StopLight for Windows 95 Beta Version This product is not freeware or shareware. This product can be used for commercial or private evaluation purposes only. It is identical to the retail version with the following exceptions: 1. The hard drive is not protected from floppy disk boot access. 2. The Master Admin password is displayed on the login screen. To login as Master Admin, use the name SUPERMSF and password AKVPPEOK. For ordering information or assistance, please contact: Safetynet, Inc. 140 Mountain Ave. Springfield, NJ 07081 USA 1-800-851-0188 - Sales 1-201-467-1024 - Sales & Technical Support 1-201-467-1611 - Fax 1-201-467-1581 - BBS (28800,N,8,1) +1-908-276-9641 - International safety@safe.net - Email ftp.safe.net /pub/safetynet - FTP www.safe.net/safety/ - WWW go cis:safe - Compuserve Safetynet products are available on GSA Schedule. Single unit, volume discount and site license pricing is available. For information on becoming a reseller of our products, please contact our dealer sales department at the address listed above. -------------------------------------------------------------------------- Safetynet, Inc. is a member of the National Computer Security Association (NCSA), Information Systems Security Association (ISSA), and Software Publisher's Association (SPA). Copyright Notice This software package and document are copyrighted (c) 1991-1996 by Safetynet, Inc. Portions (c) Eliashim, Inc. All rights are reserved. No part of this publication may be reproduced, transmitted, stored in any retrieval system, or translated into any language by any means without the express written permission of Safetynet, Inc. Disclaimer Safetynet, Inc. makes no warranties as to the contents of this documentation and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Safetynet, Inc. further reserves the right to alter the specifications of the program and/or the contents of the manual without obligation to notify any person or organization of these changes. Trademark Notice StopLight and Drive-In are registered trademarks, and StopLight, VirusNet and ProfileNet are trademarks of Safetynet, Inc. All other trademark names referenced are for identification purposes only and are proprietary to their respective companies. -------------------------------------------------------------------------- Welcome to StopLight(R) for Windows 95. StopLight is a PC security system that combines exceptional power with ease of use. StopLight provides the essential features required for protecting PCs and laptop computers. With its very low memory and disk requirements and simple operation, StopLight can easily integrate with your system. During normal operation, you will not even know that security is there. But if an intruder or hacker attempts to get at your sensitive information, or perform an unwanted action, StopLight will immediately come to the rescue. StopLight provides security by preventing unauthorized users from accessing the computer. Security profiles can be set up quickly for the administrator and 255 users. An almost unlimited number of possibilities can be assigned to each user based on the type of access that is deemed appropriate. And through its log file, user activity and attempted violations can be tracked. StopLight quietly protects your computer and its files from unauthorized activity in the background, providing you with a secure and highly productive environment. SYSTEM REQUIREMENTS Hardware IBM PC, XT, AT, PS/2 or true compatible PC with 400K free space on Hard Drive C. Operating PC-DOS and MS-DOS 3.0 or higher, System Microsoft Windows 95 or Windows 3.x Network Supports Novell, LAN Manager, Banyan, and all networks supporting a DOS client Video Display MDA, CGA, EGA, VGA, SVGA and compatibles. The screen saver blanks all DOS text and graphics video modes including those used by Microsoft Windows. Memory 384K of free RAM required. StopLight uses 14K memory for its security kernel. Mouse Any Microsoft and MS-Mouse compatible mouse is supported, although its use is optional. TECHNICAL SUPPORT We have included many features which make StopLight as user-friendly and helpful as possible. If you run into a problem during its installation or use, please refer to the on-line Windows help. If you have found a problem or situation that is not covered, contact our technical support department as described at the beginning of this guide. When calling for technical support, you should be at the computer in question so that our support personnel can effectively work with you. You may need to be logged in as System Administrator to properly solve the problem. ------------------------------------------------------------------------- 1. Security Features This chapter provides an overview of security concepts and how they are implemented in StopLight. To successfully implement a security strategy, you should become familiar with this chapter. If you are already proficient with security systems, you may only need to skim over this information before moving onto the installation instructions found in the next chapter. PASSWORD MANAGEMENT Use of passwords, variously controlled and managed in the background, is the essence of protection offered by StopLight. The system administrator may establish a flexible security system by defining users and their passwords in different combinations described below. Use of individual passwords for access to the system during login is the first stage of security offered by StopLight. Examples of user name and password combinations offered by StopLight follow: a) Name and Password: This is the default setting and is deemed appropriate for most situations. The user name will be displayed on the screen but the password will remain concealed. b) Password, No Name: It is possible to enter a password without the need to have a user's name. In this case the user