TELEGARD SECURITY SYSTEM v1.4
~~~~~~~~ ~~~~~~~~ ~~~~~~ ~~~~
Copyright 1991, Scott Raymond. All Rights Reserved
Credits
~~~~~~~
The Telegard BBS program is copyright 1989,1990, Eric Oman and Martin
Pollard. All Rights Reserved.
The name "Telegard" is a registered trademark of Roy Wilson.
The 4DOS COMMAND.COM replacement is copyright 1989,1990, Rex Conn and J.P.
Software. All Rights Reserved.
The name "4DOS" is a registered trademark of J.P. Software.
The ZANSI ANSI.SYS replacement is copyright 1986, 1987, Thomas Hanlin III.
Thanks
~~~~~~
I'd like to thank Mikel Beck, Roy Wilson, Kevin Watkins, Paul
Maner, and all the other folks who sent in suggestions. This was partly a
collaborative effort, as I can't help protect a system against bugs I'm not
aware of. You were a big help guys, and I really appreciated the input.
Disclaimer
~~~~~~~~~~
I cannot guarantee that this package will prevent anyone from being
able to gain illegal entry to your computer system. It is designed to
heavily increase the existing security of your BBS, and attempts to thwart
even the most persistent hackers from damaging your system or stealing
private information from it. Even so, there will always be some individual
who will try to bypass the protection of this system. If that happens, I
will do my best to improve this package to close up any loopholes that may
exist.
Introduction
~~~~~~~~~~~~
In the eight years that I have been involved with bulletin boards,
the main problem I've encountered is the security of the BBS. User
accounts get hacked out, trojans get uploaded, hard drives get crashed,
private information gets stolen, months of work get destroyed, people's
reputations get tarnished. I've heard people say that this type of
situation gives the sysop a feeling that he or she has been raped -
violated, abused, tossed aside... and HELPLESS. Powerless to stop this
from happening.
There had been a rash of instances in my area where Telegard boards
have been hacked, had information stolen, hard drives formatted. In one
particular instance, a hacker logged on as the sysop and locked him out of
his own system. This happened not once, but TWICE in one week. This was
the last straw for me. I have a low threshold of moral outrage, and I felt
that something had to be done about this situation immediately. Small
suggestions had popped up here and there on the national Telegard FidoNet
conference, and even I had found out how people managed to upload a
LOGOFF.BAT to the main BBS directory - which I promptly revealed nationally
in the Telegard conference. Curiously enough, there was only one person
who complained about my giving this fact away - the person who locked the
sysop out of his own system. What distressed me the most was the fact that
this person used to be my State Center, and he made a habit out of hacking
the other Telegard boards in my area - including my Regional Center.
We needed a solution. Martin Pollard tries his best to keep us up
to date on the progress of Telegard, but he's only one person. We also
have to consider the fact that the methods used by Telegard hackers do not
lie within Telegard, but rather with the utilities used by Telegard in its
normal operation, such as PKZIP and DSZ. I started working with the
ability of 4DOS to alias file and command names, and eventually discovered
a way to defeat most of the loopholes in these utilities. The result is
the package you are working with right now.
Starting Up
~~~~~~~~ ~~
Before installing the actual utilities included in this package,
the first step is to configure Telegard properly. The quickest ways to
limit the amount of damage a hacker can do you your board are as follows:
1. Remove the archive menu. Many systems have been hacked through
loopholes found in the functions available in this menu. After
deleting the archive menu, remove the menu option from the file
that branches into the archive menu. (/A is the default menu
option provided with Telegard.)
2. Remove the sysop menu. If a hacker logs on as you or your
cosysop and has access to this menu, then there's nothing to
prevent them from doing damage to your system. For those sysops
who feel they absolutely MUST be able to shell to DOS remotely,
this security package will not do much good for them. If you
can shell to DOS, so can a hacker. This goes for Mini-DOS as
well. Don't forget to remove the menu option to branch to the
sysop menu from all of the other menus on the system.
