Terminal Security System Product Description Cargill Grain Lab Randy Baldwin November 7, 1985 SM:[1,100]SCLIBRIEF.DOC SCLI Overview Page 2 1. Introduction This document provides a brief product description of the security CLI - SCLI. It contains a description of what SCLI provides, how it is implemented and maintainance proce- dures. 1.1 SCLI Overview SCLI is a user-written command line interpreter, which provides additional access protection to one or more serial ports, beyond that provided by the RSX login procedure. The secure system consists of three 'components': the SCLI task itself, a modified RSX BYE program, and a patch to the RSX TT driver. This system has been designed to operate fully un-attended. It will be run at system startup, and never shut down. In fact, the system is very difficult to elimi- nate. SCLI implements access protection by simply sitting on the terminal(s), absorbing all input. When SCLI receives a valid password on a protected terminal, it gives control of the terminal to MCR, and remains 'quiet' until the terminal is logged off. At that point, BYE gives control back to SCLI, re-establishing protection. When SCLI is first started, normally just following system boot, it takes control of the protected terminals. As long as SCLI remains active (normally 'forever'), the protected terminals are in one of three states: protected, logged on, or disabled. A terminal is protected when SCLI is that terminal's CLI. A logged on terminal has already been 'admitted' to the system, and is in use by a valid user. A terminal can become disabled in the unlikely event that SCLI is shut down. In this state, no CLI is connected to the terminal, and it is effectively slaved. Note that this state occurs briefly during system shutdown, between the time that SHUTUP disables the CLI, and the time that shutdown completes. SCLI places terminals which it is protecting in one of two internal states: normal, and mumble mode. In normal mode, SCLI will accept a valid password, and give the user access to the system. In mumble mode, SCLI has detected unauthorized attempts to access the system; all input is treated as invalid, and the user will 'never' gain access to the system. SCLI Overview Page 3 Mumble mode is triggered by a preset number of sequen- tial invalid login attempts. Once in mumble mode, the (po- tential) user must wait a preset time interval before again attempting to log in. If the timer expires, and no input has been received, SCLI assumes that the villian has left, and a new user is attempting to gain access. On the other hand, if the user keeps trying, SCLI simply re-sets the timer, perpetuating mumble mode. SCLI maintains a log of all activity on both the Con- sole (CO: or COT), and the system error log file. The log to CO: is more detailed, since it is assumed that the con- sole log will be purged more frequently than the error log file. SCLI is also sensitive to messages issued via the MCR CLI commands. There are currently three messages: two en- able/disable dumping of all invalid input to the console file. These are used for observing activity during attempt- ed break-ins to the system. The third message provides the only known means of shutting SCLI down while keeping the system running. 1.2 SCLI Implementation. This chapter describes the process required to imple- ment SCLI on a operating RSX system. 1.2.1 Programs and System modifications. -- The SCLI product consists of three related programs. One, SCLI, is a user written program and the other two are RSX11M (DEC) supplied programs that are modified to fit with SCLI. 1.2.1.1 SCLI program -- The SCLI program must be rebuilt and configured for each site. The reason for this is each site (usually) has differant needs for secure terminals. (i.e. all modems are not on the same port). Also passwords and user messages are unique for each installation. Password modifications is is accomplished by rebuilding several modules of the SCLI program thus user password mod- SCLI Overview Page 4 ification is not possible. This is also an added security benefit as it places control over the passwords. 1.2.1.2 BYE program modifications. -- The modifications to BYE, RSX's log off program, are required to inform BYE which terminals are to be protected and thus connected to SCLI when they are logged off. If terminals are to be added or removed from the security pro- gram BYE will have to be modified to reflect these changes. (This may not require rebuilding as it may be done on-site via ZAP depending upon the situation). 1.2.1.3 TTDRV program modifications. -- The modifications to TTDRV, RSX's terminal driver pro- gram, are required to prevent TTDRV from automatically set- ting a remote (modem) port's CLI to MCR when it is answered. This mod may be done by rebuilding the TTDRV program or by using ZAP or OPEN/SAVE to alter the tasks code. This is a one time modification that must be done and is not affected by adding or subtracting terminals from SCLI or by password modification. 1.3 Related Documents There are several documents available to further expla- in and aid in the configuration and modification of the SCLI product. These documents are available upon request and are listed below. o SCLIMAN.DOC -- This is the technical support manual for SCLI. It contains module design information along with overall design guidelines. Additional information is provided for the use of maintainers of the program, including instructions for modifying passwords, response lines, protected terminals, and so on. A chapter describing modifications to the RSX system required by the security system is in- cluded, along with instructions for installing the changes. o SCLIREV.DOC -- This document summarizes design fea- tures of the dial-in security project. SCLI Overview Page 5 o SCLISUG.DOC -- This document presents user's infor- mation for the terminal security system. Included in this document are descriptions of the normal op- eration of the secure system, including instructions for obtaining reports of SCLI activity. Also in- cluded are descriptions of the various log entries and error messages produced by SCLI. CONTENTS 1. Introduction . . . . . . . . . . . . . . . . . . . . . 2 1.1 SCLI Overview . . . . . . . . . . . . . . . . . . 2 1.2 SCLI Implementation. . . . . . . . . . . . . . . 3 1.2.1 Programs and System modifications. . . . . 3 1.2.1.1 SCLI program . . . . . . . . . . 3 1.2.1.2 BYE program modifications. . . . 4 1.2.1.3 TTDRV program modifications. . . 4 1.3 Related Documents . . . . . . . . . . . . . . . . 4