============================================================================= PHUK MAGAZINE - Phile 0 of 10 ============================================================================= Welcome to the very first issue of P/H-UK magazine, an ezine for the Hackers & Phreakers in the United Kingdom. In case you can't work it out, P/H-UK stands for Phreak/Hack-United Kingdom, and having pointed that out I promise to never mention it again!. This issue is a little lame and a little thin, the way most h/p zines are at first, but we hope that PHUK will grow with time and become a bit more substantial. This issue we have some goodies, especially the chunk of the BT computer security manual, a piece by Otaku on Defcon ][, some circuitry from TheGoat, and a nice piece of history courtesy (!) of New Scientist circa 1973. Anyway, without further ado, lets go on to the contents .. PS: THIS IS A BETA COPY OF PHUK#1 ..... NO RESPONSIBILITY CAN BE HELD FOR ANY AND ALL SPELLING AND GRAMMATICAL ERRORS THAT OCCUR IN THIS TFILE ---- the rest of it is down to us and the normal disclaimers apply ... i.e. don't use this info to phuk with the system, just read and enjoy (heheheh). ============================================================================= P / H - U - K -- C O N T E N T S ============================================================================= 0: INTRO: You're reading it! ----------------------------------------------------------------------------- 1: EDITORIAL: Channel 4 Documentaries SUCK! ----------------------------------------------------------------------------- 2: NEWSBYTES: UK News ----------------------------------------------------------------------------- 3: HISTORY: New Scientist 1973 ----------------------------------------------------------------------------- 4: DEFCON II - Otaku ----------------------------------------------------------------------------- 5: ANSWERPHONE: The Panasonic KX-T1446BE ----------------------------------------------------------------------------- 6: CIRCUIT: Simple Line Monitor - TheGoat ----------------------------------------------------------------------------- 7: NO GIFT FROM HALLMARK - DrKaos ----------------------------------------------------------------------------- 8: BT Computer Security Manual - Mrs. Brady of Doncaster ----------------------------------------------------------------------------- 9: Notes & Queries: A question & Answer Forum ----------------------------------------------------------------------------- 10: OUTRO: Next Issue .... we hope!! ----------------------------------------------------------------------------- ============================================================================= PHUK MAGAZINE - Phile 1 of 10 ============================================================================= ----------------------------------------- CHANNEL FOUR DOCUMENTARIES SUCK - Phuk-Ed ----------------------------------------- That recent documentary on channel four sucked. Just what we needed was some stupid media c*nts telling the entire world that we were all boxing throught Hawaii Bell. For some strange reason this line died very soon after the documentary .... are we surprised? I think not. At the same time horror stories about people being charged for boxed calls through 0800 numbers began to circulate, stories of beeing fed straight into overseas operators when using Country Direct numbers, along with a whole slew of paranoia, which may or may not just be disinformation designed to discourage boxing in th UK. For example, I recently leeched a tfile from a UK bbs that claimed that from 10-02-94 BT have been monitoring all free phone numbers from the base in Blackpool, and that the information is also going to the BT investigations dept at Milton Keynes. The person writing the tfile claims to be a contracter linked to BT, and that Channel 4 had contacted BT before the documentary was screened and that this resulted in the circulation of a confidential memo was sent to all system & exchange managers asking what steps can be taken. Apparently suggestions ranged from "put filters on the line", via "link all 0800 calls to a billing machine" to "change all the numbers". Well the many of the numbers HAVE changed, and even the merest hint that all 0800 calls are getting routed into a computer and analysed to check if they are legitimate data/voice/fax calls is enough to give any phreak the willies! He also claims that "any questions can be directed to bt internal investigations on 0800-890-999, ask for extension 131". [Does anyone know if this number is really the BT investigations unit??]. We do not need this type of paranoia, and all because of one stupid documentary! The documentary itself was pathetic. Programming your computers to do continuous directory listings might look good to the media vampires, but to anyone with any computer literacy it just looks stupid. Showing the two anonymous hackers inside a Brighton phone box with what must have been the BIGGEST tape machine you could possible carry (can't show Walkmans can we now guys!) while boxing using a tape was hilarious. Showing them dial up an American sex line while they were saying in essence that this is a line for all the sad computers spods who can't get a girlfriend, was a joke. The whole chunk of credit card fraud at the end, bleeped as if they were giving away vital information, (of course no-one knew about credit card fraud before!) was a useful ploy used by the documentary to discredit hackers (look middle classes, your credit is under attack ... better lock those hackers up quick!!). This documentary should act as a warning to any hackers who might consider getting involved with the media in any way. They can, and WILL distort what you say by selective editing and voiceovers. They can and WILL sensationalise hacking in an attempt to increase ratings and thus advertising revenue. Luckily at least one person in the known universe is trying to put together a film that shows hackers and phreakers in a more favourable light ... and we here at PHUK magazine wish her the best of luck! Phuk-Ed. +++ EOF============================================================================= PHUK MAGAZINE - Phile 2 of 10 ============================================================================= ------------ UK NEWSBYTES ------------ -- PHONE DAY Phone Day is almost upon us! Well, not quite, its on the 16th of April 1995, but judging by the, amount of energy BT is putting into the big event the public are meant to absorb this information by some weird sort of osmosis .... and now us phone phreaks are telling them all about it instead of BT! Certainly all of Joe public I have spoken to treat phone day as some sort of publicity stunt, like Give Up Smoking week, where you are encouraged to use the phone more on Phone Day. When it is explained that Phone Day is the day that all the dailing codes change the response is mixed, ranging from "why would they do that", to "Oh No, not again!", from people who remember the great day when London split its codes into 2 zones (071 & 081), and the amount of hassle it caused them! Funny enough I found an old BT card explaining the LAST change in codes marked "BT - It's you we answer to" .... hmmm guess thats why you still charge in UNITS instead of seconds huh guys! Of course companies offering Phone Day services have sprung up .. they will update all your databases ... at a price!! In actual fact the new codes have been with us for some months, and it has been possible to use the new London codes (0171 & 0181) for a while now. In case you can't remember (!), Phone Day means that all codes starting with 0 will now start 01, and Leeds, Sheffield, Nottingham Leicester and Bristol all get new codes (I won't bore you with the numbers!). -- CALLER RETURN / CALLER ID Of course the BIG story of the month should have been the introduction of caller return and caller ID on the 5th of November .... here's what the SUN newspaper had to say about it on the 28th of October ... (When I first wrote this of course I said 'by the time you read this .....'). +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [from the SUN Newspaper, 28-10-94] BT cures hang-ups for free People who rush to answer the phone just as it stops ringing will be able to find out who called thanks to a free BT service unveiled yesterday. From Novemeber the 5th, frustrated customers can dial a code and listen to a recorded message telling them who was the last to call them. BT says the number of return calls will cost the cover of the service. The firm is also introducing "Caller Display" which allows people to see the number of the person calling before they answer. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Once again the actual service has been around for a while in some areas, just not "switched on". So if I dial 141, to block CI/CR, I get a message "Sorry, you have dialled an incorect service code, please replace the handset and consult your instructions". Similarly, dialing 1471 gets the message "Sorry no telephone number is stored". BUT when I phoned the BT helpline (0800-80-1471) to ask about costs, I was told (incorrectly) that Caller Return would cost 3.99 per month, and that Caller Display would cost an "unspecified amount" plus the cost or rental of the equipment. Funny thing was though, that when the helpful young BT chap asked me for my area code "for his database" and then repeated the number back he got it wrong!!! What is really cool is that Joe Public HAS woken up to the problems this might cause, hence the following article from the Guardian, 4th November 1994. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [from the GUARDIAN Newspaper, 04-11-94] BT forced to delay service identifying callers British Telecom has been forced to postpone the launch of two services which reveal a caller's number - because the public is not yet aware of the risks involved. Civil Liberties lobbies have been concerned about privacy, pointing out that a doctor, for examle, ringing a patient from home would not want to disclose his private number. And ex-directory numbers will be identifiable unless customers opt to retain anonymity. BT, which has already spent several million pounds promoting the services and warning that numbers could easily be identified, has had to increase its budget for an extra two week campaign of newspaper and televsion advertisments. The services, Call Return and Caller Display, will now come into operation on midnight on November 21, rather than tomorrow. This follows recent discussions between BT and Oftel, the industry regulator, which insisted that the public must be fully informed beforehand. A BT spokesman said that the group was disappointed at the lack of awareness in view of its advertising. Call Return enables a phone owner to identify the number of the last caller, by dialling a short code. Subscribers to Caller Display will have a phone or box that shows the number of an incoming call on a screen. BT has built in two safeguards. Customers can have the calling line identification (CLI) signa on all outgoing signals automatically blocked, or they can block the signal on individual calls by dialling 141 before the number. However the CLI signal will be available to BT's malicious calls units. [no shit!! and WHO else can get it!] Many with ex-directory numbers (15 percent of personal customer) believe that their numbers should be protected automatically. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Methinks, we have not heard the last of this ....... ..... and indeed we hadn't! after "WatchDog" had a good go at BT over CR/CD the service didn't start until November 22nd, as planned. However, once again everything was put in place some time before, allowing us to play with the service, which came into force around 18:00 that day. CR does pass unlisted numbers across the lines, but we haven't been able to test whether it passes ex-directory or not. Blocking seems to work as advertised, and cell-phone numbers are also not passed along. What worries me, however, is that on several occasions after recieving a call from what I knew to be a listed number, and from people who I wouldn't call phreaks and use the 141 blocking code, were not stored for my use :( Watch this space for updates! -- INTERNET MANIA Anyone who hasn't heard of the Internet these days must be blind, deaf, half-asleep or all three. With the introduction of a Guardian ONLINE section, the bbc getting their own email address ..