Explaining V-Phage Components
V-PHAGE -- SECURITY FOR THE DISTRIBUTED AND DOWN SIZED
By: Thomas V. Sobczak, PhD
Application Configured Computers, Inc.
V-PHAGE is software which monitors DOS and Netware to secure IBM and
compatible computers or networks. V-PHAGE functions at the platform level taking
control of the O/S upon cold boot (warm boots are locked out). V-PHAGE (V for
vindictive software and phage, the sack formed by the body to contain an infection)
provides redundant Cyclical Redundancy Checking (CRC) and Checksum change
detection with full change audit, special change monitoring of specified files, hard disk
drive Boot Track and File Allocation Table (FAT) backup and recovery, ID/Password
access control with selectable password duration, three encryption algorithms (which
isolate system controls, application code and sensitive data), inactivity screen blanking,
on-demand screen blanking, programmable timeout, 21 User HELP screens, 64
Administrator HELP screens, an on-line administrators manual, Operating System
(O/S) command line prohibition to all but those authorized, unsanctioned application
execution prohibition, enhanced utility software prohibition, lock-out and prohibition
of unauthorized write-to-disk, and hard disk format prohibition. All the foregoing is
applied uniquely to each user by an administrator who is also monitored by the V-
PHAGE security process.
V-PHAGE is a mandated corporate security policy upon a hard disk. V-PHAGE
allows a security auditor to customize operations to mandate conformance to
corporate security policy. V-PHAGE is complete. The degree of security chosen is
totally dependent upon the choices made by an administrator. Each feature and most
selectable options are stand alone. The only exception is V-PHAGE will not allow an
administrator to damage his system by misusing the DOS format command.
A comparison shows the V-PHAGE shell extending operating system security is
more effective than products which function as applications. Application software
functions as a subset of the operating system rather than a partner providing protection.
Applications can be manipulated. Most application level security software was
introduced prior to the computer hacker and virus threats which surfaced in the mid
1980's. These early players ignore the evolution of operating system enhancements.
V-PHAGE is a 1990's result of the integration of validated solutions which optimize
security by minimizing user access to O/S commands unrelated to application
execution.
1. Encryption - V-PHAGE encrypts the ID/Password files using a proprietary
algorithm. Executable code is scrambled using a second proprietary method so as to
close the execution vulnerabilities created by a "decrypt to process" system. V-
PHAGE executable files are copy protected by a sequence scrambling mechanism. If
encrypted applications or data escape your system, they will not process outside your
V-PHAGE shell. (Note: A Descrambler option is a included which allows the
sanctioned movement of applications to unprotected machines. ACC, Inc. does not
recommend descrambling as it makes application software vulnerable for illegal
copying. V-PHAGE data is encoded in a password based third proprietary algorithm.
A "hacker" must break three distinct and unique proprietary algorithms to achieve
complete use of a V-PHAGE protected system. V-PHAGE algorithms do not increase
access time or file size as occurs in DES or RSA applications.
2. Access Control - V-PHAGE access mechanisms are under the control of a single
administrator. ID/Password generation is automatically monitored so that 1) duplicate
ID's and/or Passwords and combinations cannot be issued, and 2) the commonly used
terms in "password hacker" software are prohibited for obvious reasons. The user may
be given access to O/S commands and utilities on a selected program by program basis
as specified by the administrator. The potential window of vulnerability caused by
misuse of an O/S is unattainable when a thinking administrator uses V-PHAGE. V-
PHAGE limits access to those files within the directory associated with the chosen
application program automatically and requires the administrator to authorize any
variance. This closes a second open window of vulnerability. V-PHAGE allows write
prohibition. Files created which may not be written back to the hard drive can be
written to media upon a floppy disk drive if so authorized.
Users are required to change their password when they log on for the first time
so as to assure unique identification in operations which require mandated uniqueness
(banking, finance, brokerage, insurance and auditing). Users are required periodically,
automatically to change their password to assure security. A log of missed access
attempts is maintained for administrator analysis and adjusts the periodic change cycle.
