V-Phage Frequently Asked Questions
SO YOU WANT TO KNOW ABOUT V-PHAGE, WELL !!!!
1. Hardware and software compatibility
V-PHAGE operates under the DOS 2.0 or higher operating system. It will function
with as little as 256K RAM and up to the full 640K. It shells extended memory. It
requires any size hard drive. The 8086, 8088, 80286, 80386, and 80486 for Personal
Computers are base devices for V-PHAGE. V-PHAGE functions on PS/2 models 20, 30,
40, 50, and 60 running under DOS. V-PHAGE functions within the AT&T UNIX System
V DOS shell.
1+. Does it use extended memory
Yes
1a. Minimal TSR memory requirements
V-PHAGE requires 10,668 bytes
1b. No conflicts with other TSR programs
To the best of our testing any TSR program installed within the V-PHAGE
shell will not cause conflict. The test executed by ACC was to install NC.EXE within V-
PHAGE at a user level. The point and shoot feature allowed movement about the system
but attempts to execute produced the message "must run from v-phage". Attempts to
view (F3), edit (F4), copy (F5), Change name (F6), Create/change directory (F7), delete
(F8) produce the message "COMSPEC not available OK?" ACC created a user menu
by executing the NC F9 function. The user menu execute by selecting the F2 key to
depict the menu. Attempts to execute a program from the user menu produce the
message "must run from v-phage". We have studied Mr. Gibson's TSR documents so
as to allow all TSR which does not affect machine security.
1c. Is it TSR
Yes
- memory
in server 378,000 for programs and 10,700 for shell
in nodes 10,700 in stand alone otherwise runs from server
- time to run detekt
9 minutes for full 32M disk, .000002 per each K bytes of memory for either stand
alone or server
- administrator run program
control is from the server the administrator has access to execute any program
from any server within the established shell
- overhead
the user on both stand alone and network does not notice any degradation of
processing speed.
- Will V-PHAGE tie up the system
no but failure to meet the designated security criteria will deny or limit access for
the specific individual node
1d. Boot protection
V-PHAGE is currently not boot protected. Beta testers could not recover from
misuse attempts when the original boot protect module was functioning. The ability to
add logical structure (scrambling) to the process of application execution denies access
by devious means. The V-PHAGE ADD process makes the acts of piracy and corrupting
time consuming and increases the requirement of attacker super user skills. ACC
research has documented the mind set of corruptors and, as a result, added controls
which prohibit successful execution after an illegal system start.
2. Specific security windows V-PHAGE can present:
Access Control
Access Duration
Access Code Duplication
Encryption
Change Detection
Selected Files
Default disk drive
All disks on a single user device
File server
All servers on a network
All disks including all servers on a network
Copy Protection (Scrambling)
Backup (Savezone)
Recovery (Newzone)
DOS access prohibited
Application access limitation (tied to level)
File Access limitation (to application)
On Demand screen Blanking (Alt-F10)
Inactivity induced screen blanking
Time out with mandated power down
Erases Ram
Execution control (must run from v-phage)
This may repeat but V-PHAGE has inherent the following features that the
products on page 8 do not possess.
Access Duration Specified by Administrator
Access code selected by user after authorization
Access Code Duplication Prevention
Encryption of executable code by scrambling
Encryption of files in a originator specific form
Change Detection (includingpealth VIRUS)
Selected Files
Default disk drive
All disks on a single user device
File server
All servers on a network
All disks including all servers on a network
Secure File Erase
Copy Protection (Scrambling)
Backup (Savezone)
Recovery (Newzone)
DOS access prohibited to users
Default Disk prohibited format
Application traceability from root for security
Application access limitation (tied to level)
File Access limitation (to application program)
On Demand screen Blanking (Alt-F10)
Inactivity induced screen blanking
Time out with mandated power down
Erases Ram at Time out
Erases Ram between users
Execution control (States: must run from v-phage)
User manual on line to administrator from the F1 key
Administrator Help Screens (44)
User Help Screens (12)
Individual Password File Security
Hidden Directories for three types of audit
Audits all command actions which cause execution
Write prohibited levels of access
Back door / trap door "hot key" lockout
3. Suitable for 8086, 8088, 80286, 80386, 80486 and DOS and PS/2
V-PHAGE has been tested and functions to the attached specification in all the
above environments with the exception that the program timer.com must be in the shell
to control the clock card in the 8086 and 8088 machines where clocks are optional. The
absence of a clock causes all audit reports to have the date 1/1/80 and the time of
12:00:00:00. Audits are stored in sequential order identifying the user ID. Therefore
while the time might be lost the sequence and content is not.