(yes!! you can email the broom cupboard!), the opening of London's first fully fledged, and much hyped "CyberCafe", and the publication of not one but 2 expensive glossies (Internet & Comms, and .net), everyone and his dog will have an internet account by the year 2000 (well, if we don't run out of addresses first!). However, at a minimum 1.50 UKP per half hour for the privilege of having coffee, danish & WWW, we here at PHUK magazine feel that Cyberia might be spending some of their hard earned (!!) profits on an internet security expert before too long :) +++ That's all for this ish, don't forget, NEWSBYTE exists on contributions from its readers, so send your snippets, comments etc to PHUK magazine at anon19143@anon.penet.fi, where we will do our best to include them in the next issue. -- BT HACKER :) OK, boring, but I couldn't resist commenting! Calling the BT contractor who stole the queen's phone number a HACKER is a joke!! But then the Independant wouldn't have sold so many papers with the headline "Sub-Contactor Breaks Confidentiality Agreement" would it? +++ EOF============================================================================= PHUK MAGAZINE - Phile 3 of 10 ============================================================================= --------------------------- HISTORY: New Scientist 1973 --------------------------- This issue's HISTORY section has an article published in the New Scientist on the 13th December 1973 in the wake of the Old Bailey trial. The article made the front page, running under the headline "Are phone phreaks just telephone addicts?". Anything in square brackets is mine, the rest comes straight from the magazine page to you ... Enjoy & Have phun! - Phuk-Ed -- [headline] Are telephones addictive? [intro] Nine "phone phreaks" were acquitted last month after a seven-week trial at the Old Bailey. The trial gave considerable publicity to teh techniques used by a small and determined group of intellectuals with a compulsive desire to know the telephone system inside out. [start] When Post Office invesigators raided a Hammersmith, London flat in October 1972, the found a "phone phreaks" conference in progress with large quantities of telephone equipment, a computer printout listing supposedly secret Post Office codes, and devices for making calls. A Post Office installed monitoring device showed that one man had spent much of the day experimenting with one of London's international exchanges. Nineteen men went on trial on 3 October at the Old Bailey. With advance promises of nominal fines, 10 pleaded guilty - one to actually making calls, the others to conspiracy. Fines ranged from 50 to 100 [pounds]. The other nine stood trial for conspiracy to defraud the telephone system. On 13 November, all were acquitted, in a trial estimated to have cost more than 100,000 [pounds]. Most were men in their 20s holding university degrees, primarily from Oxford, Cambridge and London. Their interest had begun in student days, usually from reading standard texts such as Atkinson's Telphony and moving on to the Post Office Electrical Engineers Journal. Experiments by exhuastive dialing on local networks followed. Soon the exhausted the possibilities of dialing and moved on to electronic aids. Their attitude was neatly summarised by the trial judge Neil McKinnon, QC, when he commented: "Some take to heroin, some take to telephones." He, too, entered into the spirit of the thing and asked for the codes used in his own local exchange in south London. Like scientists conducting experiments, the phone phreaks report results to one another. And they take a perverse delight in writing to the Post Office to explain new and previously undetected ways to beat the telephone system - often the Post Office does not believe these suggestions until much later. The penetration of the Post Office's secrets has been massive. The investigation that led to the recent trial was apparently triggered by the discovery that for some years the Cambridge University Titan computer had held complete and laboriously compiled files detailing the entire trunk and local network system [caption] Imitate control signals [start] In general, telephone enthusiasts (as the court genteely put it) work by imitating the control signals that the telephone system must have. he signals tell an exchange, for example, that a call is coming from another exchange, or that a subscriber has hung up, or that a call has been answered and that charging should begin. On long distance trunk circuits the signals are withing the normal telephone speech bandwidth (30 Hz - 3 kHz), and the UK Post Office uses pulses of single frequency - 2.28 kHz, As the signalling must take place on the line which will be used for the call, there is no way that the Post Office can prevent anyone from imitating the codes. Usually they use a "bleeper" which puts the tone onto the line with an accoustic coupler, similar to that used for portable computer terminals. Details of using a bleeper to make international calls are given in the box. [start sub-box] [photograph with caption] Typical phone phreaking equipment. Rear right - an older style AC9 simulator (bleeper) with a telephone dial. Front, a newer AC9 simulator, with an accoustic coupler (an ordinary telephone earpiece). Rear left - a multifrequency simulator. A print-out of telephone codes lies under the equipment. [basically thats what the photo shows ... this stuff is OLD and clunky looking though!] [end sub-box] In the last few years, the Post Office has begun the introduction of the Trunk Transit Network to effect speedier transit of information. Where the normal system uses pulses of 2.28 kHz to represent numbers (1 pulse for 1, 2 for 2, etc, just like a telephone dial), the new Multifrequcny system (MF2) has six different tones, and uses two at a time, permitting 15 possible combinations (10 numbers and 5 control signals). Thus, where the 0 required 10 pulses, it now only requires 1. The Post Office hopes to introduce full nationwide STD using this technique by 1980. This goal was achieved in the USA and many European countries some years ago. Generating the six tones required in the UK is more complex than tha traditional 2.28 kHz, and involves a six-frequency generator. Because many countries have their own sets of tones, the international phone phreak will need a set