3. Install the Shuttle Logon Menu. This should be easy,
considering that all you have to do is switch in on in the
system configuration menu, and use the shuttle menu provided
with every newly-initialized version of Telegard.
4. Lower your SL and DSL to 250. No changes to the configuration
are so important that they can't wait until you get home. If
you need sysop access at home, just hit F9 while logged on
locally. If you remove the sysop menu, the only way the hacker
can use the sysop functions while logged on as you is by using
commandkeys. For instance, the hacker could enter "\\*D" at any
menu prompt and get to Mini-DOS. If your account is not SL 255,
then no one can do any damage logged on as you.
5. You should also set the System ACS settings as follows:
A. Full SysOp :"s255u1b00" B. Full Co-SysOp :"s255u1b00"
C. Message base SysOp :"s255u1b00" D. File base SysOp :"s255u1b00"
E. SysOp PW at logon :"s250u1" F. See PW's remotely :"s255u1b00"
G. Post public :"s50" H. Send e-mail :"s20"
I. See anon pub post :"s255u1b00" J. See anon E-mail :"s255u1b00"
K. Post anon ANY base :"s255u1b00" L. E-mail anon :"s255u1b00"
M. See unval. files :"s255u1b00" N. DL unval. files :"s255u1b00"
O. No UL/DL ratio :"s100" P. No post/call ratio :"s200"
R. No file pt checking:"s100" S. ULs auto-credited :"s250"
Please notice that a number of these entries use the ACS flag
"b00". This means that these functions are active ONLY if the
user currently logged on is sitting at the console of your
computer. I sincerely doubt that anyone is foolish enough to
try to break into your house to hack your BBS.
Also notice that cosysop level is set to SL 255, baud 0. Your
cosysops will most likely have access to the functions that you
want them to have access to. However, if a hacker logs on as
one of your cosysops, he can send himself e-mail and get into
the user editor. This is one of those places on the BBS that
ONLY the sysop should have access to.
6. Go into the System Configuration menu, then the File Section
Configuration menu. Change the Remote DOS re-direction device
to "CON", instead of "COM2", "GATE2", or whatever else you have
in there. When your BBS tests the integrity of an uploaded
file, the results will be displayed on YOUR screen, not that of
the user logged on. This will prevent him from getting a peek
at the directory path.
7. Enter the Archive Configuration editor from the File Section
Configuration menu. Modify the entry for PKZIP as follows:
Archive #1 of 5
1. Active : Yes
2. Extension name : ZIP
3. Interior list method : "/1" - *Internal* ZIP viewer
4. Compression cmdline : *None*
5. Decompression cmdline : *None*
6. Integrity check cmdline: *None*
7. Add comment cmdline : PKZIP -z @F
8. Errorlevel for success : 0
Q. Quit
Edit menu: (1-8,[,],Q) :
Note that options 4,5 and 6 are shut off by using a null string
as the entry. This seems extreme, doesn't it? There are people
who know how to rewrite the structure of an archived file to
extract a ZIP file, search the hard drive for files of the same
name and replace them. Sound far-fetched? If you saw it in
action you would immediately change you mind. Imagine a ZIP
file that had been reconfigured with a trojan program, and
replaced your PKZIP.EXE with a trojan designed to low-level
format your hard drive. I've seen versions for ARC, ZIP and
LHARC. They do indeed exist.
For all of the other entries, either deactivate them or just
delete them completely. The path shown above is just an example
- if you have PKZIP and PKUNZIP in a different directory,
replace C:\ZIPS\ with the path they reside in.
