** NOTE ** Both original passwords were set to the program name itself, "NAVYPASS", when the program was distributed Navy-wide. NAVYPASS actually has two passwords: a "User Access" password and a "Main System" password. The purpose of this second password is to allow the ADP Security Officer, or more commonly, the System Operator (hereafter referred to as the "SysOp") to set: i) the normal "user" password ii) the command name at the top of the opening screen, iii) his/her own name at the top of the screen. These items, as well as the Main System password, can be changed at any time, but ONLY through the SysOp via the Main System password. As the opening screen comes up, the user will simply press the first selection, "Password Entry", and enter the correct password. If successful, the autoexec.bat continues to execute normally. However,if the user can't enter the correct password in two attempts.... the system locks up and MUST be rebooted. NAVYPASS contains sophisticated algorithms that forestall "hackers" from breaking into the program and attempting to change the passwords on their own. All passwords and screen titles are kept in a separate file named "password.dat". The file is completely encrypted such that common utilities like Norton Commander and PC Tools won't help the hacker to learn the passwords... all he/she will see is binary garbage! The usual hacker tricks like hitting "Control-C" or "Control-Break" to bypass a executing program is automatomally recognized by NAVYPASS as an illegal entry attempt, resulting in an automatic system lockup (referred to as "going to byte heaven"). Although no system is completely safe from a knowledgeable and determined professional, NAVYPASS should easily meet the needs of the normal Federal/Dept of Defense office environment. 1-1 NAVYPASS Users' Manual by D. E. Wilson, LT, USN ________________________ | | | 1.2 Software Contents | |________________________| A. NAVYPASS.EXE Executive program used to control all primary functions in this software package. Menu driven format. B. PASSWORD.DAT Encrypted binary data file containing the passwords. Also holds the command name and ADP Officer's name for the title window on the opening screen. C. MANUAL.EXE Allows the user to read the Users' Manual directly from the computer monitor. ( Uses MANUAL ) D. MANUAL The file containing this Users' Manual. A printout can be made and retained for future reference. To print the manual, insert disk into drive A, ensure your printer is on, and at the DOS prompt, type: COPY MANUAL PRN example: A:\> COPY MANUAL PRN Note: Ensure the print head is positioned at the top of a new page. The file will automatomally advance a new page as needed. E. BLANKALL.COM Useful utility to "blank" the screen if the computer has been inactive for a specified number of minutes. Saves the monitor from "screen burn" during periods of inactivity. F. NO-RESET.COM Tiny assembly program that deactivates the "CTRL-ALT-DEL" and "CTRL-ALT-INS" keyboard sequences to further enhance security on Zenith Z-248 machines. 1-2 NAVYPASS Users' Manual by D. E. Wilson, LT, USN ________________________ | | | 1.3 Specifications | |________________________| - Written in Turbo C version 2.0 (Borland, Inc), with assembly language sub-routines controlling BIOS interrupts. - Designed for use on the Zenith Z-248 microcomputer system equipped with EGA monitors, the standard throughout the Department of Defense. - A stand-alone program that requires no additional software other than the Disk Operating System (DOS). - Exceptionally user-friendly. Completely menu-driven. Clear, distinct prompts make every function intuitively obvious. - Professional encryption algorithms provide sophisticated password protection. Automatomally detects attempts to bypass the program, resulting in immediate system lockup. ______________________________ | | | 1.4 COMPUTER REQUIREMENTS | |______________________________| The NAVYPASS software package is fully compatible with the IBM PC-XT, AT, and PS/2 machines and on all clones claiming compatibility. The 8088, 80286 or 80386 Central Processing Unit (CPU) is required to ensure proper execution of this software. The CGA, EGA or VGA color video driver is required to ensure full video compatibil- ity. All Zenith 150 and 248 model computers are fully compatible. Early Z-248 computers equipped with EGA monochrome monitors may also be used. Obviously, a hard drive is necessary to effectively utilize this program. This software package has been thoroughly tested on machines with an internal clock rate of 4.77, 8.0 and 12.5 MHz. Additionally, it has been tested on machines very similar to the Unisys machines on the Federal Desktop III contract (16MHz and 20MHz 32-bit 80386 VGA systems). This program has performed well under DOS versions 3.1 through 4.01. 