home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HPAVC
/
HPAVC CD-ROM.iso
/
NAVYPASS.ZIP
/
MANUAL
< prev
next >
Wrap
Text File
|
1990-05-20
|
34KB
|
870 lines
--------------------------------------------------------------------------
| |
| |
| |
| |
| |
| USER'S MANUAL |
| |
| |
| |
| ********************************* |
| * * |
| * "NAVYPASS" : U. S. NAVY * |
| * * |
| * ADP PASSWORD PROTECTION * |
| * * |
| * SOFTWARE PACKAGE * |
| * * |
| ********************************* |
| Version 1.1 (c) May 1990 |
| |
| Ref: OPNAVINST 5510.1 series |
| |
| |
| |
| |
| |
| Designed by: |
| |
| Dale E. Wilson, LT, USN |
| Attack Squadron 128 |
| NAS Whidbey Island, WA |
| 98278 |
| |
| |
| |
| |
| This software package is a Federal Domain Program intended |
| for use by DoD personnel for official purposes. It may be copied, |
| distributed, and otherwise used without any further permission |
| in all offices of the U. S. Government and Armed Forces provided |
| that the following conditions are met: |
| |
| |
| - NAVYPASS.EXE may only be distributed in its original, |
| unmodified state. Any modified versions may NOT be distributed. |
| |
| - NAVYPASS.EXE may NOT be distributed, in whole or part, as |
| part of any commercial product without the expressed written |
| permission of the author. |
| |
| |
| The use or distribution of this software package for profit |
| or by private persons or industry without written consent of the |
| author is strictly prohibited. The author reserves all |
| commercial rights. |
| |
| |
|------------------------------------------------------------------------|
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
T A B L E OF C O N T E N T S
__________________________________________________________________
SECTION PAGE
I N T R O D U C T I O N
1.1 Product Overview ........................................ 1-1
1.2 Software Contents ....................................... 1-2
1.3 Specifications .......................................... 1-3
1.4 Computer and DOS Requirements ........................... 1-3
I N S T A L L A T I O N
2.1 Hard Drive Installation ................................ 2-1
S O F T W A R E S P E C I F I C S
3.0 NAVYPASS MAIN MENU ...................................... 3-1
3.1 Password Entry ........................................ 3-2
3.2 Quick Information ..................................... 3-2
3.3 Set Configuration ..................................... 3-3
3.4 Reference Manual ...................................... 3-4
4.0 NAVYPASS TIPS & TECHNIQUES .............................. 4-1
4.1 Using "Blankall.Com" .................................. 4-2
4.2 Using "No-Reset.Com" .................................. 4-2
5.0 APPENDIX
A. Technical Information ................................ A-1
B. Code Logic ........................................... A-1
C. Author's Rights ...................................... A-1
D. Acknowledgments ...................................... A-2
E. A Final Note ......................................... A-2
ii
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
________________________
| |
| 1.1 Product Overview |
|________________________|
The NAVYPASS Software Package was designed to assist commands
in promoting ADP Security in their work environment. The program is
actually very simple, but at the same time very powerful. Loaded as
the very first program in the "autoexec.bat" file, it allows normal
"autoexec" execution ONLY when the user has provided the correct
password to the program. NAVYPASS is NOT a ram-resident (TSR) program,
but rather a single small module loaded and ran only once during
computer startup ("booting" process). Since it can be executed at any
time, it's convenient to run it prior to leaving the computer
unattended for any period in order to keep unauthorized users from
accessing the system.
Written in Turbo C version 2.0, NAVYPASS is lighting-fast and
exceptionally easy to use. A clear, simple menu format drives all
functions. The intent of this program is to enhance ADP security
without burdening valid users from performing their work.
HOW NAVYPASS WORKS:
** NOTE ** Both original passwords were set to the program name
itself, "NAVYPASS", when the program was distributed Navy-wide.