will simply enter the password and skip the name entry. c) No Password, No Name: In some cases, for example, in classrooms where users do not require confidentiality from each other, security can be provided without assigning user names and passwords. Initial PC access will be possible by merely pressing when prompted at the login screen. Students will then receive the security profile defined by USER1 in the Setup Users section described below. Along with other protection, security can be provided for the AUTOEXEC.BAT and CONFIG.SYS files, virus protection can be activated, and the hard disk can be protected against formatting. d) No Password, Many Names: A fourth possibility is to allow access by entering the user's name only (no need for a password). This option is particularly useful for systems where every user has equal access to the system but the output itself must be separated (for example, an accountant may want to compute the total time spent on one customer for billing purposes). For security reasons, when logging in as SYSADMIN the password will still be required. The system administrator controls the use of passwords by the users in different ways. A minimum valid length for the password may be specified. Thus, even if users are allowed to replace their password, it may not be shorter than the minimum length. The system administrator may also specify the number of times or days that a given password may be used. After the password has expired, access to the system with this password will be denied. The user's name is not normally a password since it is visible to all when entered on the screen. However, the password itself is known only to the individual user. The password is stored in encrypted form to ensure its confidentiality. The system administrator has access to the hard disk with an administrator password. Once logged in, the administrator has access to the complete system including every users' privileges and secure directories. Further, the administrator also has access to the main security menu and to the Global Security Setup and Setup Users. In other words, when logging in as administrator, all security protection (except virus protection) is suspended from the computer. Therefore, it is recommended that great care be taken to keep the administrator password completely confidential. When you login as system administrator, you have all privileges including access to the \SAFER directory. It is advisable that you also define yourself as a USER and login as a user while normally using the system. Login as a system administrator only when making changes to the StopLight security system. This will avoid unnecessary exposure to the security system and to the administrator password. SUPER PASSWORD There may be occasions when the administrator password is not available (resignation, vacation, forgotten password), or the security system needs to be uninstalled after booting from a floppy disk (corrupted hard disk, etc.). Under these circumstances, the StopLight Super Password is required. This password is linked to your unique StopLight serial number and cannot be used to access another StopLight package. The Super Password cannot be changed by the administrator and should only be used for emergency purposes. Since the Super Password can access or unlock the system, it is very important that you keep it safe and secure at all times. You may wish to store the Super Password away from the computer in a locked filing cabinet or safe. To login to the system with the Super Password, follow these steps: Boot the computer from the hard disk. At the login screen, for the User Name, type SUPERMSF (and press ) At the password prompt, type in your Super Password (and press ). In the eval version, the Super Password is AKVPPEOK. If your computer does not boot and you must uninstall StopLight, please refer to the Appendix section - Hard Disk Problems. RESTRICTED DIRECTORY SAFER Directory The \SAFER directory (usually on drive C:) contains all the security parameters and configuration as set by the system administrator. It contains the security configuration file, the Log file and all other security files generated by StopLight. Only the system administrator has access to this directory. To define access rights to specific files and directories, please see the Trustee Assignments section of this manual. AUDIT TRAIL LOG The Audit Trail Log records DOS and security-related activity performed at any time by each user from the moment of login. By consulting the contents of the Audit Trail Log, the system administrator can globally supervise the activity in the system, check each user's activity, check any attempts to get access to unauthorized areas of the disk, violations, etc., and even get statistical reports of the activity conducted on the computer. The options for Audit Trail tracking are Off, Full, and Brief. Selecting Off prevents any actions from being tracked. It is used when you do not wish to monitor activity. Full and Brief settings track login and logout times, violation messages and programs that are run. The Full tracking option also records all data file activity including Read, Write, Create and Delete. Since most user activity involves data file access, the Full tracking option generates significantely larger log files than the Brief option. Full tracking should only be used if you will be frequently monitoring the audit log. The log file should be periodically cleared to conserve disk space. A flexible Audit Trail report generator helps the administrator manage audit information. Reports are generated based on date ranges, users and activity. Report information is displayed to the screen or exported to data file for use with other programs. Violations are emphasized on the screen in Red for easy recognition. On monochrome systems, violations will