informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/magazines/PHUK/phuk_01.txt

6809 lines
152 KiB
Plaintext
Raw Normal View History

Initial commit
2021-04-15 11:31:59 -07:00
=============================================================================
PHUK MAGAZINE - Phile 0 of 10
=============================================================================
Welcome to the very first issue of P/H-UK magazine, an ezine for the
Hackers & Phreakers in the United Kingdom. In case you can't work it
out, P/H-UK stands for Phreak/Hack-United Kingdom, and having pointed
that out I promise to never mention it again!. This issue is a little
lame and a little thin, the way most h/p zines are at first, but we
hope that PHUK will grow with time and become a bit more substantial.
This issue we have some goodies, especially the chunk of the BT
computer security manual, a piece by Otaku on Defcon ][, some
circuitry from TheGoat, and a nice piece of history courtesy (!) of
New Scientist circa 1973.
Anyway, without further ado, lets go on to the contents ..
PS: THIS IS A BETA COPY OF PHUK#1 ..... NO RESPONSIBILITY CAN BE HELD
FOR ANY AND ALL SPELLING AND GRAMMATICAL ERRORS THAT OCCUR IN THIS
TFILE ---- the rest of it is down to us and the normal disclaimers
apply ... i.e. don't use this info to phuk with the system, just
read and enjoy (heheheh).
=============================================================================
P / H - U - K -- C O N T E N T S
=============================================================================
0: INTRO: You're reading it!
-----------------------------------------------------------------------------
1: EDITORIAL: Channel 4 Documentaries SUCK!
-----------------------------------------------------------------------------
2: NEWSBYTES: UK News
-----------------------------------------------------------------------------
3: HISTORY: New Scientist 1973
-----------------------------------------------------------------------------
4: DEFCON II - Otaku
-----------------------------------------------------------------------------
5: ANSWERPHONE: The Panasonic KX-T1446BE
-----------------------------------------------------------------------------
6: CIRCUIT: Simple Line Monitor - TheGoat
-----------------------------------------------------------------------------
7: NO GIFT FROM HALLMARK - DrKaos
-----------------------------------------------------------------------------
8: BT Computer Security Manual - Mrs. Brady of Doncaster
-----------------------------------------------------------------------------
9: Notes & Queries: A question & Answer Forum
-----------------------------------------------------------------------------
10: OUTRO: Next Issue .... we hope!!
-----------------------------------------------------------------------------
=============================================================================
PHUK MAGAZINE - Phile 1 of 10
=============================================================================
-----------------------------------------
CHANNEL FOUR DOCUMENTARIES SUCK - Phuk-Ed
-----------------------------------------
That recent documentary on channel four sucked. Just what we needed
was some stupid media c*nts telling the entire world that we were all
boxing throught Hawaii Bell. For some strange reason this line died
very soon after the documentary .... are we surprised? I think not.
At the same time horror stories about people being charged for boxed
calls through 0800 numbers began to circulate, stories of beeing fed
straight into overseas operators when using Country Direct numbers,
along with a whole slew of paranoia, which may or may not just be
disinformation designed to discourage boxing in th UK.
For example, I recently leeched a tfile from a UK bbs that claimed
that from 10-02-94 BT have been monitoring all free phone numbers
from the base in Blackpool, and that the information is also going to
the BT investigations dept at Milton Keynes. The person writing the
tfile claims to be a contracter linked to BT, and that Channel 4
had contacted BT before the documentary was screened and that this
resulted in the circulation of a confidential memo was sent
to all system & exchange managers asking what steps can be taken.
Apparently suggestions ranged from "put filters on the line", via
"link all 0800 calls to a billing machine" to "change all the
numbers". Well the many of the numbers HAVE changed, and even the
merest hint that all 0800 calls are getting routed into a computer
and analysed to check if they are legitimate data/voice/fax calls
is enough to give any phreak the willies! He also claims that "any
questions can be directed to bt internal investigations on
0800-890-999, ask for extension 131". [Does anyone know if this
number is really the BT investigations unit??]. We do not need this
type of paranoia, and all because of one stupid documentary!
The documentary itself was pathetic. Programming your computers to do
continuous directory listings might look good to the media vampires,
but to anyone with any computer literacy it just looks stupid.
Showing the two anonymous hackers inside a Brighton phone box with
what must have been the BIGGEST tape machine you could possible carry
(can't show Walkmans can we now guys!) while boxing using a tape was
hilarious. Showing them dial up an American sex line while they were
saying in essence that this is a line for all the sad computers spods
who can't get a girlfriend, was a joke. The whole chunk of credit
card fraud at the end, bleeped as if they were giving away vital
information, (of course no-one knew about credit card fraud before!)
was a useful ploy used by the documentary to discredit hackers (look
middle classes, your credit is under attack ... better lock those
hackers up quick!!).
This documentary should act as a warning to any hackers who might
consider getting involved with the media in any way. They can, and
WILL distort what you say by selective editing and voiceovers. They
can and WILL sensationalise hacking in an attempt to increase ratings
and thus advertising revenue. Luckily at least one person in the
known universe is trying to put together a film that shows hackers
and phreakers in a more favourable light ... and we here at PHUK
magazine wish her the best of luck!
Phuk-Ed.
+++
EOF=============================================================================
PHUK MAGAZINE - Phile 2 of 10
=============================================================================
------------
UK NEWSBYTES
------------
-- PHONE DAY
Phone Day is almost upon us! Well, not quite, its on the 16th of
April 1995, but judging by the, amount of energy BT is putting into
the big event the public are meant to absorb this information by some
weird sort of osmosis .... and now us phone phreaks are telling them
all about it instead of BT! Certainly all of Joe public I have spoken
to treat phone day as some sort of publicity stunt, like Give Up
Smoking week, where you are encouraged to use the phone more on Phone
Day. When it is explained that Phone Day is the day that all the
dailing codes change the response is mixed, ranging from "why would
they do that", to "Oh No, not again!", from people who remember the
great day when London split its codes into 2 zones (071 & 081), and
the amount of hassle it caused them! Funny enough I found an old BT
card explaining the LAST change in codes marked "BT - It's you we
answer to" .... hmmm guess thats why you still charge in UNITS
instead of seconds huh guys!
Of course companies offering Phone Day services have sprung up ..
they will update all your databases ... at a price!! In actual fact
the new codes have been with us for some months, and it has been
possible to use the new London codes (0171 & 0181) for a while now.
In case you can't remember (!), Phone Day means that all codes
starting with 0 will now start 01, and Leeds, Sheffield, Nottingham
Leicester and Bristol all get new codes (I won't bore you with the
numbers!).
-- CALLER RETURN / CALLER ID
Of course the BIG story of the month should have been the
introduction of caller return and caller ID on the 5th of November
.... here's what the SUN newspaper had to say about it on the 28th of
October ... (When I first wrote this of course I said 'by the time
you read this .....').
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[from the SUN Newspaper, 28-10-94]
BT cures hang-ups for free
People who rush to answer the phone just as it stops ringing will
be able to find out who called thanks to a free BT service unveiled
yesterday.
From Novemeber the 5th, frustrated customers can dial a code and
listen to a recorded message telling them who was the last to call
them.
BT says the number of return calls will cost the cover of the
service.
The firm is also introducing "Caller Display" which allows people
to see the number of the person calling before they answer.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Once again the actual service has been around for a while in some
areas, just not "switched on". So if I dial 141, to block CI/CR, I
get a message "Sorry, you have dialled an incorect service code,
please replace the handset and consult your instructions". Similarly,
dialing 1471 gets the message "Sorry no telephone number is stored".
BUT when I phoned the BT helpline (0800-80-1471) to ask about costs,
I was told (incorrectly) that Caller Return would cost 3.99 per
month, and that Caller Display would cost an "unspecified amount"
plus the cost or rental of the equipment. Funny thing was though,
that when the helpful young BT chap asked me for my area code "for
his database" and then repeated the number back he got it wrong!!!
What is really cool is that Joe Public HAS woken up to the
problems this might cause, hence the following article from the
Guardian, 4th November 1994.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[from the GUARDIAN Newspaper, 04-11-94]
BT forced to delay service identifying callers
British Telecom has been forced to postpone the launch of two
services which reveal a caller's number - because the public is not
yet aware of the risks involved.
Civil Liberties lobbies have been concerned about privacy,
pointing out that a doctor, for examle, ringing a patient from home
would not want to disclose his private number. And ex-directory
numbers will be identifiable unless customers opt to retain anonymity.
BT, which has already spent several million pounds promoting the
services and warning that numbers could easily be identified, has had
to increase its budget for an extra two week campaign of newspaper
and televsion advertisments.
The services, Call Return and Caller Display, will now come into
operation on midnight on November 21, rather than tomorrow. This
follows recent discussions between BT and Oftel, the industry
regulator, which insisted that the public must be fully informed
beforehand.
A BT spokesman said that the group was disappointed at the lack of
awareness in view of its advertising.
Call Return enables a phone owner to identify the number of the
last caller, by dialling a short code. Subscribers to Caller Display
will have a phone or box that shows the number of an incoming call on
a screen.
BT has built in two safeguards. Customers can have the calling
line identification (CLI) signa on all outgoing signals automatically
blocked, or they can block the signal on individual calls by dialling
141 before the number. However the CLI signal will be available to
BT's malicious calls units. [no shit!! and WHO else can get it!]
Many with ex-directory numbers (15 percent of personal customer)
believe that their numbers should be protected automatically.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Methinks, we have not heard the last of this .......
..... and indeed we hadn't! after "WatchDog" had a good go at
BT over CR/CD the service didn't start until November 22nd, as
planned. However, once again everything was put in place some time
before, allowing us to play with the service, which came into force
around 18:00 that day. CR does pass unlisted numbers across the lines,
but we haven't been able to test whether it passes ex-directory or
not. Blocking seems to work as advertised, and cell-phone numbers are
also not passed along. What worries me, however, is that on several
occasions after recieving a call from what I knew to be a listed
number, and from people who I wouldn't call phreaks and use the 141
blocking code, were not stored for my use :( Watch this space for
updates!
-- INTERNET MANIA
Anyone who hasn't heard of the Internet these days must be blind,
deaf, half-asleep or all three. With the introduction of a Guardian
ONLINE section, the bbc getting their own email address ..(yes!! you
can email the broom cupboard!), the opening of London's first
fully fledged, and much hyped "CyberCafe", and the publication of
not one but 2 expensive glossies (Internet & Comms, and .net),
everyone and his dog will have an internet account by the year 2000
(well, if we don't run out of addresses first!).
However, at a minimum 1.50 UKP per half hour for the privilege
of having coffee, danish & WWW, we here at PHUK magazine feel that
Cyberia might be spending some of their hard earned (!!) profits on an
internet security expert before too long :)
+++
That's all for this ish, don't forget, NEWSBYTE exists on
contributions from its readers, so send your snippets, comments etc to
PHUK magazine at anon19143@anon.penet.fi, where we will do our best to
include them in the next issue.
-- BT HACKER :)
OK, boring, but I couldn't resist commenting! Calling the BT
contractor who stole the queen's phone number a HACKER is a joke!! But
then the Independant wouldn't have sold so many papers with the
headline "Sub-Contactor Breaks Confidentiality Agreement" would it?
+++
EOF=============================================================================
PHUK MAGAZINE - Phile 3 of 10
=============================================================================
---------------------------
HISTORY: New Scientist 1973
---------------------------
This issue's HISTORY section has an article published in the New
Scientist on the 13th December 1973 in the wake of the Old Bailey
trial. The article made the front page, running under the headline
"Are phone phreaks just telephone addicts?". Anything in square
brackets is mine, the rest comes straight from the magazine page to
you ... Enjoy & Have phun! - Phuk-Ed
--
[headline]
Are telephones addictive?
[intro]
Nine "phone phreaks" were acquitted last month after a seven-week
trial at the Old Bailey. The trial gave considerable publicity to teh
techniques used by a small and determined group of intellectuals with
a compulsive desire to know the telephone system inside out.
[start]
When Post Office invesigators raided a Hammersmith, London flat in
October 1972, the found a "phone phreaks" conference in progress with
large quantities of telephone equipment, a computer printout listing
supposedly secret Post Office codes, and devices for making calls. A
Post Office installed monitoring device showed that one man had spent
much of the day experimenting with one of London's international
exchanges.
Nineteen men went on trial on 3 October at the Old Bailey. With
advance promises of nominal fines, 10 pleaded guilty - one to
actually making calls, the others to conspiracy. Fines ranged from 50
to 100 [pounds]. The other nine stood trial for conspiracy to defraud
the telephone system. On 13 November, all were acquitted, in a trial
estimated to have cost more than 100,000 [pounds].
Most were men in their 20s holding university degrees, primarily from
Oxford, Cambridge and London. Their interest had begun in student
days, usually from reading standard texts such as Atkinson's Telphony
and moving on to the Post Office Electrical Engineers Journal.
Experiments by exhuastive dialing on local networks followed. Soon
the exhausted the possibilities of dialing and moved on to electronic
aids. Their attitude was neatly summarised by the trial judge Neil
McKinnon, QC, when he commented: "Some take to heroin, some take to
telephones." He, too, entered into the spirit of the thing and asked
for the codes used in his own local exchange in south London.
Like scientists conducting experiments, the phone phreaks report
results to one another. And they take a perverse delight in writing
to the Post Office to explain new and previously undetected ways to
beat the telephone system - often the Post Office does not believe
these suggestions until much later. The penetration of the Post
Office's secrets has been massive. The investigation that led to the
recent trial was apparently triggered by the discovery that for some
years the Cambridge University Titan computer had held complete and
laboriously compiled files detailing the entire trunk and local
network system
[caption]
Imitate control signals
[start]
In general, telephone enthusiasts (as the court genteely put it) work
by imitating the control signals that the telephone system must have.
he signals tell an exchange, for example, that a call is coming from
another exchange, or that a subscriber has hung up, or that a call
has been answered and that charging should begin. On long distance
trunk circuits the signals are withing the normal telephone speech
bandwidth (30 Hz - 3 kHz), and the UK Post Office uses pulses of
single frequency - 2.28 kHz, As the signalling must take place on the
line which will be used for the call, there is no way that the Post
Office can prevent anyone from imitating the codes. Usually they use
a "bleeper" which puts the tone onto the line with an accoustic
coupler, similar to that used for portable computer terminals.
Details of using a bleeper to make international calls are given in
the box.
[start sub-box]
[photograph with caption]
Typical phone phreaking equipment. Rear right - an older style AC9
simulator (bleeper) with a telephone dial. Front, a newer AC9
simulator, with an accoustic coupler (an ordinary telephone
earpiece). Rear left - a multifrequency simulator. A print-out of
telephone codes lies under the equipment.
[basically thats what the photo shows ... this stuff is OLD and
clunky looking though!]
[end sub-box]
In the last few years, the Post Office has begun the introduction of
the Trunk Transit Network to effect speedier transit of information.
Where the normal system uses pulses of 2.28 kHz to represent numbers
(1 pulse for 1, 2 for 2, etc, just like a telephone dial), the new
Multifrequcny system (MF2) has six different tones, and uses two at a
time, permitting 15 possible combinations (10 numbers and 5 control
signals). Thus, where the 0 required 10 pulses, it now only requires
1. The Post Office hopes to introduce full nationwide STD using this
technique by 1980. This goal was achieved in the USA and many
European countries some years ago. Generating the six tones required
in the UK is more complex than tha traditional 2.28 kHz, and involves
a six-frequency generator. Because many countries have their own sets
of tones, the international phone phreak will need a set of bleepers.
