ProfitPress Mega CDROM2 Shareware Freeware (MSDOS)(1992)(Eng)

home *** CD-ROM | disk | FTP | other *** search

/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / BBS / RBBS_PC / RBBSDOCS.ZIP / RBBSDOCS.15 < prev next >

Wrap

Text File | 1990-11-05 | 25.9 KB | 536 lines

THE SECURITY FEATURES OF RBBS-PC 15-1 15. THE SECURITY FEATURES OF RBBS-PC ------------------------------------ RBBS-PC has always been an open system designed for public use. A SysOp should always ASSUME that EVERY FILE ON THE PC running RBBS-PC CAN BE DOWNLOADED AND/OR DESTROYED. However, RBBS-PC has extensive safeguards that systematically enhance security and privacy. For example, RBBS-PC has the logic within it's code to prohibit anyone (including the SysOp) from downloading the RBBS-PC "system" files described in section 6.2. RBBS-PC can still be run as a wide-open system, but the SysOp has many additional options to restrain access. These security options make RBBS-PC much more suitable for private and business use. RBBS-PC's security is controlled by three things: 1. the system configuration file (RBBS-PC.DEF), 2. the two external security files for a. passwords (PASSWRDS), and b. file downloads (FILESEC), and 3. the users file (USERS) in which each user has an assigned security level. The users file is controlled by the SysOp user maintenance function 5 as described in section 16. To change a specific users security level you select the M>odify option and then the S>ecurity option. This allows you to set the security level for a user. Users cannot set their own security levels. Section 15.3 describes how to implement special passwords that provide special privileges to the groups that issue them. Section 15.4 describes how specific files, groups of files, or even whole disk volumes can have download security levels associated with them. 15.1 RBBS-PC's Security Features -------------------------------- Each user has an assigned security level, permitting 65,536 possible security levels. Each command in RBBS-PC also has a security level assigned to it. Security assignments are controlled by the SysOp. To use a command, the caller's security level must be at least as high as the command's security level. The SysOp can assign a file or group of files both a security level and a password. To download a file, a caller must have a security level at least as high as the file's and be able to give the file's password (if one is present). All users must pass these security tests, including anyone with SysOp privileges. Messages can be assigned a password by their creator. Then only persons who are able to give that password can read or kill the message. Messages with password protection will show <PROTECTED> when scanned. Callers have no way of distinguishing messages to private individuals and to groups except by how they are addressed. Persons with SysOp privileges can read all messages. See section 15.2 for an example of group passwords. Security violations are logged to the CALLERS file. These include attempting to use functions without sufficient security clearance and failure to give required passwords. RBBS-PC's default configuration is that of an "open" system. RBBS-PC 17.3A TECHNICAL REFERENCE MANUAL 15-2 RBBS-PC's security system provides the SysOp with several choices on how to run RBBS-PC. The chief ones are as follows: 1. Change the bulletin board from an open system available to all callers, to a pre-registered system available only to specified users. To support this option, there is a function in the SysOps user maintenance option 5 to ADD users. 2. A SysOp can set up different "classes" of users by assigning different security levels to different users. Concurrently the SysOp would have to assign different security levels to different commands. For example, new callers might be permitted only to leave a comment, read bulletins, and list files that can be downloaded. Or there might be a group of files assigned a security level that only members of a special interest group can download. 3. The SysOp can segregate the functions of the bulletin board into different groups based on a password. A specific file or group of files can be downloadable only to those who know the password. Similarly, messages can be made open to everyone knowing the password but closed to everyone else. This way there can be semi-private portions of the bulletin board. 