[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference iosg::all-in-1_v30

Title:*OLD* ALL-IN-1 (tm) Support Conference
Notice:Closed - See Note 4331.l to move to IOSG::ALL-IN-1
Moderator:IOSG::PYE
Created:Thu Jan 30 1992
Last Modified:Tue Jan 23 1996
Last Successful Update:Fri Jun 06 1997
Number of topics:4343
Total number of notes:18308

812.0. "Security Questions" by KCOHUB::KCPCXX::SCHELL (Insufficient virtual memory...) Thu Jun 04 1992 20:08

    Just came back from a session with a customer concerned about security. 
    Most of the questions we were able to answer quickly (VMS and simple
    ALL-IN-1 security issues).  There are two questions I need help with.
    
    I know that these two issues are not part of the standard ALL-IN-1, but
    could any of you noters know the answer, or can you direct me to the
    proper place to ask the questions?
    
    1.	End to end encryption of ALL-IN-1 messages.  Any package that can
    	work with ALL-IN-1 to provide this?
    
    2.	Purged messages overwritten at time of purge.  In other words, when
    	the wastebasket is emptied, are the messages scrambled on the disk?
    	(Is this "highwater marking?")
    
    Any help would be appreciated.
    
    Thanks
    
    John
T.RTitleUserPersonal
Name		DateLines
812.1Number 2 can be done by VMSAIMTEC::PORTER_TTerry Porter, ALL-IN-1 Support, Atlanta CSCThu Jun 04 1992 21:1617
A disk can be set up to 'erase on delete' this means that when a file is deleted 
a random pattern of 1s and 0s is written to the disk space released.

High water marking is when VMS keeps track of the part of the disk space
allocated to a file that is actually been written to since the file was
created and prevents anyone reading from a the part of the file not written
to (this part of the file will contain the data from the previous file that
used that bit of the disk).

Erase on delete is more secure but high water marking is more efficient (uses
less I/O).

The VMS docset should describe this in more detail.

HTH

Terry
812.2Need erase-on-delete or an enhancement!IOSG::PYEGraham - ALL-IN-1 Sorcerer's ApprenticeFri Jun 05 1992 10:2821
    I'm sure you know that emtying the wastebasket doesn't necessarily
    delete the file, if it's in the mail shared areas, unless there are no
    other people sharing it.
    
    I've always understood that high water amrking is quite expensive in
    performance terms, but I think this is less so in later versions of
    VMS. However high water marking will not be the full story in your
    case, since it will only prevent someone seeing a bit of an old
    document on the end of a newly created RMS file. If you want the old
    blocks on the disc to be totally overwritten, your only choice is to
    turn on the erase on delete option that Terry mentioned.
    
    If you could get to the delete command that actually deletes the
    document when the wastebasket is emptied or the janitor runs, then you
    could add the /ERASE (in DCL terms) qualifier to the delete, but since
    the delete is in BLISS (I'm pretty sure!) you can't!
    
    Perhaps we need a requirement to have a symbol somewhere that would
    control whether we did this in the code?
    
    Graham
812.3Encryption...IOSG::PYEGraham - ALL-IN-1 Sorcerer's ApprenticeFri Jun 05 1992 10:319
    Also, there's a secure VMS conference (which was at ATPS::SEVMS last
    time I looked) in which you might be able to find something out about
    encryption. (Press KP7 etc.)
    
    I think there might have been an ASSET to do encryption too. I remember
    seeing one in use in one of our European offices and mentioning it in
    one of the older versions of this conference.
    
    Graham
812.5Expensive vis-a-vis Performance.UTROP2::BEHARI_AAjay Behari @UTOMon Jun 08 1992 11:0915
    Both operations - high water marking & erase on delete - are very
    expensive in terms of performance , without going into technical
    details.
    
    If a customer is satisfied (!?!) with the performance of his present
    ALL-IN-1 system, implementing one of the two options will need setting
    his expectations accordingly (question is never repeated once you tell
    them it affects performance).
    
    What does he want to protect his data from ?
    In ALL-IN-1 environment most of the users are CAPTIVE. Assuming you get
    to DCL, one needs fairly advanced knowledge of the file-system structures
    to get to deleted documents in ALL-IN-1 terms & data-in-files on VMS level.
    
    Ajay.
812.6The DOCDB storyKCOHUB::KCPCXX::SCHELLInsufficient virtual memory...Mon Jun 08 1992 16:4745
    > What do they want to protect?
    
    Verrrrry interesting.  This gets real confusing, but one of their
    people said he was able to read messages sent to other users.  When I
    questioned him about this, he claimed he was given a regular,
    non-privileged ALL-IN-1 account, on top of a non-privileged VMS
    account.
    
    A number of mail messages were sent to him by another user.  Now these,
    it seemed, came from SprintMail into ALL-IN-1, in batch mode.
    
    He ran a program called "DOCDB", (yes!), and began looking at the
    messages he received.  He said the filenames were cryptic, but
    sequential, as:
    
    	GZYYB1024
    	BLTTA1025
    	RDVXX1030
    
    He couldn't remember just what the names were, only that they had
    numbers on the end.  Looking at that list, he knew that there were mail
    messages between 1025 and 1030.  Using the FORM that DOCDB provided
    him, he changed the numbers in the filename, and was able to read
    messages 1026-1029.
    
    I said I'm familiar with DOCDB.DAT, a data file, but had never heard of
    an executable called DOCDB.  
    
    Anyway, when we challenged him about this, (I wanted to SEE it!), he
    said, oh all that stuff had been removed some time ago as a security
    threat....
    
    We're still investigating.
    
    Very weird, yes?
    
    Anyway, the perception was gained that ALL-IN-1 was not very secure. 
    Interestingly enough, when the issue of Encryption came up, the head of
    security did balk somewhat, because of management and performance
    issues.
    
    We continue to try to get to the bottom of the DOCDB thing, and to
    assure them of the innate security of ALL-IN-1 messages.
    
    John
812.7Encryption was availableMIMS::HUSSEY_DNOT the MAMA!!! NOT the MAMA!!!Tue Jun 09 1992 20:5615
    There was (!!!) a package that did document encryption in the Office
    ASSETS Library.  It was retired last September.  However, the sources
    may still be available through an exception process from the Digital
    Solutions Library.  If not, the author may still have them.
    
    Check topic 505 in the old Office ASSETS conference now residing at
    HORUS::OASSETS.
    
    Note:  due to incorporating an encryption algorithm, this package was
    export restricted.  Don't mean you can't strip the existing algorithm
    and supply your own tho.
    
    Good luck,
    
    David
812.8DOCDB a Hole?KCOHUB::KCPCXX::SCHELLInsufficient virtual memory...Mon Jun 22 1992 20:2512
812.9In ModerationIOSG::MARCHANTOnly parrots succeedMon Jun 22 1992 22:513
    I have hidden .8 pending investigation.

    Paul.