NAVYPASS actually has two passwords: a "User Access" password
and a "Main System" password. The purpose of this second password is
to allow the ADP Security Officer, or more commonly, the System
Operator (hereafter referred to as the "SysOp") to set: i) the normal
"user" password ii) the command name at the top of the opening screen,
iii) his/her own name at the top of the screen. These items, as well as
the Main System password, can be changed at any time, but ONLY through
the SysOp via the Main System password. As the opening screen comes up,
the user will simply press the first selection, "Password Entry", and
enter the correct password. If successful, the autoexec.bat continues
to execute normally. However,if the user can't enter the correct
password in two attempts.... the system locks up and MUST be rebooted.
NAVYPASS contains sophisticated algorithms that forestall "hackers"
from breaking into the program and attempting to change the passwords on
their own. All passwords and screen titles are kept in a separate file
named "password.dat". The file is completely encrypted such that common
utilities like Norton Commander and PC Tools won't help the hacker to
learn the passwords... all he/she will see is binary garbage! The usual
hacker tricks like hitting "Control-C" or "Control-Break" to bypass a
executing program is automatomally recognized by NAVYPASS as an illegal
entry attempt, resulting in an automatic system lockup (referred to as
"going to byte heaven"). Although no system is completely safe from a
knowledgeable and determined professional, NAVYPASS should easily meet
the needs of the normal Federal/Dept of Defense office environment.
1-1
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
________________________
| |
| 1.2 Software Contents |
|________________________|
A. NAVYPASS.EXE Executive program used to control all
primary functions in this software
package. Menu driven format.
B. PASSWORD.DAT Encrypted binary data file containing
the passwords. Also holds the command
name and ADP Officer's name for the title
window on the opening screen.
C. MANUAL.EXE Allows the user to read the Users'
Manual directly from the computer
monitor. ( Uses MANUAL )
D. MANUAL The file containing this Users' Manual.
A printout can be made and retained
for future reference. To print the manual,
insert disk into drive A, ensure your
printer is on, and at the DOS prompt,
type: COPY MANUAL PRN
example:
A:\> COPY MANUAL PRN
Note: Ensure the print head is positioned
at the top of a new page. The file will
automatomally advance a new page as needed.
E. BLANKALL.COM Useful utility to "blank" the screen if the
computer has been inactive for a specified
number of minutes. Saves the monitor from
"screen burn" during periods of inactivity.
F. NO-RESET.COM Tiny assembly program that deactivates the
"CTRL-ALT-DEL" and "CTRL-ALT-INS" keyboard
sequences to further enhance security on
Zenith Z-248 machines.
1-2
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
________________________
| |
| 1.3 Specifications |
|________________________|
- Written in Turbo C version 2.0 (Borland, Inc), with assembly
language sub-routines controlling BIOS interrupts.
- Designed for use on the Zenith Z-248 microcomputer system
equipped with EGA monitors, the standard throughout the
Department of Defense.
- A stand-alone program that requires no additional software
other than the Disk Operating System (DOS).
- Exceptionally user-friendly. Completely menu-driven. Clear,
distinct prompts make every function intuitively obvious.
- Professional encryption algorithms provide sophisticated
password protection. Automatomally detects attempts to bypass
the program, resulting in immediate system lockup.
______________________________
| |
| 1.4 COMPUTER REQUIREMENTS |
|______________________________|
The NAVYPASS software package is fully compatible with the
IBM PC-XT, AT, and PS/2 machines and on all clones claiming
compatibility. The 8088, 80286 or 80386 Central Processing Unit (CPU)
is required to ensure proper execution of this software. The CGA, EGA
or VGA color video driver is required to ensure full video compatibil-
ity. All Zenith 150 and 248 model computers are fully compatible.
Early Z-248 computers equipped with EGA monochrome monitors may also
be used.
Obviously, a hard drive is necessary to effectively utilize this
program. This software package has been thoroughly tested on machines
with an internal clock rate of 4.77, 8.0 and 12.5 MHz. Additionally, it
has been tested on machines very similar to the Unisys machines on the
Federal Desktop III contract (16MHz and 20MHz 32-bit 80386 VGA systems).
This program has performed well under DOS versions 3.1 through 4.01.