1-3 NAVYPASS Users' Manual by D. E. Wilson, LT, USN ________________________________ | | | 2.1 INSTALLATION | |________________________________| Installing NAVYPASS is extremely simple... just use the install program! Since this MUST be done from the "A" drive, first insure that the following files are on the floppy disk that will be used for the installation process: NPINSTAL.EXE NAVYPASS.EXE PASSWORD.DAT MANUAL.EXE MANUAL BLANKALL.COM NO-RESET.COM Now just insert this disk into drive "A" and enter "NPINSTAL.EXE" at the prompt. For example: A:\> NPINSTAL.EXE The installation program will correctly install the program on hard drive "C" (the normal "bootup" drive on most computers equipped with hard drives, such as Zenith 248 systems) on the root directory. Now all that needs to be done is to edit (change) your "autoexec.bat" file such that the NAVYPASS program is the FIRST program to run during the bootup process. This is easy to do (using common utilities such as Norton Commander, PC Tools, XTREE, etc) but if you have any doubts, have your local 'computer guru' do it for you. The only two files that are ESSENTIAL for this program to run correctly are NAVYPASS.EXE and PASSWORD.DAT. The others simply enhance the program and are fully explained in the following sections. 2-1 NAVYPASS Users' Manual by D. E. Wilson, LT, USN __________________________ | | | 3.0 NAVYPASS MAIN MENU | |__________________________| After the mandatory warning introduction, the program Main Menu will come up on screen, looking like this: ╔════════════════════════╗ ║ ║ ║ PASSWORD ENTRY ║ ║ ║ ║ QUICK INFORMATION ║ ║ ║ ║ SET CONFIGURATION ║ ║ ║ ║ REFERENCE MANUAL ║ ║ ║ ╚════════════════════════╝ Any of the functions can be executed by moving the selection bar to the item desired and pressing <RTN>, or merely pressing the first letter of the item (P,Q,S, or R) will also initiate the function. By default, the selection bar will be preposition on the "PASSWORD ENTRY" function, since that it what will be used most often. These four items are fairly self-explanatory: 'PASSWORD ENTRY" is the primary function, used to enter the correct password for users to obtain access to the system; 'QUICK INFORMATION' is a one-page brief on the purpose and requirements of the program; 'SET CONFIGURATION' brings up a second menu that allows the SysOp to change passwords, put the command's name on the opening screen, etc; 'REFERENCE MANUAL' allows this very manual to be read right on the screen. ** CAUTION!! ** KEEP IN MIND that once the 'PASSWORD ENTRY' selection is made, there is no going back; you are COMMITTED to entering the password!! If you mistakenly got into this function, you'd better have the correct password... or prepare to reboot!. The ORIGINAL password (both user entry and main system password) when this program was distributed was simply the program name itself, "NAVYPASS". You should absolutely MAKE A BACKUP COPY OF THE ORIGINAL 'PASSWORD.DAT" FILE in case you either forget the password that is set by your activity, or some frustrated hacker corrupts your 'PASSWORD.DAT' file!! If catastrophe occurs and everything is lost, see "A Final Note" at the end of this manual. 3-1 NAVYPASS Users' Manual by D. E. Wilson, LT, USN ______________________ | | | 3.1 PASSWORD ENTRY | |______________________| This selection (which obviously will be used the most often) will pop up a window and prompt the user for the password. ENTER CAREFULLY, because this entry routine is UNFORGIVING; there is no "backspacing" if you make a mistake during entry. You can enter either upper or lower case letters, but numbers are illegal (you'll hear a beep if ANYTHING except alphabetic characters are entered). Naturally, the password being entered is not echoed to the screen. The length of the password is the length of the black entry prompt (that's the only hint you'll get!) and there's no pressing <RTN> after the last letter; success (or failure) is immediately recorded upon entering the last character. A successful entry will be rewarded with a message to press any key to continue. A bad entry will be given only ONE more chance, so re-enter slow and CAREFULLY!! A second failure results in the computer system tripping off to "Byte Heaven"! _________________________ | | | 3.2 QUICK INFORMATION | |_________________________| This is just a one-page quick and dirty info on what NAVYPASS expects, and that you have just TWO chances to successfully enter the correct password. 