of bleepers. One presented in evidence at the trial was very elaborate, being capable of simulating seven different signalling sytems. Nicknamed the Mighty Wurlitzer, it was rumoured to cost 200 [pounds] to build. The Post Office offered 20 [pounds] for it. As new MF2 centres are added to the network - Newcastle, Hull and Bradford last month - the Post Office is reportedly intensly worried about the vulnerability of MF2. It is perhaps typical that the Post Office were initially complacent, and did not believe the Cambridge undergrad who some years ago told them that MF2 could be beaten. One defendant revealed that he and others had written a set of letters to the Post Office explaining flaws in the system. His most recent contribution - a dialling sequence known as 9-1-11 which would give irregular STD service from small country exchanges - was haughtlyi rejected by a Post Office expert with "it couldn't theoretically work". [begin sub-box] [caption] Bleeping around the world [start] At the trial, the Post Office gave a demonstration of how international calls might be made, using a bleeper. The telephone enthusiast first dials an STD call to a destination which will be charged at local rate - from London to Badger's Mount just north of Sevenoaks will do. This call is routed automatically through the london STD centre and the trunk exchange in sevenoaks. When the call (which is made to a number known to be spare) had gone through, he sends the "clear forward" signal which tells Badger's Mount that the call is finished. Because the enthusiast's telephone is still off the hook, the London equipment believes that the call to be still in progress. The result is an open line going as far as the Sevenoaks trunk exchange. He then sends to Sevenoaks a signal known as "seize" which wakes up the Sevenoaks end. He could then send the digit "1" which will put him on the outgoing trunks from Sevenoaks. By dialling the secret trunk codes or routings, he can then dial freely through the trunk network. He could dial to Tunbridge Wells (code 15) and through it to Cardiff (65) and London International (112). At this point, by using other tones, he could if he wished experiment in any part of the world. Unlike STD codes, the trunk codes are not the same throughout the country - to get from Reading to Tunbridge the code would be 35 rather than 15. Thus the enthusiasts have built up massive files of trunk codes, often produced on computer printouts. Knowing the codes, however, does little good because they cannot simply be dialled - extra equipment is required. The clicks that an ordinary telephone dial sends down the line are reallt DC pulses, 67 millisec (ms) long, send at the rate of 10 per second. Long distance trunk circuits cannot handle DC, so the exchange automatically converts these to eually long pulses of 2.28 kHz. This signalling system is known as AC9. Having already passed the local exchange, the phone phreak must produce his own 2.28 kHz signals. Some people are actuially able to whistle the correct tone, but most phone phreaks use some sort of electronic simulator - usually called a bleeper - made up of a tone generator and a telephone dial or more complex push button system. The device must also produce at least one other signal - the Clear Forward which is 700 ms of 2.28 kHz. The seize signal is simply a "1". One of the effects of the clear forward signal is to accidentally generate another signal which starts the equipment in London charging for the call. Thus, the user of a bleeper is then paying for the call whether or not he ever completes it. But the charge is always for a call to the first exchange dialed (London always thinks that the call is to Badger's Mount) so the bleeper user always starts with a call to the local exchange to keep the cost down. The legal question enters at this point - the effect of the recent acquittal would appear to be that using a bleeper is not illegal unless a call is actually completed, in which case the phone phreak is getting a long distance call at local rates. Simple possesion of bleepers themselves is apparently not illegal, although the Post Office has the right to disconnect the phone of anyone who uses one [there is a diagram accompanying this sub-box which just uses a box and arrow type diagram showing the relationships between the different exchanges discussed in para 2] [end sub-box] [caption] Dial direct [start] There is a second major way for the telephone enthusiasts to get into the PO network. As described here recently (vol 58, pg 23), some engineers had covertly installed their own unauthorised links. As these individuals had ample opportunity to discover the secrets of the telephone network, the only purpose of such circuits could be fraud, as was shown in the recent prosecution of a Bristol engineer who operated an Air Charter compnay on the side. Several other accesses arose accidentaly, caused by careless or sloppy design. Thei utility to telephone enthusiasts had resulted in a large scale hunt for them. A list of these trunk accesses was eventually passed to the Post Office. Nevertheless, suggestions of "sabotage from within" are hotly denied by the Post Office. But a recent example is an "engineers fiddle" fitted to the Chiswick exchange. It allowed North London Post Office staff who knew about it to make free STD calls, quite illegally from phones all over London. By dialling 995 for Chiswick, then 47, then any four digits to "unlock" the circuit (since someone, perhaps even an investigator, might stumble on 995-47 by accident), they would be enabled to dial free calls. This money saving device disappeared earlier this year, when the code became needed for new subscribers on that exchange and the engineer had to take it out. Two devices to avoid payment were displayed at the trial. One, known simply as a black box or non-charge facility, is simply a battery and two simple components that can be fitted to any telephone and prevent the exchange from realising that the called telephone has been answered - thus no charge is made to the caller. The other was more amusing - a 2p piece on a length of thread. Its student owner had not known that it could be used for telephones, but a zealous executive engineer studied the problem and showed the court