Multimedia Selection

home *** CD-ROM | disk | FTP | other *** search

/ Multimedia Selection / Multimedia Selection Volume One - CD-ROM / MULTIMEDIA SELECTION____________.ISO / utils / guardset / manual.com (.txt) < prev next >

Wrap

DOC2COM (Gerald DePyper) | 1993-03-20 | 61.4 KB | 1,404 lines

REFERENCE MANUAL FOR GUARDSET Table of contents 1.0 Introduction..................................p. 1 1.1 Requirements................................p. 2 1.2 Limits......................................p. 2 1.3 Backup copies...............................p. 2 1.4 Copying, Moving, Renaming, Deleting SENTRY..p. 3 1.5 Different kinds (levels) of security........p. 3 1.6 Additional security features................p. 4 2.0 Using GUARDSET to create SENTRY...............p. 4 2.1 The GUARDSET Screen.........................p. 5 2.2 Security levels.............................p. 6 2.21 Security level setting tables............p. 6 2.211 Security level settings if the item is a directory.....................p. 7 2.212 Security level settings if the item is a file or group of files........p. 7 2.213 Security level settings if the item is the root directory..............p. 8 2.3 Password selection and other options........p. 8 2.4 GUARDSET screen messages....................p. 9 2.5 Four examples...............................p. 16 3.0 Running SENTRY................................p. 20 3.1 Entering and changing the password..........p. 20 3.11 Gotcha!..................................p. 20 3.2 Using batch files...........................p. 21 3.3 Trouble-shooting SENTRY.....................p. 22 Appendix A: File attributes and their hex values...p. 24 Appendix B: Design history and background..........p. 25 GUARDSET / SENTRY copyright 1993 by Jerry DePyper Use of this program without the author's permission is prohibited. - 1 - 1.0 Introduction GUARDSET is not itself a data security program; it is a tool that will allow you to easily create encryption/decryption programs to control access to various areas of your computer's disk, and thus to build your own tailor-made security system. If you have not already done so, take a look at GSDEMO.COM as distributed with GUARDSET to get a good overview of how to use GUARDSET to create a logon/logoff security system for your PC. Logon/logoff security means this: that in order to access a secured area of your disk, a logon procedure is used, in which a password will be required. This engages a decryption process and makes the sensitive area accessible. Upon termination of this access, a logoff procedure is manually or automatically invoked, which encrypts the area so that unauthorized people are locked out. When you first create a SENTRY module, you will run it once in encrypt mode to make all sensitive areas inaccessible. From then on the usual procedure will look like this: 1. Logon (Run SENTRY to decrypt) 2. Access (Use your programs as you always have) 3. Logoff (Encrypt) Throughout this manual the name 'SENTRY.COM' (or simply 'SENTRY') will be used as the program name of the encryption/decryption module created through GUARDSET. You may, of course, make several modules and give them any valid file name you choose. (The exten- sion must always be .COM). This manual is your guide to creating and using the SENTRY module. In any given SENTRY module, you may name up to 11 different items, each of which may be a specific file or group of files, an entire directory, or a whole tree structure of directories and sub- directories. Protection is achieved by hiding the items, by encrypting their names, by encrypting the data itself within each file, or any combination of the above. To specify just what kind of protection you want, you can set each of several switches as you see fit, or you may elect to simply designate a security level and let GUARDSET set all the switches for you. You may create as many SENTRY modules as you want, each with its own password and its own set of data areas to protect, which may overlap areas protected by other SENTRYs. Although in most cases you will create the SENTRY program on your hard disk, I suggest that you always run GUARDSET itself from the floppy drive. Make one backup copy diskette and keep both floppies in separate secure places. Since GUARDSET is your 'master key' to the security system, you don't want copies of it lying around! Do this: l. Decide which directories or files to protect. 2. Decide on security levels. 3. Use GUARDSET to create the SENTRY program(s). 4. Create a batch file (or two) to automate things, or include SENTRY in batch file(s) you already use. 5. Run the batch files as your logon/logoff procedure. - 2 - 1.1 Requirements Hardware: IBM or compatible PC, XT, AT, etc. * 88K RAM to run GUARDSET 5K - 10K to run SENTRY Adequate disk space for each SENTRY and each batch file Free disk space equal to the largest file in which data will be encrypted. Operating System: MS-DOS or PC-DOS 3.0 or higher * You: A fundamental working acquaintance with MS-DOS / PC-DOS (no programming or 'techy' knowledge required) * NOTE: IF YOU ARE UNSURE WHETHER THIS DESCRIBES YOUR SYSTEM, OR IF YOU ARE USING A NON-DOS UTILITY OR DISK-CACHE PROGRAM FOR DISK MANAGEMENT, PLEASE EXPERIMENT WITH A SMALL TEST DIRECTORY OR FILE BEFORE BEGINNING IN EARNEST (See section 3.3, problem #5) 1.2 Limits A maximum of 11 items can be handled by any one SENTRY program. Each item can be a directory, file, or group of files. If it is a directory, all files within the directory may be included, and processing may continue into sub-directories. If sub-directory processing is chosen for any item, all subdirecto- ries within the named directory will be included in all processing, with no limit on the number of sub-directories. Moreover, any sub- directories within these sub-directories will be included as well. The limit is this: SENTRY will only continue to do this for up to 9 levels of sub-directories within sub-directories. You may create an unlimited number of SENTRY programs. The support mechanism can theoretically keep track of over 20,000 separate SENTRYs, but is in practice limited to about 300 to 2,000 SENTRYs or so, depending upon the capacity of the GUARDSET diskette. 