One presented in evidence at the trial was very elaborate, being
capable of simulating seven different signalling sytems. Nicknamed
the Mighty Wurlitzer, it was rumoured to cost 200 [pounds] to build.
The Post Office offered 20 [pounds] for it.
As new MF2 centres are added to the network - Newcastle, Hull and
Bradford last month - the Post Office is reportedly intensly worried
about the vulnerability of MF2. It is perhaps typical that the Post
Office were initially complacent, and did not believe the Cambridge
undergrad who some years ago told them that MF2 could be beaten.
One defendant revealed that he and others had written a set of
letters to the Post Office explaining flaws in the system. His most
recent contribution - a dialling sequence known as 9-1-11 which would
give irregular STD service from small country exchanges - was
haughtlyi rejected by a Post Office expert with "it couldn't
theoretically work".
[begin sub-box]
[caption]
Bleeping around the world
[start]
At the trial, the Post Office gave a demonstration of how
international calls might be made, using a bleeper. The telephone
enthusiast first dials an STD call to a destination which will be
charged at local rate - from London to Badger's Mount just north of
Sevenoaks will do. This call is routed automatically through the
london STD centre and the trunk exchange in sevenoaks. When the call
(which is made to a number known to be spare) had gone through, he
sends the "clear forward" signal which tells Badger's Mount that the
call is finished. Because the enthusiast's telephone is still off the
hook, the London equipment believes that the call to be still in
progress. The result is an open line going as far as the Sevenoaks
trunk exchange.
He then sends to Sevenoaks a signal known as "seize" which wakes up
the Sevenoaks end. He could then send the digit "1" which will put
him on the outgoing trunks from Sevenoaks. By dialling the secret
trunk codes or routings, he can then dial freely through the trunk
network. He could dial to Tunbridge Wells (code 15) and through it to
Cardiff (65) and London International (112). At this point, by using
other tones, he could if he wished experiment in any part of the
world.
Unlike STD codes, the trunk codes are not the same throughout the
country - to get from Reading to Tunbridge the code would be 35
rather than 15. Thus the enthusiasts have built up massive files of
trunk codes, often produced on computer printouts.
Knowing the codes, however, does little good because they cannot
simply be dialled - extra equipment is required. The clicks that an
ordinary telephone dial sends down the line are reallt DC pulses, 67
millisec (ms) long, send at the rate of 10 per second. Long distance
trunk circuits cannot handle DC, so the exchange automatically
converts these to eually long pulses of 2.28 kHz. This signalling
system is known as AC9. Having already passed the local exchange, the
phone phreak must produce his own 2.28 kHz signals. Some people are
actuially able to whistle the correct tone, but most phone phreaks
use some sort of electronic simulator - usually called a bleeper -
made up of a tone generator and a telephone dial or more complex push
button system. The device must also produce at least one other signal
- the Clear Forward which is 700 ms of 2.28 kHz. The seize signal is
simply a "1".
One of the effects of the clear forward signal is to accidentally
generate another signal which starts the equipment in London charging
for the call. Thus, the user of a bleeper is then paying for the call
whether or not he ever completes it. But the charge is always for a
call to the first exchange dialed (London always thinks that the call
is to Badger's Mount) so the bleeper user always starts with a call
to the local exchange to keep the cost down.
The legal question enters at this point - the effect of the recent
acquittal would appear to be that using a bleeper is not illegal
unless a call is actually completed, in which case the phone phreak
is getting a long distance call at local rates. Simple possesion of
bleepers themselves is apparently not illegal, although the Post
Office has the right to disconnect the phone of anyone who uses one
[there is a diagram accompanying this sub-box which just uses a box
and arrow type diagram showing the relationships between the
different exchanges discussed in para 2]
[end sub-box]
[caption]
Dial direct
[start]
There is a second major way for the telephone enthusiasts to get into
the PO network. As described here recently (vol 58, pg 23), some
engineers had covertly installed their own unauthorised links. As
these individuals had ample opportunity to discover the secrets of
the telephone network, the only purpose of such circuits could be
fraud, as was shown in the recent prosecution of a Bristol engineer
who operated an Air Charter compnay on the side. Several other
accesses arose accidentaly, caused by careless or sloppy design. Thei
utility to telephone enthusiasts had resulted in a large scale hunt
for them. A list of these trunk accesses was eventually passed to the
Post Office. Nevertheless, suggestions of "sabotage from within" are
hotly denied by the Post Office. But a recent example is an
"engineers fiddle" fitted to the Chiswick exchange. It allowed North
London Post Office staff who knew about it to make free STD calls,
quite illegally from phones all over London. By dialling 995 for
Chiswick, then 47, then any four digits to "unlock" the circuit
(since someone, perhaps even an investigator, might stumble on 995-47
by accident), they would be enabled to dial free calls. This money
saving device disappeared earlier this year, when the code became
needed for new subscribers on that exchange and the engineer had to
take it out.
Two devices to avoid payment were displayed at the trial. One, known
simply as a black box or non-charge facility, is simply a battery and
two simple components that can be fitted to any telephone and prevent
the exchange from realising that the called telephone has been
answered - thus no charge is made to the caller.
The other was more amusing - a 2p piece on a length of thread. Its
student owner had not known that it could be used for telephones, but
a zealous executive engineer studied the problem and showed the court
how, with a little legerdemain, it could be retrieved from the reject
slot of the coin box.
[caption]
Telephone tapping?
As might be expected in Watergate year, allegations of telephone
tapping were well to the fore, and several Post Office methods were
exposed. The first, and simplest, is a printermeter, which makes an
automatic record of whom you call, for how long, and the exact time
and date of the call. The second is the misuse of special test
circuits to listen in to any call. The operator or monitor merely has
to dial you number on these special circuits, and listen for as long
as he likes. The intended use of such circuits is to interrupt a call
to tell you that someone is trying to call you from abroad, for
instance.
The third is the euphemistically named "Call Check Circuit" - this
can be attached to any phone in the country - and is undetectable. It
can be used with a tape recorder to record all incoming and outgoing
calls. Identifiable only by the type number painted on it, 60345, it
is now fitted as standard equipment.
[start sub-box]
[photograph with caption]
The Post Office goes to great, but unsuccessful lengths to keep its
secrets. The centre door (31-32 High Holborn) is the unmarked
entrance to the Kingsway exchange, London's largest trunk exchange,
located in two deep bomb shelters under Chancery Lane underground
station.
[end sub-box]
The British Post Office is not the only organisation with pranksters
prowling through their system. In the USA, the vast telephone network
has been blighted for some time by the phenomenon. For technical
reasons, the Bell system is far more open to the possessor of a Blue
Box, as a bleeper is called across the Atlantic. Forty years ago,
world telephone technologies diverged. The Bell system, which owns
almost all of North America;s 140 million telephones, started to use
the crossbar system, while Britain stuck with the Strowger method,
invented by a Kansas City undertaker in the 1890s. The effect of the
crossbar on the trunk network was to enable the same codes that are
used for the nationwide dialling system to be used for the internal
codes of the system, resulting in far greater reliability and faster
operation. It also uses a multifrequency signalling system, using
frequencies between 700 Hz and 1700 Hz. Because of the identical code
usage, US phreaks are sparedn the hard work of compiling and using
special trunk codes as in Britain.
The phreaks first appeared on the US scene in the early 1960s when a
group of MIT students were found to have conducted a late night
dialling experiment on the Defense Department's secret network. They
were rewarded with jobs when they explained their system to Bell
investigators. The attitude was a little different a few years later
when blind Joe Engressia, sometimes acclaimed as the "King of the
Phone Phreaks", was discovered merrily whistling down the line to fix
up free calls around the world for his school friends. As a result of
his widely-publicised prosecution, many individuals who had been
working in teh dark, alone, across the continent rang in to Blind
Joe. The new technology spread rapidly through the underground, and
names like Captain Crunch and Midnight Stalker became commonplace on
illegaly procured trunks. The name "phone phreak" identified the
enthusiasts with the common underground usage of freak as someone who
was cool and used drugs.
Since then, the telephone system has been a battleground between the
phreaks and the Telcos (as the telephone companies nickname themselves).
Abbie Hoffman's Yippies, the Youth International Party, gave birth to
a phreak division whose monthly, The Party Line, publishes details of
the latest and best Anti-Telco hardware. It has recently diversified
into using high-power magnets on parking meters in order to stay
longer, cheaper. In June 1972, Ramparts carried a set of instructions
on how to build the Black Box, or non-charge facility.
In the US, phreaking is receiving increasing publicity, and the
annual conference held on 8 September at a major New York hotel was
given wide press coverage. Unveiled at that meeting was the Red Box -
an electronic device that simulates tone pulses sent to an operator
when money is put into a coin box.
From the Telcos this year comes their effort to keep up, the Model
51A Dialled Digit recorder. It costs $3500. For a further $1000 the
MF option can be fitted, and with another $100 for the 67A extender,
the telephone company can have a recorder which will record no less
than four different types of signalling: a match to the Mighty
Wurlitzer.
[begin sub-box]
[caption]
An Old Bailey anniversary
This year is the 20th anniversary of another Old Bailey telephone
conspiracy trial. In that year, a Mayfair chemical company director
and two friends were accused of making automatic trunk calls around
Britain - almost ten years before STD was introduced. And all for a
single charge of an old penny.
Their method was known as the Toll A drop-back, named after Toll A,
an exchange near St Paul's which routes calls between London and
nearby non-London exchanges. The trick was to dial a number, such as
Dartford 21111, which was then not allocated. Then, the reciever rest
would be "flashed" (depressed for 1/2 a second). This would act in a
similar way to the "clear forward" on the a.c. system. The caller
would be left with an open line into the Toll A exchange.
The user could then dial a code, 018, which would take him on to what
was then the first trunk (long distance) exchange in Britain. Once
again with a list of trunk codes which he could have compiled by
experimentation, he could dial around Britain. The advantages of
these methods in 1953 was immense. The delays on trunk calls through
the trunk operator could often be several hours, and the quality very
poor.
The method is still available. One of the defendannts in last month's
trial was alleged to have made experiments by using a Toll A dropback.
He had dialled Caterham 41111, a number not in use. Then by flashing,
he could dial through the Toll A exchange, and out through exchanges
around London to some point where he would be able to dial up onto
the trunk network.
In May, a London chemistry student pleaded guilty to making calls to
he US utilising Toll A dropback via exchanges in Surrey where trunk
accesses had been fitted at the time. he was fined 70 [pounds] plus
10 [pounds] costs and ordered to pay the Post Office 350 [pounds] for
lost revenue.
[end sub-box]
[Phew! I am knackered after typing that in! but I hoped you enjoyed
it! Nice to know that the Red Box has come of age ... being 21 years
old this year! I actually met one of these defendants at this trial
at a 2600 meeting last year. A few questions though ... WHERE are the
Call Check Circuit marked 60345 installed??? In a junction? a DP? In
you house??? and WHY can't BT be as complacent as the Post Office are
reported to have been? - Phuk-Ed]
+++
EOF=============================================================================
PHUK MAGAZINE - Phile 4 of 10
=============================================================================
----------------------------------------
DEFCON ][ , Las Vegas, July 1994 - Otaku
----------------------------------------
Since I have been nagged to write a space filling article for this
inaugural issue of PHUK, here are some person observations about the
DEFCON ][ conference held this summer.
Unlike Winn Schwartau, I am not a writer/lecturer on security issues,
but those of you who want another view of what went on at DEFCON ][
should read his account "Cyber-Christ meets Lady Luck" in PHRACK 46 ,
file 19.
In January 1994, before I had decided to go to DEFCON ][, I saw an
article in alt.2600 from a journalist wanting to meet "hacker/phreaker
types". I suggested that he go to DEFCON ][ in July and perhaps report
as follows (looking back, I must have been psychic, because some
things happened just as predicted !):
>Judging by the press coverage of last year's HEU event in the Netherlands,
>someone needs to educate the media/government, perhaps you can help.
>Here are some suggestions 8-)
>Unlike the HEU event, you should be able to write your story from the
>comfort of an air conditioned bar. Editors too old fashioned to
>believe the authenticity of email might be convinced by a creatively
>constructed expenses claim for bar room interviews of "sources".
>With Las Vegas as a background, you can pique your editors interest with
>quotes from Hunter S. Thompson's "Fear and Loathing in Las Vegas"
>Go on to draw attention to the similarity of the physical look and atmosphere
>of Las Vegas at night and most of the literary visions of Cyberspace from the
>likes of William Gibson ("Neuromancer") and Neal Stephenson ("Snow Crash").
>Since you are in the desert, you could even drag in references to Wild Palms.
>(Culture & technology)
Winn Schwartau mentions Hunter S.Thompson in his article, so perhaps I had
the right idea !
>If you can tag along with the right people, you will no doubt visit all
>the sights of Vegas. See if you can persuade someone with a cell phone scanner
>to show you how to track the call girls being despatched to the
>various hotels.
>(Sex and technology)
The call girl/cell phone stuff was done: a couple of potential
customers were warned off by "the voice of God" breaking in on their
cell phone conversation and warning that it was a police setup. At
least one drug deal was also scotched in a similar manner.
>This could lead you nicely on to the other Vegas cliches of pondering the
>enormous amount of money flowing about the place and all the computer
>and telecomms technology used to provide the infrastructure to the casinos.
>Recount the stories of the computer assisted Blackjack hackers.
>(Money & technology)
>No doubt there should be various law enforcment types lurking about.
>Ask them about the Steve Jackson affair and about Phiber Optik.
>(Legal issues & technology)
I heard that an approach had been made to one of the delegates, asking
if he could "hack into the the Sands Casino Baccarat high-rollers
list". Since this game accounts for more than half the profits of a
casino, the few mega-rich gamblers who choose to lose at baccarat are
feted with free rooms, food, drink, women etc. A suitablly impressive
looking data file was constructed, and Gail Thackery's name was put on
it. She was a guest speaker, and also the District Attorney who was
involved in the farcical Operation Sundevil affair involving Steve
Jackson games.
>Ask people about PGP. Compare and contrast the arguments about freedom,
>privacy and strong public key encryption from the Cypherpunks, to the right
>to bear arms arguments of the NRA. Ask what Bill Clinton and Al Gore are up
>to with the Clipper chip proposal. Will access to the new Digital Superhighway
>if it gets built be as free as this Internet ?
>(Government & technology)
Phillip Zimmermman, author of PGP was one of the speakers
>A few photos of people with reversed baseball caps posing with laptops and
>cell phones in front of the various casinos (at night for best effect)
>and you might be able to sell the story to the mainstream media.
There were plenty of reversed baseball caps, but only one person had
gone so far as to get a computer chip implanted next to his tatoos
(seriously !)
The conference was held in the Sahara Hotel, which is not the newest,
biggest or most luxurious, but was a whole lot more comfortable than
either the Dutch campsite which hosted HEU or the New York flea pit
that apparently hosted HOPE.
I fell in with the organiser of the conference, Dark Tangent, a law
student from Seattle, as well as TDK (one of the elite few from the
UK), MTV, Tagger and a man with no nickname.