1-3
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
________________________________
| |
| 2.1 INSTALLATION |
|________________________________|
Installing NAVYPASS is extremely simple... just use the install
program! Since this MUST be done from the "A" drive, first insure that
the following files are on the floppy disk that will be used for the
installation process:
NPINSTAL.EXE NAVYPASS.EXE PASSWORD.DAT MANUAL.EXE
MANUAL BLANKALL.COM NO-RESET.COM
Now just insert this disk into drive "A" and enter "NPINSTAL.EXE" at
the prompt. For example:
A:\> NPINSTAL.EXE
The installation program will correctly install the program on hard
drive "C" (the normal "bootup" drive on most computers equipped with
hard drives, such as Zenith 248 systems) on the root directory.
Now all that needs to be done is to edit (change) your
"autoexec.bat" file such that the NAVYPASS program is the FIRST program
to run during the bootup process. This is easy to do (using common
utilities such as Norton Commander, PC Tools, XTREE, etc) but if you
have any doubts, have your local 'computer guru' do it for you. The
only two files that are ESSENTIAL for this program to run correctly are
NAVYPASS.EXE and PASSWORD.DAT. The others simply enhance the program
and are fully explained in the following sections.
2-1
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
__________________________
| |
| 3.0 NAVYPASS MAIN MENU |
|__________________________|
After the mandatory warning introduction, the program Main Menu
will come up on screen, looking like this:
╔════════════════════════╗
║ ║
║ PASSWORD ENTRY ║
║ ║
║ QUICK INFORMATION ║
║ ║
║ SET CONFIGURATION ║
║ ║
║ REFERENCE MANUAL ║
║ ║
╚════════════════════════╝
Any of the functions can be executed by moving the selection
bar to the item desired and pressing <RTN>, or merely pressing the first
letter of the item (P,Q,S, or R) will also initiate the function. By
default, the selection bar will be preposition on the "PASSWORD ENTRY"
function, since that it what will be used most often.
These four items are fairly self-explanatory: 'PASSWORD ENTRY"
is the primary function, used to enter the correct password for users
to obtain access to the system; 'QUICK INFORMATION' is a one-page brief
on the purpose and requirements of the program; 'SET CONFIGURATION'
brings up a second menu that allows the SysOp to change passwords, put
the command's name on the opening screen, etc; 'REFERENCE MANUAL' allows
this very manual to be read right on the screen.
** CAUTION!! **
KEEP IN MIND that once the 'PASSWORD ENTRY' selection is made,
there is no going back; you are COMMITTED to entering the password!! If
you mistakenly got into this function, you'd better have the correct
password... or prepare to reboot!. The ORIGINAL password (both user
entry and main system password) when this program was distributed was
simply the program name itself, "NAVYPASS". You should absolutely MAKE
A BACKUP COPY OF THE ORIGINAL 'PASSWORD.DAT" FILE in case you either
forget the password that is set by your activity, or some frustrated
hacker corrupts your 'PASSWORD.DAT' file!! If catastrophe occurs and
everything is lost, see "A Final Note" at the end of this manual.
3-1
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
______________________
| |
| 3.1 PASSWORD ENTRY |
|______________________|
This selection (which obviously will be used the most often) will
pop up a window and prompt the user for the password. ENTER CAREFULLY,
because this entry routine is UNFORGIVING; there is no "backspacing"
if you make a mistake during entry. You can enter either upper or lower
case letters, but numbers are illegal (you'll hear a beep if ANYTHING
except alphabetic characters are entered). Naturally, the password
being entered is not echoed to the screen. The length of the password
is the length of the black entry prompt (that's the only hint you'll
get!) and there's no pressing <RTN> after the last letter; success
(or failure) is immediately recorded upon entering the last character.
A successful entry will be rewarded with a message to press any
key to continue. A bad entry will be given only ONE more chance, so
re-enter slow and CAREFULLY!! A second failure results in the computer
system tripping off to "Byte Heaven"!
_________________________
| |
| 3.2 QUICK INFORMATION |
|_________________________|
This is just a one-page quick and dirty info on what NAVYPASS
expects, and that you have just TWO chances to successfully enter the
correct password.