4. Will V-PHAGE run with windows
If windows is inside the V-PHAGE shell yes. Outside no.
Windows is treated as just another application.
5. Can administrator give access to utilities
Yes but the user cannot execute them as V-PHAGE hooks the appropriate
interrupts and calls to prevent format, copy and modification to disks and files
6. Is V-PHAGE always running
Yes you turn it on when you boot the system
7. Do you have to have a totally clean system
It would be nice but NO NO NO. If you install and then run DETEKT you will be
notified of change. Detekt will over time identify all culprits and the problems they cause.
V-PHAGE assumes PARKINSON'S LAW, i.e., if it can go wrong it will, at the worse
possible time.
8. Can you restrict access to the file level
No V-PHAGE design trades off overhead against probability of occurrence.
Access to an application in a secure environment is joined with structured user sub-
directories which limit access. ACC possesses code sets to limit access to the record
level. The implementation of these sets posed a problem to users limited to 512 or even
640K RAM.
9. How is data protected
Access to an application in a secure environment is joined with structured user
sub-directories which limit access. ACC possesses code sets to limit access to the
record level. Version 2.1 includes FISEC - File Security a means to encrypt/decrypt
specific authorized file in the authorized application directory
10. Can I wipe out my disk
No but if you copy a file to a floppy, it will not execute outside the V-PHAGE shell.
If you attempt to disassemble V-PHAGE programs they will self destruct, i.e., scramble.
11. Installation difficulty
On a 1 -10 scale the difficulty level is 2. However using the same scale for time
consuming and exacting in the name of in depth security the number in 8 or 9.
13. Loose environment
V-PHAGE is the perfect starch to firm up a loose environment. In on action a site
becomes secure and rigorous in security.
14. Password Encryption
Both the ID code and the Password are encrypted. Each is stored in a separate
hidden file. This action increases the degree of difficulty presented to a person
attempting to circumvent V-PHAGE security. The encryption mechanism is DES modified
by ASCII independent character interpolation. The encryption algorithm is unique to each
V-PHAGE installation based upon the answers to the questions posed to the installer.
Should an individual be successful in locating the ID/Password for a user on machine A,
he would not be able to execute the copied information on machine B as the algorithm
value for program access would be incompatible. (See Specification Pages 6 at bottom
and 7 at top).
15. Master Security Override
It is ACC's decision that the fact of allowing a master security override opens an
unnecessary window of vulnerability. A user cannot override. An administrator may
override security by executing a set procedure which announces to all users that the
administrator has compromised security. This is accomplished to provide the users with
insight so that they might back up and/or remove the data considered sensitive outside
V-PHAGE.
16. Multiple User Sign-on/Password
V-PHAGE allows an unlimited number of users each with a unique ID, Password
and ID/Password combination. (See specification page 6, ADD USERS)
17. Protection from unauthorized file deletion, changing and low level formatting
V-PHAGE does not allow a user to execute any DOS command which can delete,
change or format. If, for whatever reason, an administrator allows a user to access a
disk manager program (example: Norton Commander), or a super utility package
(example: PC Tools, MACE, Dr Panda, etc.) the V-PHAGE controls the comspec and
interrupts thereby prohibiting attempts at deletion and formatting. Change may be
accomplished by a user in those files to which the administrator has granted access. A
user cannot achieve access to change unauthorized files. An administrator can make a
change to a file. For added security, the audit trails show file changes in the DETEKT
process and the action which caused the change in the User Audit. The cross
referencing of audit data is designed to point up all, including administrator,
transgressions. (See the Note: on page 10 of the Specification)
18. Standalone but LAN compatible
V-PHAGE is standalone. The standalone version functions upon a LAN.
ACC tested V-PHAGE using a NOVELL LAN. V-PHAGE LAN optimize the NOVELL
API'S into the security system. ACC is operating a three station V-PHAGE LAN
successfully using NOVELL supplied equipments. A V-PHAGE version for 3COM is
being negotiated. 3COM will consign the necessary equipments, software and
documentation to ACC.