appear in Bold. SCREEN BLANKER / KEYBOARD LOCK When a user leaves the computer unattended for a period of time, StopLight can blank out the screen to prevent monitor burn. The computer system will continue to work, but nothing but a moving box will appear (for text mode applications). In graphics applications other than Microsoft Windows, the screen will not display the moving box. Instead, it will be blanked to blue for the Screen Saver and red for the Keyboard Lock. The result is the same, since information on the screen will not be visible to users and the monitor will be protected from burn in. The Screen Blanker / Keyboard Lock can be activated automatically if the computer keyboard and mouse are not used after a period of time. This period of inactivity is adjustable from 2 minutes to 60 minutes. An adjustable hot-key is also available to activate the Screen Blanker / Keyboard Lock on demand. When the Screen Blanker is activated, the user simply presses to restore the screen. All underlying screen information will be properly restored. Normally, only the Screen Blanker will appear when you step away from your computer. However, if you want your keyboard lock to activate along with your Screen Blanker, select the "Keyboard Lock During Screen Saver" option on the Users' Privileges window during set-up. For non-Windows graphics programs, a color other than red or blue may be displayed for the Screen Blanker / Keyboard Lock. MS-WINDOWS SCREEN BLANKER A program (EAGENT.EXE) is provided to blank the screen while using Microsoft Windows. During the StopLight installation process, your system is automatically configured to run this program when Windows is started. To activate the screen blanker, double-click on its icon. HOT KEY PROTECTION A hot-key is provided to activate the Screen Saver / Keyboard Lock immediately. Press and hold the together for five seconds to blank or lock your screen. The administrator can redefine the hot keys or even add a letter to be pressed after the first hot-key is pressed. Hot keys can be changed by using the security setup program. ------------------------------------------------------------------------- 2. Installation This chapter lets you install and get acquainted with StopLight and test it with the default settings. When you are more familiar with the system and determine what your requirements are, StopLight can be configured to meet your security needs. StopLight Security Defaults are as follows: System Administrator Name: SYSADMIN System Administrator Password: PASSWORD Superuser Name: SUPERMSF Superuser Password: AKVPPEOK User 1 Name: USER1 User 1 Password: PASSWORD User 2 Name: USER2 User 2 Password: PASSWORD TRUSTEE ASSIGNMENT RIGHTS Trustee Assignments can be added to drives, directories and files. Rights which can be granted (or denied) include (C)reate, (D)elete, (E)xecute, (R)ead and (W)rite. If a right is not given, it is not allowed. Trustee Assignments that are blank for an object mean that the user will have no access to that object. (C)reate - Allows a user to use the DOS Create function to add a new file to a drive or directory. (D)elete - Allows a user to delete a file from the drive or directory. (E)xecute - Allows a user to run a program from the drive or directory. This must be accompanied by the (R)ead privilege. (R)ead - Allows a user to have Read file access. (W)rite - Allows a user to have Write file access. It is usually accompanied by the (R)ead privilege. When a drive, directory or file is not listed, either explicitly, or by a pattern, the user has full rights. Only items that are included in the Trustee Assignment window are protected. Examples: C:\WKS\ [RW ] Files in C:\WKS will be Read and Write Only. The trailing "\" after WKS means that files in directories under C:\WKS are not affected by these rights and will remain with full access. C:\WKS [RW ] Files in C:\WKS and directories below it have Read Write privileges. (Notice that no trailing backslash is placed after WKS.) C:\SECURE [ ] The C:\SECURE directory (and directories below it) are not accessible to the user since no rights were granted. C:\123\TS.WKS [RWCD] User has full rights to the TS.WKS file. ------------------------------------------------------------------------- 3. End-User Operation This chapter should be read by all users of StopLight. It covers operation when you are logged in as a User (non-administrator). StopLight is a sophisticated security system that will protect your important information and make your computer time more enjoyable. It gives you the privacy and levels of security that will guarantee that no unauthorized user has access to your private files or programs. * StopLight is user-transparent. In other words, it will not inhibit you in any of your activities, unless you do something that your system administrator has not authorized you to do (for example, trying to have access to another user's files!). The system administrator may have assigned a separate safe directory to you where you can store your files without worrying about other users gaining access to them. * StopLight cannot be by-passed. It is not possible to boot the system from a diskette and gain access to the hard drive. Also, certain directories and files may be restricted from being accessed. You are one of the authorized users who has been assigned certain access and user privileges by your administrator. This chapter will help you to understand and use the security features of your system. LOG IN When the PC is first powered on, the StopLight login screen will appear, asking you for your Login Name and Password. Type in the information requested and press after each line. Upon supplying the correct information, you will gain access to the computer with a certain security profile assigned by the system administrator. Access to the computer will not be