"Lets's go and see the MGM" :this is the biggest casino/resort hotel
in Vegas, 5000+ rooms, the usual huge casino, a seven story lion
guarding the entrance and a theme park similar to Disneyland. Since we
were here to enjoy ourselves, we headed off in a couple of cars.
We toured past the Las Vegas Hilton, which used to have the largest
illuminated neon sign in the world (worth $2 million, over 100 feet
high). Unfortunately it had collapsed into a heap of twisted girders
and broken glass the day before I arrived.
The MGM is huge, even by Vegas standards, but of course every punter
is treated like a VIP, so there is obligatory valet parking at the
entrance. We got out of the two cars we had cruised up in, whereupon,
the man with no nickname got managed to lock the keys to one of the
cars inside it, in the middle of the valet parking lane.
The car valets then proceeded to give us a demonstartion of car
repossession techniques using flexible metal strips known as "slim
jims" which they inserted between the rubber seal and the glass of the
car window. They were trying from both sides, with little apparent
success, but those musical Vegas words "there will be a big tip for
you" were uttered and both driver's and passenger's doors sprang open
as if by magic ! We decided to christen the man with no nickname
"Repo Man" in honour of his part in our entertainment and education
but upon reflection "Repo-Spazz" seemed to stick.
The evening was a cool 90 degrees Fahrenheit, so we headed indoors to
the air-conditioned casino, which was impressive enough in scale, but
held little interest for us as we headed off to the amusement park on
the other side.
We watched an amusing slapstick/stunt performance involving costumed
pirates and much leaping off walls and diving into water. Piracy seems
to be a theme in Vegas. There is hotel called Treasure Island, in
front of which, just to draw the crowds, are two full sized pirate
ships on an artificial lake, which periodically stage a performance
involving crews of actors, sword fights etc. One of the ships then
"sails" towards the other and fires cannon etc.
The rides were ok, and we did not have to queue as this was late in
the day. We were nearly ejected from one ride, a flight simulator type
"ride to the centre of the earth" , when one of our number could not
resist the temptation to spit into one of the pools of water lit by a
red light which was supposed to represent a pool of molten lava
(there are security cameras everywhere in Vegas !).
We had more fun on a proper roller coaster type ride, which happened
mostly indoors, and so although short, was quite fast and aggressive
in its twists and turns. MTV lost his precious baseball cap, which he
had to go back for later and Dark Tangent was taken by the video photo
of a girl in one of the cars following us. At the point where the
cameras flashed, she was holding on to herself in such a fashion that
Dark Tangent bribed the photo clerk for a copy. It may appear on the
DEFCON ][ WWW and ftp site at dfw.com under Aleph1' s pages.
Nearly midnight, and Vegas keeps on going (they pump extra oxygen into
the casino air conditioning in the wee hours of the morning to keep
the staff and punters awake, and also make sure that there are no
visible clocks or windows to give you time clues), but, hey, there is a
conference due to start tomorrow !
We went back to Dark Tangent's room and I helped stuff an extra sheet
into hundreds of copies of the conference program. I got my
psychodelic conference badge (#1 no less!) and various stories were
recounted. The infamous Oregon State vehicle licence/voters roll
CD-ROM was displayed and discussed. This contains the names ,
addresses , telphone numbers and social security numbers of thousands
of citizens in the state of Oregon , legally obtained by paying the
appropriate fee to the proper authorities, in exactly the same way as
the credit bureaux and marketing database companies do. Somehow the
act of translating it from 9 inch tape format to CD-ROM format and
making it available to the public caused quite a stir in Oregon. As
the warning on the label says "Do not use this to create false
identities, apply for credit cards etc-"
Who says phone phreaks are a menace to society ? One of the female
conference delegates was having difficulties with the hotel phone
equipment. Within 5 minutes the jack was out of the wall and various
soldering irons were in use and her phone was repaired without any
need to call hotel maintainance at 1am in the morning. Perhaps this
was when it was discovered that the trunking which held the phone
lines to your room, also had the wires for most of the rest of the
same floor 8-)
The hotel had given us a conference room the size of a couple of
tennis courts for free providing that Dark Tangent could supply the
requisite number of hotel bookings. Normally this works well for the
hotel, e.g. there was also a convention of Railway Signalmen booked in
at the same time, who spent much more on beer and at the tables than
the DEFCON crowd did.
Dark Tangent organised the registration process, but of course there
were people who had pre-registered, of whom no record could be found
("computer problem") and there was much waiting around for things to
happen. The DEFCON tshirts were popular, and Dark Tangent learned
that black outsells white which outsells green.
Once the various speakers got going, things were fine, but generally,
unlike HEU, there was hardly any technology on show for people to play
with. The most desparate email addicts did get a 'Net connection' on
Zak's portable Sun clone via a Macintosh modem and several hours of
social engineering of the hotel operator.
Much of Dark Tangent's promised equipment failed to turn up in time.
Since Zak is from the UK, and TDK sorted out some of the PA and
overhead projector problems, and I lent my portable for some German
Videophone type stuff, the very small UK contingent aquitted itself
better than the native Americans in terms of conference
hardware/software.
The point of such a conference is not to have an online
hacking/phreaking session, or to play with the Internet, but to meet
interesting people.
I had interesting chats with Philip Zimmerman, the author of Pretty
Good Privacy public key encrpyption (he is working on a PGP for
voice/audio which will do what the infamous Clipper chip is meant to
do, without government interference). I got to chat with Padgett
Petersen, an anti-virus expert and also with Winn Schwartau and other
more anonymous people, including the winner of the "I am a Fed" tshirt
in the "Spot the Fed " contest.
Winn's book "Information Warfare" has some details of High Energy
Radio Frequency weapons, which although military in origin, can
apparently be home brewed to produce a 16 megawatt directed pulse
which can frazzle a computer at a distance. He raised the possability
of a HERF gun demo perhaps at the next DEFCON, out in the desert,
providing that the attendees do not have pacemakers etc. The
implications of this sort of technology are as significant for us in
the UK as they are in the USA. What would have happened if the IRA had
used a HERF gun or a similar EMP/T bomb instead of explosives in the
City of London ?
Dr Mark Ludwig gave his wry International Virus Writing Competion
award to one of the proponents of the media hype surrounding the fact
of the announcement of a Virus Writing Conference. His Virus CD-ROM
containing hundreds of live computer viruses and source code seemed to
sell out quickly. He now looks at computer viruses in terms of
evoloution and has done experiments with Genetic Algorithm programming
to allow virus code to mutate and recombine in order to evade the
attentions of anti-virus scanning software. Since he has also
published protected mode boot sector infectors, all the snobs who
think that just because they are running Linux, Windows NT, or OS/2
that they are safe from mere MSDOS viruses, had better think again.
Annaliza (an honourary member of the UK contingent, since she attends
the 2600 meetings in London when she is over here) gave a talk about
her video "Unauthorised Access" and Christian from the Chaos Computer
Club in Germany gave an account of things over there. He also showed
the cool video phone technology he is working on using my portable.
TDK ran through what was happening in the UK (you should know all
about that already)
One of the most interesting ideas I picked up from DEFCON was from
Stephen Dunifer of Berkley Free Radio. He is involved in Free Radio
(i.e. "pirate" broadcasting ) using CAD/CAM designed, stable frequency
micro-power transmitters. As these do not drift as much as commercial
stations do, there tend to be fewer complaints, and the stations can
stay on air longer before the authorities have to be seen to act to
shut them down. He and his collegues have been involved in providing
such cheap transmitters to the Chiapas indians during and after their
recent revolt against the Mexican government. the plans for these,
including PCB graphics and component lists are available by ftp from
crl.com, directory ftp/users/ro/frbspd
What caught my attention was his description of a recent rave in the
Bay area, where due to restrictions on amplified music, the DJs
broadcast on FM via a micro-power transmitter and got the audience to
bring along their boom-boxes. The concept of an audience of ravers all
wearing Sony Walkmans seemed quite bizzare and Californian, but it
made me think of what might be possible/necessary after the UK
Criminal Justice Bill gets passed.
There were a couple of interesting talks by private detective /
telephone bugging types. I watched a couple of them demonstrate how to
pick a lock (somehow one of the hotel's noticeboards with those
movable letters behind a locked glass fronted door got re-arranged).
With the right tools and a bit of practice it seems quite easy. There
is a shop opposite the hotel which sells bugging / anti bugging
equipment, which these professionals were naturally contemptuous of.
It seems to be a major pastime in the USA, and of course DEFCON aided
things by publishing the frequencies used by the local police and
hotel security staff. Can Princess Diana be seriously contemplating
exile in the USA ? Somehow I think that the "Squidgy" tapes incident
would be childs' play in the USA.
There was an interesting talk on anonymous remailers, and the
possabilities of extending the concept of remailer chaining and
encryption. The old military/ diplomatic signals security trick of
continuously sending a stream of messages between re-mailers, even
when they are have no "real" messages to send was discussed, since it
was claimed that anon.penet.fi had been the target of successful
traffic analysis.
Whilst the convention was in progress, the big event was of course the
opening of Planet Hollywood, the film star owned burger restaurant in
Caesar's Palace shopping mall. I did mosey along, and the crowds were
even bigger than when the one in London opened, all hoping for a
glance of Arnie or Bruce. I did not see them, but I did see at least 6
"Hollywood Blonde" women, tall and beautiful, each with a wizened
monkey at least twice their age and about half their height as an
escort, heading for the opening festivities.
I resisted the temptation to go go haring off into the desert in
search of something interesting in Area 54 and Groom Lake
("Dreamland") where the US stealth planes and it is rumoured captured
UFOs lurk.
By the end of the conference, the DEFCON tshirts were no longer
causing many double takes "are DEFCON a rock band ?" and I had
"nearly" won a jackpot from a slot machine . It was time to head off
to San Francisco and then home.
All in all I enjoyed DEFCON ][ and look forward to the similar event
which TDK may be organising in London this April. Watch this space,
and send offers of help, money, etc. care of the editors of PHUK
magazine.
- Otaku
+++
EOF
=============================================================================
PHUK MAGAZINE - Phile 5 of 10
=============================================================================
-----------------------------------
ANSWERPHONES - Panasonic KX-T1446BE
-----------------------------------
Reading the phile in sUBTERRANEAN TECHNOLOGIES mAGAZINE by nEIL.s on
answerphones, (complete with BT Response 400 manual), made me realise
that quite a few people mess with these things and that working the
commands out is often more of a drag than hacking the remote code. A
happened to have a answerphone manual and decided to type in the
relevant portions and send them to PHUK magazine. If everyone typed
in an answerphone manual then we would soon have the manuals for
every answerphone in the known universe .... making our lives
considerably easier!
Anyway, on with the answerphone manual
--
Panasonic KX-T1446BE
* to skip outgoing message when dialing in
1 backspace incoming message
2 skip forward incoming message (ICM)
3 incoming message reset
4 memory playback
7 begin re-recording outgoing message (OGM)
8 continue through incoming messages
9 end recording outgoing message
0 turn off machine
Playing Back Messages
* dial the phone
* press remote code during OGM
* a beep will sound followed by a number of beebs to tell you how
many messages you have got (up to 8 times)
* the unit will beep between each message, and 3 times at the end of
the messages
* every 2 minutes 40 seconds the unit will do 2 beeps, press 8 to
continue listening to ICM
Playing Back Newly Recorded Messages
* press 4
* after 1 beep the unit will play back the messages
* during playback of previously heard messages you can skip them by
pressing 4
Rewinding/Fast-Forwarding the ICM while Hearing Messages
* Push 1 to rewind 15 seconds
* push 2 to skip forward 15 seconds
Resetting the ICM for Future Messages
* To record future messages from the beggining of the tape press 3
after all messages have been played
* The unit will rewind the tape to the beginning & do 1 beep
* If you have pressed 4 to listen to new messages only press 3
* The unit will rewind etc & beep once
* Then press 3 again to rewind the tape
* If you reset by mistake then press 2 and hang up to advance the
tape to the end of all the messages
Recording a Marker Message
* After reviewing the messages 3 beeps will be heard, followed 10
seconds later by another 2 beeps.
* Record your marker message right after the two beeps
* If you hear 6 beeps the tape is full
Changing the Outgoing Message
* Press 7
* The OGM tape will rewind to the beginning with short beeps and then
a long beep will be heard
* Record the new outgoing message after you hear the long beep
* When you have finished recording press 9 to stop recording
* The new OGM will be played back to you
Setting & Cancelling Answer Mode
* To set: wait 20 rings then hang up
* To Cancel: dial up and press 0
--
Right, that's the lot ... anyone else with answerphone manuals or
lists of commands send them to us & we'll make sure they get a wide
distribution :)
+++
EOF
=============================================================================
PHUK MAGAZINE - Phile 6 of 10
=============================================================================
-----------------------------
Simple Line Monitor - TheGoat
-----------------------------
The simple line monitor provides a number of functions, initialy it
was produced to give a visual indication of ringing.
Parts : Line connection jack & cable.
Two led's, green and red.
Two resistors 33K.
Small piece of vero.
For convenience I used a ready molded phone jack cable scavenged from
an old phone, I also found it had a .1" pin socket on the other end,
the plug for which was also removeable from the phone, mounting the
plug at one end of the vero, I put the resistors and LEDs in the
middle to form a small square.
1 +----------------------+
2 +------\ +----+ ==+2-\-R1----D1+----+ |
3/4 |P/jack]+----//--| + ==+ \--R2----+D2--+ |
5 +------/ +----+ ==+5----------------+ |
6 +----------------------+
Effectivly, pin 2 of the phone jack connects to both resistors each
resistor to a diode, note positive of each diode. and finaly both
diode ends lead back to pin 5 of the phone jack.
Pin 2 ------------------+-------+
| |
R1 R2
| |
+ |
D1 D2
| +
| |
Pin 5 ------------------+-------+
The connection of pin 5 and 2 is not too important.
When connected to a line one LED will be lit to show line voltage,
if a ring signal is present both LEDs will light brightly in the ring
pattern. (ie: flash-flash--blank-blank-..... etc). As such this met
the initial requirements, but when we first tried it in anger we
found it could also indicate a number of other things. When a phone
is also attached to the line and is picked up the single LED will dim
to about half its previous brightness. If a futher phone is added,
then when the second phone is picked up a futher dimming is noticable.
When tapping a line, indication that the destination phone is in use is
important.
Coming in the next article: Upgrading to give a direct connection to
a computer port for Ring Indication.
- TheGoat
+++
EOF=============================================================================
PHUK MAGAZINE - Phile 7 of 10
=============================================================================
------------------------------
NO GIFT FROM HALLMARK - DrKaos
------------------------------
After the 2600 article by FyberLyte ("The Magical Tone Box", 2600 Vol
10, No.4), I hunted in vain through my local Rat Shack for an
ISD1000A but without any joy. Of course I did not plan to do Red
Boxing, as it doesn't work in the UK, but I did think that the chip
had applications that could stretch as far as a whole number
including CF, KP & ST ....
When the buzz started about the Hallmark cards that could record
speech & tones began, I looked all over for a UK source of the
Hallmark cards, even going as far to phone their UK HQ, only to learn
that they were not imported into the UK. I did however find a UK
supplier, DISET UK, and phoned them with the express idea of
engineering some "samples" out of them on the grounds that I wanted
to buy several hundred or so of these cards (yeah right!). As this
approach seemed to fail I took the backup approach of ordering two
cards by mail order for about 12 quid. The cards arrived, and then
some MORE cards arrived, and then still MORE cards arrived .... until
I had 6 in all...:)
I dismantled my card and removed the microphone and crappy little
speaker and then put the whole mess into a DAT tape box along with a
record/playback switch, an actuation press switch and a phono jack
for the imput (throwing away the mike in the process). I won't bore
you with the details of the actual construction because that was
covered in 2600 Vol 11, No 1 ("A Gift from Hallmark" by Bernie S).