how, with a little legerdemain, it could be retrieved from the reject slot of the coin box. [caption] Telephone tapping? As might be expected in Watergate year, allegations of telephone tapping were well to the fore, and several Post Office methods were exposed. The first, and simplest, is a printermeter, which makes an automatic record of whom you call, for how long, and the exact time and date of the call. The second is the misuse of special test circuits to listen in to any call. The operator or monitor merely has to dial you number on these special circuits, and listen for as long as he likes. The intended use of such circuits is to interrupt a call to tell you that someone is trying to call you from abroad, for instance. The third is the euphemistically named "Call Check Circuit" - this can be attached to any phone in the country - and is undetectable. It can be used with a tape recorder to record all incoming and outgoing calls. Identifiable only by the type number painted on it, 60345, it is now fitted as standard equipment. [start sub-box] [photograph with caption] The Post Office goes to great, but unsuccessful lengths to keep its secrets. The centre door (31-32 High Holborn) is the unmarked entrance to the Kingsway exchange, London's largest trunk exchange, located in two deep bomb shelters under Chancery Lane underground station. [end sub-box] The British Post Office is not the only organisation with pranksters prowling through their system. In the USA, the vast telephone network has been blighted for some time by the phenomenon. For technical reasons, the Bell system is far more open to the possessor of a Blue Box, as a bleeper is called across the Atlantic. Forty years ago, world telephone technologies diverged. The Bell system, which owns almost all of North America;s 140 million telephones, started to use the crossbar system, while Britain stuck with the Strowger method, invented by a Kansas City undertaker in the 1890s. The effect of the crossbar on the trunk network was to enable the same codes that are used for the nationwide dialling system to be used for the internal codes of the system, resulting in far greater reliability and faster operation. It also uses a multifrequency signalling system, using frequencies between 700 Hz and 1700 Hz. Because of the identical code usage, US phreaks are sparedn the hard work of compiling and using special trunk codes as in Britain. The phreaks first appeared on the US scene in the early 1960s when a group of MIT students were found to have conducted a late night dialling experiment on the Defense Department's secret network. They were rewarded with jobs when they explained their system to Bell investigators. The attitude was a little different a few years later when blind Joe Engressia, sometimes acclaimed as the "King of the Phone Phreaks", was discovered merrily whistling down the line to fix up free calls around the world for his school friends. As a result of his widely-publicised prosecution, many individuals who had been working in teh dark, alone, across the continent rang in to Blind Joe. The new technology spread rapidly through the underground, and names like Captain Crunch and Midnight Stalker became commonplace on illegaly procured trunks. The name "phone phreak" identified the enthusiasts with the common underground usage of freak as someone who was cool and used drugs. Since then, the telephone system has been a battleground between the phreaks and the Telcos (as the telephone companies nickname themselves). Abbie Hoffman's Yippies, the Youth International Party, gave birth to a phreak division whose monthly, The Party Line, publishes details of the latest and best Anti-Telco hardware. It has recently diversified into using high-power magnets on parking meters in order to stay longer, cheaper. In June 1972, Ramparts carried a set of instructions on how to build the Black Box, or non-charge facility. In the US, phreaking is receiving increasing publicity, and the annual conference held on 8 September at a major New York hotel was given wide press coverage. Unveiled at that meeting was the Red Box - an electronic device that simulates tone pulses sent to an operator when money is put into a coin box. From the Telcos this year comes their effort to keep up, the Model 51A Dialled Digit recorder. It costs $3500. For a further $1000 the MF option can be fitted, and with another $100 for the 67A extender, the telephone company can have a recorder which will record no less than four different types of signalling: a match to the Mighty Wurlitzer. [begin sub-box] [caption] An Old Bailey anniversary This year is the 20th anniversary of another Old Bailey telephone conspiracy trial. In that year, a Mayfair chemical company director and two friends were accused of making automatic trunk calls around Britain - almost ten years before STD was introduced. And all for a single charge of an old penny. Their method was known as the Toll A drop-back, named after Toll A, an exchange near St Paul's which routes calls between London and nearby non-London exchanges. The trick was to dial a number, such as Dartford 21111, which was then not allocated. Then, the reciever rest would be "flashed" (depressed for 1/2 a second). This would act in a similar way to the "clear forward" on the a.c. system. The caller would be left with an open line into the Toll A exchange. The user could then dial a code, 018, which would take him on to what was then the first trunk (long distance) exchange in Britain. Once again with a list of trunk codes which he could have compiled by experimentation, he could dial around Britain. The advantages of these methods in 1953 was immense. The delays on trunk calls through the trunk operator could often be several hours, and the quality very poor. The method is still available. One of the defendannts in last month's trial was alleged to have made experiments by using a Toll A dropback. He had dialled Caterham 41111, a number not in use. Then by flashing, he could dial through the Toll A exchange, and out through exchanges around London to some point where he would be able to dial up onto the trunk network. In May, a London chemistry student pleaded guilty to making calls to he US utilising Toll A dropback via exchanges in Surrey where trunk