granted until you supply the correct information. PASSWORD Proper use of your login password is very important to the security of your information stored on the PC. The system administrator has assigned each user a unique login password. With your password you can prevent other users from gaining access to your files. If you disclose your password to another user, they will then have access to your files. Along with your Login Name you must use this password to enter the system, or access will be denied. If you forget your password, ask your system administrator. Don't try to randomly guess your password at the login screen. Proper password use is critical to the StopLight system. The following sections provide important information regarding password use. Default password If the administrator gave you a password of PASSWORD, you will be asked to change the password to a new one. Type in a new password and press . Then type it in again to verify that it was typed correctly. You will then use this new password to access the system. Invalid password Three consecutive attempts to enter the system with a wrong user name or password will produce the message: "System Halted!". You may unlock the system by pressing the reset button and try to login again with your correct user name and password. Expired password For additional security, your system administrator may decide that your password will be valid for a certain period of time or number of valid logins, and then expire. When your password is due to expire, the following message will be displayed on your screen: "Password usage expires, MUST change password!". If you are authorized to replace your password, do so AT ONCE! If not, please notify your system administrator as soon as possible. After the password expires, you will no longer have access to the system! Changing your password An existing password can be replaced on the login screen by following these instructions. 1. Type in your user name and press . 2. Type in your current password and press . (If you are authorized to change your password, two new fields will appear.) 3. Type in your new password and press . 4. Type in your new password again to verify that it was typed in correctly and press . Your new password will remain in effect until you change it voluntarily, the system administrator changes it for you, or the system requires you to change it. If the administrator has not allowed you to change your password, pressing after you type in your user name and password will not work. You must notify the administrator that your password needs to be changed. The system administrator may have specified a minimum password length. If the new password you entered is less than the minimum length, a "Password too short" message will be displayed. Please enter a longer password (maximum eight characters). SCREEN BLANKER / KEYBOARD LOCK When the computer is left unattended for a period of time, it is possible to implement a Screen Blanker or Keyboard Lock. Each one blanks out the screen to protect sensitive information and prevent monitor burn. While the screen is blanked, any programs which were running will continue to run. The screen will be replaced by a moving message display. The Screen Blanker is cleared by pressing , and the Keyboard Lock is cleared by pressing , typing in your login password and pressing again. The system will be unlocked and its screen information will be restored. The Microsoft Windows keyboard lock clears the screen and displays a moving message window. DOS-based programs will also be replaced by a moving display. In graphics applications other than Microsoft Windows, the Screen Blanker and Keyboard Lock will blank the screen with a solid color. For most programs, the Screen Blanker will display a blue screen, and the Keyboard Lock will display a red screen. Some programs may change the video display and alter these colors. To regain access to the system, press to clear the keyboard buffer. If the screen is not restored, the Keyboard Lock is active. Type in your login password and press to restore the screen. Normally, only the Screen Blanker will appear when you step away from your computer. However, to activate the keyboard lock instead of your Screen Blanker, ask the administrator to select the "Keyboard Lock during Screen Saver" choice in the Security Setup program. HOT KEY ACTIVATION A hot-key is provided to activate the Screen Saver / Keyboard Lock immediately. Press and hold together for five seconds to blank or lock your screen. If the administrator requires a letter to be pressed along with the hot key, press the hot key and hold it down for five seconds. The computer speaker will then make a clicking sound. Without lifting the hot key, press one of the following keys: D key: Dims the screen (Screen Blanker). S key: Secures the keyboard and dims the screen (Keyboard Lock & Screen Blanker.) K key: Keyboard lock but does not dim the screen. B key: Boots the computer after the current program is exited. When activated, two beeps will be heard to confirm that the feature is activated. This feature is ideal for unattended modem transfers and tape backups when you wish to ensure that no other programs will be run from the computer. WHAT A USER CANNOT DO By being granted User access to the computer, you inherit certain restrictions which will keep your computer operating correctly. * A user cannot access the \SAFER Directory. This is the directory where the security parameters are defined by the system administrator. * A user cannot alter or write to the Boot sectors. * A user cannot use the CHKDSK program since no access is granted to the \SAFER directory and other private user directories. If you must use CHKDSK, please contact your system administrator. SECURITY VIOLATIONS If an action results in the breach of any security rules, a warning