3-2
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
_________________________
| |
| 3.3 SET CONFIGURATION |
|_________________________|
This function allows the SysOp to set his own passwords, (both the
normal 'user entry' password or the Main System password). In addition,
the SysOp can insert the Command's name and his/her own name on the
opening screen. Changing these items requires the entry of a "Main
System" password, which is DIFFERENT from the user entry password
(the reason for this should be obvious; if a "normal user" also has
the ability to change the "normal user" password, this negates the
intent of having a password security program to begin with). Selecting
the "SET CONFIGURATION" function from the Main Menu pops up a second
menu which looks like the following:
╔═══════════════════════╗
║ ║
║ Main System Password ║
║ ║
║ User Access Password ║
║ ║
║ Command Title Heading ║
║ ║
║ ADPSO Name Change ║
║ ║
║ Return to Main Menu ║
║ ║
╚═══════════════════════╝
In the same manner as the Main Menu, moving the selection bar with
the cursor keys and pressing <RTN>, or hitting the first letter of any
item executes that function. Whichever function you choose, you will be
prompted for the Main System password to continue. As before, this
entry routine is brutally strict, with the same penalty for failure!
Aside from the 'Return to Main Menu' option, all of these routines are
similar in function, differing only in that the passwords are limited to
alphabetic letters, up to 20 characters max, no blank spaces. The Title
Heading or ADPSO Name Change can be up to 30 characters max, blanks and
numbers may be used. Once you enter a new password/heading/name, you will
be prompted to confirm the entry before it is saved to disk. If you
change your mind, answer 'no' to the confirmation, and you will be
returned to the above menu.
3-3
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
_________________________
| |
| 3.4 REFERENCE MANUAL |
|_________________________|
Selecting this option from the Main Menu will allow the user to
read this very manual right from the screen using an EXTREMELY fast
document display program. Use the arrow keys and/or the PGUP/PGDN keys
to scroll through this manual. This manual can also printed out and
retained for future reference. Before printing, ensure the print head
is at the top of a new page. A complete printout can be performed using
the COPY command. For example, if you have the manual file on a floppy
disk, insert it into drive A, ensure the printer is ready, and at the
"A" prompt, type in the command. It will look like the following:
A:\> COPY MANUAL PRN
Then press <RTN>. Pages are automatomally advanced as needed.
3-4
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
__________________________________
| |
| 4.1 NAVYPASS TIPS & TECHNIQUES |
|__________________________________|
The following tips are provided in order for users to obtain the
most from NAVYPASS. Always remember that a knowledgeable and determined
professional will be able to bypass most any security methods that
use software only. Therefore, NAVYPASS should be used in conjunction
with prudent physical security measures.
* All computer systems should be behind locked doors during off-
duty hours.
* NEVER leave a computer unattended while it is running. It takes
mere seconds for files to be copied or compromised, or for some
lowlife maggot to infect your system with a virus.
* DO NOT use the same passwords for both "User Access" and "Main
System". Only the ADP Security Officer (or SysOp) should have the
Main System password, since it allows one to change the normal
"User Access" password, as well as the title headings.
* If you must leave the area for a brief period, run NAVYPASS right
before you go. If, upon return, you see that your computer has
gone to "Byte Heaven", you'll know someone tried to access your
system while you were away.
* ALWAYS HAVE A BACKUP OF YOUR "PASSWORD.DAT" FILE!! Although this
file can not be read using utility programs to obtain the
password, the frustrated hacker can maliciously corrupt the file
such that it will not perform correctly.
* Consider frequently running an anti-virus scanning program on all
systems, such as McAfee Associates "SCAN.EXE", available from
most BBS's nationwide.
* Adhere rigidly to your command's ADP Security Program. Ensure
users obtain proper training concerning effective security
methodology. Conduct periodic spot audits to ensure compliance.
* If you experience any problems running NAVYPASS that can't be
resolved despite your best efforts, see "A Final Note" at the end
of this manual.