Suffice it to say that anyone with half a brain and a soldering iron
can figure out how it works and box it adding switches etc themselves.
In testing my box I found that I had plenty of space for a good long
sequence: Break, Clear Forward, KP2, <num>, ST .... but never managed
to succesfully seize a trunk with it (although the break seemed
fine). About this time my tone generating machine (an Amiga) broke,
and I also learned that the timings were suspect in the box proggie I
was using, so I just put it down to the program, threw the box in the
drawer and forgot about it.
In the meantime I had given out cards to several people, so that they
could experiment with them also. One of these nefarious individuals
was at that time boxing with a Walkman and was suffering tape
stretch, and thought that the Diset Box would be cool.
I forgot all about the Diset Box for a while, being occupied with
other things, but at a 2600 meeting a while ago the subject of the
Diset cards came up and I asked the individual concerned whether he
had ever constructed the box. Yes, he had, he replied, but it didn't
work!! Apparently, using the same tones and trunks that he could
succesfully box over with his Walkman, he had loaded up the box and
set off only to find that what did work with his Walkman, did not
work with the box :( Shame!
Now I thought about this recently, and it seems that there could be
several reasons for the failure: (i) volume not loud enough, (ii)
distortion or clipping of frequencies caused by the algorithm used in
the digitisation process, or (iii) distortion caused by using the
crappy little speaker that came with the card. Unfortunately my Amiga
is still broken, and until I buy a soundblaster card I cannot
generate tones, and that has to wait until I get gainful employment!
Still, if anyone has succesfully overcome the problems with the Diset
box by improving amplification or speaker quality PHUK magazine would
like to hear about it. In the meantime here is the address of Diset
UK should anyone want to play with a Diset Box themselves.
Diset UK, Portica House, Addison Road, Chilton Industrial Estate,
Sudbury, Suffolk, CO10 6YJ. Phone: 0787-310775
- DrKaos
+++
EOF=============================================================================
PHUK MAGAZINE - Phile 8 of 10
=============================================================================
------------------------------------------
British Telecom - Computer Security Manual
------------------------------------------
Mrs. Brady, of Doncaster
------------------------
Heads up!! This one is a goody! sent to us anonymously by someone who
wishes only to be known by the name of Mrs. Brady of Doncaster, this
is a delightful trashing find of the British Telecom Computer Security
manual!! Run in PHUK as a three part series, here is the first part,
right up to the bits about computers and networks ... which should
make you all look forward to the next issue of PHUK magazine....:)
SEC|POL|AO12
NOT TO BE SHOWN OUTSIDE BT
ISIS Directive
Computer Security Manual
Origin: Security and Investigation Directorate
Issue 7: March 1993
Contents
Foreword by the chairman. . . . . . . . . . . . . . . . . iv
Amendment record sheet. . . . . . . . . . . . . . . . . . . v
List of effective pages . . . . . . . . . . . . . . . . . vii
Introduction and scope. . . . . . . . . . . . . . . . . . 1-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . 1-2
Scope and purpose . . . . . . . . . . . . . . . . . . . . 1-2
Relationship to the previous issue. . . . . . . . . . . . 1-3
Structure of the manual . . . . . . . . . . . . . . . . . 1-3
Feedback. . . . . . . . . . . . . . . . . . . . . . . . . 1-4
Use of the CSM by suppliers and contractors . . . . . . . 1-4
Acknowledgements. . . . . . . . . . . . . . . . . . . . . 1-4
Objectives and policy . . . . . . . . . . . . . . . . . . 2-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . 2-2
Corporate policy on electronic system security. . . . . . 2-2
Objective . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Relationship to other security policies . . . . . . . . . 2-2
Responsibility for security . . . . . . . . . . . . . . . 2-3
Derivation of security requirements . . . . . . . . . . . 2-4
Security policy for the life cycle. . . . . . . . . . . . 2-6
Security evaluation, certification and accreditation. . . 2-7
Security approvals. . . . . . . . . . . . . . . . . . . . 2-9
Product security. . . . . . . . . . . . . . . . . . . . .2-10
Communications and network security . . . . . . . . . . . 3-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . 3-2
System interconnection . . . . . . . . . . . . . . . . . 3-4
Network management . . . . . . . . . . . . . . . . . . . 3-5
Network architecture . . . . . . . . . . . . . . . . . . 3-5
Threats to networked systems . . . . . . . . . . . . . . 3-8
Cryptographic protection . . . . . . . . . . . . . . . .3-13
Electronic Mail Systems . . . . . . . . . . . . . . . . .3-14
Electronic systems insta11ations . . . . . . . . . . . . 4-1
Introduction . . . . . . . . . . . . . . . . . . . . . . 4-2
Accommodation . . . . . . . . . . . . . . . . . . . . . . 4-2
Services . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Electronic system equipment sign posting . . . . . . . . 4-5
Physical access control strategy . . . . . . . . . . . . 4-5
Personnel access . . . . . . . . . . . . . . . . . . . . 4-7
System or master consoles . . . . . . . . . . . . . . . . 4-8
Other terminals . . . . . . . . . . . . . . . . . . . . . 4-9
Communications rooms and equipment . . . . . . . . . . . 4-9
Media libraries and disaster stores . . . . . . . . . . . 4-9
5 Personal computers . . . . . . . . . . . . . . 5-1
5.1 Introduction . . . . . . . . . . . . . . . . . 5-2
5.2 Personal security responsibility . . . . . . . 5-3
5.3 PC and data access security. . . . . . . . . . 5 4
5.4 Security of software . . . . . . . . . . . . . 5-8
5.5 Personal computer communications . . . . . . . 5-8
5.6 Contingency planning . . . . . . . . . . . . . 5-10
5.7 File Servers . . . . . . . . . . . . . . . . . 5-12
6 User access to computers . . . . . . . . . . . 6-1
6.1 Introduction . . . . . . . . . . . . . . . . . 6-3
6.2 Regulating access to computers . . . . . . . . 6-3
6.3 Identification . . . . . . . . . . . . . . . . 6-4
6.4 Passwords. . . . . . . . . . . . . . . . . . . 6-6
6.5 Limitations of password security . . . . . . . 6-10
6.6 Logging on . . . . . . . . . . . . . . . . . . 6-11
6.7 Logging off. . . . . . . . . . . . . . . . . . 6-14
6.8 User privileges. . . . . . . . . . . . . . . . 6-15
6.9 Access to user files . . . . . . . . . . . . . 6-16
6.10 Customer access to BT computers. . . . . . . . 6-17
6.11 Contractors . . . . . . . . . . . . . . . . . .6-18
7 Software and data . . . . . . . . . . . . . . .7-1
7.1 Introduction. . . . . . . . . . . . . . . . . .7-2
7.2 Software installation and maintenance . . . . .7-2
7.3 Log facilities and system data. . . . . . . . .7-4
7.4 Data sensitivity. . . . . . . . . . . . . . . .7_7
7.5 Storage . . . . . . . . . . . . . . . . . . . .7-8
7.6 Disposal of media . . . . . . . . . . . . . . .7-9
7.7 Computer viruses. . . . . . . . . . . . . . . .7-11
8 Administraion . . . . . . . . . . . . . . . . .8-1
8.1 Introduction. . . . . . . . . . . . . . . . . .8-2
8.2 Personnel . . . . . . . . . . . . . . . . . . .8-2
8.3 Disaster protection . . . . . . . . . . . . . .8-7
9 Data protection act . . . . . . . . . . . . . .9-1
9.1 Introduction. . . . . . . . . . . . . . . . . .9-2
9.2 Data protection act principles. . . . . . . . .9-2
9.3 Definitions . . . . . . . . . . . . . . . . . .9-3
9.4 Registration. . . . . . . . . . . . . . . . . .9-4
10 Further information . . . . . . . . . . . . . .10-1
10.1 Introduction. . . . . . . . . . . . . . . . . .10-2
10.2 Security contacts . . . . . . . . . . . . . . .10-2
10.3 Sources of other guidance . . . . . . . . . . .10-4
10.4 Contingency Planning for Anton Piller Orders. .10-7
10.5 GLS conhcts (1993/94) . . . . . . . . . . . . .10-9
11 Approved products . . . . . . . . . . . . . . .11-1
11.1 Introduction. . . . . . . . . . . . . . . . . .11-2
11.2 List of products. . . . . . . . . . . . . . . .11-2
G Glossary. . . . . . . . . . . . . . . . . . . .G-1
Foreward by the chairman
A vital element in our drive to achieve the highest quality of service
standards is the provision of a secure work environment. This means
that our resources - people, systems, information and physical assets
must be protected against a variety of threats which range from
the malicious to the criminal. We also have security obligations that
form part of the legal and regulatory requirements we must observe.
The Information Security Code, Computer Security Manual and Physical
Security Handbook define the ways in which we can maintain a secure
environment. They clarify our responsibilities and provide the expert
guidance which we can use to achieve and maintain the levels of
security appropriate to the various activities of BT. The rules
outlined in these publications are mandatory.
IDT Vallance
Introduction and scope
Contents
1.1 Introduction . . . . . . . . . . . . . . . . . . . 1-2
1.2 Scope and purpose. . . . . . . . . . . . . . . . . 1-2
1.3 Relationship to the previous issue . . . . . . . . 1-3
1.4 Structure of the manua1. . . . . . . . . . . . . . 1-3
1.5 Feedback . . . . . . . . . . . . . . . . . . . . . 1-4
1.6 Use of the CSM by supp1iers and contractors. . . . 1-4
1.7 Acknowledgements . . . . . . . . . . . . . . . . . 1-4
1.l Introduction
British Telecom (BT) is highly reliant on electronic systems to support its
business processes. Computers are used in many critical points in the business: in
switching systems, administration systems and management systems. Many of
these systems are either interconnected, or are planned to be interconnected,
BT's infrastructure of systems will become highly integrated.
This evolutionary process makes security even more important. It is
becoming possible to access a wide variety of information from a
single terminal. Furthermore, a security flaw or failure in one system
may allow unauthorised access or misuse of other systems.
BT possesses valuable information about its customers and their
commercial operations which it is our responsibility to safeguard.
Coupled with this should be an awareness of the possibility of
computer crime by people inside and outside BT.
While security failures are, like any other quality failure, bad
business practice, the repercussions may be more serious.
There are many motivators for good electronic security. BT is obliged
under the terms of its current licence to observe a Code of Practice
on disclosure of customer information. Disclosure of information could
also provide likely movements in the price of BT shares or those of
our suppliers. It could be used to embarrass the business by
disclosure of commercial negotiations. The business could also suffer
through corruption or loss of data. There could also be personal legal
liability under the terms of the Data Protection Act in the event of
security failure. All these possibilities make the security of BT
computer operations increasingly important.
Good security does not have to be expensive. Often simple, low-cost
measures, combined with a positive attitude to security, can achieve
considerable reduction in the vulnerability of BT systems.
1.2 Scope and purpose
Although this manual is called the Computer Secunty Manual, it
encompasses all electronic systems that are broadly computer-based. It
applies equally, for example, to digital switching systems and
building access control systems, as well as to the mainframe and
personal computers for which it has customarily been used.
BT is now operating in a global environment and its activities cover
most parts of the world. Many of its non-core activities and overseas
operations are carried out through subsidiary companies. All people
working in these wholly-owned subsidiaries are also "BT people". "BT"
refers to the parent company and all its wholly owned subsidiaries.
Adoption of the CSM in partly-owned subsidiaries will be a matter
negotiated between the Director of Security and Investigation and the
senior management of each part-owned subsidiary.
The purpose of the Computer Secunty Manual is to enable BT people to
recognise possible threats to BT s systems, and to bring together the
current guidance on electronic security principles and practices which
may be used to minimise the risk.
Examples of threats include:
o natural calamities such as fire or flood
o sophisticated tampering
o software errors
o hardware failure
o vulnerability of communication links
o unauthorised use of terminals
o hacking
o deliberate damage, and
o fraud.
The Computer Security Manual is primarily intended for those who specify
security requirements in BTs systems and those who implement them, it
is also essential reading for users of those systems so that they may
understand the rationale behind the protective measures that may be
imposed upon them. While it is recognised that the threats to BT's
systems are constantly changing, the guidance given is the best
available at the time of issue. It should be recognised however, that
guidance will need to be revised when existing threats change or new
threats appear.
1.3 Relationship to the previous issue
Although some of the policies on electronic systems security affecting
computers have changed since the last issue, the previous structure
has been retained where possible, so as to cause minimum inconvenience
to users of the manual.
1.4 Structure of the manual
This version of the Computer Security Manual contains mandatory
requirements, called CSM Policies, which should be followed in the
design, implementation and operation of systems.
The CSM Policies describe various mechanisms that can be employed to
protect the security of an electronic system, and are derived from
threats (that have been found) and countermeasures that can be used.
The main text provides guidance and background to the CSM Policy statements.
The chapters have been ordered to reflect the larger view of systems
(networked systems and the supporting network infrastructure), and
then narrowing that view to large computer systems, personal
computers, and so on.
The page number found at the bottom of each page is in the format
chapter-page in chapter and facilitates the easy replacement of entire
chapters without upsetting the numbering of pages in subsequent chapters.
1.5 Feedback
The policy and guidance contained in e Computer Security Manual is
prepared and issued after extensive discussion with experts in
electronic security throughout the business. The Electronic Security
Unit welcomes feedback from users on the adequacy of the guidance
given, so that future issues may be improved.
1.6 Use of the CSM by suppliers and contractors
The CSM is the baseline document for the protection of BT's electronic
assets on BT premises, in transit, at employees' homes or on
contractors' premises. Where a supplier or contractor has obligations
to protect BT assets, a copy of the CSM may be loaned to supply the
necessary guidance provided:
Agreement is obtained from DSecI
2 A non-disclosure agreement is in place with the supplier or
contractor based on the "Acceptance Agreement from BT"' contained
within the Information Security Code
3 Sections 10 and 11 are removed from the manual before it is lent to
anyone outside BT.
4 The manual is returned to BT upon completion or termination of the
contract.
Updates to the CSM will be sent to the manager who originally arranged
the loan, who must ensure that the update arrangements meet criteria 3
and 4 above. The CSM must be returned on completion of termination of
the contract.
1.7 Acknowledgements
We would like to thank the help received by all parts of the BT Group
in the production of this version of the Manual. In particular, Group
Security, Group Information Services, British Telecom International,
British Telecom Security Consultancy, Business Communications,
Development and Procurement, Internal Audit, and to others for their
feedback to this, and previous issues of the Manual.