3. Change Detection - V-PHAGE has a robust change detection mechanism as a
built in feature. DETEKT monitors change to file name, file extension, file size, date
stamp, time stamp, file attributes, path from root and file location upon a disk.
Detected changes are flagged visually as they are found and require an administrator's
positive action to continue execution. Changes are written to a hidden file within a
hidden directory for historical audit purposes. An audit report of detected changes is
available on completion of the detekt process or for a range of execution dates specified
by the auditor. Off site notification can be provided as a custom option.
V-PHAGE allows the selection and verification of (1) special files, i.e., those
used daily, (2) the verification of the entire disk which is designated as default, and, (3)
the designation of all disks accessible to the system including those on LANs and
Bridges to the V-PHAGE host machine. In beta test V-PHAGE successfully
migrated and developed the monitoring mechanism across nodes, bridges and routers
assuring change detection in all devices connected to the root server.
V-PHAGE has a secure erase option. Upon detection of malicious code the file
can be removed by writing zeros and ones randomly over the file four times with a
format of the affected disk segment occurring within the five level erase. This exceeds
the NCSC requirement. ACC's research located hobbyist "unerase" programs which
use fuzzy logic to rebuild from as many as four levels removed.
4. Backup and Recovery - V-PHAGE includes a feature which backs up System
initialization, boot track and file allocation table (FAT). In three minutes an
administrator can save hundreds of hours of system regeneration by executing the
SAVEZONE. Virus, which cross link FAT's, do not present problems to systems using
V-PHAGE. A floppy disk designated recovery target is wiped and formatted prior to
system and backup file transfer. V-PHAGE assures that continued vulnerability to
virus is not extended by this transfer action.
5. On-line HELP - V-PHAGE offers a manual on a disk (prevents it being
misplaced) to supplement the sixty six administrator help screens, one for each feature
or option choice. Twenty four help screens for users are limited to those features
authorized to the user. Help screens are detailed so that the administrator need not be
a professional computer programmer. V-PHAGE is a template to customize
distributed machines to correspond to corporate main frame security procedures.
6. Audit trails - V-PHAGE creates distinctive audit trails for (1) change detection
processing, showing the time and date of results produced, and (2) user (including the
administrator) choices and actions from log on to log off and (3) a missed access
attempt log by ID/password. V-PHAGE allows a file editor to structure printouts for
customized audit presentation.
7. Unauthorized Command Prohibition - V-PHAGE denies direct use and
enhanced utility processing of operating system commands. The COMSPEC is
encrypted and hidden. Allowing the DOS command line to be generally available is
insecure. Misuse by the curious or aggressive could prove fatal to your hard disk or
networked server. Neither an administrator gone berserk can format a V-PHAGE
protected hard disk nor can a DOS authorized user destroy a hard disk. A format will
seem to occur. This is an exercise to confuse an attacker. Reboot (cold) and your V-
PHAGE protected system is available as before the format attempt.
8. Trapping the Unexpected - V-PHAGE traps both BIOS calls and O/S
interrupts. This prevents actions which affect peripheral RAM upon device controllers,
modems and spooling printers. Virus and other code corruption cannot be hidden in
unexpected locations. Additionally, a minor distortion of the radiated emissions from
the system board and video display provide limited but effective software
TEMPEST'ing. V-PHAGE software manipulation of hardware switches behaves like
a special access control/encryptor hardware board.
V-PHAGE is as simple as 1-2-3 for the "fast-paced" user. One, turn on your
computer/work station. Two, enter your ID and Password. Three, move the cursor to
the authorized application of your choice and press ENTER. V-PHAGE can be
customized by the administrator to be unique to an organization's need.
V-PHAGE provides users of distributed data processing the main frame security
never before available with down sizing. Down sizing and software distribution are not
cost effective nor safe until they are V-PHAGE secure. Lawrence Livermore National
Laboratory and a unit of EDS Corporation at Detroit, MI praise V-PHAGE.
Thomas V. Sobczak, Consultants
P.O. Box 0433, Baldwin, NY 11510-0433
(516)623-6295
E-mail: tvsconsult@netzero.net
http://sobczaksays.org