8. The next step is probably the most important configuration of
Telegard. More boards are hacked this way than any other. A
hacker will use a poorly documented feature of DSZ to upload a
LOGOFF.BAT file to your main BBS directory. If your initial
response is "So what?", then consider the fact that Telegard
looks for LOGOFF.BAT in your main BBS directory when a user
logs off, then runs it if it finds it. What if, for instance,
the contents of the LOGOFF.BAT looked like this:
@echo off
dsz sz c:\bbs\status.dat
dsz sz c:\bbs\gfiles\user.lst
del c:\bbs\trap\sysop.log
or:
@echo off
echo Y | format c: /v:gotcha
The first one will result in the hacker getting your sysop
password, the user passwords (including yours), and all of the
users' private information. The second one will result in the
complete destrcution of all of the data on your hard drive. The
LOGOFF.BAT can contain other things, and uploaded in conjunction
with other programs - some designed to put a virus or a trojan
on your system, some designed to perform a low-level format of
your hard drive, making data recovery virtually impossible.
To prevent this from happening, the DSZ "restrict" command will
prevent files from being uploaded anywhere except the current
directory (usually your upload directory or the TEMP directory
for batch uploads). Restrict also prevents anyone from
uploading a file that contains the ASCII text "AUTOEXEC.BAT" and
"COMMAND.COM", in upper or lower case. Go into the Protocol
Editor and configure Ymodem Batch, Ymodem-G Batch and Zmodem
Batch as follows:
Ymodem:
Protocol #9 of 16
!. Type/protocl:Active - Batch protocol
1. Keys/descrip:"Y" / "(Y) Ymodem batch"
2. ACS required: ""
3. Temp. log : "%C\dsztemp.log"
4. <U>L log : "%C\xfer.log"
<D>L log : "%C\xfer.log"
5. <U>L command: "dsz port %P est 0 %B restrict rb"
<D>L command: "dsz port %P est 0 %B sb -s @%L"
6. Codes mean :Transfer bad
7. <U>L codes :(1)"" (2)"" (3)"" (4)"" (5)"" (6)""
<D>L codes :(1)"E" (2)"e" (3)"L" (4)"l" (5)"" (6)""
E. Environ. cmd: "set DSZLOG=%T"
I. DL File list: "%C\fi.lst"
C. Max DOS chrs:128 P. Log position: Filename: 51 - Status: 1
Ymodem-G:
Protocol #12 of 16
!. Type/protocl:Active - Batch protocol
1. Keys/descrip:"G" / "(G) Ymodem-G batch"
2. ACS required: ""
3. Temp. log : "%C\dsztemp.log"
4. <U>L log : "%C\xfer.log"
<D>L log : "%C\xfer.log"
5. <U>L command: "dsz port %P est 0 %B ha slow restrict rb -g"
<D>L command: "dsz port %P est 0 %B ha on sb @%F"
6. Codes mean :Transfer bad
7. <U>L codes :(1)"" (2)"" (3)"" (4)"" (5)"" (6)""
<D>L codes :(1)"E" (2)"e" (3)"L" (4)"l" (5)"" (6)""
E. Environ. cmd: "set DSZLOG=%T"
I. DL File list: "%C\fi.lst"
C. Max DOS chrs:128 P. Log position: Filename: 51 - Status: 1
Zmodem:
Protocol #15 of 16
!. Type/protocl:Active - Batch protocol
1. Keys/descrip:"Z" / "(Z) Zmodem batch"
2. ACS required: ""
3. Temp. log : "%C\dsztemp.log"
4. <U>L log : "%C\xfer.log"
<D>L log : "%C\xfer.log"
5. <U>L command: "dsz port %P est 0 %B restrict rz -m"
<D>L command: "dsz port %P est 0 %B sz -s -mr @%L"
6. Codes mean :Transfer bad
7. <U>L codes :(1)"" (2)"" (3)"" (4)"" (5)"" (6)""
<D>L codes :(1)"E" (2)"e" (3)"L" (4)"l" (5)"" (6)""
E. Environ. cmd: "set DSZLOG=%T"
I. DL File list: "%C\fi.lst"
C. Max DOS chrs:128 P. Log position: Filename: 51 - Status: 1
Note that *only* the batch modes of Ymodem, Tmodem-G and Zmodem
need to be reconfigured. The single file modes may remain
unchanged.