Objectives and policy
Contents
2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2-2
2.2 Corporate policy on electronic system security . . . . . 2-2
2.3 Objective. . . . . . . . . . . . . . . . . . . . . . . . 2-2
2.4 Relationship to other security policies. . . . . . . . . 2-2
2.4.1 Application . . . . . . . . . . . . . . . . . . . . . . 2-3
2.5 Responsibility for security . . . . . . . . . . . . . . . 2-3
2.5.1 Business operation or process owner. . . . . . . . . . . 2-3
2.5.2 System supplier. . . . . . . . . . . . . . . . . . . . . 2-4
2.6 Derivation of security requirements. . . . . . . . . . . 2-4
2.6.1 Value and impact analysis. . . . . . . . . . . . . . . . 2-4
2.6.2 Data sensitivity . . . . . . . . . . . . . . . . . . . . 2-4
2.6.3 Countermeasures . . . . . . . . . . . . . . . . . . . . .2-5
2.6.4 Risk analysis. . . . . . . . . . . . . . . . . . . . . . 2-6
2.7 Security policy for the life cycle . . . . . . . . . . . . 2-6
2.8 Security evaluation, certification and accreditation . . . 2-7
2.8.1 Scope of accreditation . . . . . . . . . . . . . . . . . 2-7
2.8.2 Four-stage approach to security accreditation. . . . . . 2-7
2.9 Security approva1s . . . . . . . . . . . . . . . . . . . 2-9
2.10 Product security . . . . . . . . . . . . . . . . . . . . 2-9
2.1 Introduction
This chapter describes the objectives of the Computer Security Manual,
and places electronic security in the context of the security
infrastructure for BT s business operations and processes.
2.2 Corporate policy on electronic system security
The electronic systems security policy for the BT Group as affirmed by
Malcolm Argent, Group Director & Secretary, on 8th August 1990 is
reproduced below.
"The British Telecom Group attaches particular importance to the
security of its business processes and systems. The Group's policy on
electronic security is to ensure that we properly safeguard all our
switching systems, information systems and other electronic assets,
having regard to legal and regulatory requirements, our commercial
interests and sound business practices.
This policy covers all aspects of the electronic environment: systems;
administration procedures; environmental controls; hardware; software;
data and networks. It applies to all stages in the system life cycle,
from feasibility study through to in service and operations. It
applies no matter whether the system is developed or bought by BT. It
is the responsibility of managers at all levels to observe this policy
themselves and to ensure that it is fully understood and followed by
their people.
To help managers carry out their responsibilities, the Director of
Security and Investigation will issue appropriate guidelines, on a
continuing basis, supplementing the requirements of the Computer
Security Manual, The Information Security Code and the Physical
Security Handbook to take account of changing threats to BT's
electronic systems. He will also be the central point of information
for the Company's policy on electronic security and will monitor
compliance with it. "
2.3 Objective
The Computer Security Manual draws together the policies applying to
computer systems in particular, and electronic systems in general,
supplementing it with guidance and advice on implementation. Within
the BT Group there are many different computer systems supporting a
multitude of business processes. Therefore it is not possible to
produce specific recommendations for the security of every aspect of
every system. The objective of the Manual is to concentrate on the
baseline policy and guidelines generally applicable to BT systems.
2.4 Relationship to other security policies
The Computer Security Manual is an elaboration and extension of the
information security strategy contained in the Information Security
Code.
2.4.1 Application
Except where inapplicable, the Policies enumerated in the Computer
Security Manual are MANDATORY. For example: Passwords are not a
mandatory feature of all BT systems, but where an analysis suggests
that passwords are a sufficiently strong measure to regulate access to
those systems, the relevant policies on passwords contained in this
Manual become mandatory. Policies usually appear after any descriptive
text and are numbered to assist the checking of compliance in systems.
While Policies are mandatory, all supporting guidance and advice on
implementing the policies is discretionary, although strongly
recommended to achieve a harmonious and consistent approach to
electronic security throughout the BT Group. Policies appear within
boxes.
POLICY 2.1: ASSIMILATION OF REVISED MANDATORY POLICY
From the date of publication, this issue of the Computer Security
Manual applies to all new systems supporting BT's business operations
and processes. It also applies to any changes to existing systems, in
particular where an opportunity to update security occurs, so as to
achieve greater compliance with the policies given in this manual.
2.5 Responsibility for security
Every BT employee, and those contracted to work for BT have the
responsibility to ensure the security of BT assets. Where the asset is
information, the degree of protection needed is defined by the owner
of the information. Additional measures may be required beyond those
necessary to protect BT's information assets because of legal
requirements.
2.5.1 Business operation or process owner
It is the responsibility of the owner of each business operation or
process to recognise the value of their activity, and the potential
impact on the business from security failure. In the context of the
Computer Security Manual, ownership of a process is defined as the
manager responsible or accountable for the process. The
responsibility of the business operation or process owner also extends
to ensuring that, in general terms, security of the systems supporting
the process is adequate in relationship to the impact of security
failure. A service level agreement should exist between the business
process and the system owners.
POLICY2.2: RESPONSIBILITY ASSIGNED TO PROCESS OWNERS
The owner of each business process shall ensure that security is
adequate in the systems that support the process.
2.5.2 System supplier
The process owner will be responsible for evaluating the impact of
security failure and deciding on the general requirements for
security. The detailed implementation of security controls and
countermeasures to meet the owner's requirements will be the
responsibility of the system supplier whose computer systems support
the process. The process owner and the computer supplier will usually
be linked through a customer/supplier relationship. The quality of
computer security, including the adherence to the policies described
in this Manual should be the subject of a Service Level Agreement.
2.6 Derivation of security requirements
2.6.1 Value and impact analysis
The security measures needed to safeguard each business process wil be
determined from the sensitivity of the material handled and the impact
of security failure, defined in terms of confidentiality, integrity
and availability. The owner of each business operation or process will
ensure that the value of the information processed and the impact of
security failure are known since they are the core parameters in the
rationale of cost-effective security. Sometimes the value of the
information may be obvious and easily quantified as a monetary
expression. On other occasions, the value of the information or
processing capability is less apparent, protection being necessary to
safeguard only the reputation or credibility of the Business. Impact
of failure includes the concepts of asset value, importance, damage to
the business because of information disclosure, loss of accuracy or
currency of the information, and loss of the use of business-critical
resources.
2.6.2 Data sensitivity
The Informaion Security Code describes the privacy marking to be used
to identify information which requires a level of protection beyond
that provided by a clear desk policy. Currently this protection is
defined only in terms of the confidentiality requirements of security.
There is no comparable marking for integrity or availability.
Information stored using electronic media is more vulnerable wen
stored than information on paper . It can be easily modified without
trace, and its content is not immediately obvious. It is readily
deleted, and in large systems can be easily lost. Therefore the
sensitivity of electronic data should be specified in terms of the
impact of loss arising from failure of confidentiality, integrity or
availability.
To preserve compatibility with the paper-based system, data
sensitivities for electronic information use the same criteria for
assessing the impact of security failure, thus allowing common threat
models to be used.
2.6.2.1 Sensitivity level 1
Information for which the impact of inaccuracy, alteration, disclosure
or unavailability would be to cause inconvenience or reduction in
operational efficiency.
2.6.2.2 Sensitivity level 2
Information for which the impact of inaccuracy, alteration, disclosure
or unavailability would be to cause any of the following:
o Significant financial loss to BT;
o Significant gain to a competitor;
o Marked embarrassment to BT;
o Marked loss of confidence to BT and its commercial dealing;
o Marked reduction of BT's standing in the community or to relationships generally.
Information marked IN CONFIDENCE has sensitivity level 2.
2.6.2.3 Sensitivity 1evel 3
Information for which the impact of inaccuracy, alteration, disclosure
or unavailability would be to cause any of the following:
o Substantial financial loss to BT;
o Substantial gain to a competitor;
o Severe embarrassment to BT;
o Serious loss of confidence in BT;
o Serious reduction of BT's standing in the community or to
relationships generally.
Information marked IN STRICTEST CONFIDENCE has sensitivity level 3 and
are called in this manual High Impact Systems.
2.6.2.4 Sensitivity levels above 3
Impact scenarios exist for failures of security for data beyond
sensitivity level 3. Specialist advice is available from the Director
of Security and Investigation on electronic systems which process:
corporate plans; business propositions (new enterprises, flotations,
joint ventures, take-overs); personnel and industrial relations
matters; marketing strategies and plans; financial and tariff
proposals, and high-level contractual matters, or other information
which is price-sensitive within the terms of the Stock Exchange
Listing Agreement.
POLICY2.3: VALUE OF ASSETS AND IMPACT OF FAILURE
The value of the information, assets or processing capability to be
protected shall be estimated and recorded, as shall the impact of
possible disclosure, inaccuracy, incompleteness or unavailability of
that information.
2.6.3 Countermeasures
A fundamental objective is to ensure that the countermeasures deployed
to protect sensitive information or processes should be practical and
appropriate to the threats against the electronic systems, giving due
regard to the impact of security failure.
While insufficient, inappropriate, or poorly implemented
countermeasures may leave a system unduly vulnerable, excessive
countermeasures may lead to complacency, the neglect of security
operating procedures, and an unjustifiably high overhead of processing
power, or severe operational difficulties.
POLICY 2.4: COUNTERMEASURES
The cost of countermeasures should be appropriate to the threats to
security and business processes, the value of the information being
protected and the impact of any security failure.
2.6.4 Risk analysis
It is the responsibility of the owner of each business operation or
process to assess and manage effectively the degree of risk to
commercially sensitive information, and the resilience of critical
business processes supported by computer-based systems. The risk
analysis will take cognisance of the value of the information or
critical processes being protected, and the perceived threats to the
system. Furthermore, the risk analysis should not be a once-only
exercise. It should be repeated regularly and revalidated whenever
significant changes occur to the security assumptions.
POLICY2.5: RISK ANALYSIS
At all principal stages during the life cycle of each project
involving the storage or processing of commercially sensitive
information, or the provision of High Impact Systems, a risk analysis
shall be undertaken. The analysis, which must be repeated periodically
or revalidated to assess the impact of change, must be so as to
determine the vulnerability of the commercially sensitive information
or applications in its processing environment, given the prevailing
threats to security, the countermeasures deployed, and the value of
the information being processed.
2.7 Security policy for the life cycle
The preparation of a Security Policy Document (Security Statement)
should be viewed as an integral part of the life-cycle of business
processes. At the beginning of each project a security policy will be
prepared to guide the implementation of security in the systems that
will support the business operation. This vital step is necessary to
ensure that correct business planning decisions are taken. Where
security is a relevant feature of a process, its provision will be
costed and included in business cases going forward for financial
approval.
POLICY 2.6: SECURITY POLICY DOCUMENT
A Security Policy Document will be prepared by the owner of a business
process, outlining the system, the impact or loss associated with
possible security failure, the threats to the system, the proposed
countermeasures, and a risk analysis. The Security Policy Document
will guide development and implementation of security features during
the development life- cycle of the system that supports the business
process, of which electronic security is an integral part. A Security
Policy Document is also required for existing systems where the impact
of security failure is high.
Details of all BT multi-user, administration and management systems
must be registered by the Development Manager on the Applications
Inventory. This is the catalogue of the company's software assets, and
is used to inform People of what systems exist and assist management
of the portfolio. The requirement to register covers systems that are
either developed or procured by BT. Details may be found in section 10.
2.8 Security evaluation, certification and accreditation
The accreditation life cycle is a process for checking that
appropriate security is built into the specification, development and
operational procedures for systems, thereby ensuring that the security
requirements of the business are met prior to the system becoming
operational.
Security accreditation for electronic systems has three main objectives:
- to ensure that the level of security in BT's High Impact Systems is
adequate;
- to prevent systems without adequate security being deployed until
remedial action has been undertaken; and
- to provide a framework for the continued improvement of the quality
of security in BT's systems.
2.8.1 Scope of accreditation
System security accreditation is a process which is undertaken to
ensure that security mechanisms, procedures and functions have been
implemented in a way that guarantees a level of confidence in the
quality of the system security. The BT scheme, which is broadly based
upon the 'Information Technology Security Evaluation Criteria'
(lTSEC), is facilitated through agents operating on behalf of the
Director of Security and Investigation.
2.8.2 Four-stage approach to security accreditation
The object of Security Accreditation is to reduce the risk of security
failure without unduly delaying the implementation of important
systems. To assist in meeting this objective a four-stage
accreditation process has been developed.
2.8.2.1 Stage 1 - Security Policy Document (Creation and Approval)
The Security Policy Document (SPD) outlines the system, the impact or
loss associated with possible security failure, the threats to the
system and the generic countermeasures. The SPD will also contain a
risk analysis and an assurance rating to be used during subsequent
evaluation and certification. Only high impact systems progress into
the evaluation, certification and accreditation stages. Note, however,
that all new systems must have a System Security Statement, regardless
of the need to progress into stage 2. The SPD is created by the owner
of the business process and approved by DSecI.
2.8.2.2 Stage 2 - Evaluation
Those systems which are to be included in the accreditation process,
as indicated within the SPD and agreed by Director of Security and
Investigation (DSecl), will be evaluated to ascertain that the
required level of assurance has been achieved. The SPD is the baseline
document against which the system is evaluated.
DSecI will nominate an evaluator to gain and subsequently analyse
information on the following:
Requirements - a detailed description of the system requirements
relating to its security.
Architectural design - an examination of the system architecture.
Detailed design - a more detailed description on how specific security
components have been designed.
Implementation- evidence of functional and mechanism testing.
Examination of source code and hardware drawings.
Configuration control- evidence of an effective change control
procedure which is able to provide unique identification of the system
and details of an acceptance procedure.
Program languages and compilers - details about the language(s) used.
Developers' security- security procedures including physical and
personnel arrangements.
Operational documentation - examination of the user and administration
documentation provided.
Operational environment-
- delivery and configuration - configuration information, delivery and
audited system generation procedures and evidence of an approved
distribution procedure;
- startup and operation - secure startup and operation procedures,
including a description of security functions that have a relevance
during system startup. Evidence that effective hardware diagnostic
test procedures exist.
2.8.2.3 Stage 3 - Certification
Certification occurs after the system has been developed. In order for
certification to be given, the evidence as described within the
evaluation report(s) must show that security has been correctly
applied during the development phase.
2.8.2.4 Stage 4 - Accreditation
Final accreditation occurs after the system has been running for a
limited period of time as agreed between DSecI and the Process Owner.
The purpose of the trial is to allow the secure operating procedures
to be assessed in a live environment. The system is then inspected in
its operational environment to ascertain whether compliance has been
achieved. When a security audit indicates that this aspect of security
is satisfactory, final security accreditation can be given, after
which the system enters the normal periodic security audit cycle.
POLICY 2.7: SECURITY ACCREDlTATION
It is the responsibility of the owner of each business process, for
which the impact of failure is high, before making operational use of
the system to furnish the Director of Security and Investigation with
evidence that the security requirements described in its Security
Policy Document have been observed during the development life cycle.
2.9 Security approvals
Many of the policies within the Computer Security Manual require that
only products approved by the Director of Security and Investigation
may be used to protect BT commercially sensitive information and processes.
SecID maintains a list of approved products. If you require a product
to be submitted through the approvals procedure it is necessary to do
this via SecID. See the contact data in Section 10.
2.10 Product security
Developers and procurers of products for internal BT use should be
aware of the target market for the products. An assessment must be
made of the likely sensitivity of material handled by the product.
Although security demands personal responsibility from the people
carrying out a particular business process, managers should not avoid
the responsibility of providing users with a secure product
environment. It is much better to design security into products rather
than to add it on as an afterthought. Substantial economies of scale
can be achieved by building security into products.
