&           Software Product Description  1           Extended Access Control Facility (EACF)              Executive Summary:  E           Managing access to data critical to your business using ACL A           facilities in native VMS can be cumbersome and still is E           vulnerable to intruders or people acting in excess of their            authority.  I           Want to be sure your critical records can't be accessed save at B           authorized places, times, and with the programs that are>           supposed to access them (instead of, say, COPY.EXE)?  E           Want to have protection against privileged users bypasssing            access controls?  ?           Want to be able to password protect individual files?   ?           Want to be able to invisibly hide selected files from !           unauthorized intruders?   G           EACF builds in facilities permitting all of these, and is not G           vulnerable to intruders who disable the AUDIT facility as all H           other commercial packages which purport to monitor access are.  G           Description: When your business depends on critical files, or =           when you are obliged by law or contract to maintain C           confidentiality of data on your system, in most cases the J           options provided by VMS for securing this data can be cumbersome%           and far too coarse-grained.   G           The problem is that certain kinds of access to data are often J           needed by people in a shop, but other access should be preventedJ           and audited. Moreover, the wide system access that can come as aH           result of having system privileges often does not mean that itI           should be used to browse or disclose data stored on the system. E           A system manager will in general not, for example, have any G           valid reason to browse the customer contact file, the payroll G           database, or a contract negotiation file, save in a few cases I           where these files need to be repaired or reloaded from backups. I           Likewise, a payroll clerk may need read and write access to the J           payroll file, but not in general with the COPY utility, nor fromG           a modem, nor in most cases at 4AM. Finally, a person who must J           have privileges to design a driver and test it should ordinarily6           not have the run of the file system as well.  B           Given examples like these, it is easy to see that simpleJ           authorization of user access to files is inadequate. While it isJ           possible to build systems that grant identifiers to attempt someD           extra control, these can be circumvented by privilege, andJ           create very long ACLs which become impossible to administer over-           a long period as users come and go.   A           What is needed is a mechanism that is secure, cannot be E           circumvented by turning on privileges, and which provides a E           simple to administer and fine grained control that lets you G           specify who can get at your critical files, with what images, J           when, from where, and with what privileges. It is also desirableH           to be able to control what privileges the images ever see, andB           to be able to check critical command files or images forI           tampering before use, so that they cannot be used as back doors ?           to your system. It should be possible to demand extra G           authentication for particular files as well, and to prevent a F           malicious user from even seeing a particularly critical file,           unless he can be permitted access.  H           EACF is a VMS add-in security package which provides abilitiesJ           to control security problems due to intruders, to damage or lossH           by system "insiders" (users exceeding their authority), and toD           covert code (worms and viruses). It provides a much easierG           management interface to handle security permissions than bare M           VMS and provides facilities permitting control over even privileged I           file accesses, for cases where there are privileged users whose G           access should be limited. Unlike systems which only intercept F           the AUDIT output, EACF can and does protect against ANY fileJ           accesses, and can protect files against deletion by unauthorizedD           people or programs in real time as well as against access.  1           EACF offers the following capabilities:   I           * Files can be  password protected individually. If a file open I           or delete is attempted for such a file and no password has been ,           entered, the open or delete fails.  H           * Access can be controlled by        time of day.   Added EACFJ           protections can be in place only some of the time, access can beC           denied some times of day, write accesses can be denied at E           certain times, or various other modalities of access can be            allowed.  J           * You can control  who may access a file, where  they may be (orH           may not be),  with what images  they may or may not access theI           file, and with what privileges  the file may be accessed. Thus, D           for instance, it is trivial to allow a clerk access to theF           payroll file with the payroll programs, but not with COPY orF           BACKUP, not on dialup lines, and not if they have unexpectedF           privileges. The privilege checks are helpful where there areH           consultants working on a system who should be denied access toD           sensitive corporate information but who need privileges toA           develop programs. With this system you can be sure your I           proprietary plans or data stay in house, and are available only F           to those with business reasons to need them, not to everyoneJ           needing system privileges for unrelated reasons. Unlike packagesF           using the VMS Audit facility's output (which can be silentlyJ           turned off by public domain code),  EACF cannot  be circumvented           by well known means.  H           * You can  hide files from unauthorized access. If someone notJ           authorized to access a file tries to open it, they can be set toI           open instead some other file anywhere on the system. Meanwhile, I           EACF generates alarms and can execute site specific commands to G           react to the illegal access before it can happen. This can be K           helpful in gathering evidence of what a saboteur is up to without E           exposing real sensitive files to danger. Normal access goes             through transparently.  J           * You can arrange that opening a file  grants identifiers to theA           process that opens it and that closing it revokes these H           identifiers. Set an interpretive file to do this and set it toF           be openable only by the interpreter and you have a protectedJ           subsystem capability that works for 4GLs which are interpretive.E           (EACF identifier granting, privilege modification, and base =           priority alteration is protected by a cryptographic ;           authenticator preventing forging or duplication.)   J           * You can actively prevent covert code ( viruses and worms) fromE           running in two ways. First, EACF can attach a cryptographic G           checksum to a file such that the file will not open if it has I           been tampered with. Second, EACF can attach a privilege mask to I           a file which will replace  all  privilege masks for the process J           that opens it. By setting such a mask to minimal privileges, youB           can ensure that an untrusted image will never see a veryD           privileged environment, and thus will be unable to performH           privilege-based intrusions into your system even if run from a$           privileged user's account.  I           * You can  control base priority by image. Thus, a particularly J           CPU intensive image can be made to run at lower than normal base3           priority even if it is run interactively.   H           * You can run a site-chosen script to further refine selectionH           criteria. (Some facilities for doing additional checking while$           an image runs exist also.)  >           EACF allows you to exempt certain images (e.g., diskH           defragmenters) from access checks, and it is possible to put aC           process into a temporary override mode also where this is G           needed. EACF facilities are controllable per disk, and impose I           generally negligible overhead. EACF will work with any VMS file J           structure using the normal driver interfaces. Also, EACF markingI           information resides sufficiently in kernel space that it cannot J           be removed from lower access modes, yet it uses a limited amount.           of memory regardless of volume size.  I           Best of all, the EACF protection is provided    within the file D           system  and does not depend on the audit facility. Thus itF           prevents file access or loss BEFORE it happens, and does notI           have to react to it afterwards. EACF allows all of its security G           provisions to be managed together in a simple screen-oriented H           display in which files, or groups of files, can be tagged withC           the desired security profiles or edited as desired.  EACF E           protections are in addition to normal VMS file protections, B           which are left completely intact. Therefore, no existingI           security is broken or even altered. EACF simply adds additional F           checking which finally provides a usable machine encoding of8           "need to know" for the files where it matters.             Supported systems:  I           EACF runs on VAX based VMS systems running VMS 5.5 or later, or 9           AXP based VMS systems running VMS 6.1 or later.   #           EACF is brought to you by   (           General Cybernetic Engineering           18 Colburn Lane            Hollis, NH 03049           603 465 95174           Everhart@GCE.Com  (or Everhart@gce.mv.com)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          