3-2 NAVYPASS Users' Manual by D. E. Wilson, LT, USN _________________________ | | | 3.3 SET CONFIGURATION | |_________________________| This function allows the SysOp to set his own passwords, (both the normal 'user entry' password or the Main System password). In addition, the SysOp can insert the Command's name and his/her own name on the opening screen. Changing these items requires the entry of a "Main System" password, which is DIFFERENT from the user entry password (the reason for this should be obvious; if a "normal user" also has the ability to change the "normal user" password, this negates the intent of having a password security program to begin with). Selecting the "SET CONFIGURATION" function from the Main Menu pops up a second menu which looks like the following: ╔═══════════════════════╗ ║ ║ ║ Main System Password ║ ║ ║ ║ User Access Password ║ ║ ║ ║ Command Title Heading ║ ║ ║ ║ ADPSO Name Change ║ ║ ║ ║ Return to Main Menu ║ ║ ║ ╚═══════════════════════╝ In the same manner as the Main Menu, moving the selection bar with the cursor keys and pressing <RTN>, or hitting the first letter of any item executes that function. Whichever function you choose, you will be prompted for the Main System password to continue. As before, this entry routine is brutally strict, with the same penalty for failure! Aside from the 'Return to Main Menu' option, all of these routines are similar in function, differing only in that the passwords are limited to alphabetic letters, up to 20 characters max, no blank spaces. The Title Heading or ADPSO Name Change can be up to 30 characters max, blanks and numbers may be used. Once you enter a new password/heading/name, you will be prompted to confirm the entry before it is saved to disk. If you change your mind, answer 'no' to the confirmation, and you will be returned to the above menu. 3-3 NAVYPASS Users' Manual by D. E. Wilson, LT, USN _________________________ | | | 3.4 REFERENCE MANUAL | |_________________________| Selecting this option from the Main Menu will allow the user to read this very manual right from the screen using an EXTREMELY fast document display program. Use the arrow keys and/or the PGUP/PGDN keys to scroll through this manual. This manual can also printed out and retained for future reference. Before printing, ensure the print head is at the top of a new page. A complete printout can be performed using the COPY command. For example, if you have the manual file on a floppy disk, insert it into drive A, ensure the printer is ready, and at the "A" prompt, type in the command. It will look like the following: A:\> COPY MANUAL PRN Then press <RTN>. Pages are automatomally advanced as needed. 3-4 NAVYPASS Users' Manual by D. E. Wilson, LT, USN __________________________________ | | | 4.1 NAVYPASS TIPS & TECHNIQUES | |__________________________________| The following tips are provided in order for users to obtain the most from NAVYPASS. Always remember that a knowledgeable and determined professional will be able to bypass most any security methods that use software only. Therefore, NAVYPASS should be used in conjunction with prudent physical security measures. * All computer systems should be behind locked doors during off- duty hours. * NEVER leave a computer unattended while it is running. It takes mere seconds for files to be copied or compromised, or for some lowlife maggot to infect your system with a virus. * DO NOT use the same passwords for both "User Access" and "Main System". Only the ADP Security Officer (or SysOp) should have the Main System password, since it allows one to change the normal "User Access" password, as well as the title headings. * If you must leave the area for a brief period, run NAVYPASS right before you go. If, upon return, you see that your computer has gone to "Byte Heaven", you'll know someone tried to access your system while you were away. * ALWAYS HAVE A BACKUP OF YOUR "PASSWORD.DAT" FILE!! Although this file can not be read using utility programs to obtain the password, the frustrated hacker can maliciously corrupt the file such that it will not perform correctly. * Consider frequently running an anti-virus scanning program on all systems, such as McAfee Associates "SCAN.EXE", available from most BBS's nationwide. * Adhere rigidly to your command's ADP Security Program. Ensure users obtain proper training concerning effective security methodology. Conduct periodic spot audits to ensure compliance. * If you experience any problems running NAVYPASS that can't be resolved despite your best efforts, see "A Final Note" at the end of this manual. 