POLICY 2.8: PRODUCTS FOR INTERNAL USE
Managers shall ensure that the security of products intended for
internal BT use meet users' needs. A clear statement shall be included
with all literature giving the sensitivity level for which the product
is suitable, and the circumstances under which it will retain its
suitability.
Communications and network security
Contents
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . 3-2
3.1.1 General policies . . . . . . . . . . . . . . . . . . . 3-2
3.2 System interconnection . . . . . . . . . . . . . . . . 3-4
3.3 Network management . . . . . . . . . . . . . . . . . . 3-5
3.4 Network architecture . . . . . . . . . . . . . . . . . 3-5
3.4.1 Private circuits . . . . . . . . . . . . . . . . . . . 3-5
3.4.2 Public Switched Telephone Network (PSTN) . . . . . . . 3-6
3.4.3 Public data networks . . . . . . . . . . . . . . . . . 3-6
3.4.4 Local area networks. . . . . . . . . . . . . . . . . . 3-7
3.5 Threats to networked systems . . . . . . . . . . . . . 3-8
3.5.1 Information disclosure . . . . . . . . . . . . . . . . 3-8
3.5.2 Unauthorised access. . . . . . . . . . . . . . . . . . 3-10
3.5.3 Modification, insertion and deletion . . . . . . . . . 3-12
3.5.4 Denial or failure of service . . . . . . . . . . . . . 3-12
3.6 Cryptographic protection . . . . . . . . . . . . . . . 3-13
3.7 E1ectronic Mail Systems. . . . . . . . . . . . . . . . 3-14
3.1 Introduction
Transmitting information between computers and other electronic based
systems can represent a substantial threat to security. Therefore
safeguards appropriate to the sensitivity of the information and the
transmission medium should be adopted during its transmission.
Most of the measures described in this section are concerned only with
the protection of communication links against attack by unauthorised
persons. Few of the techniques safeguard against illicit activities by
authorised users who misuse their privilege. This section gives
guidance on the acceptability of various communications methods and
services for the transfer of commercially sensitive information. The
methods recommended do not necessarily give complete
protection absolute security is never feasible. This section addresses
the issues of computer systems connected by networks, either to other
computers for exchange of information or to enable remote access where
the users of computer-based applications are remote from the service
or information provider.
The advice and guidance offered herein is applicable to networks of
mainframes, personal computers and terminals or any combination of
them.
3.1.1 General policies
The following general policies apply to every case of electronic
transfer of privacy marked information.
POLICY 3.1: INFORMATION CORRECTLY LABELLED
The originator shall ensure that information to be communicated is
correctly marked in accordance with the Information Security Code.
POLICY 3.2: INFORMATION APPROPRIATELY PROTECTED
It is the responsibility of the author and originator of privacy
marked or commercially sensitive information communicated via
electronic means to ensure that it is always correctly safeguarded.
\POLICY 3.3: INFORMATION CORRECTLY ADDRESSED
The originator shall ensure that IN STRICTEST CONFIDENCE information
is sent only to a specific authorised recipient.
POLICY 3.4: TRANSMISSION OF HIGH IMPACT OR IN STRICTEST
CONFIDENCE ELECTRONIC INFORMATION
HIGH IMPACT or IN STRICTEST CONFIDENCE information shall not be
transmitted without the protection of an encryption system approved by
Director of Security and Investigation except where one of the
following is used:
1. private circuits for which access to all distribution frame and
flexibility points are secured for HIGH IMPACT or IN STRICTEST
CONFIDENCE information, and which are routed via ducts, risers and
conduits having tamper detecting seals.
2. fibre optic circuits for which all connection points are secured
for HIGH IMPACT or IN STRICTEST CONFIDENCE information,
3. an Exclusive LAN in a secured area used only by BT People.
POLICY 3.5: TRANSMISSION OF IN CONFIDENCE ELECTRONIC INFORMATION
IN CONFIDENCE information shall not be transmitted without the
protection of approved encryption system unless communication is
strongly authenticated, such as by:
1. via Private Circuits between BT buildings,
2. via the Public Switched Telephone Network with approved dialback systems,
3. via the PSS using closed user groups (or equivalent), or
4. via the PSS with a challenge response system.
POLICY 3.6: USE OF ELECTRONIC MAIL SYSTEMS
Privacy marked or sensitive information shall not be transmitted
between systems using Electronic Mail Systems that have not been
approved as suitable for that use by the Director of Security and
Investigation.
POLICY 3.7: SPECIAL DISPENSATION IN AN EMERGENCY
Where special justification exists, for example in emergencies, IN
STRICTEST CONFIDENCE information may exceptionally be transmitted
according to the conditions for IN CONFIDENCE material. In these
circumstances, prior authority from a person in the Senior Management
Group shall be obtained on each occasion.
System interconnection
The connection of a system of computers by means of a network forms
the basis for bilateral agreements and practices between those
responsible for the security of the computers and those responsible
for the security of the network. A failure by any of those involved to
correctly secure the equipment for which they are responsible, may
result in a failure of security of the entire network.
It is the responsibility of the owners of all computer systems
connected to a network to ensure that their security is not
compromised by the network techniques used, or by any subsequent
changes to the network configuration and topology. Before allowing
connection of a computer system to a LAN or other network, the owners
of the business processes entrusted to that system must satisfy
themselves that their policy for security will not be violated.
Connection must be refused by the computer system administrator on
behalf of the business process owner if the networking arrangements
are or become inconsistent with the security policy. These
considerations apply to any network which permits access to several
computer systems via a common telecommunications facility (whether all
users need such access or not).
The connection of any computer system to a network introduces a number
of additional threats to the security of that system, to the security
of the network and to any other computer system sharing the network.
By far the greatest threat to a computer connected to a network is the
possibility of unauthorised access from other network users. Other
threats include the accidental or unintentional distribution of
privacy marked information across the network.
The vulnerability of the network increases because the authority to
grant users permission to access the network is given to the
administrator of the connected computer system. If that computer were
already connected to another network, for example, the number of
potential users might increase dramatically.
POLICY 3.8: CONNECTION OF A COMPUTER SYSTEM TO NETWORKS
The administrators of a computer system connected to networks shall
ensure that the network arrangements do not contravene the security
policy of the business processes or applications being supported by
their system.
POLICY 3.9: INTERCONNECTION OF NETWORKS
Networks shall not be joined together unless it can be shown that the
resulting network does not contravene the security policy of either
network or of the security policy of those systems connected to either
network.
POLICY 3.10: ADMINISTRATION OF A COMPUTER CONNECTED TO A
NETWORK
The administrators of a computer system connected to networks shall
ensure that the security administration of their system does not
contravene the security policy of the network to which their system is
connected.
3.3 Network management
Owners of systems connected to a network have a level of expectation
about the services that the network provides. For example, network
users may expect that the service:
o is available when it is needed,
o has sufficient capacity to carry the load,
o is able to ensure the confidentiality of information in transit,
o does not corrupt the information in transit,
o delivers the information to the intended recipient,
o restricts access to those so authorised.
The level of service offered by the network should be well documented
and will form the basis of any contract between the owner of the
network and the owners of the connected systems.
POLICY 3.11: NETWORK SECURITY POLICY
Providers of networks that claim to provide security functions shall
declare to their users and customers the protective measures, and
conditions placed on the users of the network, for security offered by
the network and shall make available a document describing these
features and their applications.
3.4 Network architecture
The following means of computer-to-computer and user-to-computer
access are commonly encountered:
o Private Circuits,
o Public Switched Telephone Network,
o Public data networks (PSS, for example),
o Local Area Networks (of various types), and
o Integrated Services Digital Network (called IDA in the UK).
3.4.1 Private circuits
Private Circuits are often perceived as being secure because of their
immunity to logical attack, that is, hacking. They are not necessarily
physically secure because their fixed routing may make them vulnerable
to direct interception. Typically, Private Circuits may be routed via
the distribution frame of the local exchange and the building serving
the user. Unless otherwise protected, the information on the Private
Circuit is vulnerable to interception at these points.
3.4.2 Public Switched Telephone Network (PSTN)
The PSTN is open to public access and is the favoured medium for
unauthorised access world-wide. Because Calling Line Identification
(CLI) is not currently provided as a basic facility, it is not easy to
identify the origin of connection attempts. For this reason, dialup
PSTN access to BT systems containing sensitive data is forbidden
unless adequate precautions are taken.
The connection of computers to the PSTN for the purposes of
outward-bound connections to information service providers is strongly
discouraged unless it can be demonstrated that the connection
equipment cannot be subverted or incorrectly configured so as to
permit inward-bound connections.
POLICY 3.12: PSTN CONNECTION TO BT SYSTEMS
BT computer systems containing or processing sensitive information
shall not be connected to the PSTN unless adequate precautions are
taken to protect the system from unauthorised access.
3.4.3 Public data networks
Worldwide, there are many different data networks available to the
public. The following comments refer specifically to BT's UK data
network known as PSS.
In general, there are two methods by which a connection to PSS can be
achieved: ]
o by direct connection (a private circuit connecting the user to the
X25 network), or
o by dial connection (via the PSTN, to an X25 PAD in the network).
Each user of PSS is identified by a Network User Address (NUA) which
is analogous to a telephone number. Where the user is directly
connected to PSS, the NUA is permanently associated with that line and
can provide a valuable check on the user's identity.
If the user gains access to the PSS by dial connection to a PAD, he
identifies himself to the network by means of a password (sometimes
called the Network User Identity, NUI). This is, in turn, checked by
the network management software to find the corresponding NUA of the
user. Because the NUA does not identify a particular line or location,
security may be compromised if a password is discovered by other people.
Use of the following facilities can decrease the vulnerability of the
PSS to attack:
o All authorised users can be included in a Closed User Group (CUG).
In effect, this creates a private network not available to
unauthorised parties. However this advantage may be compromised if the
CUG includes the NUAs of dial-up users who are authenticated only by
passwords.
o The caller's Network User Address (NUA) provided by PSS can be
checked by the host against a list of authorised callers.
3.4.4 Local area netvorks
Access to computers and computer-to-computer communications via LANs
may present a substantial risk to security. Most LANs are implemented
using a shared transmission medium which broadcasts all the signals to
most or all of the attached nodes. Some LANs support Closed User
Groups (CUGs) in a manner analogous to the PSS and so may also provide
some call origination information. The relative ease of user access to
LAN control software and hardware makes dependence on the security of
any of these facilities unwise. The situation is especially aggravated
where LANs are connected by gateways to one another, the PSS, or to
the PSTN. In each case the risk of unauthorised access is increased
enormously. See earlier CSM Policies in this section regarding the
interconnection of networks. Data on LANs are generally regarded as
being at risk because:
o Most LANs are designed around a shared communications facility which
generally broadcasts signals to all of the attached nodes, security
being dependent on access points ignoring messages not specifically
addressed to them.
O LANs are frequently used as the carriers of Office Automation
facilities in the office environment where system security was not
necessarily a prime consideration in the original choice of the
accommodation.
O LAN signalling sometimes extends into the radio frequency spectrum
and, if electromagnetic signals are emitted from the cabling, LAN
traffic can be intercepted (see also TEMPESI) .
Strong methods of user authentication must be implemented if privacy
marked information is transmitted over the LAN so special precautions
may need to be applied to LANs in order to enhance their operational
security. Three particular types of LAN are defined below:
3.4.4.1 Exclusive LANs
An Exclusive LAN is one where its security depends on:
o its use being restricted to only those users who have an operational
need to use it
o its access points being within BT secure premises
o its not being connected to another network - public or private.
If the LAN spans several buildings, the links between those premises
should be secured by encryption.
3.4.4.2 Access-controlled LANs
An Access-controlled LAN is one which incorporates special precautions
to restrict access between users and resources. All resources
accessible from equipment under a user's control, for example a dumb
terminal, PC or workstation are protected by strong authentication
mechanism. Strong authentication is an authentication mechanism that
is resilient to eavesdropping and masquerade attacks in the context of
the communications network between user and system.
Authentication of connections to LAN nodes may be implemented using
systems based on Kerberos. (Further advice may be obtained from D&P
Data Security Laboratories, see Section 11).
Where there may be a number of separate LAN segments interconnected by
bridges or gateways, each individual LAN segment must comply with the
access control policy.
3.4.4.3 Ordinary LANs
An Ordinary LAN is one which does not meet the security criteria for
an Exclusive or an Access-controlled LAN.
3.4.4.4 LAN Usage
In general the following applies:
LAN Type Usage
Exclusive In Strictest Confidence
Access Controlled In Confidence
Ordinary Non-Privacy marked
Note that use of a specific LAN architecture does not negate the use
of other mandatory features which may be required for handling
sensitive information.
The security of a LAN is a complex issue, especially when the
mechanisms for processing, storing, or transmitting sensitive
information do not all offer the same level of security. In this case
contact the Commercial Security Unit for further guidance.
POLICY 3.13: LOCAL AREA NETWORKS
A LAN shall be characterised as one of Exclusive, Access Controlled,
or Ordinary so that the owners, administrators, and users, are aware
of the security controls that must be enforced.
3.5 Threats to networked systems
Four major threats exist to networked systems:
1 Disclosure of information stored or in transit on the network.
2 Masquerading as an authorised user.
3 Accidental or unauthorised modification, insertion or deletion of
the information stored or in transit on the network, and
4 Denial of the use of the network to those entitled to use it.
3.5.1 Information disclosure
Much sensitive information (access information as well as user data)
can be gained from illicit interception of telecommunications signals
by tapping and bugging. These activities are usually committed against
local lines rather than the main network. This is because local plant
is more accessible to illicit interception and there is little or no
confusion from other multiplexed signals.
All forms of radio, microwave, infrared and other beam transmission
techniques are also vulnerable to interception.
Four classes of countermeasures may be brought to bear to reduce the
risk of information disclosure. These are:
o Data separation,
o Physical protection,
o TEMPEST protection, and
o Cryptographic protection.
3.5.1.1 Data sparation
Depending on the architecture of the chosen network, information of
varying sensitivity may be in transit simultaneously across a single
channel. Under these circumstances, there needs to be a clear
distinction between the level of sensitivity of information. This can
be achieved by either:
o commencing a new single-level communications session each time there
is a change to the level of data sensitivity, or
o Labelling each item of data with its sensitivity in such a way that
the protocol used on the multi-level channel provides clear indication
of the sensitivity, and facilitates unambiguous pairing between the
label and the associated data received or sent.
In either circumstance, the communication channel should be secured to
handle the most sensitive information that it is expected to carry.
3.5.1.2 Physical protection
Because any network may be vulnerable to eavesdropping, special care
must be taken when transmitting highly sensitive information.
Many networks are located in buildings that are considerably less
secure than purpose-built computer centres. When planning the
installation of the network, the guidelines and suggestions detailed
in the section on Electronic Systems Installations should be followed
as far as possible.
On these occasions, where it is operationally necessary to install
networks in insecure buildings, including those to which members of
the public have access, the following additional points must be
considered:
o cabling should be continuous and not be routed through areas where
public access is permitted. If this is not possible it should be
contained in heavy duty grounded metal conduit preferably requiring a
specialised tool to remove the inspection plates.
o where sensitive information is likely to be transmitted on a
network, consideration should be given to using protected cable.
o where sensitive information is transmitted, consideration should be
given to housing termination points, ie. wall mounted coaxial sockets,
in proprietary lockable metal boxes. These must be kept locked at all
times when authorised staff are not present.
o after the installation of cabling, particularly when completed by
outside contractors and in a building not dedicated to BT use, the
routing of the cable must be thoroughly inspected to ensure that it
meets the original specification and that it has not been routed to
locations which could be used by potential eavesdroppers.
o the power switches of network connected terminals should be fitted with
proprietary lockable boxes (which are kept locked!) .