1.3 Backup copies As noted in 1.0 above, I strongly recommend that you not install GUARDSET on your hard disk. You should, of course, make a backup copy of the GUARDSET diskette and keep both diskettes in separate safe places. In addition note this: GUARDSET keeps the current specifications (in cryptic form, of course) of your security system on one or more support files on the GUARDSET diskette. These files, named GSSUPT.001, GSSUPT.002, etc, should be trans- ferred to your backup diskette whenever you use GUARDSET to modify or add SENTRY modules. Making backup copies of each SENTRY is a good idea, too, but note 1.4 below. - 3 - 1.4 Copying, Moving, Renaming, or Deleting SENTRY Except for backup purposes, do not use DOS or any other file utility to copy, move, or rename a SENTRY module. The path and file name that you assign to each SENTRY program when you create it through GUARDSET is the name by which it knows itself; attempts to run it by another name will fail. This is a design feature to prevent the deliberate or inadvertant misuse of SENTRY. If you want to make a copy of a particular SENTRY, bring it up in GUARDSET. Then assign a new name and save it. If you then want to delete the original SENTRY, do that through GUARDSET also. This wipes the program from the disk completely so that no un-erase utility may be used to recover it. The support file provides a limited mechanism for rebuilding any deleted SENTRY: the deleted SENTRY's specifications are retained until they are replaced by specs for a new SENTRY. So you can still bring the deleted SENTRY up from GUARDSET's menu, and rebuild it. The point is this: only you who control the GUARDSET diskette may modify SENTRY programs. 1.5 Different kinds (levels) of security Your SENTRY module can protect data in several ways and in varying degrees of security, as follows: 1) Encrypt and hide any directory name on any valid disk drive. (switch 'D') 2) Set any file attribute. (Hidden, read-only, etc. - switch 'A') See appendix A. 3) Encrypt any file name. (switch 'F') 4) Encrypt any file's data. (switch 'F') NOTE: There are several things to note about data encryption, as opposed to the other three options: 1) Data encryption always involves encryption of the file name as well. 2) There is significantly more disk I-O, and thus more processing time, involved in data encryption than in any of the other options. 3) SENTRY requires enough free disk space for a temporary file the same size as the largest file to be encrypted. Keep this in mind especially for floppy diskettes. 4) Data encryption/decryption results in the file's data being relocated to a different physical disk location with every encryption/decryption cycle. Some software products use a copy protection scheme that will be disturbed by this action. Likewise, DOS boot files will not function correctly if moved to another disk location. (See error message E77 in section 2.4 below) Each item on the GUARDSET screen may be given its own independent level of security. - 4 - 1.6 Additional security features Your copy of GUARDSET cannot be used to alter SENTRY programs created by another registered GUARDSET. It will recognize only its own 'children' SENTRYs. (Your registered version will also recognize and convert, on a one-time basis, any SENTRY programs you may have created with the standard non-customized version.) In like manner, your SENTRY programs cannot be used to decrypt any directories or files encrypted by another registered SENTRY. GUARDSET is self-diagnostic. Any attempt to alter it will most likely disable it completely. In addition to providing menu selection of previously defined SENTRYs, and a measure of backup protection, GUARDSET's support mechanism provides a means of insuring that every SENTRY you create will be compatible with every other SENTRY in the system, and thus avoid the conflict problem discussed in problem #1, section 3.3 below. 2.0 Using GUARDSET to create SENTRY With the GUARDSET diskette in drive A: (or B: etc.), type A:GUARDSET After a brief self-diagnosis, one of two things will happen: If you are starting GUARDSET for the first time, the main GUARDSET screen will appear, with the default name 'C:\SENTRY.COM' supplied as the possible name of your first encryption/decryption program. If you have created one or more SENTRY programs, you will see a menu of all such programs. You may select one of these from the menu to alter, delete, or to use as a model for creating a new SENTRY, or hit F2 to start a new one from scratch. (If you know just what program you want to modify, you may select it directly as you invoke GUARDSET, for example: A:GUARDSET C:\SECURE\SENTRY.COM which is the same as selecting it from the menu.) When you get the main GUARDSET screen, you simply key in the security specifications as follows: - 5 - 2.1 The GUARDSET Screen ABOVE THE BOX you give your SENTRY program a name and a path by which DOS is to know it, and by which it knows itself. INSIDE THE BOX you specify which files and/or directories it is to protect, up to 11 distinct items. Each item is a directory, a file or group of files (you can use '*' and '?' wildcards to name them), or the root directory. I call your attention to the two global switches and the switches to the far right of each named item: '?' may be 'D', 'F', or 'R' to indicate whether the named item is a Directory, a File or group of files, or the Root directory. (See sect. 2.4, messages I07 and I11 below.) '!' may be '0' thru '9' or 'A' thru 'D' to indicate the security level. The higher the number, the heavier the security, with 'A' thru 'D' indicating data encryption. (See sections 2.2, 2.21, 2,211, 2.212, and 2.213, and section 2.4, messages I08 and I12.) The '!' switch sets the following switches for you, so you may never have to set them directly: 'D' may be 'X' or ' ' to indicate whether or not to encrypt the Directory name. (Section 2.4, msg.I13.) 'S' may be 'X' or ' ' to indicate whether or not to continue processing into Sub-directory levels. (Message I14.) 'F' may be 'N', 'D', or ' ' to indicate whether or not to encrypt the File Name(s) or Data. (Message I15.) 'A' may be 'A', 'B', 'C', 'D', or ' ' to indicate whether or not to change the file Attribute according to one of four plans. (Message I16.) 'xx' is used only in if plan 'D' was chosen (Msg. I17.) BELOW THE BOX you set the password and other features of SENTRY according to your needs. (See section 2.4, messages I19 thru I28.) When everything is as you want it, hit the F7 key to create SENTRY and put it where you have specified. You can hit the ESC key at any point to quit GUARDSET and return to DOS. - 6 - 2.2 Security levels There are three ways to set security levels: 1) You can set the global security level switch '!' at the top of the GUARDSET screen. All new file or directory names added to the list will then be given this security level. (See section 2.4, message I08.) 2) You can override this global value on any line by entering a different value in the '!' switch to the right of the path name. (See section 2.4, message I12.) 3) You can individually set each of the switches further to the right. (See section 2.4, messages I13 thru I17.) Suggestion: For modest data protection, name the directory that contains the sensitive files, and select security level 0. For more comprehensive protection, choose security level 4 or 9. To really safeguard a file by encrypting its data, enter the directory that contains it as one item, using security level 0, then enter the file as a separate item with security level A. (Remember also to enter 'F' under the '?' switch.) For examples, see section 2.5. 