accesses had been fitted at the time. he was fined 70 [pounds] plus 10 [pounds] costs and ordered to pay the Post Office 350 [pounds] for lost revenue. [end sub-box] [Phew! I am knackered after typing that in! but I hoped you enjoyed it! Nice to know that the Red Box has come of age ... being 21 years old this year! I actually met one of these defendants at this trial at a 2600 meeting last year. A few questions though ... WHERE are the Call Check Circuit marked 60345 installed??? In a junction? a DP? In you house??? and WHY can't BT be as complacent as the Post Office are reported to have been? - Phuk-Ed] +++ EOF============================================================================= PHUK MAGAZINE - Phile 4 of 10 ============================================================================= ---------------------------------------- DEFCON ][ , Las Vegas, July 1994 - Otaku ---------------------------------------- Since I have been nagged to write a space filling article for this inaugural issue of PHUK, here are some person observations about the DEFCON ][ conference held this summer. Unlike Winn Schwartau, I am not a writer/lecturer on security issues, but those of you who want another view of what went on at DEFCON ][ should read his account "Cyber-Christ meets Lady Luck" in PHRACK 46 , file 19. In January 1994, before I had decided to go to DEFCON ][, I saw an article in alt.2600 from a journalist wanting to meet "hacker/phreaker types". I suggested that he go to DEFCON ][ in July and perhaps report as follows (looking back, I must have been psychic, because some things happened just as predicted !): >Judging by the press coverage of last year's HEU event in the Netherlands, >someone needs to educate the media/government, perhaps you can help. >Here are some suggestions 8-) >Unlike the HEU event, you should be able to write your story from the >comfort of an air conditioned bar. Editors too old fashioned to >believe the authenticity of email might be convinced by a creatively >constructed expenses claim for bar room interviews of "sources". >With Las Vegas as a background, you can pique your editors interest with >quotes from Hunter S. Thompson's "Fear and Loathing in Las Vegas" >Go on to draw attention to the similarity of the physical look and atmosphere >of Las Vegas at night and most of the literary visions of Cyberspace from the >likes of William Gibson ("Neuromancer") and Neal Stephenson ("Snow Crash"). >Since you are in the desert, you could even drag in references to Wild Palms. >(Culture & technology) Winn Schwartau mentions Hunter S.Thompson in his article, so perhaps I had the right idea ! >If you can tag along with the right people, you will no doubt visit all >the sights of Vegas. See if you can persuade someone with a cell phone scanner >to show you how to track the call girls being despatched to the >various hotels. >(Sex and technology) The call girl/cell phone stuff was done: a couple of potential customers were warned off by "the voice of God" breaking in on their cell phone conversation and warning that it was a police setup. At least one drug deal was also scotched in a similar manner. >This could lead you nicely on to the other Vegas cliches of pondering the >enormous amount of money flowing about the place and all the computer >and telecomms technology used to provide the infrastructure to the casinos. >Recount the stories of the computer assisted Blackjack hackers. >(Money & technology) >No doubt there should be various law enforcment types lurking about. >Ask them about the Steve Jackson affair and about Phiber Optik. >(Legal issues & technology) I heard that an approach had been made to one of the delegates, asking if he could "hack into the the Sands Casino Baccarat high-rollers list". Since this game accounts for more than half the profits of a casino, the few mega-rich gamblers who choose to lose at baccarat are feted with free rooms, food, drink, women etc. A suitablly impressive looking data file was constructed, and Gail Thackery's name was put on it. She was a guest speaker, and also the District Attorney who was involved in the farcical Operation Sundevil affair involving Steve Jackson games. >Ask people about PGP. Compare and contrast the arguments about freedom, >privacy and strong public key encryption from the Cypherpunks, to the right >to bear arms arguments of the NRA. Ask what Bill Clinton and Al Gore are up >to with the Clipper chip proposal. Will access to the new Digital Superhighway >if it gets built be as free as this Internet ? >(Government & technology) Phillip Zimmermman, author of PGP was one of the speakers >A few photos of people with reversed baseball caps posing with laptops and >cell phones in front of the various casinos (at night for best effect) >and you might be able to sell the story to the mainstream media. There were plenty of reversed baseball caps, but only one person had gone so far as to get a computer chip implanted next to his tatoos (seriously !) The conference was held in the Sahara Hotel, which is not the newest, biggest or most luxurious, but was a whole lot more comfortable than either the Dutch campsite which hosted HEU or the New York flea pit that apparently hosted HOPE. I fell in with the organiser of the conference, Dark Tangent, a law student from Seattle, as well as TDK (one of the elite few from the UK), MTV, Tagger and a man with no nickname. "Lets's go and see the MGM" :this is the biggest casino/resort hotel in Vegas, 5000+ rooms, the usual huge casino, a seven story lion guarding the entrance and a theme park similar to Disneyland. Since we were here to enjoy ourselves, we headed off in a couple of cars. We toured past the Las Vegas Hilton, which used to have the largest illuminated neon sign in the world (worth $2 million, over 100 feet high). Unfortunately it had collapsed into a heap of twisted girders and broken glass the day before I arrived. The MGM is huge, even by Vegas standards, but of course every punter is treated like a VIP, so there is obligatory valet parking at the entrance. We got out of the two cars we had cruised up in, whereupon, the man with no nickname got managed to lock the keys to one of the cars inside it, in the middle of the valet parking lane. The car valets then proceeded to give us a