18.a Non-network V-PHAGE remote access
The ability to access a portion or all of the V-PHAGE functions and options
is directly related to the modem device and protocol used to join device A to host device
B. The following procedure was successful utilizing the Public Domain protocol, GT
version 1.5.01.
1. Exit to DOS from V-PHAGE shell using administrator menu.
2. Copy DETEKT.EXE from C:\V-PHAGE\ to the protocol directory,
3. Turn off the computer.
4. Boot into V-PHAGE manager's menu.
5. Select FILE ACCESS.
6. Select UNPROTECT.
7. Choose to unprotect the DETEKT.EXE file in the protocol directory.
8. Quit the FILE ACCESS feature.
9. Exit to DOS from V-PHAGE shell using administrator menu.
When the program GT1501.EXE was executed from DOS outside the V-PHAGE
shell, we stepped through the log on procedure which provided access to machine B. At
the first user select command, we input DETEKT and pressed RETURN. The DETEKT
program processed and produced a file called 61290.aud in a directory called
C:\DETAUDIT\. Using the download procedure normal to the protocol we copied the file
to our machine. We had monitored machine B from our remote location in this specific
protocol.
For information machine B was located in Columbus OH while machine A was in
Baldwin,NY.
ACC cannot guarantee that this procedure is fool proof to all protocols. We are
beginning to collect other public domain protocols to determine if a TCP/IP exists for the
micro world. Thanks to your interest we will add this ability for non-network remote
monitoring of change to a future version.
18a. Network capabilities
Novell DOS and 3COM plus open and plus share. Additionally the standalone
version can be manipulated if you use a micro-TCP/IP protocol.
19. Multiple feature selectibility
The user is limited to four features (run program, change password, help, and quit).
The administrator has access to use of all thirteen features and all options within each
feature.
20. Ease of use
V-PHAGE is as simple as 1-2-3 for the "fast-paced" user. One, turn on your
computer/terminal. Two, enter your ID and Password. Three, move the cursor to the
chosen authorized application and press ENTER.
V-PHAGE is more complex for the administrator because he/she must organize and
implement the rigorous mandated security procedures which are transparent to the user.
First the professional will establish the basis to monitor change. He/she
will execute the DETEKT option. Next he/she will backup the boot track and file
allocation tables and prepare a rescue disk using SAVEZONE. The third step is the
assignment of applications to levels of access. Finally each user is assigned a unique
ID and Password. During this final step the level of access is married to the user
authorization to access. The Administrator has the option to establish the time to blank
screen uniquely for each user. He may establish the duration during which a password
is valid, again, uniquely by password. V-PHAGE has 16 levels as it exists. This limitation
is man made. We could customize to as many as 256 levels.
21. Vendor support
ACC provides vendor support during normal business hours, i.e., 8:00 AM
to 8:00 PM EST/DST. Questions answered will reference the manual and help screens
appropriate to the requestor.
22. Fixes, patches and upgrades
Fixes and patches to the purchased version will be provided $20 during the
warrantee period and at a cost of $100 for the life of the version thereafter. Upgrades to
a new version will be provided for $100 next version, $250 two version upgrade, full
negotiated price three or more version upgrade.
23. Adherence to DES
ID and Password encryption adhere to the NCSC micro computer DES
standard modified by the ACC Proprietary ASCII character independent algorithm.
Executable files (.exe, .com, .ovr, .bin, and .bat) are scrambled. The unique ACC
scrambling algorithm provides DES protection without increasing the foot print of a
minimal TSR memory requirement (your question 5). ACC's three years of research and
experimentation have produced a copy protection logic which is VIRUS resistant in more
than 99.7% of attacks. Full Hard Drive DES encryption would add at Minimum 512K of
HD overhead and increase read/write times by .7 seconds for each occurrence. EDS has
the choice in the matter. ACC has both a scrambling mechanism and a full DES
mechanism available for your selection. A scrambled file when copied via a clandestine
access via a floppy drive will not execute outside its V-PHAGE shell. DES encrypted files
will execute in a convivial software environment. (Example: PC SECURE'ed executable
will execute in any PC SECURE environment)
24. Hard disk locking
Levels 11 - 15 allow read only access. As V-PHAGE boots from the default
hard drive disk locking cannot occur when all security controls are properly addressed.