2.21 Security level setting tables Both the global '!' switch and each item's '!' switch is a one- character code fom '0' thru '9' or 'A' thru 'D', representing a level of security. The higher the number, the heavier the level of security, with 'A' thru 'D' including data encryption. Please observe from the following 3 tables that the same code can mean slightly different things, depending upon whether the item involved is a directory, a file or group of files, or the root directory of a drive. The most popular and useful settings are marked with '*'. - 7 - 2.211 Security level settings if the item is a directory: Sec'y Switches Level DSFA Description * 0 X Directory name is encrypted and hidden (Default) 1 A All file attributes in the directory set per plan A 2 X A Directory name is encrypted and file attributes set * 3 NA All file names are encrypted and attributes set * 4 X NA Directory and file names encrypted; attributes set 5 XX Directory and all sub-directory names encrypted 6 X A File attributes set, including those in sub-dirs 7 XX A Directory name encrypted and file attributes set, including sub-directories 8 XNA File names encrypted and attributes set, including those in sub-directories * 9 XXNA Directory, sub-dir'y and all file names encrypted and attributes set within all sub-directories A DA All file names and data encrypted; attributes set B X DA Directory and all file names and data encrypted and attributes set C XDA All file names and data encrypted and attributes set within all sub-directories D XXDA Directory, sub-directory and all file names and data encrypted; attributes set within all sub-dirs 2.212 Security level settings if the item is a file or group of files: Sec'y Switches Level DSFA Description 0 Meaningless setting - not used 1 A File attributes are set per plan A 2 A Same as #1 * 3 NA File names are encrypted and attributes set 4 NA Same as #3 5 NA Same as #3 6 NA Same as #3 7 NA Same as #3 8 NA Same as #3 9 NA Same as #3 * A DA File names and data encrypted and attributes set B DA Same as #A C DA Same as #A D DA Same as #A - 8 - 2.213 Security level settings if the item is the root directory: Sec'y Switches Level DSFA Description 0 Meaningless setting - not used 1 A All file attributes in the root directory set per plan A 2 A Same as #1 3 NA All file names in root directory are encrypted and attributes set 4 NA Same as #3 * 5 XX All sub-directory names encrypted 6 X A File attributes set, including those in sub-dirs 7 XX A Sub-directory names encrypted; file attributes set 8 XNA File names encrypted and attributes set, including those in sub-directories 9 XXNA All sub-directory names encrypted; All file names encrypted and attributes set within all sub-dirs A DA File names and data encrypted and attributes set in root directory B DA Same as #A C XDA File names and data encrypted and attributes set, including those in sub-directories D XXDA Sub-directories, file names and data encrypted, and attributes set within all sub-directories. 2.3 Password selection and other options Now that you have specified the files and/or directories to protect and the security levels to use, you may want to specify a couple other options, so that the SENTRY module is just what you want. First among these is to give the module a password of your own invention instead of the pathetically unimaginative default one, 'PASSWORD'. This can be from 1 to 8 characters, including numbers and special characters. (For a discussion on changing this password on the fly within SENTRY, see section 3.1 below). Other SENTRY characteristics can likewise be set from the GUARDSET screen. Refer to messages I19 thru I28 below. - 9 - 2.4 GUARDSET screen messages As you cursor around on the GUARDSET screen, you will always be presented with a message on the 3rd line of the screen. The messages beginning with an 'I' are informational messages related to your current cursor position on the screen; they tell you what the program expects from you at that point. The 'W' warning messages and 'E' error messages only appear when you have hit F7 to create SENTRY, and something is not right. Other 'grunts' of the speaker that are not accompanied by a message simply mean that the key you hit has no meaning or is invalid in the current situation. Following are explanations of each GUARDSET screen message: I05: Enter the drive letter where you want GUARDSET to store the SENTRY program. See next note on naming the SENTRY program. I06: Enter the full path name of the program. The initial path name 'C:\SENTRY.COM' is only a suggestion. Any valid DOS file name with the .COM extension is OK. Likewise, you may put this program on any subdirectory or any disk drive of your choice. NOTE: Do not use the DOS COPY or REName commands or any other utility to change the path name that you give here. See note in section 1.4. I07: Enter a 'D' if the items to be protected are directories Enter an 'F' if they are files The character you type in here will automatically be used to set the item type switch (under the '?') for each new line you enter below. See also message I11 below. I08: Enter '0' thru '9' or 'A' thru 'D' for default security level. See tables above. The character you type in here will automatically be used to set the security level switch (under the '!') for each new line you enter below. See also messages I12 thru I17 below. I09: Enter the drive letter where this item (file or directory) is located. (This will usually be 'C') I10: Enter the full path name of the directory or file(s) to be protected. To designate a group of files, the wildcard characters '*' and '?' may be used as with any DOS command. I11: If the name just entered was a directory, enter a 'D' here. If it was a file or group of files, enter 'F'. If it was the root directory (only the drive letter with no path name), enter 'R'. I12: Enter '0' thru '9' or 'A' thru 'D' for security level, if you want to override the default level chosen above (I08). See also the tables above and messages I13 thru I17 below. - 10 - You will rarely, if ever, have occasion to set the individual switches under the columns labelled 'DSFAxx'. Message I13 through I17 refer to these switches: I13: The item named is a directory. Enter 'X' here to encrypt its name. I14: The item named is a directory. Enter 'X' here to continue processing into its sub-directories. If this option is chosen, whatever action was requested for the named directory will continue for each of its sub-directories, each of their sub-directories, etc...as far as 9 levels down through the directory tree structure. I15: Enter 'N' here to encrypt file names, or 'D' to encrypt