demonstartion of car repossession techniques using flexible metal strips known as "slim jims" which they inserted between the rubber seal and the glass of the car window. They were trying from both sides, with little apparent success, but those musical Vegas words "there will be a big tip for you" were uttered and both driver's and passenger's doors sprang open as if by magic ! We decided to christen the man with no nickname "Repo Man" in honour of his part in our entertainment and education but upon reflection "Repo-Spazz" seemed to stick. The evening was a cool 90 degrees Fahrenheit, so we headed indoors to the air-conditioned casino, which was impressive enough in scale, but held little interest for us as we headed off to the amusement park on the other side. We watched an amusing slapstick/stunt performance involving costumed pirates and much leaping off walls and diving into water. Piracy seems to be a theme in Vegas. There is hotel called Treasure Island, in front of which, just to draw the crowds, are two full sized pirate ships on an artificial lake, which periodically stage a performance involving crews of actors, sword fights etc. One of the ships then "sails" towards the other and fires cannon etc. The rides were ok, and we did not have to queue as this was late in the day. We were nearly ejected from one ride, a flight simulator type "ride to the centre of the earth" , when one of our number could not resist the temptation to spit into one of the pools of water lit by a red light which was supposed to represent a pool of molten lava (there are security cameras everywhere in Vegas !). We had more fun on a proper roller coaster type ride, which happened mostly indoors, and so although short, was quite fast and aggressive in its twists and turns. MTV lost his precious baseball cap, which he had to go back for later and Dark Tangent was taken by the video photo of a girl in one of the cars following us. At the point where the cameras flashed, she was holding on to herself in such a fashion that Dark Tangent bribed the photo clerk for a copy. It may appear on the DEFCON ][ WWW and ftp site at dfw.com under Aleph1' s pages. Nearly midnight, and Vegas keeps on going (they pump extra oxygen into the casino air conditioning in the wee hours of the morning to keep the staff and punters awake, and also make sure that there are no visible clocks or windows to give you time clues), but, hey, there is a conference due to start tomorrow ! We went back to Dark Tangent's room and I helped stuff an extra sheet into hundreds of copies of the conference program. I got my psychodelic conference badge (#1 no less!) and various stories were recounted. The infamous Oregon State vehicle licence/voters roll CD-ROM was displayed and discussed. This contains the names , addresses , telphone numbers and social security numbers of thousands of citizens in the state of Oregon , legally obtained by paying the appropriate fee to the proper authorities, in exactly the same way as the credit bureaux and marketing database companies do. Somehow the act of translating it from 9 inch tape format to CD-ROM format and making it available to the public caused quite a stir in Oregon. As the warning on the label says "Do not use this to create false identities, apply for credit cards etc-" Who says phone phreaks are a menace to society ? One of the female conference delegates was having difficulties with the hotel phone equipment. Within 5 minutes the jack was out of the wall and various soldering irons were in use and her phone was repaired without any need to call hotel maintainance at 1am in the morning. Perhaps this was when it was discovered that the trunking which held the phone lines to your room, also had the wires for most of the rest of the same floor 8-) The hotel had given us a conference room the size of a couple of tennis courts for free providing that Dark Tangent could supply the requisite number of hotel bookings. Normally this works well for the hotel, e.g. there was also a convention of Railway Signalmen booked in at the same time, who spent much more on beer and at the tables than the DEFCON crowd did. Dark Tangent organised the registration process, but of course there were people who had pre-registered, of whom no record could be found ("computer problem") and there was much waiting around for things to happen. The DEFCON tshirts were popular, and Dark Tangent learned that black outsells white which outsells green. Once the various speakers got going, things were fine, but generally, unlike HEU, there was hardly any technology on show for people to play with. The most desparate email addicts did get a 'Net connection' on Zak's portable Sun clone via a Macintosh modem and several hours of social engineering of the hotel operator. Much of Dark Tangent's promised equipment failed to turn up in time. Since Zak is from the UK, and TDK sorted out some of the PA and overhead projector problems, and I lent my portable for some German Videophone type stuff, the very small UK contingent aquitted itself better than the native Americans in terms of conference hardware/software. The point of such a conference is not to have an online hacking/phreaking session, or to play with the Internet, but to meet interesting people. I had interesting chats with Philip Zimmerman, the author of Pretty Good Privacy public key encrpyption (he is working on a PGP for voice/audio which will do what the infamous Clipper chip is meant to do, without government interference). I got to chat with Padgett Petersen, an anti-virus expert and also with Winn Schwartau and other more anonymous people, including the winner of the "I am a Fed" tshirt in the "Spot the Fed " contest. Winn's book "Information Warfare" has some details of High Energy Radio Frequency weapons, which although military in origin, can apparently be home brewed to produce a 16 megawatt directed pulse which can frazzle a computer at a distance. He raised the possability of a HERF gun demo perhaps at the next DEFCON, out in the desert, providing that the attendees do not have pacemakers etc. The implications of this sort of technology are as significant for us in the UK as they are in the USA. What would have happened if the IRA had used a HERF gun or a similar EMP/T bomb instead of