9. Sometimes a malicious user will try to upload COM1 or LPT2 to
your file section. Instead of the system waiting for the user
to upload the file, the system locks up because it tries to
access the serial port or printer port instead.
Create a file base in your file base editor called "Security".
Password protect this file base, and set all of the available
ACS settings to s255u1b00. Then place the file SECURITY.DIR
(included in this package) into your GFILES directory. The
security directory contains entries for COM1 through COM4, and
LPT1 through LPT4 - these are the normal limits on an AT-class
machine. If you wish to add more, feel free - just upload any
file to that directory and change the name of it to the COM or
LPT port of your choice.
Please note that this bug in Telegard is not harmful to the
system - it only locks up the board, nothing more. It doesn't
hurt to keep the system from crashing, though.
10. Reconfigure the Telegard paths for the temporary upload
directory, your file directories, and rename the main BBS
directory. First, go into the System Configuration menu, then
the File Paths and BBS configuration menu. Change the TEMP
directory to one that does not branch off of the main BBS
directory, such as C:\FILES.
The default for the file directories in Telegard is C:\BBS\DLS\.
As with the TEMP directory, modify all of your file directories
in the File Base editor so that they branch off of the root
directory (C:\), not the main BBS directory.
Finally, change the name of your main BBS directory. This will
take some time. Change it to something unusual that would not
normally be guessed. You will have to change the paths for all
of the data subdirectories in the File Paths & BBS configuration
menu, as well as the FidoNet configuration menu if you run a
front-end mailer. Don't forget the paths in your mailer
configuration as well. You will probably have to change the
path settings in your online games, all of the batch files that
involve your main BBS directory and its subdirectories, and the
path setting in your AUTOEXEC.BAT. Like I said, this will take
some time. Your best bet is to go through your entire hard
drive with a directory utility such as Norton Commander or
Xtree Gold, modifying each batch file as you go along.
Please note that your BBS will most likely crash after you
change these directory names. This is expected. When you get
to the DOS prompt, rename the C:\BBS directory to the new
directory you have defined for it. For instance, if you changed
the name to C:\MYBOARD, just enter the following at the DOS
prompt:
rendir c:\bbs c:\myboard
This may not work on earlier versions of DOS. Once 4DOS is
installed, however, this command will be possible. See 4DOS
installation instructions below.
If you have Xtree Gold or a similar program that can graft
directory branches from one place on the hard drive to another,
the process will go a lot quicker. You will have to make sure
that your new TEMP directory exists on your hard drive, as well
as the subdirectories TEMP\1\, TEMP\2\, and TEMP\3\. Don't
forget to do the same for your file directories as well, and to
move the files in those directories to the new ones.
Installing ZANSI
~~~~~~~~~~ ~~~~~
The procedure for this is simple - just add the following line to
your CONFIG.SYS, or edit the existing ANSI.SYS line:
DEVICE=C:\ZANSI.SYS
Putting the ZANSI.SYS file in your root directory is safe, so you can leave
it there.
Installing 4DOS
~~~~~~~~~~ ~~~~
The key to the security package is 4DOS. 4DOS is a replacement for
COMMAND.COM, and has a unique feature known as "aliasing". This allows you
to change the name used to invoke a DOS command or executable file, without
having to change the name of the file itself. What I have done is provide
an alias list that will defeat just about anything that a hacker will
attempt to use to gain illegal access to your system over the phone line.
Basically, if a hacker uploads a LOGOFF.BAT, instead of running the
uploaded batch file the system will run a different batch file in a
directory you specify.