POLICY 3.21: NETWORK MONlTORING
The use of network monitoring equipment must be strictly controlled.
3.5.1.3 Tempest protection
Communications lines, personal computers, Visual Display Units (VDUs)
and printers may radiate significant amounts of radio frequency energy
and it is possible for data displayed on a screen or being printed to
be intercepted. TEMPEST is the name of the technology that enables
this unintentional radio emission to be reduced to acceptable
proportions. In practice the signals can only be received over a short
distance and identifying one particular VDU/printer among several
others is difficult. Although the threat may be real in some military
situations, for the commercial world it must be considered a threat
only when the information being handled is extremely sensitive.
For specialist advice on the applicability and methods of TEMPEST
protection, refer to Section 10.
3.5.1.4 Cryptographic protection
The use of cryptographic techniques is not limited in its application
to the protection of communications networks. This topic is covered in
the Cyptographic Protection section.
3.5.2 Unauthorised access
Connection requests across a network should be verified as to their
authenticity. The chosen authentication mechanism should not place
undue or unwarranted trust on the network to carry the authentication
information accurately or in secrecy unless it has been proved able to
carry out that function. Care should be taken to ensure that the
chosen mechanisms for user authentication are sufficiently strong and
that they are managed correctly.
It is important to realise that user authentication information is
carried across the network and should be appropriately protected, that
is, with the same rigour as that afforded to the information that it
protects. If cryptographic methods are used to facilitate access
control, then the algorithm, configuration and key management must be
approved by the Director of Security and Investigation. Where
cryptographic keys are shared, a method of personal authentication
should be used in addition.
If a strong method of authentication (eg. a one time password) is
used, then this may be adequate as the sole means of authentication.
Otherwise, in addition to personal authentication, authentication of
the recipient's point of entry to the communications network is
required. To be acceptable this must reliably identify the recipient
as being at a fixed physical location. This location must be
authenticated as one at which the recipient may receive the
information. Suitable methods are dependent on the type of connection
and are as follows:
o PRIVATE CIRCUIT - The recipient should be connected via a private
circuit to a fixed location.
o PUBLIC DATA NETWORK - The recipient should be at an authorised fixed
address which is verified by the originator, or should be a member of
an authorised CUG, or authenticated by a one-time password system in
the network.
o PUBLIC SWITCHED TELEPHONE NETWORK- The recipient should be at an
authorised fixed address which is verified by the originator by
dialling-out or by a dialback device approved by the Director of
Security and Investigation.
o INTEGRATED DIGITAL ACCESS - The recipient should be at an authorised
address which is verified by the originator by dialling-out or by
checking the Calling Line Identification.
o LOCALAREA NETWORKS - The recipient should be at an authorised port
on an access-controlled LAN, or at any port on an exclusive LAN.
o OTHER DATA NETWORKS - The recipient should be at an authorised port
on a BT-only data network which does not use broadcast transmission.
POLICY 3.14: NETWORK ORIGIN AUTHENTICATION
The identity of network users shall be authenticated. Where the method
of authentication is weak, strong technical methods shall be employed
to determine the point of access of the originator into the network.
3.5.2.1 Dialback
The security of dial in access may be enhanced by providing an
'Automatic Dialback' facility whereby the caller is forced, at the
outset of a call, to declare his identity to the system. The equipment
terminates the call and dials the caller on a different outgoing-only
line using a telephone number it associates with the caller's declared
identity. This prevents access from arbitrary telephone locations and
offers an audit and accountability mechanism.
Some types of dialback device may be defeated by quite simple
techniques, and therefore do not give the intended protection. Only
the system administrator should be able to modify the list of
authorised telephone numbers stored in the dialback equipment.
Dialback systems used to protect BT's commercially sensitive
information must be approved by the Director of Security and
Investigation.
In some systems manual dialback may be appropriate, however, whether
dialback is automatic or manual, a full log of each access should be
maintained. Because Dialback units only provide authentication of the
point of entry into the Public Switched Telephone Network (PSTN),
other measures should be taken for High Impact Systems.
Dialback techniques can be rendered ineffective if the exchange offers
a Call Diversion facility.
POLICY 3.15: DIALBACK
Where the method of network user authentication is weak, the point of
access into the network shall be established using a dialback unit
that has been approved by the Director of Security and Investigation.
3.5.3 Modification, insertion and deletion
Special measures may need to be taken to ensure that information is
not lost or corrupted in transit across a network. For example,
message sequence numbers can be used to detect the accidental or
deliberate deletion or insertion of entire blocks of information in
the information stream.
Accidental modification of the information in transit can be detected
by the use ofcomparatively simple techniques, for example checksums or
Cyclic Redundancy Checks (CRCs). Where it is anticipated that
deliberate attempts will be made to modify information then
cryptographic techniques may be appropriate.
Cryptographic techniques may be used to prove:
o that data has not been modified,
o the identity of the originator of information,
o that information has been delivered to its intended destination, and
o the source of information into a network.
Note that the adoption of cryptographic techniques for one purpose may
offer the opportunity of other checks. For example, the adoption of
Digital Signatures will provide a facility to enable the detection of
accidental or deliberate modification of information. Cryptographic
techniques are technically difficult to design and implement such that
their use and management is not prone to errors and subsequent
security failures. Because of this, the use of any such equipment must
have the approval of the Director of Security and Investigation.
POLICY 3.16: DIGITAL SIGNATURES
In the design of systems where proof of origin of a message must be
ascertained, Digital Signature techniques shall be considered and
documented.
POLICY3.17: NON REPUDIATION SERVICES
In the design of systems where it is necessary to prove that the
intended recipient has received information, cryptographic techniques
to manufacture an incontrovertible receipt note shall be considered
and documented.
POLICY 3.18: DATA ORIGIN AUTHENTICATION
In the design of systems where there is a requirement to prove the
identity of the origin of data then cryptographic techniques shall be
considered and documented.
3.5.4 Denial or failure of service
In the office environment there is generally no need to provide
fallback communication systems as the standard response time for fault
correction is adequate for most requirements. However, for systems
which use private circuits or the PSS as the prime means of
communication, it is worth considering using PSTN as a fallback for
nonsensitive data provided that the PSTN connection is not made
permanent.
At purpose-built computer centres the situation is somewhat different
as most systems would become useless in the event of loss of their
communications links. Some link redundancy is generally necessary to
protect against this. Communication links that are provisioned as
backup should if possible, be terminated on different hardware in the
system and routed via different cable ducts and transmission routes so
as to minimise the danger of loss of both links in the event of a
hardware failure.
POLICY 3.19: NETWORK AVAILABILITY
In the design of systems, measures shall be taken to ensure that the
availability of the network satisfies the system's requirement.
3.6 Cryptographic protection
Modern encryption techniques are regarded as offering a formidable
barrier to any adversary and probably an insurmountable barrier unless
substantial computing power is available or the key and algorithm are
compromised.
The use of cryptographic techniques can contribute significantly to
security by offering strong mechanisms to:
o authenticate the user,
o authenticate the calling location,
o assure message integrity,
o maintain the confidentiality of messages.
The use of encryption is not without operational problems some of
which are listed below:
o encryption packages inevitably involve an overhead in terms of key
management and administration although, in some public key systems,
this overhead is reduced.
o serious problems can arise if individuals forget their keys or
become indisposed etc. As a precaution, it may be prudent to keep
duplicate cryptographic keys or copies of the files in unencrypted
form. Any such duplicates must be kept securely.
o encrypted information may contain control characters which make it a
prerequisite that any protocol used to transmit a file electronically
is completely transparent to the file contents. It is likely that
encrypted data would interfere with many network operating systems. As
a result either considerable tailoring of a system or specially
developed encryption packages would be required to enable encrypted
data to be transmitted.
o some encryption systems are not suitable for every type of network
so expert advice must be sought.
Encryption systems used to protect BT's commercially sensitive
information must be approved by the Director of Security and
Investigation.
POLICY 3.20: APPROVAL OF USE OF CRYPTOGRAPHY
Any cryptographic techniques or encryption systems selected to
safeguard BT information shall have been approved by the Director of
Security and Investigation prior to their use.
3.7 Electronic Mail Systems
There are considerable risks associated with current electronic mail
systems. In particular, data may be forged, altered, redirected or
intercepted. Although techniques are being developed to solve many of
these problems, users of electronic mail systems should be aware of
their present limitations. The advice given here is for guidance and
is intended to highlight areas of concern. In the future specific
policies will be produced to cover electronic mail security.
Authentication
Currently, most systems authenticate users by means of User IDs and
passwords. This is not a strong means of authenticating users.
Electronic mail systems should not be used as a means of providing
authorisation to other individuals for carrying out tasks unless they
have been specified, designed and installed for that purpose. For
example, it should not be possible to requisition goods on the basis
of an uncorroborated electronic mail message. At present, in the UK, a
handwritten signature is a legally-binding proof of authorisation.
Electronic mail systems using weak authentication do not offer the
required level of proof and assurance of the origination of a message.
Designers of electronic mail systems should look at
currently-available technologies which offer scope for proof of
origination.
Integrity
Without appropriate coding techniques, messages may easily be
intercepted and modified or replayed. Designers of systems should
ensure that the threats are understood and that appropriate
countermeasures are adopted. Digital signatures can be used very
effectively to ensure the integrity and authenticity of a message.
Labelling
Labelling is a way of attaching a marker to a message, file or segment
of data, to indicate a specific attribute. Often the attribute is the
sensitivity of the information. Systems which make use of labels are
able to utilise sophisticated access methods for permitting access to
data An example might be a system which permitting IN CONFIDENCE
material to be redirected to a colleague for action, perhaps because
of holiday arrangements, but which did not permit STAFF IN CONFIDENCE
material to be so directed.
Mail redirection
Automatic electronic mail redirection should not be used unless it is
possible for the message originator to know that message redirection
is in operation.
Account usage
Where it is operationally necessary for another person to use an
electronic mail account for a short time, it is imperative that a hand
over is arranged in a manner which ensures:
o that any password is only known by one person
o that the time period during which the account is temporarily managed by the
other person is documented and recorded by the system manager.
The system manager is the only person authorised to make and record
such a change, and must ensure that the required written authorisation
is signed by the user.
Electronic systems installations
Contents
4.1 Introduction . . . . . . . . . . . . . . . . . . 4-2
4.2 Accommodation. . . . . . . . . . . . . . . . . . 4-2
4.2.1 Natural disasters. . . . . . . . . . . . . . . . 4-2
4.2.2 Civil unrest . . . . . . . . . . . . . . . . . . 4-2
4.2.3 Neighbouring accommodation . . . . . . . . . . . 4-3
4.2.4 Fire . . . . . . . . . . . . . . . . . . . . . . 4-3
4.3 Services . . . . . . . . . . . . . . . . . . . . 4_4
4.3.1 Electrical power . . . . . . . . . . . . . . . . 4-4
4.3.2 Maintenance of local environments. . . . . . . . 4-5
4.4 Electronic system equipment sign posting . . . . 4-5
4.5 Physical access conol strategy . . . . . . . . . 4-5
4.5.1 Access to secure areas . . . . . . . . . . . . . 4-6
4.5.2 Data cabinets and safes. . . . . . . . . . . . . 4-6
4.6 Personnel access . . . . . . . . . . . . . . . . 4-7
4.6.1 Staff, official visitors and other personnel . . 4-7
4.6.2 'General interest' visits. . . . . . . . . . . . 4-7
4.7 System or master consoles. . . . . . . . . . . . 4-8
4.8 Other terminals. . . . . . . . . . . . . . . . . 4-9
4.9 Communications rooms and equipment . . . . . . . 4-9
4.10 Media libraries and disaster stores. . . . . . . 4-9
4.1 Introduction
Security of significant computer or network installations concerns not
only the security of the computer and electronic hardware but also the
protection of systems in general, software, user data, media library
facilities, communications networks and the safety and well being of
personnel. These installations need to be protected against the
effects of events such as fire, flood, loss of power, failure of
air-conditioning and ancillary plant and damage by natural or man-made
hazards. This chapter should be read in conjunction with the Physical
Security Handbook.
4.2 Accommodation
During the planning of an electronic installation due consideration
must be given to both the location of the building that will house the
equipment and the placement of the equipment within the building as
this has a direct effect on the overall security requirements. The
following factors must be considered when selecting installation
sites:
o natural disasters,
o civil unrest,
o neighbouring accommodation,
o fire.
4.2.1 Natural disasters
Certain natural disasters could either severely damage the
installation directly, or prevent its operation by unavailability of
staff.
These include:
o Local flooding including fracture of air conditioning or water
cooling equipment.
o Local landslide, subsidence and so on,
o exceptional weather conditions.
4.2.2 Civil unrest
Electronic system installations might be popular targets for attack by
politically motivated groups and individuals as well as by mobs. It is
undesirable that an electronic system site should be in a vicinity
with:
o unusually high risk of mob violence,
o unusually high incidence of criminal and malicious damage,
o unusually high risk terrorist activity.
If such a site is unavoidable, additional levels of physical security
may be appropriate.
4.2.3 Neighbouring accommodation
Even if the areas housing the electronic system equipment are well
designed, there could be possible hazards from incompatible
neighbouring accommodation both internal and external to the equipment
such as:
o staff restaurants, fuel storage areas (risk of fire),
o washrooms, piped water facilities and tanks (risk of flood),
o electrical generator rooms, railways, radio and radar transmitting
stations (risk of vibration and electromagnetic interference).
POLICY 4.1: SlTlNG OF ELECTRONIC SYSTEMS
The physical siting and location of an electronic system shall be
planned with due regard to security considerations from the inception
of the planning process. The effects of natural disasters, civil
unrest and threats from incompatible neighbouring accommodation shall
be taken into consideration when planning purpose-built electronic
system installations.
4.2.4 Fire
Fire remains one of the most serious of all security hazards
especially in data preparation and media library areas where large
quantities of combustible material are present and electronic
equipment is often allowed to run unattended. Detailed advice on fire
precautions must be sought from local fire safety experts but the main
considerations are:
o limitation of whole-building fire risk,
o limitation of fire risk in main computer and electronic system room,
o limitation of fire risk in data preparation areas.
The necessary preventative measures include:
o partitioning of the installation into fire compartments,
o use of fire-retardant construction materials,
automatic fire detection equipment,
o automatic fire alarm systems (may be linked directly to local fire
station),
o automatic fire suppression equipment (especially Halon gas or
similar systems in the main computer and electronic system room. The
traditional view is that sprinklers are inappropriate here because of
the affect of water on the electronic hardware. Halon has
environmental and safety problems so expert advice must be sought.),
o manual fire fighting equipment, and
o enforcement of fire safety procedures (such as no smoking areas) .
For specific guidance you should refer to Chapter 10 for the BT Fire
Safety Manager in the BT Safety Unit.
POLICY 4.2: FIRE THREATS
The threat and impact of fire shall be taken into consideration when
planning dedicated electronic systems installations.
4.3 Services
The security of services and especially electric light and power
should be considered where appropriate during the siting of electronic
system installations. Provisions may need to be made to cater for a
growth in requirements.