message is displayed and the action is denied. Typical actions which may breach security include unauthorized access to the CONFIG.SYS and AUTOEXEC.BAT files, and attempting to change to a secure directory. A complete list of messages can be found in the Appendix. LOGGING OFF When you are done working with the PC, you must exit the system in one of the following manners: a) By pressing ; or, b) By running LOGON when you wish to return to the initial login screen without rebooting the computer. As in the example above, this command may be located in the C:\PUBLIC directory. Your logoff time will be recorded in the Audit Log file when you exit the system in one of the above ways. If you exit the system by turning the computer off, the system will not be able to record the logoff time. Instead, the security system will record this as an "INVALID LOGOFF" and include it as a violation in a report to the system administrator. ------------------------------------------------------------------------- 4. Special Programs Several programs are included with StopLight to enhance its overall performance and flexibility. Some programs are especially useful when placed in batch files. Each of these programs can be used at the DOS prompt or incorporated in a menu system. PCC PC Checkup (PCC.EXE) is a powerful tool for examining your system configuration and recovering from hard drive failure. It is located in the C:\SAFER directory. ALERT When a program attempts to perform an action that is not allowed by the user's security definition, StopLight generates a warning beep and displays a message indicating the type of offense. To prevent this violation alert, run ALERT OFF before running your program. After the program is finished, ALERT ON will reactivate security alerts. These commands can be placed in a batch file to automate this process. It is important to note that turning alerts off has no effect on the user's security priviledges, just on the warning that is given. DEFMSG The DEFMSG command allows you to insert a new or different message that will appear when the screen is blanked. Syntax: DEFMSG message When the screen blank option is active, your personal message will be displayed. EX Fixes access denied errors in some programs that try to access secure directories. When these programs encounter a directory that is restricted, they either stop and issue an error message, or rescan the drive in an infinite loop. The EX program will allow these programs to skip secure directories and continue to read the drive properly. Syntax: EX ProgramName KEYBFIX Keyboard fix is for international language KEYBxx support when certain hot- keys are used. This program must be executed in the AUTOEXEC.BAT immediately after KEYBxx is loaded. LOGON Utility to login as another user without rebooting the computer. This utility is essential for accessing a secured system remotely. WHOAMI Displays the current user name, system date and time. UNLOCK Used by the system administrator to temporarily unlock the hard drive. This is useful when making modifications to the CONFIG.SYS or AUTOEXEC.BAT files. When the computer is rebooted, the security system will ask if the hard drive should be relocked. After testing that the boot process completes successfully, the computer can be rebooted and the hard drive locked. If someone logged in as a USER tries to access this utility, they will be denied. ------------------------------------------------------------------------- Appendix This chapter starts with solutions to common problems that can occur with security software. Then, a list of error messages that the system generates is presented. The final section of the chapter briefly describes other Safetynet products which can complement StopLight. SOLUTIONS TO COMMON PROBLEMS The following section represents situations and suggestions that have been compiled from our customers. Some programs cause the computer to issue warning beeps during their startup or normal operation. Solution The beeps may be coming from the security system, signaling that some program actions are being prevented because they break a security rule for the current user. Check your audit log to see what kind of violations are being registered. Then modify your security settings to allow this activity. If you do not wish to allow this activity, but still wish to prevent the warning messages and beeps, use the ALERT.EXE command with an OFF parameter (ALERT OFF). This will prevent StopLight from generating any visual or audible error messages. To turn security alerts back on, use the ALERT ON command. More information about the ALERT program is found in the previous chapter. Netware does not allow a user to login to the network. A Date/Time Change warning is given. Solution Upon login to Netware networks, the network may try to synchronize your PC's date and time. If you Disable DATE/TIME Change, the network may not let you login. Do not select Disable DATE/TIME Change if you are experiencing this problem. After logging into the network, DOS Shell Access is no longer disabled. Solution Some network drivers (e.g. NETx.COM) do not allow Prevent DOS Shell Access to work properly. To restore this feature, make a batch file that runs these drivers and then runs the StopLight NETFIX.COM utility. Programs that scan the hard disk stop when they encounter a secure directory. Solution Run the program by using the EX.EXE utility to prevent warning messages while scanning the disk. NEW SOLUTIONS If you have implemented StopLight to solve a difficult problem, please let us know. We would like to pass the knowledge on to others. Also, if you have any programs that need special handling when working in a security environment, we would like to hear from you. Please contact our Technical Support department and share your experiences with them. ### End of Manual ###