Installing 4DOS is as follows:
1. Place 4DOS.COM and 4DOSxxx.EXE into your root directory (C:\).
If you have an XT, use 4DOS88.EXE. If you have a 286, 386 or
486, use 4DOS286.EXE. Delete your bold COMMAND.COM, and rename
4DOS.COM to COMMAND.COM.
2. Add the following lines to your AUTOEXEC.BAT:
SET COMSPEC=C:\COMMAND.COM
ALIAS /R ALIASES
These should be invoked right after your PATH statement.
3. Place the following line in your CONFIG.SYS:
SHELL=C:\COMMAND.COM /P
^
└──── Make sure this is the last line in your CONFIG.SYS.
Now reboot your computer to put 4DOS into action.
4. Place the ALIASES file into your root directory. You will
need to edit the ALIASES file so that the paths used in there
match those of your system configuration.
Place the two files, LOGON.BAT and LOGOFF.BAT into your main BBS
directory. Go to that directory and enter the following DOS
command:
ATTRIB +RSH LOG*.BAT
This will prevent the two batch files from being overwritten,
and make them invisible as well.
Create a security directory on your system, such as C:\SECURITY,
and place LON.BAT and LOFF.BAT into this new directory. If you
use a LOGON.BAT and LOGOFF.BAT in the normal operation of your
BBS, make sure that the procedures used in LOGON.BAT are placed
in LON.BAT, and the procedures for LOGOFF.BAT are placed in
LOFF.BAT.
Reminder
~~~~~~~~
Once again, I must stress that the file names and directories I am
describing here are only default SUGGESTIONS. If you choose to keep the
security setup with the file and directory names I am supplying, the
hacker's job will be made a lot easier. I urge you to change the default
settings I am describing here.
Additional Advice
~~~~~~~~~~ ~~~~~~
There is never enough advice to give to a sysop, but there are a
few important tips I'd like to stress. One, MAKE BACKUPS. I cannot stress
this one enough. Too often have I heard horror stories about trojans and
virii destroying months of work on hard drives. I have gotten hit by a
trojan only once, and it was because I made the mistake of running it
without checking it first. I only lost one day's worth of work because I
make nightly backups during the maintenance event. The second tip is to
change your passwords regularly - both your sysop and user passwords. And
finally, never give am unknown new user a chance to do damage. Give NO
access at all to new users until you validate them. The easiest way to do
this is raise the security level of all functions in your main menu to that
of a validated user, and lower the security level settings of a new,
unvalidated user to a level below that. The default settings on Telegard
are fine - just make sure that everything except (G)oodbye is set to s50 or
higher.
Final Notes
~~~~~ ~~~~~
This should be a relatively painless task. Once completed, your
BBS will cause a great deal of aggravation to those people who hack your
board for the simple pleasure of knowing that it pisses you off. The good
thing about this system is that when installed properly, there's nothing a
hacker can do to breach the security short of forcing you to tell him what
your passwords are, or by tricking you into running a trojan program that
he wrote. What's even more amusing is the fact that the posession of this
package by a hacker will be of no help whatsoever to him - all it will do
is show him how futile it would be to try hacking your system.
4DOS itself has some pretty amazing features, such as online help. You can
access this by hitting F1 at the DOS prompt, or by typing "HELP". Note
that you'll need the entire 4DOS package to get this feature. The latest
version of 4DOS is available on my BBS (see below).
If you have any questions, suggestions,
or bug reports, I can on my BBS at:
Shadowdale
Telegard Regional Center #1
New York CIty FREQ Name: File Name:
(718) 934-1843 ~~~~ ~~~~ ~~~~ ~~~~
1200/2400/9600/14400 HST/DS TGSEC -=> TGSEC14.ZIP
v.32/v.32bis/v.42/v.42bis 4DOS -=> 4DOS303.ZIP
FidoNet: 1:278/624 ZANSI -=> ZANSI12.ZIP
AAFNet: 13:13/7
Scott Raymond | Tristan
Telegard Security Advisor