file data. If the named item is a directory, all files within that directory will be encrypted. If the item is a file or group of files, only those named will be affected. I recommend always coupling this option with file attribute plan 'A' as described below, so that the encrypted file names (especially in an unencrypted directory) will be hidden, and not appear on a DIR command...but you may choose differently - read on: I16: Enter 'A', 'B', 'C', or 'D' here to choose one of the following plans for setting file attributes. (Again, if the named item is a directory, all files in that directory are affected; if it is a file name or group of file names, only those named are affected). Refer to Appendix A for notes on the various file attribute combinations possible, and their corresponding hex values. If you find the following information on the four plan types to be boring or obscure, just stick with plan 'A': Plan A: This is the suggested method of altering file attributes. Most files on a typical PC disk or diskette are of three types: Normal, in which no attribute bits are set, Archived normal, in which only the archive bit is set, and the DOS system files, in which the archive, DOS file, hidden, and read-only bits are all set. Plan 'A' sets these three common attribute bit patterns to three very uncommon bit patterns when SENTRY is run in 'encrypt' mode, which all have the effect of hiding the file. The original bit patterns are then restored when SENTRY is run again to decrypt. All other bit patterns are left unchanged. The uncommon bit patterns used are: DOS bit alone, DOS plus hidden alone, and DOS plus read-only alone (Hex 04, 05, and 06, respectively). If you happen to use any of these attribute bit combinations in any of your files, please note this: Under plan 'A', if SENTRY encounters a file with one these attribute bit patterns during a 'decrypt' run, it will convert it to one the common patterns mentioned above. - 11 - Plan B: This plan affects only the archive bit. Under it, when SENTRY is run to encrypt, the archive bit is set off for all files affected. When SENTRY is run to decrypt, archive bits are set on for all files affected (even for those whose archive bits were originally off). If you use the DOS BACKUP and RESTORE options or similar utilities that only back up files whose archive bit is set, you may find this plan useful, even without encrypting the file name, if all you want is to keep certain 'nuisance' files from being backed up. Plan C: Under this plan, when SENTRY is run to encrypt, all files affected are assigned the same attribute pattern: Archive off, DOS, hidden, read-only all on (hex 07). When SENTRY is run again to decrypt, all files affected are assigned a normal, archive-on attribute (hex 20). This plan works fine for most cases, too, but if you have any hidden or read-only files that would be affected, they will be converted to normal archived files after one cycle. Plan D: This is the same as plan 'C', except you assign whatever bit pattern you want for all encrypted files. (See next message for details on that.) Like plan 'C', when SENTRY is run again to decrypt, all files affected are assigned a normal, archive-on attribute (hex 20). I17: Unless you asked for plan 'D' above, you will never see this message. Specify the hex value here (0 thru 7 or 20 thru 27) of the attribute bit pattern you want SENTRY to assign to each encrypted file. Refer to Appendix A for notes on the various file attribute combinations possible, and their corresponding hex values. I19: Specify the hex value here (0 thru 3 or 20 thru 23) of the attribute bit pattern you want to assign to SENTRY itself. If SENTRY will be placed on your hard disk, you can specify here that SENTRY be a hidden, read-only file (hex 03), or whatever you choose. The default value is 0. Refer to Appendix A for notes on the various file attribute combinations possible, and their corresponding hex values. I20: This switch is normally set to 'Y' (Yes), which means that whenever SENTRY is run to decrypt, it will display a message telling the date and time of the most recent good access. To suppress this screen message, enter 'N' here. I21: This switch is normally set to 'Y' (Yes), which means that whenever SENTRY is run, it will display simple progress messages as it encrypts or decrypts each named path. To suppress these screen messages, enter 'N' here. - 12 - I22: This switch is normally set to 'Y' (Yes), which means that whenever SENTRY is run to decrypt, it will demand that the correct password first be keyed in. If you want to skip the password logic, enter 'N' here. Notice that if you do so, the following six messages are irrelevant: I23: If you want a new password, key it in here, from 1 to 8 characters. Also see section 3.1 below for changing the password on the fly through SENTRY itself. I24: SENTRY normally allows 3 attempts at entering the password before denying access. Change that value to any number from 1 to 99, if you wish. I25: This switch is normally set to 'N' (No), which means that the keyboard buffer is not purged before the password is accepted. (So you can type ahead, before you actually get the password prompt). If you want to disallow typing ahead, enter 'Y' here. I26: This switch is normally set to 'Y' (Yes), which means that, if the correct password has been entered, it can then be changed on the fly through SENTRY itself. If you want to disallow such password changes, enter 'N' here. (You will still be able to change SENTRY's password via GUARDSET.) I27: This switch is normally set to 'N' (No), which means that if access is being denied because the correct password was not entered, SENTRY will merely pass control back to DOS, with the appropriate errorlevel code. If you want, SENTRY can go into an infinite loop instead, which will lock up the processor and force a re-boot. To choose this option, enter 'Y' here. I28: In the case of a failed access attempt, SENTRY records the time, date, and passwords attempted. At the next good access attempt, this information will be displayed on the screen. Normally, this information is accompanied by an alarm beep from the speaker to alert you to the fact that an unauthorized access was attempted. To suppress this alarm, enter 'N' here (Screen message will still appear). I30: If you are creating a SENTRY program on a floppy diskette I31: drive, or are specifying items to protect on a diskette drive, GUARDSET may need to prompt you with these messages as to when to change diskettes. - 13 - W40: If you brought up an existing SENTRY program (see section 2.0), you may hit the F10 key at any time to delete it. This warning message will always prompt you to hit Alt-F10 to verify the delete action. GUARDSET completely wipes the SENTRY program from the disk, so that no unerase utility can restore it. Moreover, since you may use this option to clean out old SENTRY modules no longer in use, GUARDSET does not verify the status of any directories or files involved; they could even be in an encrypted state. It's up to you to make sure you are not deleting an active SENTRY! If you hit any key other than Alt-F10, the SENTRY model will not be deleted. Until you create another SENTRY, the support mechanism will retain the specifications for the deleted SENTRY, so that you can later select the deleted SENTRY from the menu and rebuild it, if necessary. When you create a new SENTRY, the new specs will very likely overlay the 'deleted' specs, making a rebuild impossible. W50: This warning message means that the SENTRY module will itself be one of the files that will become inaccessible upon running it in encrypt mode. Therefore, DOS will not be able to load it to run it to decrypt! (Catch-22) You can go ahead and hit Alt-F7 to create this SENTRY module, but be sure you also make another SENTRY that performs the same actions and is outside the affected paths. The only scenario I can think of where you actually want to do this is when you want SENTRY to encrypt, say, all directories on drive C, and you want SENTRY on drive C also, for convenience. You would then create a 2nd SENTRY on a floppy disk to use in decrypting. Normally, you'll want to avoid this altogether. Assign SENTRY to a drive and directory that will not be affected by its own encrypting action. If you hit any key other than Alt-F7, the SENTRY program won't be written, and you can continue to edit the screen. W60: This warning message means that the SENTRY module already exists. Hit Alt-F7 to go ahead and write over the existing SENTRY program. When using GUARDSET to alter an existing SENTRY, you will naturally always get this warning message. If you hit any key other than Alt-F7, the SENTRY program won't be written, and you can continue to edit the screen. - 14 - W65: This message is the result of GUARDSET's support mechanism at work helping to prevent a security system conflict. Before creating or re-creating a SENTRY program, GUARDSET looks at the specifications for all other SENTRYs created so far. If it discovers a conflict in protection specs, it displays this warning message in the form 'Conflict with AAAAAAAAAAAA (XXX,YY,ZZ)' in which 'AAAAAAAAAAAA' is the name of the other SENTRY involved in conflict, 'XXX' is the menu page number where that SENTRY can be found, 'YY' is the line number on that menu page, and 'ZZ' is the item number within that SENTRY causing the conflict with the highlighted line on the screen. You may go ahead and continue creating the current SENTRY by hitting Alt-F7, or you may change the specs for the current SENTRY so as to remove the conflict. If you choose Alt-F7, I strongly recommend that you visit the other SENTRY referred to in this warning, and either alter its specifications, or delete it. Running two or more SENTRY programs whose specifications are in conflict could result in a data mess such as the one described in problem #1, section 3.3 below. E70: This error message will be displayed if you try to tell GUARDSET to modify a program other than one of its own SENTRY children. (If you have a customized GUARDSET, SENTRY modules you have created will produce this error in any other GUARDSET that is invoked to alter or view them.) E71: This error message means that the highlighted line contains no directory or file path name, only a drive letter. If you really want to encrypt everything in the root directory itself, you must also enter 'R' in the line below the '?' to confirm that you mean the root directory. (Message I11.) E72: This error message means you specified 'R' for root directory, yet you have named a file or directory beyond the drive letter. If you really want to encrypt everything in the root directory, delete everything in the name but the drive letter. E73: The highlighted path name was sought and not found. Check spelling, etc. Note also that if this path was left in an encrypted state, you will get this message. SENTRY modules should be altered or created only when the affected files and directories are in the normal state. E74: The two highlighted entries are giving SENTRY redundant instructions. If, for example, you specify directory DIR1 and all its sub-directories and file names to be encrypted, and in another line you name one of those sub-directories, SENTRY is being asked to encrypt that sub-directory twice. In this example, correct by either removing the reference to sub-directories of DIR1, or removing the entire line referring to the sub-directory in question. - 15 - E75: The two highlighted entries have switch settings which conflict with each other. If, for example, you specify directory DIR1 and all its sub-directories and file names to be encrypted, and in another line you specify the data for a certain group of files in DIR1 to be encrypted, that won't work. SENTRY is being asked to encrypt file names in one instance, and data in another. Either remove the switch to encrypt all files within DIR1, or remove the entire line naming those specific files. E76: Switch settings are such that SENTRY will perform absolutely no action on the highlighted item. If you are in doubt how to set the individual switches, use the security level switch to set the other switches, referring to sections 2.211, 2.212, and 2.213 above. E77: The only time you will see this error message is if you specify data encryption for files that will include the two DOS boot files on a system disk (IBMBIO.COM and IBMDOS.COM, or IO.SYS and MSDOS.SYS). A data encryption/decryption cycle will restore every file exactly as it was, but they may be in a different physical location on the disk. This is not important EXCEPT when it comes to these boot files. Either settle for file name encryption without data encryption, or use wildcard characters to ensure that these files are not included in any data encryption cycle. E80: The SENTRY.COM file cannot be opened and written. This may be a hardware problem (??) E81: This error message is essentially the same as E70. You cannot overwrite any program except for SENTRY programs that you created with the same GUARDSET module. E82: This error message means that the drive and directory to contain the SENTRY module was sought and not found. Check spelling, and (like message E73) check to see whether this path might be in an encrypted state. E83: The name you give to SENTRY must be a valid DOS file name, from 1 to 8 characters. E84: SENTRY's file extension must be .COM E89: DOS 3.0 or later is required to run GUARDSET. E90: This error message will be displayed if you have altered GUARDSET so as to cripple it. E91: These messages refer to miscellaneous file I-O problems. thru E99: Like E80, the exact problem is unknown to GUARDSET; may be hardware or other critical I-O problem. - 16 - 2.5 Four examples An example is worth a thousand explanations. Below are four screen mockups representing four different SENTRY modules that GUARDSET could create, and what the GUARDSET screen would look like in each case. In the first example we have a small business scenario where we want to protect payroll data, and we choose to stick with the default settings for the directory named 'PAYROLL'. We assign a password which the both you and your accountant will know, in order to access the basic payroll data. With the GUARDSET program diskette in drive A, type the following: A:\GUARDSET [Enter] then edit the screen to look like this: GuardSet v 2.0 (c) 1989, 1993 Jerry DePyper * Your name or message here * F7=Create Program ESC=Exit to DOS Model: Program:C:\SENTRY.COM ┌──────────────────────────────────────────────────────────────────────────────┐ │ Default switch '?' (What is it ??) : Directory Switches │ │ Default switch '!' (Security level): 0 ?!DSFAxx │ │ 1.C:\PAYROLL D0X │ │ 2. │ │ 3. │ │ 4. │ │ 5. This is just an example. Unless you have a directory 'C:\PAYROLL', │ │ 6. you can't create a SENTRY program exactly like this. │ │ 7. │ │ 8. │ │ 9. │ │ 10. │ │ 11. │ └──────────────────────────────────────────────────────────────────────────────┘ Program file attribute: 0 Normal `Last access' msg (Y/N): Y Progress msgs (Y/N): Y Password Req'd? (Y/N): Y Password: LETMEIN Attempts: 3 Keybd purge? N Allow change? Y Seize? N Post-fail alarm? Y - 17 - In the next example, we use the first SENTRY created above to serve as a model. 'PAYROLL' is included WITH THE SAME SWITCH SETTINGS as the model program, plus the 'PERSONAL' directory is included, and two tax files within it are given data encryption. This SENTRY2 is placed in an out-of-the-way directory, is itself assigned a hidden, read-only attribute, and is given a password that only you know. So both you and your accountant can control the 'PAYROLL' directory, but only you may access your personal stuff. You could create this SENTRY2 right away, without quitting the first screen above, or bring up the first SENTRY from the GUARDSET menu, or, with the GUARDSET program diskette in drive A:, you could get the first SENTRY program directly by typing: A:\GUARDSET C:\SENTRY.COM [Enter] then edit the screen to look like this: GuardSet v 2.0 (c) 1989, 1993 Jerry DePyper * Your name or message here * F7=Create Program F10=Delete Model ESC=Exit to DOS Model:C:\SENTRY.COM Program:C:\SECURE\SENTRY2.COM ┌──────────────────────────────────────────────────────────────────────────────┐ │ Default switch '?' (What is it ??) : Directory Switches │ │ Default switch '!' (Security level): 0 ?!DSFAxx │ │ 1.C:\PAYROLL D0X │ │ 2.C:\PERSONAL D0X │ │ 3.C:\PERSONAL\TAXINFO.* FA DA │ │ 4. │ │ 5. │ │ 6. This is just an example. Unless you have directories 'C:\PAYROLL' │ │ 7. and 'C:\PERSONAL', you can't create a SENTRY program exactly like │ │ 8. this. │ │ 9. │ │ 10. │ │ 11. │ └──────────────────────────────────────────────────────────────────────────────┘ Program file attribute: 3 Hidden Read-Only `Last access' msg (Y/N): Y Progress msgs (Y/N): Y Password Req'd? (Y/N): Y Password: IMDBOSS Attempts: 3 Keybd purge? N Allow change? Y Seize? N Post-fail alarm? Y - 18 - This third example demonstrates one way to put your whole hard disk out of reach. The first entry encrypts all sub-directory names on drive C, and the second entry hides and encrypts all files on the root directory. (By using two entries in this way, the overhead of handling all files on all sub-directories is avoided). Since this will result in a non-bootable hard disk, the SENTRY.COM is placed on a floppy disk that also contains the DOS boot files. This diskette, then, is used to boot the system and decrypt drive C. Needless to say, this is an extreme measure. GuardSet v 2.0 (c) 1989, 1993 Jerry DePyper * Your name or message here * F7=Create Program ESC=Exit to DOS Model: Program:A:\SENTRY.COM ┌──────────────────────────────────────────────────────────────────────────────┐ │ Default switch '?' (What is it ??) : Directory Switches │ │ Default switch '!' (Security level): 0 ?!DSFAxx │ │ 1.C:\ R5XX │ │ 2.C:\*.* F3 NA │ │ 3. │ │ 4. │ │ 5. │ │ 6. │ │ 7. │ │ 8. │ │ 9. │ │ 10. │ │ 11. │ └──────────────────────────────────────────────────────────────────────────────┘ Program file attribute: 0 Normal `Last access' msg (Y/N): Y Progress msgs (Y/N): Y Password Req'd? (Y/N): Y Password: WATCHIT Attempts: 3 Keybd purge? N Allow change? Y Seize? N Post-fail alarm? Y - 19 - In the final example, we have an indication of how flexible SENTRY can be. By not filling in any lines, and by specifying no password required, we create a simple little pseudo-log file. We can run this with the /o switch (see section 3.0 below) from our AUTOEXEC.BAT or any regular batch procedure, and it will display a message telling us the time and date that we last logged on or ran the batch job. In contrast with example #3, this innocuous little program is compatible with any other SENTRY you may create. GuardSet v 2.0 (c) 1989, 1993 Jerry DePyper * Your name or message here * F7=Create Program ESC=Exit to DOS Model: Program:C:\LOG.COM ┌──────────────────────────────────────────────────────────────────────────────┐ │ Default switch '?' (What is it ??) : Directory Switches │ │ Default switch '!' (Security level): 0 ?!DSFAxx │ │ 1. │ │ 2. │ │ 3. │ │ 4. │ │ 5. │ │ 6. │ │ 7. │ │ 8. │ │ 9. │ │ 10. │ │ 11. │ └──────────────────────────────────────────────────────────────────────────────┘ Program file attribute: 0 Normal `Last access' msg (Y/N): Y Progress msgs (Y/N): Y Password Req'd? (Y/N): N - 20 - 3.0 Running SENTRY Each SENTRY module that you create runs in two modes, determined by a command line switch. SENTRY /L (Lock) encrypts the files and/or directories under its charge. SENTRY /O (Open) first asks for a password, then decrypts the same files and/or directories. Invoke SENTRY thus: SENTRY /L To encrypt (Lock) the specified files and/or directories SENTRY /O To decrypt (Open) " " " " " If SENTRY is in a sub-directory that is not on the DOS search path, you will also have to include the full path on the command line. e.g. '\SECURE\SENTRY /O' 3.1 Entering and changing the password The password logic in SENTRY is a little unorthodox in that all keystrokes entered are accepted as possible password characters - even cursor movement keys, backspace, etc. This means that you will not be able to erase or edit out of a mistyped password...just hit the carriage return key and try again. And when you set a new password as described below, you can likewise use cursor movement keys, embedded spaces, and function keys as part of the password. Alphabetic characters in the password are not case-sensitive. That is, it doesn't matter whether you key the lower case or upper case form of the letters of the alphabet. Unless you set the password option or the change-password option off (see section 2.4, messages I22 and I26), you can change SENTRY's password on the fly whenever SENTRY is run to decrypt. At the password prompt, key in the correct password as usual, but, instead of following the password with a carriage return (Enter key), hit the spacebar once. Then key in the new password (1 - 8 keystrokes), and follow it with the carriage return key. If you did that correctly, SENTRY will then prompt you to verify the new password by typing it in again (without the old one this time). This ensures that your new password is really what you want it to be. If you correctly verify the new password, SENTRY accepts it. From now on, this new password will be required. Otherwise, the old password is retained. 3.11 Gotcha! (Catching a would-be snooper) If someone tries to run SENTRY /O to gain access to areas you have encrypted with SENTRY /L, he will be unable to get past the password requirement. Then, upon your next successful access, the number of failed attempts will be displayed, with the time and date and passwords attempted. Be sure to record this information (e.g. print the screen), as SENTRY will not save it. Even if someone learns your password and gains access, you may be able to catch the intruder by paying close attention to the time and date of the last access, which is displayed at every access (unless this option was set off - see section 2.4, message I20). - 21 - 3.2 Using batch files I suggest using batch files to automate the use of SENTRY. For an example of what to set up, I have included two batch files on the product diskette, LOCK.BAT and UNLOCK.BAT. These are intended as examples only...you should set up your own batch files tailored to the name you gave to your SENTRY program, etc. You could also incorporate SENTRY into your present batch files or procedures. For example, you might set SENTRY up to encrypt the '123' directory where you keep all your Lotus 1-2-3 files and programs. The following '123.BAT' file would then automatically invoke SENTRY to prompt for a password and, if correct, open the 123 directory. After you have quit from 1-2-3, the batch file would invoke SENTRY again, this time to close the 123 directory behind itself: echo off rem 123.BAT (example batch file for using SENTRY) sentry /o if errorlevel 254 goto reject if errorlevel 4 goto openerr if not errorlevel 2 goto open_ok echo 123 directory was left open ! :open_ok cd\123 123 cd\ sentry /l if not errorlevel 3 goto end echo Cannot close 123 directory goto end :openerr echo Cannot open 123 directory goto end :reject rem An unauthorized access attempt! rem Take whatever action you deem necessary here :end As this example illustrates, using a batch file lets you take advantage of the error values returned to DOS by SENTRY. These are the possible errorlevel values: 0 Successful 1 Lock option chosen; nothing found to encrypt (already locked) 2 Open option chosen; nothing found to decrypt (already open) 3 Lock option; cannot encrypt - directory not found, or file error 4 Open option; cannot decrypt - directory not found, or file error 5 Command line error. Must specify /O(pen) or /L(ock) 6 Invalid DOS version. Must be DOS 3.0 or later 7 Illegal program copy. (SENTRY was copied or renamed outside of GUARDSET) 254 Open option - correct password not entered (request rejected) 255 Open option - Ctrl-C or Ctrl-Brk hit at password prompt (reject) Sensing a rejected access attempt (errorlevel 254 or 255) opens up many possibilities. You may passively return to DOS as in the above example, delete certain key files, or whatever you want to do. - 22 - 3.3 Trouble-shooting SENTRY PROBLEM #1: Files or directories left encrypted by 'SENTRY /O' This may happen if you create two (or more) SENTRY programs that each address the same directory, file, or group of files. This is perfectly workable as long as the switch settings for the common items are compatible in each SENTRY. In big letters: WHEN TWO OR MORE SENTRY PROGRAMS WILL ENCRYPT THE SAME ITEMS, THE SWITCH SETTINGS SHOULD BE IDENTICAL IN EACH CASE. To ensure that this is the case, use one SENTRY as a model to create the second. (As an illustration of this, see section 2.5, examples 1 and 2.) This problem, then, comes when the above rule has been violated. For example, SENTRY1 may have encrypted a certain directory and all files within it, then SENTRY2 decrypted only the directory (because file encryption was not specified for SENTRY2). The result is a decrypted directory containing encrypted files, and even if you now run SENTRY1 /O at this point to decrypt the files, it fails to take any action on this item. So, what to do? Run the less comprehensive program (SENTRY2 in this example) with the /L switch to encrypt the directory name, then run SENTRY1 /O to decrypt both the directory and its files. That is, you 'back out' of the situation by running the reverse mode of each SENTRY in reverse order. Then use GUARDSET to change either SENTRY1 or SENTRY2 so that this doesn't happen again. NOTE: A very special case of this sort involves data encryption. For example, SENTRY1 encrypts a file name and data, then SENTRY2 decrypts only the file name, thus resulting in a decrypted file name containing encrypted data. If at this point you run 'SENTRY1 /L' to encrypt again, it will find the decrypted file name and go ahead with the name and data encryption. This will result in 'double-encrypted' data (which is NOT the same as decrypted data), and things could get a little messy. The 'back out' procedure still applies here to correct the situation, but it is much better to avoid this problem altogether by setting the switches identically for items common to two or more SENTRY programs. Best solution: Heed warning message W65! PROBLEM #2: SENTRY always returns errorlevel value 1 or 2 Errorlevel values 1 and 2 will be returned whenever SENTRY fails to encrypt / decrypt anything. This is usually because you are trying to encrypt what is already encrypted, or to decrypt what is already decrypted, as noted in section 3.1 above. It is possible, however, to create a SENTRY that, say, only sets file attributes, and never does any actual encryption. This SENTRY will always return these two error codes. Or, you may have deleted all files or removed all directories that SENTRY was looking for, so it found nothing to encrypt. In either case, you should modify SENTRY, or at least modify the batch file to treat these two error values as OK. - 23 - PROBLEM #3: Screen message 'Error 5', 'Error 6', or 'Error 7' 'Error 5' - Command line error. You must specify /O(pen) or /L(ock) 'Error 6' - Invalid DOS version. Must be DOS 3.0 or later 'Error 7' - Invalid program copy. If you copy, move, or rename the SENTRY program without using GUARDSET to do so, SENTRY will refuse to function. See note in section 1.4. Of course, you already noticed from section 3.2 above that error- levels 5, 6, and 7 are returned to DOS in these three cases. PROBLEM #4: Processing takes a long time This is usually not a problem unless you have specified data encryption for a number of large files. You may want to re-evaluate the security level considerations, and choose data encryption only for a few select files. In any case, processing speed may be improved by increasing the 'BUFFERS=' parameter in your CONFIG.SYS file. Try BUFFERS=20, or a higher value. For more information on the CONFIG.SYS file, see your DOS manual. It may also help to periodically reorganize your disk with a disk defragmenter utility. Since almost all the work done by SENTRY involves disk I-O, using an accelerator board or running in turbo mode to speed up the processor will be of little value here. PROBLEM #5: Incompatibility GUARDSET and SENTRY are designed to be compatible with MS-DOS/ PC-DOS on an IBM or IBM-compatible machine. Compatibility is not guaranteed with non-DOS systems, nor with any particular disk-cache or disk management software. If you think this may be a problem, please experiment with a test file or directory first, before using GUARDSET/SENTRY in earnest. STACKER, for example, is one utility that I know of at this writing that is incompatible with GUARDSET. PROBLEM #6: 'Last Access' date & time are wrong Aha! Somebody knows your password, and has accessed SENTRY since you did last! Better change your password pronto. Another possiblity: the system date & time were wrong when you last ran 'SENTRY /O' to decrypt. If this is the case, you may just need a new clock or CMOS battery. Also, on some XT systems, make sure you have called 'ASTCLOCK', 'AUTOTIME', or other clock utility before running SENTRY. Please note that in these cases the date & time recorded for any failed access attempt will likewise be meaningless. - 24 - Appendix A: File attributes and their hex values DOS uses a one-byte field in the directory entry of each disk file to define the attributes for that file. Disregarding directories and labels as special cases, four bits in this byte are used: The low-order bit (value = 1) is the read-only bit. When it is turned on, DOS and some programs will refuse to update the file's data. Since many utilities and programs circumvent this measure, it is of limited value in protecting data. Next is the hidden (value = 2) bit, which prevents a DOS DIR command from displaying the file, and which will prevent DOS from copying or deleting the file. Again, this is relatively easy to circumvent with many utilities. The DOS file bit (value = 4) is generally used only by DOS for its own system files. In addition to hiding the file like the previous attribute, DOS will refuse to execute any program that carries this attribute. (That's why GUARDSET will not let you assign this attribute to a SENTRY program) The archive bit (value = hex 20 or decimal 32), is usually turned on whenever a file is created or updated. The DOS BACKUP program and many other backup utilities will set this bit off when backing up the file, and may not back it up again until it has been set on again (i.e, the file has been changed). Two or more of these attributes may be combined to define a single file. In a couple places, the GUARDSET screen uses the resultant hex value to refer to a file's attributes, as follows: Hex Attribute description 0 Normal (no attributes set) 1 Read-Only 2 Hidden 3 Hidden Read-Only 4 DOS 5 DOS Read-Only 6 DOS Hidden 7 DOS Hidden Read-Only 20 Archive Normal (most common) 21 Archive Read-Only 22 Archive Hidden 23 Archive Hidden Read-Only 24 Archive DOS 25 Archive DOS Read-Only 26 Archive DOS Hidden 27 Archive DOS Hidden Read-Only - 25 - Appendix B: Design history and background Throughout this program development process, I kept two principles in mind: 1) Compatibility with DOS and a logic flow that will not allow any data to be lost, even in the event of a power failure during processing, and 2) Real security, which means that the original non-encrypted file or directory names and file data are not discernible, that the encrypted names cannot be entered from a keyboard, and that the encryption sequence is not discernible. For efficiency, the encryption module is written in assembler, and for compatibility, it uses only DOS interrupts to do its file and data manipulation. It began when I was looking for a way to automatically hide and encrypt directory names on a hard disk as a means of making sensitive data harder to reach. As mentioned above, this is usually enough in most situations to keep would-be snoopers at bay. But, since there are many utilities that will display a hidden directory for you and place you within it without typing its name from the keyboard, I decided it would be a nice option to be able to encrypt file names as well, and manipulate a file's attributes in the same automatic way. Now, not only casual snoopers but more serious and knowledgeable ones are thwarted in their efforts. As a logical extension to this line of reasoning, I then added data encryption as well, to make snooping next to impossible. This added a new dimension to the original encryption program: Directory and file names and file attribute can be changed with minor adjustments to the directories DOS uses for all its file handling, while data encryption was a different animal. To continue to maintain my two guiding principles, data encryption took this form: 1. A second file is created. 2. The original file's data is copied to this file in encrypted form. 3. The second file is given an encrypted name corresponding to the original file's name. 4. The original file's data is physically overwritten (so no trace of the sensitive data remains on the disk). 5. The original file name is changed, and it is deleted. This is the only way to hide the original data from even the most tenacious intruder while ensuring that it will not be lost in the event of a power failure, etc. And while the program uses an efficient, tight code to achieve this, the disk I-O for a number of large files can be quite extensive. Safety vs speed...I'll take safety any day; how about you? So, there it was; a complete encryption program (SENTRY) that was still under 5K in size (4K without data encryption)! All that was left was to enclose this little program inside a 'mother' program and allow you to tailor it to your own needs. The result, of course, is the GUARDSET program, written in Microsoft C. I alone retain possession of yet a third program, which I use to customize GUARDSET for each registered user, so that no GUARDSET/SENTRY user poses a security threat to another.