4.3.1 Electrical power
Standby power sources should be available for all systems where
availability has been identified as important. Any emergency power
supplies should provide no-break protection otherwise data will be
corrupted during switching. It should be tested regularly and there
should be sufficient fuel available. When the power load of a unit is
extended, checks should be carried out to ensure the power of the
standby source is sufficient.
Standby power should be invoked not only in the event of total
disruption of primary power, but also at any time that primary power
falls outside (above or below) the equipment manufacturer's
specification. Standby power should also be available to ensure
continued operation of all security monitoring and access control
devices. The provision of adequate monitoring facilities should enable
switch over to occur before the equipment manufacturer's specification
is exceeded.
POLICY 4.3: EMERGENCY POWER SUPPLY
Electronic systems shall be safeguarded from the threat of disrupted
electric power by the provision of standby power facilities where
appropriate.
Power supplies used for systems containing high-sensitivity or
high-availability applications and data must be monitored periodically
to ensure sufficient quality of power for the safe and reliable
operation of these systems. Computer systems are extremely sensitive
to the quality of power delivered. Good grounding, "clean" isolated
power (no transient voltage spikes, brownouts, sags, intermittent
losses) and reliable connections and cabling are essential.
Preferably, these should be verified prior to the installation of a
system. For all applicable systems, the power conditions should be
measured at the point where power is applied to the system cabinets or
boxes. Periodic checks should be supplemented by checks done when
known power conditions change due to modifications in electrical
supply or load.
Power distribution panels, cabinets and rooms must be considered
sensitive areas and protected appropriately.
4.3.2 Maintenance of local environments
For electronic systems requiring a controlled environment (temperature
and humidity) main and standby air conditioning facilities should also
be provided. Any vents to the outside should also be physically
secured to prevent intruders.
POLICY 4.4: MAINTENANCE OF LOCAL ENVIRONMENT
The threat of electronic systems operating outside of their specified
temperature and humidity ranges shall be minimised by provision of
adequate equipment
4.4 Electronic system equipment sign posting
The location of electronic system equipment within a building, for
example connection points, communications frames, has a direct effect
on the overall security arrangements and must be considered carefully.
Ideally, computer and electronic systems should be located above
ground level, but below the top floor and away from exterior windows.
It is preferable that the installation should be windowless and with
no equipment visible from outside the building. Windows not only
represent a security hazard but also can have an adverse effect on
environmental controls. All external signposts of the facility or
obvious displays should be minimised.
POLICY 4.5: SIGN POSTING OF ELECTRONIC SYSTEMS
Buildings housing electronic systems shall not be obviously marked or
signposted.
4.5 Physical access control strategy
General site security is never a substitute for control of direct
access to the electronic system installation, which must always be a
secure area in its own right.
Physical security is enhanced by enforcing several layers of defence,
often called 'Defence in depth'. Access to the site should be
controlled through a manned station which, in turn, regulates entry to
buildings specifically those housing important electronic systems.
Further access controls can then be enforced at the entrance to the
general computing area, and again at the doors to rooms containing the
computer and electronic systems, communications plant and media
library.
In summary, access to the actual computing and electronic system
facility must not be possible except
o past a manned station, or
o through locked doors requiring speciat keys or codes to open.
To ensure compliance with a system security policy it may be a
requirement that sensitive systems are separated physically as well as
logically.
For more specific advice and guidance, refer to the Physical Securiy
Handbook.
POLICY 4.6: PHYSICAL ACCESS CONTROLS
In the design of systems, physical access controls shall be
implemented so as to prevent unauthorised access to sensitive areas.
Small installations which cannot economically justify a manned station
but use access control methods shall record the issue and receipt of
keys, and, where oractical, their use.
POLICY 4.7: SECURITY OF UNATTENDED BUILDING
Sensitive installations in unattended buildings should be physically
secure and alarmed through to an alarm monitoring station.
POLICY 4.8: PHYSICAL SECURlTY HANDBOOK
In the planning of accommodation and siting of electronic systems
attention shall be paid to the recommendations and guidance documented
in the Physical Security Handbook.
4.5.1 Access to secure areas
Subject to fire regulations, there should be a minimum number of
physical access points to the secure area housing the electronic
system installation, preferably one usual portal and one emergency
exit, the latter opening outwards only from the installation.
Even if authorised staff are present in the vicinity of computer and
electronicsystems, all routes of entry should normally be locked; the
use of self-closing and self-locking doors is recommended.
4.5.2 Data cabinets and safes
In addition to the access controls, physical protection for the data
itself must be provided. A Data Cabinet or Data Safe is used to
protect magnetic media against hazards such as Fire, Dust, Pilferage,
Accidental or Malicious damage and the effects of water from
sprinklers. Where the information recorded on the magnetic media
warrants a higher level of physical security, the Data Cabinet or Safe
should be kept in a Strongroom or a proprietary Security Safe.
IN CONFIDENCE and encrypted IN STRICTEST CONFIDENCE marked media may
be stored in Data Cabinets, provided correct procedures are in force
for the control of the data cabinet keys or combination locks.
Unencrypted IN STRICTEST CONFIDENCE marked media may also be stored
on an occasional basis. For regular storage of small quantities of IN
CONFIDENCE or unencrypted IN STRICTEST CONFIDENCE marked media, a data
insert for filing cabinets is available which may be used to store
such media in approved security furniture.
For further advice, refer to the Information Security Code.
There are standing arrangements for the purchase of Data Safes; refer
to Chapter 10 for further information.
4.6 Personnel access
4.6.1 Staff, official visitors and other personnel
Access to sensitive computer and electronic system installations
should be allowed only to those with a genuine need to perforrn their
duties. Other personnel (maintenance engineers, cleaners) must conform
with a formal logging procedure for entry. They should be accompanied
at all times. A visitor remains the responsibility of the host for the
duration of the visit.
All personnel, including visitors and non-BT staff such as cleaners
and maintenance engineers, must be issued with passcards. The style of
the passcards should be such that the bearer can be identified as
regular staff or a visitor, as such, the passcard must be displayed
clearly at all times whilst within the building.
Special consideration should be given to controlling the access of
ancillary personnel such as cleaners and service engineers (BT and
non-B. Temporary changes such as building work or accommodation moves
must not be used to justify a relaxation in procedures. Special
arrangements should be made to accommodate these.
POLICY 4.9: PERSONNEL IN SENSITIVE AREAS
Only authorised people shall have access to sensitive areas.
Procedures shall be in place and maintained to control the access of
external maintenance engineers or other personnel.
POLICY 4.10: MANAGEMENT AND USE OF PASSCARDS
Passcards shall be issued and worn at all times. Their style shall be
such as to enable a clear distinction between regular staff, BT and
non-BT visitors.
For specific advice and guidance, the Information Security Code applies.
4.6.2 'General interest' visits
Although BT wishes to maintain good relations with the community,
general visitors are not permitted into operational computer centres.
Visits to associated premises may be permitted but should not be
actively encouraged. Any request for a visit should be considered on
its merits by local management.
When a visit is arranged, the following measures must be taken to
minimise the risk:
1 Formal entry and exit procedures must be scrupulously followed.
2 Visitors must be issued with passcards.
3 Parties must be organised so that they are of manageable size so as
to ensure that all visitors are accompanied and supervised at all
times. A ratio of five visitors to each BT guide one of whom must be
at least a level 2 manager (MPG4), is suggested.
4 The route and timetable must be preplanned and strictly followed so
as to avoid all sensitive areas.
5 Areas of work which are demonstrated must be selected to avoid close
up viewing of sensitive information (such as logging on procedures,
network access numbers and customer data) .
6 Staff must be given adequate warning of impending visits so that
sensitive material and access methods can be concealed.
7 Passwords must be changed after any such visit if it is considered
that any have been compromised.
8 Any handouts must have been authorised by the local manager in
accordance with the Information Security Code.
9 The carrying by visitors of cameras and electronic devices capable
of interference with computer systems must be prohibited.
POLICY 4.11: GENERAL INTEREST VISlTS
Local rules governing visitors and visits shall be documented.
Visitors shall be guided so as to exclude them from all sensitive
areas. Refer to the Physical Security Handbook for guidance.
4.7 System or master consoles
Controls against unauthorised activity are essential on electronic
access to computer and electronic system facilities, in particular
over communications links but also to computer and electronic system
consoles. System or master consoles usually provide access to highly
privileged activities, for example system administration and software
or machine maintenance; others may provide enhanced operator
privileges necessary for efficient machine usage.
Master consoles must be located in the most physically secure
environment available within the computer and electronic system
building complex to prevent unauthorised use of the console. The
consoles must be sited so that use may not be overlooked and cabled so
that their traffic cannot be intercepted.
Access to master consoles must be restricted and all operations
recorded. The log or journal should be regularly scrutinised to
identify any signs of irregular or unauthorised usage.
POLICY 4.12: USE OF SYSTEM CONSOLES
Procedures concerning the proper use of primary system consoles or
system terminals shall be documented and the application of those
procedures enforced.
4.8 Other terminals
Terminals outside the computer and electronic system room should not
have access to operator or other special privileges. Other users which
might need access to privileged commands might include software
support groups, network management groups and remote software
engineers. If privileged access is required, and the temporary use of
a terminal other than the primary or system console cannot be avoided,
its use should be strictly controlled, supervised and, in some
circumstances, audited.
Terminals located in non-BT buildings deserve special attention to
ensure that their use cannot compromise the security of BT systems to
which they may be connected.
4.9 Communications rooms and equipment
All communications equipment must be sited in a physically secure
environment within the installation and must be subject to their own
restricted access controls. Where it is not possible to locate
communications equipment within dedicated accommodation then the
equipment itself should be physically secured in purpose built
lockable furniture.
Cable entry points, risers and runs shall be provided with adequate
protection to prevent unauthorised access, and accidental or
deliberate damage.
POLICY 4.13: COMMUNICATIONS EQUIPMENT PHYSICAL SECURITY
Communications equipment shall be located in its own secure
environment or in secure furniture and subject to restricted access
control appropriate to the sensitivity of the data being communicated.
4.10 Media libraries and disaster stores
Special care must be taken to safeguard media libraries and disaster
stores. Data held in a compact form is particularly vulnerable to
accidental or malicious damage and its security depends on physical
protective measures, access control and staff reliability.
Both the media library and the disaster store must be restricted to
specifically authorised staff.
The disaster store must be sited so that it will be unaffected by any
incident at the computer centre. It must also be sited so that the
contents are not affected by strong electromagnetic influences. See
the Physical Security Handbook for further guidance.
POLICY 4.14: DISASTER STORE
Any disaster store shall be physically protected and remote from the
computer centre. Access to the store shall be governed by local
operational instructions.
+++
EOF
=============================================================================
PHUK MAGAZINE - Phile 9 of 10
=============================================================================
---------------
Notes & Queries
---------------
Note: Notes & Queries is the section where the readers send in any
questions, problems etc that they might have, and other readers can
send in the answers. Obviously, in the first issue of a magazine, this
is not going to work!! However, just to be a pain in the arse, and
just to pad out this section, we have gone to all the trouble to ....
... make some up!!!
Q: Does anyone have a full list of BT Star services?
A: It just so happens that I do .....
------------------------------------------------------------------------------
SYSTEM X STAR SERVICES - QUICK REFERENCE SHEET
------------------------------------------------------------------------------
Divert all calls *21*TEL NO# #21# TO CANCEL
Divert on busy *67*TEL NO# #67# TO CANCEL
Divert on no reply *61*NUMBER# #61# TO CANCEL
------------------------------------------------------------------------------
Bar incoming calls *261# #261# TO CANCEL
Bar outgoing call *34X# ; x below: OLD -CODES- NEW
Stop all but 999 & 151 N/A 1
Stop national/international N/A 2
Stop calls starting "0" (non-local) 2 N/A
Stop international "010" 3 3
Stop operator calls/services NOT 151 4 4
Stop star services except this one! 5 5
Cancel outgoing call barring #34X*KEYWORD#
To check outgoing call barring *#34#
------------------------------------------------------------------------------
Storing a code calling number *51*CODE*NUMBER#
Checking a stored code *#51*CODE#
Dialling a stored number **CODE
Repeat Last Called Number **00
------------------------------------------------------------------------------
Reminder call *55*TIME# #55# TO CANCEL
Reminder call (DAY) *56*TIME*X# #56*TIME*X# CANCELS
x=1-Mon, 2-Tue, 3-Wed, 4-Thu, 5-Fri, 6-Sat, 7-Sun, 8-Mon-Fri, 9-Every
Check what reminder calls are active *#56#
------------------------------------------------------------------------------
To hold caller one and make call 2 [R] NUMBER
Shuttle between (holding other) [R] 2
Open a three way conversation [R] 3
End call with current, shuttle to other [R] 1
Disconnect from caller 1 on a three way [R] 5
Disconnect from caller 2 on a three way [R] 7
------------------------------------------------------------------------------
Call waiting *43# #43# TO CANCEL
Reject an incoming call [R] 0
Take a waiting call (After current call) [R] 1
Take a waiting call (hold current caller) [R] 2
Shuttle between callers [R] 2
------------------------------------------------------------------------------
Advice on call cose *40*TEL NO#
Set up for all calls *411# #411# TO CANCEL
------------------------------------------------------------------------------
Check on services currently operating *#001# (Sys X only)
------------------------------------------------------------------------------
--
Q: In the light of the recent BT "hacking" case can anyone tell me
the difference between what the media call "hacking" and what the
lawyers call "Breach of Confidentiality"?
A: Um, No! Can any of our more legal-eagle style readers please
enlighten us?
--
Q: In the light of the recent BT "hacking" case, I was just
wondering, what WAS the oh-so-secret telephone number for the
Queen?
A: Last time I looked the Queen's telephone number was 071-445-2865,
oh and by the way, that oh-so-secret MI5 number was probably
0800-894-410, because they gave everyone a hard time when you rang
it!! (Let's just say that they got all secretive and asked where we
had got this number ......) Just remember ... PHUK magazine ...you
heard it here LAST!!!
--
Q: Can you make up anymore stupid questions before everyone gets
bored?
A: No, we can't! That's why we want YOU the reader to send your
questions and answers to us, at anon93143@anon.penet.fi .... so that
we have more to publish and can keep phukmag goin with the minimum of
effort on our part (of course) so that we can spend more time playing
with computers and less time asking people for the articles they
promised 3 months ago ......
+++
EOF
=============================================================================
PHUK MAGAZINE - Phile 10 of 10
=============================================================================
-----
OUTRO
-----
Well, its been fun hasn't it? What's that I hear you say? It hasn't!
What the articles were too biased towards phones and not enough
hacking? You thought the articles were feeble? You think you could do
better!!
Well thats more like it .... if you think you can do better than the
articles in PHUK-zine then write them and send them to us. We always
need snippets of news, articles, code, numbers, hints, tips and
general ideas to keep the ball rolling.
Anyhow, next month we have the following goodies for you ....
Green Boxing - DrKaos & TheGoat
BT Computer Security Manual Part II
Something on Novell Networks ...
Some trash from BT wastebins ....
And maybe something on hacking for a change ....:)
Send all articles, flames, Letters of Comment etc etc to PHUK
magazine, anon93143@anon.penet.fi, OR speak to any of the PHUK crew
at any London 2600 meeting .........
- have PHUN and be careful out there ... it a dangerous world and
getting worse by the minute!
- Phuk-Ed
+++
EOF
.