15.2 Examples of Uses for RBBS-PC's Security System --------------------------------------------------- Some examples of how a SysOp can tailor RBBS-PC using RBBS-PC's extensive security features follow. SPECIAL INTEREST GROUPS -- A special interest group (SIG) in a users group wishes to run a RBBS-PC for both the general public and its own use. An example would be an authors SIG for persons interested in publishing books and articles or developing commercial software. A definite need would exist to be able to address messages to everyone in the SIG without making them open to every caller. The SIG would establish the convention to password protect general SIG messages with the password AUTHORONLY, and to address them to AUTHORS SIG. Another example would be a bulletin board devoted to the exchange of software. Allowing persons to use the message subsystem would only interfere with the primary purpose of the bulletin board. Therefore the SysOp removes from the menu the functions for leaving and reading messages. To prevent a person from using the functions to leave or read a message (even though they are not displayed), the SysOp assigns these functions a security level higher than a person who logs on normally would be assigned. Another example of using RBBS-PC's security system would be to set up an agreed upon temporary password such that when a user logs onto the system they can issue the password and get longer than normally allowed. If the time for normal users is 30 minutes, the SysOp can set up the special password SOFTEXCHANGE, with a maximum time on of 150 minutes instead of the normal 30. By shifting over to this special password after logging in, members can get extra time if they need it. SOFTWARE SUPPORT -- An author of a freeware program offers RBBS-PC support to all persons who register their copies and send a contribution of, say, $35 per copy. The registered user can get answers for problems and download free updates and sample applications. The author wants anyone to be able to call just to find out about the service. New callers get a THE SECURITY FEATURES OF RBBS-PC 15-3 security level of 2 automatically assigned to them. This allows them to use only the message subsystem. The file subsystem is assigned a security level of 7. Contributors are added by the SysOp with a security level of 7 and a pre-assigned password. Except for SysOp functions, registered users have free reign in the RBBS-PC. CLIENT SUPPORT -- A SysOp on a public RBBS-PC also works as a management consultant. She has several associates who work with her on projects. She needs to be able to send and receive messages from her associates which the general public should not see. So they agree on a message password NOTPUBLIC. To support her different clients she also needs to leave private files for downloading. To each client she assigns a special downloading password. To restrict downloading to just that client, file names are put in the file security file with the appropriate password. Only persons with the password can then download them. PRIVILEGED ELECTRONIC MAIL -- A company uses RBBS-PC to help support its regional offices. Only regional vice-presidents should be able to download certain management reports. In file security these reports are assigned a high security level of 9, which only managers get. 15.3 How to Implement the Password File --------------------------------------- CONFIG allows the SysOp to designate the name of the file containing the privileged group passwords to RBBS-PC. Since this file is a normal ASCII file, the SysOp can use any text editor to create and update the file. Put the information for each password on a single line and separate the fields with commas. It is important to note that EACH record of the password must contain ELEVEN parameters (i.e. TEN commas). For the password file, the format is: parm1,parm2,parm3,parm4,parm5,parm6,parm7,parm8,parm9,parm10,parm11 where: parm1 -- password that this line applies to parm2 -- security level for password. If no password was specified, this is the user security level this line applies to parm3 -- maximum time in minutes for a single session parm4 -- maximum time in minutes per day parm5 -- number of days in the subscription period parm6 -- start time, in format HHMM 24 hour style, this line applies to parm7 -- end time, in format HHMM 24 hour style, this line applies to The start/end time are limits on all other parameters: meaning that they apply only during the specified times. Specifying 0 for start/end times means that this line applies all day. parm8 -- the type of ratio method to