The Hard disk will lock during sign-on after missed access attempts for ID and Password,
in blanking mode if the wrong password is used, in the exit to DOS mode if the wrong
password is used, in Quit if an missed access attempt is noted, and during applications
if a control-break or warm boot is attempted. The only mechanism to recover after hard
disk locking is to shut the computer off, wait 20 seconds and then cold boot. The V-
PHAGE security processes causes the RAM to be cleared so that work in process cannot
be reconstructed.
25. Different Authorization access levels
V-PHAGE allows 16 levels of authorization access. The combination of
hidden directories and data files allows multiple users to share a level. At EDS choice V-
Phage could accommodate 256 levels.
26. Audit trails
Beginning with version 2.1 V-PHAGE contains an editor which aids
customization of the audit files generated. Audit files are generated into three separate
and unrelated hidden directories. Files are created daily for the 24 hour clock period.
The audit files are:
1. Missed Attempts at access -- Accessible in the List user display. It can be hard
copied using the PRT SC command.
2. Change Detection
a. special files
b. default hard drive
c. all active drive
(Note: An active drive which is specified for change detection but which has not been
previously evaluated will be so noted and a temporary evaluation will occur as the basis
for a future review.
3. Transaction tracking
a. manager activity
b. user actions
27. File encryption
The V-PHAGE disks in your possession (versions 1.7 and 2.0) do not
encrypt files. EDS has the choice of requesting the file encryption module be added to
the security system you choose. The mechanism that is currently used by V-PHAGE
affectionados is to scramble the data file prior to log off and unscramble (using the
UNPROT routine on specification page 10) prior to execution of the application software.
ACC's three years of research and experimentation have produced a copy protection
logic which is VIRUS resistant in more than 99.7% of attacks. Full Hard Drive DES
encryption would add at Minimum 512K of HD overhead and increase read/write times
by .7 seconds for each occurrence.
28. Economical?
This is a decision ACC cannot make for a potential customer. The following
will explain the purchase options available at the present time.
SUGGESTED PRICE LIST
Model Description Price
SA V-PHAGE Stand Alone V-PHAGE
. Password Creation
. Change Detection
. Copy Protection
. Restore Protection
. Application Protection Shell $295.00 ea.
LAN V-PHAGE V-PHAGE LAN Server
. Same as V-PHAGE
. API Interface in Novell Network
. Screen Timeout Initiated Back Out
and Roll Forward $395.00 X No. of Nodes.
Node boot disk V-PHAGE LAN Cost Per Node $50.00 ea.
Unlimited Worldwide Corporate Site Licensing $175,000 ea.
Maintenance/Support (after initial 0-day warranty period) 10% of SLP or $15,000 per
support location (whichever is least)
Installation and Reference Manual $25.00 ea.
Per Node Discount:
The user should expect to pay $50.00 per node irrespective of the number of
nodes. A sliding scale discount will be applied to volume orders.
Unlimited Worldwide Corporate Site License:
A commission of 20% will be paid to the reseller upon payment to ACC, Inc.
Maintenance and Support:
A commission of 20% will be paid to the reseller which includes orders for
manuals.
28b. Price
$295 for standalone
$175,000 for standalone national license *
$395 for network server (one)
$ 50 for each node
$175,000 for network national license *
* The purchaser of a national license reproduces his disks and manuals.
29. Password minimum length restrictions
V-PHAGE imposes an ID minimum length of three characters and a Password
minimum length of five characters.
30. Configurable Password change interval
Your choice is one week, bi-weekly, monthly, quarterly and semi-annually.
The administrator assigns this duration when he adds the user.
31. Configurable inactive workstation timeout threshold
You can choose any time from one minute to ninety-nine minutes. Again
the time is assigned by the administrator when the user is added to the security system.
NOTE: Items 30. and 31. may be modified using the change user function.
32. Unattended workstation processing protection
V-PHAGE allows a user to lock his/her keyboard every time they leave it by
pressing ALT-F10 simultaneous. Further if the user forgets the timeout to screen blank
prevails. Finally the user is allowed to access only those applications which have been
administrator authorized. Users are not allowed to access "as of right". If an
administrator erroneously allowed DOS access, the user could not copy or format.
Software hooks in the V-PHAGE shell prohibit execution by users of commands which
damage.
33. Operator initiated keyboard lock
V-PHAGE allows a user to lock his/her keyboard every time they leave it by
pressing ALT-F10 simultaneous.
34. "Execute only" protection for software files
Levels 11-15 are configured as read only from the
default hard drive. Files created in the chosen application may be written to drive A: