Jekson's blog

You will want to consider a number of encryption types.

 File encryption: File encryption means that individual files are encrypted with a password. This type is appropriate when sending a confidential file over an open line, for example Internet Mail. This method works for small amounts of data, but becomes too unwieldy as the volume of data increases. Directory encryption: This encryption type is appropriate in networks to prevent access from users which have rights to read other users' data. It may also be useful for protecting data on diskettes or a local hard disk in the absence of other methods of security.

Master Boot encryption: This encryption type allows you to hide the partition data of the computer. This ensures that no-one can gain access to the hard disk after booting from diskette. The data itself, however, is unencrypted, and can be read using a low-level tool for reading sector by sector. Many system viruses can damage Master Boot encryption, making it necessary to partition and reformat the disk from scratch, depending on how the encryption is performed.

Full hard disk encryption: This encryption type encrypts every single sector on the entire disk. Even when a low-level tool is used from a startup diskette, no meaningful data can be read.

COM port encryption: This encryption type is designed to protect communication using a modem however, it has been superseded by hardware solutions built-in to firewalls or modems.

LPT port encryption : A combination of software and hardware will need to be used to encrypt data dent to the printer. Some solutions automatically encrypt print data, with hardware connected to the printer to ensure that what is printed makes sense. The possibility ofmonitoring the printer cable is the reason why some people need this solution.

Encryption keys.

There are a great many strong encryption algorithms, and a lot of effort has gone into cracking them. The most common method is called ?brute force?, and involves searching through all possible keys, of length 1 to ?x?. If the length of the key is known to be 8 bits, the number of possibilities is 28 (256). A PC needs less than 10 seconds to work through all possibilities. If the length of the key is increased to 40 bits, there are 240 possible keys, and it now takes several months to find the key. It is not impossible to find the key, but the expense involved probably exceeds the value of the protected data. It is self evident that a system is only as strong as its weakest part, and this applies equally to encryption algorithms. In theory, an RSA or RC4 (used in SSL) with a 40 bit encryption key is adequately secure for most purposes. The weak link in the encryption process is the generation of the key. The number of possible keys can be reduced if the hacker analyses the way in which the key is created. A weak key generation procedure can mean that it is possible to crack a strong encryption algorithm in a matter of minutes. This is what happened to SSL in 1995.

Encryption algorithms.

There are a large number of encryption algorithms. The most widely methods include :

DES - Data Encryption Standard was developed more than 15 years ago, and is one of the most respected algorithms. It has withstood most attempts to crack it, and currently exists in a number of versions.

CRYPT(3) - A version of DES for UNIX systems.

RC2 and RC4 - This algorithm has a variable key size. It was developed by Ron Rivest for RSA Data Security, Inc. RC is short for ?Ron?s Code?. The algorithm itself has never been made public.

IDEA - This encryption algorithm works on 64 bit blocks containing data previously divided into four sub-blocks. Encryption then takes place, and the blocks are combined in different ways.

RSA - Ron Rivest, Adi Shamir and Leonard Adleman introduced this algorithm in 1978, and it remains one of the strongest encryption algorithms in use. RSA uses shared and private keys for encryption/decryption. However, RSA is a slow algorithm - at it  fastest it is 100 times slower than DES in software.

SNEFRU - This is a one-way hash algorithm designed by Ralp Merkle. Thehash function converts incoming data to 128 or 256 bit values.

MD2 - A one-way hash function designed by Ron Rivest.The function produces a 128 bit hash value from incoming data.

MD4 - A one-way hash function designed by Ron Rivest. MD meansMessage Digest, and creates a 128 bit hash value from incomingdata.

MD5 - MD5 is a further development of MD4, and also creates a 128 bithash.

SHA - Secure Hash Algorithm, developed by the National Institute ofStandards and Technology with the National Security Agency. SHAis very similar to MD4.

RIPE-MD - A version of MD4. It was developed by the EU's RAC project.

HAVAL - A one-way has function with variable length.

SKIPJACK - A top secret algorithm for Clipper and Capstone (encryption chips).

The code and algorithms are known only by highly cleared USGovernment and contractor personnel.

DFFIE-HELLMAN -

The first public key algorithm created.The algorithm can be used for distributing keys.

XOR - There are a large number of XOR encryption algorithms. They areamong the simplest, and a very fast.

BLOWFISH - A type of XOR encryption, but much stronger.

Security systems

KERBEROS -Tried and tested third party authentication product for UNIX

TCP/IP networks. Kerberos is based on symmetricalencryption. A secret key determines whether the user isallowed access. Kerberos is available in versions 4 and 5.

IBM SECRET-KEY MANAGEMENT PROTOCOL -Key administration system for communication and filesecurity in networks, -using symmetrical encryption. Thesystem was designed by IBM at the end of the '70s. The protocol has three main functions: Secure communication between servers and terminals, secure file transfers to the server, and secure communication between servers.

KRYPTOKNIGHT - Authentication system designed by IBM, with a secret protocol using DES or a modified version of MD5.

PEM - Private Enhanced Mail is an Internet standard for secure email over the Internet.

MSP - Message Security Protocol is the military's answer to PEM. It was developed by NSA at the end of the '80s. It is an X.400 compatible application protocol used to protect e-mail. This component of the NATO approved military message format is an integral part of the US Defense Department?s DMS (Defense Messaging System) project.

PGP - Pretty Good Privacy is a public domain encryption program designed by Philip Zimmerman. It uses IDEA for encrypting data, RSA for handling keys and MD5 for the one-way hash function. PGP can also compress files.

CLIPPER - Clipper is an electronic chip, designed by NSA, that uses the Skipjack encryption algorithm. Each chip has its own key.

Smartcard technology

There are two current card technologies that you should consider: Number generators (calculators) and smartcards. The number generator needs no additional hardware to work with a computer. It is therefore easy to implement. The technology provides a high level of security and is used for applications like cash transfers over the Internet. The lack of storage capacity, however, is a considerable drawback. It is not possible to obtain information like the username from the card. Smartcard technology needs a card reader installed in each computer. Card readers are available for desktop use, 3?? internal slots, or PCMCIA readers. The quality of the smartcard itself can vary, but some manufactures do supply cards of extremely high quality. The cards have a large storage capacity, their own operating and file systems, and a wide range of authentication methods. For example, a smart card can be installed so that it is the key required for access to the network. Without a smartcard and PIN code, a user is not allowed onto the network. One type of smart card reader, called B1, is manufactured by Siemens Nixdorf and SCM. Deutsche Telekom has developed a very powerful operating system for the smartcard itself. The system is called TCOS and has ITSEC E3 certification. One thing you should consider in connection with card readers is whether data is passed between the computer and the card in encrypted form. Many card readers are connected to the serial port, and if the data transport is not encrypted, a hacker has plenty of scope to crack the system in a short time. Some organizations use so-called ?Trust Center?. The purpose is to send the card's ?certificate? to the ?Trust Centers? to allow for near instantaneous revocation of their smart cards. The party reading the card sends its certificate to the ?Trust Center?, which checks that the card is still valid for use in the organization.

Smartcard operating systems

A smartcard has its own operating system, and communicates with it via a card reader. The smartcard also has its own file system, in which the operating system can protect files by means of encryption, passwords or PIN codes. Smartcards frequently have a set of keys suitable for use as digital signatures. The keys can also be used for encrypting data.

1. What if internal data gets into the wrong hands?

2. What if unauthorized users make changes to data?

If the consequences of either of the above are negative, you could do a simple sum showing how much an access control product would cost, set against any possible losses. Note that the quality of access control products varies considerably. You should choose the product that meets your specific requirements.

The successful implementation of a security project depends on the standardization of all hardware. The main purpose of standardization is tosimplify administration, but it is also important in creating a secure platform. Where users have permission to start any program they wish, they also have theability circumvent the installed security functions. If non standard drivers are used in DOS and Windows, there is no guarantee that these do not contain "back doors" that can be activated by particular key combinations. The DOS version, network drivers, Windows version and permitted drivers should all be standardized to make best use of the defined security. Large companies should have standardization as a useful objective, as it can provide considerable savings in support costs. The process is made easier if computers and network cards of the same brand are purchased, with peripherals like CD-ROMs and tape units from the same manufacturer.

Windows ?95 was launched in August 1995. Up to this time, tried and tested DOS and Windows security products were available that had met the varioussecurity requirements for this environment. The secrecy surrounding Windows '95 and the final version meant that producers of security products lost a great deal of time. They had to start from scratch, identifying the security weaknesses and learning new techniques, such as implement full hard disk encryption of a 32 bit operating system. The pressure created by Windows '95 was considerable, but it has taken time for the solutions started to appear. The entire process, from the launch of Windows '95 until the first access control products entered the market, took almost a whole year. This delay left many of those who chose to convert to Windows '95 exposed to major security problems. An IT manager can learn a lot from the circumstances surrounding the introduction of Windows '95. When changes are as significant as from DOS/Windows to Windows '95, the conversion should not take place for at least a year if security requirements are not covered by the operating system itself. Nevertheless, Windows '95 and Windows NT both include a number of security functions. These meet some of the needs of professional customers, but not all. The future demand for modular security programs will become even greater. To achieve an adequate level of security, we recommend a combination of the security features of the operating system with modules from an access control product. A Windows '95 access control product should perform at least the following functions:

1. Boot protection

2. Uninterrupted startup

3. Screen saver

4. Full hard disk encryption

5. Logon program

A Windows '95 computer switches from 16 bit to 32 bit disk access during startup, which complicates full hard disk encryption. Access control programs for Windows ?95 are using both pre-authentication and authentication methods.

Passwords are easy to forget. Many users therefore choose simple passwords.Organizations today have an average of three logon systems, usually each with different password rules. From the user's point of view, this creates a great deal of confusion. We know, as do the hackers, that 30-50% of users choose passwords like the name of their spouse, child, pet or car, or telephone numbers and dates of birth of family members. An IT administrator frequently like to place complex requirements on the choice of passwords, but then pays the price of having to deal with users forgetting their passwords more easily. The graph above will not come as a surprise, but it is important to bear it in mind. Why do users forget passwords when there are limitations on their structure? This is largely because users do not realize how important passwords are for security. A good password consists of between six and eight characters. One easy way of creating a good password, that is easy to remember, is to group together two and two or three and three (lower security) letter/characters, for example ?BA SK 86 18?. This method is already used as a way of making telephone numbers easier to remember (grouping 2+2+2+2 or 3+5). The advantage of these passwords is that they remain strong even if the composition of only two characters is changed. The widely-used alternative is to place an extra character after a spouse's name: BILL, BILL1, BILL2, etc. It should be the responsibility of the system administrator to inform users of the rules governing passwords, and to ensure that the rules are followed. It is difficult for a logon system to detect every weak password. This needs to be compensated for by creating a positive general atmosphere surrounding passwords and data security.

Modern access control products generally use two techniques for authenticating users: Pre-authentication and authentication. Both have their advantages and disadvantages. The diagram below shows the startup procedure using a hard disk. The computer's MBS (master boot sector) is executed. This then attempts to start the SBS (system boot sector) which, in turn, launches the operating system. In the case of DOS, the operating system looks for the files config.sys and autoexec.bat and runs them.TA system based on pre-authentication replaces the MBS with its own logon program that prompts for a user ID and password. A system based on authentication inserts a command into the autoexec.bat that prompts for a user ID and password. A pre-authentication system provides a high level of security, because it does not depend on the operating system. However the system cannot be integrated with the user IDs and passwords used in the network, nor is it possible to perform updates from the server before the user is logged on. This means that maintaining systems based on pre-authentication is tedious. In the case of authentication, a logon program is started from the autoexec.bat, allowing the network drivers to be started and updates performed before the user is logged on. This allows integration between the network and the access control system.

?Floppy boot protection? prevents a computer from being started from a diskette, with subsequent access to the hard disk. It is one of the fundamental elements in a security system. If drive C: can be accessed after booting from a diskette, this represents a gaping hole in your security. One common misconception is that the BIOS can provide security. Most modern computers allow the user to configure the BIOS so that the computer cannot be started from drive A:. This feature only lasts as long as the computer's internal battery. If the power supply to the BIOS chip is interrupted, all your settings are lost, and the BIOS will use its default values the next time it starts. Furthermore, it remains possible simply to move the hard disk to another computer whose BIOS settings do allow drive A: booting. The master boot sector is made up of a program and data. FDISK stores a standard program, while the data varies according to how the hard disk is partitioned. Some users allocate all disk space to drive C:, while others subdivide the space into drives C: and D:. A program offering ?Floppy boot protection? must replace the Master Boot Program with its own program, and encrypt the partition data. This prevents access to the hard disk after an attempt is made to start the computer from a boot diskette. When a boot diskette is used, only the following message is displayed: Invalid drive C: A large number of programs read partition data directly from the Master Boot Sector. The programs must be able to continue doing this even with ?Floppy boot protection? installed. Most access control programs are able to handle this situation. A good floppy boot protection system should also provide a security function that prevents the hard disk from being moved to another computer.

With full hard disk encryption, every sector of the hard disk is encrypted. Some access control products provide this feature. The following factors vary from one product to another:

1. Reduced performance

The more powerful the encryption algorithm, the poorer the performance of the computer. It is customary to choose a less powerful algorithm for full hard disk encryption so that performance does not suffer too much. For example, a test showed that full hard disk encryption using DES increased Windows startup time by 600-700%.

2. Encryption power

A compromise always has to be reached to ensure encryption does not unacceptably reduce computer performance. The most widely used algorithms - simple XOR, blowfish or proprietary algorithms (developed by individual companies) - maintain the best possible performance.

3. Handling 16 and 32 bit disk access

Many products have difficulties if 32 bit disk access is used in Windows. You should bear this in mind if individual applications require 32 bit disk access. There is a simple test that those uninitiated in the world of cryptography can use to determine the power of an encryption algorithm. Create a file containing nothing but the same character. It is a sign of weakness if the encrypted result also contains only a series of identical characters. 

Poor encryption algorithm :

Unencrypted data : AAAAAAAAAAAAAAAAAAAAA

Encrypted data : BBBBBBBBBBBBBBBBBBBBB

Good encryption algorithm :

Unencrypted data : AAAAAAAAAAAAAAAAAA

Encrypted data : #sah&%8jJnOlp)D#g1Hu/

Most users do not need to access DOS. The ability to use DOS usually complicates support, and skilled DOS users have plenty of opportunity to change parts of the configuration. Access to DOS, therefore, represents a reduction in the level of security. Many terminal emulators make it possible to access DOS by pressing a shortcut key, so we cannot be sure that users only authorized for a terminal emulator are not also using DOS. If the security level of an IT system requires that users are not prohibited from unrestricted use of DOS, the access control system must provide a corresponding function. A large number of access control products on the market provide a function preventing access to DOS from terminal emulators (including DOS emulators) and from within Windows.

Single point signon is a data security concept that if implemented, simplifies things for the user. It involves automatically sending the same password to all other applications that need user IDs and passwords when they are launched. However, single point signon is difficult to implement. One of the main reasons for this is the fast pace of change in the computer world. Today's solutions will already be outdated in a few months' time. In general, two different techniques are used for single point signon. The first is based on feeding the user ID and password, including the old password where necessary, into the keyboard buffer when an application is launched that requires them. The advantage of this method is that all the normal network loginscripts are run as normal. One disadvantage is that it easy to use up too much of the available memory in DOS. The other method uses API functions (Application Programming Interface) to authorize the user on the basis of his or her user ID and password. A disadvantage in networks is that any logon scripts, etc. are not run.

The computer prompts for the BIOS password immediately after it is switched on. Most BIOS versions provide the password function. In many cases, the password provides satisfactory protection if you are prepared to accept the following risks:

1. The BIOS password is kept stored by the computer's internal battery. If the battery is removed for 10 seconds or more, the password function is removed.

2. The BIOS password only protects the computer and not the hard disk. If the hard disk is stolen, it is not protected.

BIOS passwords are a nuisance from the system administrator's point of view, too. They work when the owner of the computer is its only user. If more than one user needs to use the computer, they all need to know the same password. If there is no access control product installed on your system, BIOS password might be a temporary solution to achieve a limited level of protection.

Many BIOS versions offer partial virus protection of the Master Boot Sector. This creates problems when an access control product is installed that is designed to encrypt the master boot sector (the partition table is created). The computer's BIOS prohibits any writing to the Master Boot Sector, and so prevents the encryption process. If you know you are using this BIOS function, you must remember to disable it before installing an access control product.

A number of methods are used to protect important files. By important files, we mean such files as config.sys, autoexec.bat and other central configuration files. If a configuration file is changed by an unauthorized user, the authorized user must be informed of this when he or she logs on. A checksum is used for this purpose. It should be possible to configure the feature so that only the system administrator is able to log on after changes are detected in the checksums of specified files. There are two methods in widespread use for protecting files. The first is to set the DOS attributes of the files (read - archive - write, etc.). This is effective if the access control product is able to ensure that the user cannot change the attributes. The second method is to keep critical files open in the mode required. Certain files can therefore have read access and write access, or be hidden with neither read nor write access.

Most access control programs provide a function that make it impossible to interrupt the computer's boot process. This is one of the fundamental features of a security system, but the function can easily lock up the computer if you do not do things in the correct order. When updating autoexec.bat or config.sys, you should always should always check that the function is disabled before restarting the computer. The function is disabled in different ways depending on the system. The most common method is to insert 'REM' in front of the line ?switches /n /f? in config.sys. This allows you to use F5 or F8 in DOS 6.x to interrupt the boot process.

Autoexec.bat and config.sys can be protected so that their execution is not interrupted. Versions of DOS after Version 6 include the option to interrupt the startup files, or to run through them line by line. The function keys F5 and F8 are used. The function can be disabled by inserting ?SWITCHES /N /F? as the first line in config.sys. Nevertheless, the function cannot prevent users from interrupting the startup files by pressing CTRL+BRK or CTRL+C. To protect from this possibility, you need a device driver, provided by most access control programs.

The unrestricted use of the diskette drive and CD-ROM represents a security risk. On the other hand, we need to avoid making life difficult for the users. Most access control products allow access to disks to be blocked. In principle, this is done in two ways. All access to the file system is controlled, and any attempt to access a blocked disk is prevented by an active program monitoring such activities. The second, alternative approach is remove disks entirely from the list of disks available to DOS. This means that the disk is not even shown in Windows File Manager. One disadvantage of this method is that is it often difficult to return the disk to the list of available resources. In many cases, this cannot be done without restarting the computer. A general policy for diskettes and CD-ROMS should be to allow them to be used to retrieve data, but not to start programs. Although it would be desirable to block access to all removable media, the disadvantages from the users' point of view would outweigh the security benefits. An alternative approach is to have a central CD-ROM drive to which all users have access. This means that you can control what is put into the drive. If direct access to the diskette drive is not permitted, a kind of lock gate system can be used instead. A number of companies currently use such a system. In a lock gate system, only specified file types are allowed to be moved directly from the diskette to the home directory on the server. A dedicated lock gate computer is used to perform the move. This computer checks that the files do not contain viruses, and that the file types and content are not barred from the network. Where access to the diskette drive is allowed, it is important to check files for viruses before they are allowed into the computer or network.

It is sometimes necessary to control printer ports if printouts are not allowed until a certain time. This might be the case in universities, for example, where the computer room is open in the evenings but where the administrators want to prevent long printouts being made, which use up printer toner and paper. Most access control programs provide some kind of LPT port blocking feature. In most cases, the real problem doesn?t involve controlling the printer ports themselves. The most difficult problem for most users is how to keep control of which users have access to which printers. Printer access in Windows is based on ini files. This should be one of the criteria you use when considering an access control product. These ini files can be used to control which printer, fonts, colors, etc. are available to each user.

It is necessary to control COM ports in order to prevent the unauthorized use of modems. The firewall is a device used to protect Internet connections. This leaves the user with the option of using his or her own modem for unrestricted use of the Internet. This reduces the security provided by a firewall. Many computers connect the pointing device (mouse) to one of the COM ports. If the COM port is disabled, it must be possible to check whether the connected device is a modem or pointing device. If it is pointing device, the COM port should not be disabled. COM port control exists at several levels. We know that many programs are written direct to hardware, so they do no use system calls to obtain access. Many access control programs are unable to prevent this. You should therefore find out whether the COM ports can be checked to see which communication software is in use.

A screen saver can protect the system as well as the data from unauthorized access if the computer is left unattended without the user logging off. An automatic function should be provided to activate the screen saver after a specified number of minutes, and it should also be possible to activate it using shortcut keys. A security system should provide screen savers for DOS and Windows. Two different technologies are used for screen savers in Windows. The first uses the internal Windows screen saver function, which is activated from the Control Panel. The second uses a special program that runs in the background in Windows. Both technologies have their advantages and disadvantages. DOS sessions have always presented particular problems for screen savers in Windows. If a DOS window has the focus, a Windows screen saver will not start. Many products apply the solution of using a VxD or DOS TSR with the screen saver in these circumstances. In Windows, the screen saver is controlled from the Control Panel, which inserts the following line in system.ini :

SCRNSAVE.EXE=BWINSAVE.SCR

Many people use the screen saver supplied with Windows. This is satisfactory if the computer is used by only one person. If a number of people use the computer, the standard Windows screen saver creates password problems. All users need to know the screen saver passwords of all the computers they use. This impairs security, and make administration difficult. A screen saver should therefore prompt for the password entered by the user when he or she logged on. That way, the user always types the same screen saver password regardless of the computer he or she is logged onto.

Easy File Protector is a very flexible password protected security utility that restricts access to your files and folders by a time schedule. You choose users, define restricted files & folders and time periods for them. Your system disables & enables your files automatically depending on current time and user. Protection is achieved by making files and folders undeletable, unrenamable, unreadable, unmodifiable, and unexecutable. With the wild cards feature, you can protect all files that have the same extension (such as EXE, DLL, DOC, etc.).

Cumbersome administration is often a drawback when introducing security software. The system administrator frequently has to work through every computer on the site when a user forgets his or her password. This should be a thing of the past. Current solutions provide network integration, and it is the network that accepts or rejects the user. When a network contains more than 50 computers, network integration should be one of your requirements.

Many suppliers claim that their security systems are network based. This is often only partly true. The system frequently handles a central file system on a file server or some other location in the system. In order to store data at a central location, a user requires write access to a directory. To prevent separate directories being allocated to individual users, which would complicate network administration, the users must be given write access to a shared directory on the server. This turns the system into an open system, exposed to external viewing and manipulation. Protocol based systems normally use IPX or TCP/IP for communication. These systems provide a  high level of security. The communication protocols send data between clients and servers, and software at both ends receives/sends data to/from a secure location to which no users have access. The only means of contact is by sending/receiving signed and encrypted data from locations not accessible to other users. A combination is also possible whereby some of the contact between the client and the server is protocol based, while other data exchange is file based, from write-protected directories on the server.

A large number of network cards include a ?Boot Prom?, which contacts a server when the computer is started and runs a ?Boot image? from the server. This is the same as booting from a diskette, and means that no access is ever possible to the hard disk if Master Boot encryption or full disk encryption are installed.

Time control is an effective barrier against potential hacking over weekends and other times when the system is left unattended. A hacker needs a period in which he or she can spend time quietly trying to break the passwords of users on the system. Time control is a good idea for a number of functions. In the first place, we can differentiate between the different computers within the organization. Some computers might only be used between 08:00 and 16:00. Once these computers are switched off at 16:00, it will not be possible to start them again until 08:00 the next morning. Users within an organization have different requirements. Some users require access to their computer between certain times, while others need 24 hour access. It should be possible to define this in the user registration component of the access control system. Time control may also be appropriate for applications. Some companies might want to introduce time control to define when it is possible to play computer games. Others might impose time restrictions on when specific applications can be started from the network. Many people are attracted to the idea of time control when they first hear about it. Experience shows, however, that the function limits the users' flexibility in their daily work. For example, imagine the situation where an employee is going on a business trip and realizes the evening before he leaves that he still needs some project files from the network. He will not be able to get the information he needs because the computer in the office is subject to time control and cannot be started until the morning. Be careful in applying time control, but even so, an access control product should provide the function, in order to guarantee flexibility for the future. A more effective form of time control is provided by checking when a user account starts, and when it expires. A user account could be granted for one week, after which the user will not be allowed to log on. It should also be possible to define a particular number of total logons to the system. This ensures that a user requesting a single access cannot log him/herself on more than once.

Many current systems control the Windows Program Manager, implying that this approach controls the users, too. But what about all the functions in File Manager, and the many macro systems available? Controls based on Program Manager alone provide a false sense of security. File Manager can be used to create new icons in Program Manager using the ?drag and drop? technique, and applications can be started from the Run menu or by double-clicking. A number of applications are able to launch the DOS shell. Most modern access control programs include a function that blocks the facility to obtain the DOS shell. The macro systems in Word and Excel offer virtually unlimited opportunity to the expert. For example, the ?Connect? command allows the user to establish new network connections. It is obvious that unless we can prevent these commands being issued, we cannot control what the user will be able to access. A controlled version of File Manager that would be safe to use might have the following restrictions :

1. Applications cannot be started by double-clicking.

2. A series of menu options are removed, including the Run menu.

3. Program Manager is hidden when File Manager is active, to prevent ?dragging and dropping? files to create new icons.

4. Executable files are not shown.

All Windows applications send and receive messages. Menus, list boxes, etc. are displayed on the basis of these messages. A small number of access control products on the market are capable of controlling these messages.

For Microsoft, the past 2 weeks must seem like a nightmare come true: The company's network has been cracked two more times by a Dutch hacker. Last Friday, a man using the name "Dimitri" gained access to a Microsoft Web server using a known bug in IIS that Microsoft created a patch for in August but failed to apply to one of its exposed Web servers. After the initial break-in on Friday, Microsoft still failed to apply the patch to the affected server, and as a result, Dimitri cracked the system again on Tuesday.
During his activity on Microsoft's Web farm, Dimitri claims to have downloaded administrative usernames and passwords, which he could have used to further his reach into the network. Most likely, Dimitri downloaded a SAM database, and as you know, Microsoft uses the Data Encryption Standard (DES) algorithm to protect that information. But with tools such as L0phtCrack at your disposal, cracking the SAM is much simpler: DES encryption just isn't secure enough in many cases.
The US Government is adopting a new encryption standard called Advanced Encryption Standard (AES), which will eventually replace DES. On October 2, the National Institute of Standards and Technology (NIST) announced that it had chosen Rijndael (pronounced Rhine-doll) as the new standard's cipher formula. Detailed information about the Rijndael cipher is available here.
A press release on the NIST Web site states, "When approved, the AES will be a public algorithm designed to protect sensitive government information well into the 21st century." If that's true, what will we use after AES? Perhaps the answer resides in quantum mechanics.
I recently read an interesting article in Physics Today called "From Quantum Cheating to Quantum Security." The article offers a good view of the inherent risks in our current encryption technologies, such as DES and RSA, and relates how scientists could create quantum mechanics-based computers to both break encryption systems and to facilitate more secure encryption algorithms.
DES and RSA algorithms rely on computational assumptions for protection. For example, the fact that intruders need considerable processing power and time to crack keys helps keep those keys safe to some extent. But because a quantum-based computer can perform instructions so much faster than current computers, intruders can use such technology to reduce cracking time and render algorithms such as DES, RSA, and AES useless. Obviously, when quantum-based computers become reality, we'll need stronger algorithms to protect our information. Perhaps quantum encryption is the answer.
Quantum encryption uses photon state as the key for encoding information. According to the Heisenberg uncertainty principle, it's impossible to discover both the momentum and position of a particle at any given instant in time. Therefore, in theory, an intruder can't discover a cryptographic key based on particle state information; the intruder would need the actual particle to decipher any data encrypted with the key.
The idea is simple yet incredibly complex to implement. IBM scientists constructed the first working prototype of a quantum key distribution (QKD) system in 1989. Back then, they could transmit quantum signals only 32 centimeters through open air. Today, fiber optic cables can transmit the signal up to 31 miles, which isn't very far, but it's definitely good progress. And although we might not see QKD come to market for quite some time, the technology sounds incredibly promising and well worth the wait.
If you're interested in encryption technology, be sure to read the article in Physics Today. Until next time, have a great week.