use. This should be one of the following: '0' - meaning use the files uploaded to files downloaded ratio '1' - meaning use the bytes uploaded to bytes downloaded ratio '2' - meaning use the files per day restriction '3' - meaning use the bytes per day restriction NOTE: FIRST TIME CALLERS MUST UPLOAD AT LEAST ONE FILE (BYTE) BEFORE DOWNLOADING UNLESS THEY ARE: EXEMPT FROM THE RATIO REQUIREMENTS, ARE USING THE DAILY RATIO METHOD, OR RBBS-PC 17.3A TECHNICAL REFERENCE MANUAL 15-4 AN INITIAL UPLOAD CREDIT HAS BEEN GRANTED. THE INITIAL CREDIT FIELD IS IGNORED FOR METHODS 2 AND 3. parm9 -- the ratio field. A positive integer, such as 15, placed in this parameter requires that the caller maintain a ratio of a least 1 file (or byte) uploaded for every 15 files (or bytes) downloaded. The ratio of uploads to downloads can be cumulative over multiple days or it can be limited to the current day's activities of the caller. A 0 tells RBBS-PC to record uploads, but it will not record downloads, nor will it enforce ratios. This allows the SysOp to have a "free" download period. A -1 tells RBBS-PC to record uploads and downloads, but not to enforce ratios. This allows the SysOp to keep records of each user's transfers, but it will not stop a user from downloading as much as time allows. parm10 - the initial credit field. This can be any positive integer including zero. The use of ratio methods 2 and 3 in conjunction with this field can restrict the number of files (or bytes) that can be downloaded by an individual or group of callers per day. parm11 - the elapsed time (in seconds) that a caller must wait after logging on before "Time Locked" features will become available. See the description of CONFIG parameter 155 for a full description of how "Time Lock" works. Here are some examples of how the PASSWRDS file might be used: ,5,50,,,0001,0600,,,, Security level 5 gets 50 session minutes ,5,25,,,,,,,, between 00:01 AM and 6 AM, and 25 minutes otherwise. ,7,50,70,730,,,,,, Security level 7 has a subscription period of 2 years and a session limit of 50 minutes, and a daily limit of 70 minutes. BIGTIME,6,52,,,,,,,, Temporary password BIGTIME gets 52 minutes per session and a security of 6. EXTEND,5,120,,9999,,,,,, Temporary password EXTEND gets 120 minutes for the current session (the user's elapsed time per day would still remain whatever was set in CONFIG parameter 8), a temporary security level of 5, and a subscription period of 9,999 days. ,7,128,256,,,,,,,120 Users who log on with a security level of 7 are automatically granted 128 minutes on the system for each session, 256 minutes total for each day (independent of what was set in parameter 8 of CONFIG), and their subscription period remains unchanged from whatever it was before, but they must wait 120 seconds before being able to exit to a "door" or download a file. SKIPRATIO,170,120,200,90,0600,1200,0,0,, THE SECURITY FEATURES OF RBBS-PC 15-5 Temporary password 'SKIPRATIO' grants the caller a security level of 170, a session limit of 120 minutes, a daily time limit of 200 minutes, a 90 day subscription period, during the hours of 6AM until noon with no ratio limits. No downloads are added to the counts for the user. Changing the last "0" to "-1" would cause the counts to be added but not acted on to limit downloads. ,140,60,60,365,0001,2400,1,10,, Users with a security level 140, have a session limit of 60 minutes, a daily limit of 60 minutes, a one-year subscription, but during any hour of the day they must maintain a ratio of 1 byte uploaded for every 10 bytes downloaded. There is no initial upload credit. Therefore, an upload must take place before a download. ,150,70,,90,,,0,15,2,600 Users with a security level of 150, have a session limit of 70 minutes, a 90 day subscription, must maintain a ratio of 1 file uploaded for every 15 downloaded. An initial credit of 2 files are granted to all new/existing users. However, they can not exit to a "door" or download a file for the first 10 minutes (600 seconds) of their session. ,165,90,,120,,,0,30,, Users with a security level of 165, have a session limit of 90 minutes, a 120 day subscription, must maintain a ratio of 1 file uploaded for every 30 downloaded. No initial upload credit is granted. ,170,120,,365,,,2,10,, Users with a security level of 170 have a session limit of 120 minutes, a one-year subscription limitations, but can only download 10 files per day. ,200,360,,730,,,3,250000,, Users with a security level of 200 have a session limit of 360 minutes, a two-year subscription, but can only download 250000 bytes per day. If you are using COPY CON to create this file you "MUST" press F6 followed by a Ctrl/Z at the end of the last entry prior to pressing carriage return. 