4-1
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
______________________________
| |
| 4.2 USING "BLANKALL.COM" |
|______________________________|
This small program is a gem: it completely "blanks" the screen if
the keyboard has not been used for a set period of time. The default
time period is 2.5 minutes, but can be set to any time between 1 and 9
minutes. For example, "BLANKALL 5" blanks the screen after 5 minutes
of keyboard inactivity. This is extremely useful in preventing "screen
burn", which occurs when the same screen display is constantly running
for hours at a time, day after day. (Monochrome screens are particularly
susceptible to this, but all screens can suffer from it). Place this
program in your autoexec file (after NAVYPASS, of course!) and save your
monitor's screen while extending it's life. It is a TSR, but only takes
720 bytes of RAM.... peanuts! After the screen goes blank, pressing any
key immediately restores the screen as it was before.
_______________________________
| |
| 4.3 USING "NO-RESET.COM" |
|_______________________________|
This tiny assembly program enhances ADP security by disabling both
the "CTRL-ALT-DEL" and "CTRL-ALT-INS" key sequences, preventing system
from "warm booting" and, more importantly, preventing hackers from
entering the setup configuration (this is also how many password schemes
are bypassed). For Zenith Z-248 systems, using this program correctly
can virtually make your system IRONCLAD TIGHT! Place it in the autoexec
file (again, AFTER NAVYPASS) to invoke it during normal bootup.
Employing all these programs correctly, a typical "autoexec.bat"
file might look like the following:
NAVYPASS
path = c:\; c:\wordstar; c:\123; c:\dbase;
prompt= $p$g
NO-RESET
BLANKALL 5
..
...
....(rest of file)
4-2
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
_____________________________________
| |
| Appendix A: TECHNICAL INFORMATION |
|_____________________________________|
NAVYPASS took several months to develop and debug, ensuring
complete compatibility with the IBM PC standard. It was primarily
intended to be implemented on Zenith Z-248 machines, which is the
standard throughout the Federal Government and Department of Defense
regarding stand-alone desktop computers. It has been rigorously tested
on numerous true IBM AT clones (Intel 80286)and also 32-bit 80386
machines configured like the Unisys system on the Federal Desktop III
contract.
______________
| |
| Code Logic |
|______________|
NAVYPASS completely controls all keyboard input. If a menu is
displayed, only the highlighted option letters or the <RTN> keys are
valid entries; everything else is just ignored. During password entry,
ONLY alphabetic characters are allowed; any other keystroke (including
spacebar, backspace, <ESC>, or arrow keys) result in a error beep.
This is performed by scanning the keyboard input, translating it to an
uppercase letter, and checking if the result is an ASCII code between
65 and 91 (A-Z). Every byte of the string array is tested this way.
For obvious reasons, I will not discuss the encryption and "Byte
Heaven" algorithms here, but serious programmers who desire to see the
source code can contact me for a copy. I won't give you the exact code
for NAVYPASS, but I will provide you with a early version that behaves
in much the same way.
____________________
| |
| Author's Rights |
|____________________|
NAVYPASS is a Federal Domain program. All offices of the U.S.
Federal Government may freely use it without further permission. How-
ever, it is ILLEGAL to use it in a commercial or private sector
environment without my expressed written permission. To do so is a
violation of Copyright Laws and extremely bad karma. If you call me up
and ask, I might just give you permission without charge!
A-1
NAVYPASS Users' Manual by D. E. Wilson, LT, USN
____________________
| |
| ACKNOWLEDGMENTS: |
|____________________|
"Turbo C" is a product of Borland, International.
"Norton Commander" is a product of Peter Norton Computing, Inc.
"PC Tools" is a product of Central Point Software, Inc.
"XTREE" is a product of the XTREE Company.
"Zenith Z-248" is a product of Zenith Data Systems.
*********************
* A FINAL NOTE... *
*********************
If you experience ANY difficulty in running NAVYPASS that can't
be cured by reading this manual file, feel free to call or write me
at any time. My address on the cover sheet of this manual is good
until Dec 1991. As I am a maintenance "groundpounder", the following
phone numbers will eventually find me:
AV 820-2995 (Quality Assurance)
AV 820-6361 (Maintenance Officer)
Commercial numbers: (206) 257-2995
(206) 257-6361
A-2