 System key enables stronger encryption of account passwords stored in the registry in the SAM (Security Account Manager) database. With System key installed the passwords have enhanced encryption in the SAM. Note this is
only the passwords and not for example the user name.
When System Key encryption has been enabled backups of the SAM database will also be encrypted: For example on back up tapes, RDISK and %systemroot%\repair. Which are often used to crack passwords.
System Key is used to make the decrypting or cracking of your passwords from the SAM more difficult and time consuming. Crackers such as L0pht crack ,
John the Ripper, Crack 5 with NT Extensions are used often to break NT password hashes. These use dictionary and brute force types of techniques.
L0pht Crack is now using a form of intelligent brute forcing, which is the next generation of crackers.
- System Key prevents SAM dumping with the tool built into L0pht Crack 2.5.
- System Key prevents SAM dumping with the tool pwdump.
- System Key does not stop SAM dumping with the tool pwdump2 which uses DLL injection techniques different to pwdump.
- System Key does not prevent password cracking or decryption.
- System Key reuses the keystream used to perform some of the encryption.
This significantly reduces the strength of the protection it provides by enabling a well-known cryptanalytic attack to be used against it. Todd
Sabin from Bindview (www.bindview.com) and the author of pwdump2 discovered this exploit in December-1999.
- System Key still increases the time and complexity to crack password? hashes.
Note; Pwdump and pwdump2 require administrator access to be used.
System Key affects the following system components:
%systemroot%\system32\config\sam HKEY_LOCAL_MACHINE\SAM
%systemroot%\system32\config\security HKEY_LOCAL_MACHINE\Security
and three system security component files: Winlogon.exe, Samsrv.dll, Samlib.dll
Also see Q. How do I use the System Key functionality of Service Pack 3? for installing System Key.
For more information on System Key see Q143475 at http://support.microsoft.com/support/kb/articles/q143/4/75.asp
For information on the "System Key Keystream Reuse" Vulnerability and patch see http://www.microsoft.com/security/bulletins/ms99-056.asp
Contributed by Nathan House

 If you have the Key Management Server installed each time you
start the KM service you have to either insert a disk with the password on or manually enter it depending on your configuration.
It is possible to configure the service to look on the hard disk although this is not recommended due to security reasons however on development systems this may be OK.
Create a directory on your local harddisk (or you could use an existing directory)
Copy the file kmserver.pwd from the floppy disk created to the local directory, e.g. d:\exchsrvr
Start the registry editor (regedit.exe)
Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\KMServer
Double click on MasterPasswordPath
Change from A:\ to the directory, e.g. d:\exchsrvr. Click OK
Close the registry editor
Next time the service is started it will look for the password file on the local harddisk and not prompt for a disk to be entered.

 If there are no other accounts in the administrator group, and the machine is not part of a domain where the Domains Administrator account could be used to logon and change the local Administrator password (the domain's Administrator group is automatically made a member of the machines
Administrator group when the machine joins the domain) then the only way is to reinstall NT into a new directory (not the same, as it will upgrade and see the old password) and it will let you enter a new Admin password. Also if you have an old ERD that you knew the password at time of making, you could use this and
restore the SAM and security portions of the registry.
There is also a piece of software from http://www.winternals.com that can break into an NT system (LockSmith) that will change any password. The software is not free, and will cost around US$100. Their new product, ERD Professional can also change passwords and is available from the same site.
A similar piece of software is also available from
http://www.mirider.com that allows you to
boot off of a set of disks and change the Administrator password.

• Pastikan apa yang membuat system crash, bila karena harddisk maka kita harus mengganti harddisk yang rusak tsb dengan harddisk baru.
• Kemudian lakukan boot server melalui tape, caranya yaitu ketika server dinyalakan lakukan interupt (dengan memencet keyboard sehingga booting terinterupt) kurang dari 10 detik.
• Akan muncul ISL > sea [enter]
• meminta sequence dari tape untuk diisi
• Ketikkan ISL > boot [space] p2 [enter]

1. unmount terhadap directorynya
   # unmount [space] [nama-file]  
   eq.: # unmount /mfgapp
2. Melakukan extend directory yang diinginkan dalam MB
   # lvextend [space] -L [space] [Ukuran yg diinging dalam MB] [space] [lokasi harddisk]
   eq.: # lvextend -L 3500 /dev/vg00/lvol9
3. Daftarkan
   # extendfs [space] [lokasi harddisk dengan menambahkan prefix huruf r pada nama belakang]
   eq.: # extendfs /dev/vg00/rlvol9
4. Mounting directory
   # mount [space] [lokasi direktory] [space] [nama direktory]
   eq.: # mount /dev/vg00/lvol9 /mfgapp