15.4 Implementing Security for Download Files --------------------------------------------- CONFIG allows the SysOp to designate the name of the file containing the passwords and security levels that can be used to restrict downloads of specific files, volumes, or files names meeting certain "wildcard" criteria. This file contains file names with download restrictions in the format: <filename>, <security level>,<password> Note: Each line is a record and ends with carriage-return line-feed. The only optional field is the password field for a filename. By leaving the password field empty, no password is assigned to a file. The commas between the fields are necessary. YOU MUST HAVE TWO COMMAS ON EACH LINE even if you do not have a password associated with the file. Some examples would be: RBBS-PC 17.3A TECHNICAL REFERENCE MANUAL 15-6 COMMAND.COM, 10,DOS PAYROLL.DAT, 99,BANKRUPT CALLGIRL.SEX,,ILLEGAL \FINANCE\STOCKS,100, The file COMMAND.COM could not be downloaded unless a user had a security level equal to or greater than 10 AND could supply the password "DOS". The file PAYROLL.DAT could not be downloaded unless a user had a security level equal to or greater than 99 AND could supply the password "BANKRUPT". Any user could download the file CALLGIRL.SEX if they could supply the password "ILLEGAL". Any user with a security level of 100 or higher could download the file STOCKS in the DOS subdirectory FINANCE without supplying any password. Additionally "wild-card" characters and drive designators can be used to protect or restrict certain classes of files (by extension, by drive, etc.) from being downloaded. Some examples would be: A:*.*,8, E:*.SEC,2,PW1 A*.M*,0,GX3 XY?X.*,9,3XG All files on drive A would require the users to have a security level of 8 in order for a user to download them. Any user who wanted to download a file whose extension was ".SEC" and was found to be on drive E would have to not only have a security level of at least 2 but to also give the password PW1. The third entry above would require a user who wanted to download any file on any drive with a prefix that began with "A" and an extension that began with "M" to have a security level of at least 0 and to enter the password GX3. Finally, the last entry above would require any user who wanted to download any file on any drive whose four-letter name began with "XY" and whose last letter was "X" with any extension to have a security level of at least 9 and enter the password 3XG. The wildcards "*" and "?" operate just like they do in DOS with two exceptions. The "?" requires a character. In DOS the name "HAPPY" satisfies the file specification "HAPPY?" but it does not in RBBS-PC. Also, in RBBS-PC, a wildcard applies to an extension only if it occurs after a period. Thus "xyz*" in DOS finds "xyz.a" but not in RBBS-PC ("xyz*.*" will find it). To get exceptions to the general rule, just put the exceptions first. RBBS-PC's file security search stops with the first applicable entry that it encounters. For example, 1. if you want all files on the B drive to require the user to have a security level of at least 3, 2. except that files on the B drive with the extension ".SEC" would require the user to have a security level of at least 6, and, 3. regardless of the disk drive that they were on, any file beginning with "MES" with an extension of ".SEC" would require the user to have a security level of at least 12 you would enter the following into the file security file THE SECURITY FEATURES OF RBBS-PC 15-7 MES*.SEC,12, B:*.SEC,6, B:*.*,3 Special Note:RBBS-PC is hard coded so that there are some files that nobody can download -- not even the SysOp. These are RBBS-PC.DEF, users, messages, callers, group password, comments, the file security, and backup files. Similarly the batch files that control RBBS-PC and let the caller exit to DOS 2 can not be downloaded. The default security file provided with RBBS-PC is empty. 15.5 Implementing Security for RBBS-PC Commands ----------------------------------------------- RBBS-PC allows each command to be assigned it's own security level. A user who wishes to invoke an RBBS-PC command must have at least the same security level as the command. Let's assume that a SysOp wants to set up the following classes of users: Classification of Users Security Level "Locked Out" Users 0 New Users (first time) 1 Normal Users 2 Users who can "view" a Conference 3 Users who can enter Messages 4 Users who can download files 5 Users who can upload files 6 Users who can Join a Conference 7 Users who can do some SysOp commands (Jr. SysOps) 8 Users who can enter a "door" 9 Users who can enter all SysOp commands (Co-SysOps) 10 The following table illustrates one method of assigning each RBBS-PC command it's own security level: Security Level Subsystem/Command Assigned to Command Messages Subsystem A>nswer questionnaire............... 4 B>ulletins.......................... 1 C>omments........................... 1 D>oor subsystem..................... 9 E>enter message..................... 4 F>iles system....................... 1 I>nitial welcome.................... 1 J>oin a conference.................. 7 K>ill messages...................... 4 O>perator page...................... 1 P>ersonal mail...................... 2 R>ead messages...................... 2 S>can messages...................... 1 T>opic of messages.................. 1 U>tilities (more)................... 1 V>iew conference mail............... 3 W>ho's on other nodes................3 @>Library Sub-System.................1 Files Subsystem D>ownload........................... 5 G>oodbye............................ 0 RBBS-PC 17.3A TECHNICAL REFERENCE MANUAL 15-8 L>ist file directories.............. 4 N>ew files.......................... 5 P>ersonal downloads................. 5 S>earch directories for string ..... 1 U>pload a file...................... 1 V>erbose listing of ARC file........ 1 Utilities Subsystem B>aud rate.......................... 1 C>lock (time of day)................ 1 E>cho selection..................... 1 F>ile transfer protocol............. 1 G>raphics........................... 1 L>ength of page..................... 1 M>essage Margin..................... 1 P>assword change.................... 1 R>eview preferences................. 0 S>tatistics of system............... 1 T>oggle (line feeds, etc.).......... 1 U>serlog............................ 2 Library Subsystem A>rchive a Library disk..............5 C>hange a Library disk...............5 D>ownload........................... 5 G>oodbye............................ 0 L>ist file directories.............. 4 S>earch directories for string ..... 1 V>erbose listing of ARC file........ 1 GLOBAL commands ?>What can be done.................. 1 H>elp with a command................ 1 Q>uit to another subsystem or exit.. 1 X>Expert/novice toggle.............. 1 SYSOP Subsystem 1>List comments..................... 8 2>List callers log..................10 3>Recover a Message................. 8 4>Erase comments.................... 9 5>USERS maintenance.................10 6>Toggle page bell.................. 8 7>Exit to DOS 2.x or above.......... 9 15.6 Beware of the "Trojan Horse!" ---------------------------------- Despite RBBS-PC's security always remember that you should always assume: "EVERY FILE ON THE PC RUNNING RBBS-PC CAN BE DOWNLOADED, MODIFIED, AND/OR DESTROYED!" RBBS-PC's security system appears to be so fool-proof that some individuals have resorted to uploading programs that appear to do one thing, but actually do something else. These "trojan horse" programs search all the disks that are connected to the PC that the program is running on for such RBBS-PC files as RBBS-PC.DEF or USERS. The program then copies these files to an innocuously named file that can be downloaded later when the person who uploaded it logs onto the system again. Since RBBS-PC.DEF contains the pseudonym that the SysOp can use to logon on remotely as the SysOp, once the user downloads a copy of it the user can then log on as the SysOp and do just about anything including exiting to DOS and formatting all the disks on the system. Similarly, the USERS file contains passwords and the THE SECURITY FEATURES OF RBBS-PC 15-9 security levels of everyone on your RBBS-PC -- some of whom may have SysOp privileges. You can protect yourself against anyone logging on as you, the SysOp, by not allowing anyone to logon as the SysOp remotely (see CONFIG parameter 121). You can protect yourself against unauthorized access of the USERS file by simply not allowing any user to have SysOp privileges. Of course there is the "trojan horse" program that doesn't even bother with the above, but simply destroys all the disk files on all the disks that are connected to the PC that is running the program.