4-1 NAVYPASS Users' Manual by D. E. Wilson, LT, USN ______________________________ | | | 4.2 USING "BLANKALL.COM" | |______________________________| This small program is a gem: it completely "blanks" the screen if the keyboard has not been used for a set period of time. The default time period is 2.5 minutes, but can be set to any time between 1 and 9 minutes. For example, "BLANKALL 5" blanks the screen after 5 minutes of keyboard inactivity. This is extremely useful in preventing "screen burn", which occurs when the same screen display is constantly running for hours at a time, day after day. (Monochrome screens are particularly susceptible to this, but all screens can suffer from it). Place this program in your autoexec file (after NAVYPASS, of course!) and save your monitor's screen while extending it's life. It is a TSR, but only takes 720 bytes of RAM.... peanuts! After the screen goes blank, pressing any key immediately restores the screen as it was before. _______________________________ | | | 4.3 USING "NO-RESET.COM" | |_______________________________| This tiny assembly program enhances ADP security by disabling both the "CTRL-ALT-DEL" and "CTRL-ALT-INS" key sequences, preventing system from "warm booting" and, more importantly, preventing hackers from entering the setup configuration (this is also how many password schemes are bypassed). For Zenith Z-248 systems, using this program correctly can virtually make your system IRONCLAD TIGHT! Place it in the autoexec file (again, AFTER NAVYPASS) to invoke it during normal bootup. Employing all these programs correctly, a typical "autoexec.bat" file might look like the following: NAVYPASS path = c:\; c:\wordstar; c:\123; c:\dbase; prompt= $p$g NO-RESET BLANKALL 5 .. ... ....(rest of file) 4-2 NAVYPASS Users' Manual by D. E. Wilson, LT, USN _____________________________________ | | | Appendix A: TECHNICAL INFORMATION | |_____________________________________| NAVYPASS took several months to develop and debug, ensuring complete compatibility with the IBM PC standard. It was primarily intended to be implemented on Zenith Z-248 machines, which is the standard throughout the Federal Government and Department of Defense regarding stand-alone desktop computers. It has been rigorously tested on numerous true IBM AT clones (Intel 80286)and also 32-bit 80386 machines configured like the Unisys system on the Federal Desktop III contract. ______________ | | | Code Logic | |______________| NAVYPASS completely controls all keyboard input. If a menu is displayed, only the highlighted option letters or the <RTN> keys are valid entries; everything else is just ignored. During password entry, ONLY alphabetic characters are allowed; any other keystroke (including spacebar, backspace, <ESC>, or arrow keys) result in a error beep. This is performed by scanning the keyboard input, translating it to an uppercase letter, and checking if the result is an ASCII code between 65 and 91 (A-Z). Every byte of the string array is tested this way. For obvious reasons, I will not discuss the encryption and "Byte Heaven" algorithms here, but serious programmers who desire to see the source code can contact me for a copy. I won't give you the exact code for NAVYPASS, but I will provide you with a early version that behaves in much the same way. ____________________ | | | Author's Rights | |____________________| NAVYPASS is a Federal Domain program. All offices of the U.S. Federal Government may freely use it without further permission. How- ever, it is ILLEGAL to use it in a commercial or private sector environment without my expressed written permission. To do so is a violation of Copyright Laws and extremely bad karma. If you call me up and ask, I might just give you permission without charge! A-1 NAVYPASS Users' Manual by D. E. Wilson, LT, USN ____________________ | | | ACKNOWLEDGMENTS: | |____________________| "Turbo C" is a product of Borland, International. "Norton Commander" is a product of Peter Norton Computing, Inc. "PC Tools" is a product of Central Point Software, Inc. "XTREE" is a product of the XTREE Company. "Zenith Z-248" is a product of Zenith Data Systems. ********************* * A FINAL NOTE... * ********************* If you experience ANY difficulty in running NAVYPASS that can't be cured by reading this manual file, feel free to call or write me at any time. My address on the cover sheet of this manual is good until Dec 1991. As I am a maintenance "groundpounder", the following phone numbers will eventually find me: AV 820-2995 (Quality Assurance) AV 820-6361 (Maintenance Officer) Commercial numbers: (206) 257-2995 (206) 257-6361 A-2