explosives in the City of London ? Dr Mark Ludwig gave his wry International Virus Writing Competion award to one of the proponents of the media hype surrounding the fact of the announcement of a Virus Writing Conference. His Virus CD-ROM containing hundreds of live computer viruses and source code seemed to sell out quickly. He now looks at computer viruses in terms of evoloution and has done experiments with Genetic Algorithm programming to allow virus code to mutate and recombine in order to evade the attentions of anti-virus scanning software. Since he has also published protected mode boot sector infectors, all the snobs who think that just because they are running Linux, Windows NT, or OS/2 that they are safe from mere MSDOS viruses, had better think again. Annaliza (an honourary member of the UK contingent, since she attends the 2600 meetings in London when she is over here) gave a talk about her video "Unauthorised Access" and Christian from the Chaos Computer Club in Germany gave an account of things over there. He also showed the cool video phone technology he is working on using my portable. TDK ran through what was happening in the UK (you should know all about that already) One of the most interesting ideas I picked up from DEFCON was from Stephen Dunifer of Berkley Free Radio. He is involved in Free Radio (i.e. "pirate" broadcasting ) using CAD/CAM designed, stable frequency micro-power transmitters. As these do not drift as much as commercial stations do, there tend to be fewer complaints, and the stations can stay on air longer before the authorities have to be seen to act to shut them down. He and his collegues have been involved in providing such cheap transmitters to the Chiapas indians during and after their recent revolt against the Mexican government. the plans for these, including PCB graphics and component lists are available by ftp from crl.com, directory ftp/users/ro/frbspd What caught my attention was his description of a recent rave in the Bay area, where due to restrictions on amplified music, the DJs broadcast on FM via a micro-power transmitter and got the audience to bring along their boom-boxes. The concept of an audience of ravers all wearing Sony Walkmans seemed quite bizzare and Californian, but it made me think of what might be possible/necessary after the UK Criminal Justice Bill gets passed. There were a couple of interesting talks by private detective / telephone bugging types. I watched a couple of them demonstrate how to pick a lock (somehow one of the hotel's noticeboards with those movable letters behind a locked glass fronted door got re-arranged). With the right tools and a bit of practice it seems quite easy. There is a shop opposite the hotel which sells bugging / anti bugging equipment, which these professionals were naturally contemptuous of. It seems to be a major pastime in the USA, and of course DEFCON aided things by publishing the frequencies used by the local police and hotel security staff. Can Princess Diana be seriously contemplating exile in the USA ? Somehow I think that the "Squidgy" tapes incident would be childs' play in the USA. There was an interesting talk on anonymous remailers, and the possabilities of extending the concept of remailer chaining and encryption. The old military/ diplomatic signals security trick of continuously sending a stream of messages between re-mailers, even when they are have no "real" messages to send was discussed, since it was claimed that anon.penet.fi had been the target of successful traffic analysis. Whilst the convention was in progress, the big event was of course the opening of Planet Hollywood, the film star owned burger restaurant in Caesar's Palace shopping mall. I did mosey along, and the crowds were even bigger than when the one in London opened, all hoping for a glance of Arnie or Bruce. I did not see them, but I did see at least 6 "Hollywood Blonde" women, tall and beautiful, each with a wizened monkey at least twice their age and about half their height as an escort, heading for the opening festivities. I resisted the temptation to go go haring off into the desert in search of something interesting in Area 54 and Groom Lake ("Dreamland") where the US stealth planes and it is rumoured captured UFOs lurk. By the end of the conference, the DEFCON tshirts were no longer causing many double takes "are DEFCON a rock band ?" and I had "nearly" won a jackpot from a slot machine . It was time to head off to San Francisco and then home. All in all I enjoyed DEFCON ][ and look forward to the similar event which TDK may be organising in London this April. Watch this space, and send offers of help, money, etc. care of the editors of PHUK magazine. - Otaku +++ EOF ============================================================================= PHUK MAGAZINE - Phile 5 of 10 ============================================================================= ----------------------------------- ANSWERPHONES - Panasonic KX-T1446BE ----------------------------------- Reading the phile in sUBTERRANEAN TECHNOLOGIES mAGAZINE by nEIL.s on answerphones, (complete with BT Response 400 manual), made me realise that quite a few people mess with these things and that working the commands out is often more of a drag than hacking the remote code. A happened to have a answerphone manual and decided to type in the relevant portions and send them to PHUK magazine. If everyone typed in an answerphone manual then we would soon have the manuals for every answerphone in the known universe .... making our lives considerably easier! Anyway, on with the answerphone manual -- Panasonic KX-T1446BE * to skip outgoing message when dialing in 1 backspace incoming message 2 skip forward incoming message (ICM) 3 incoming message reset 4 memory playback 7 begin re-recording outgoing message (OGM) 8 continue through incoming messages 9 end recording outgoing message 0 turn off machine Playing Back Messages * dial the phone * press remote code during OGM * a beep will sound followed by a number of beebs to tell you how many messages you have got (up to 8 times) * the unit will beep between each message, and 3 times at the end of the messages * every 2 minutes 40 seconds the unit will do 2 beeps, press 8 to continue listening to ICM Playing Back Newly Recorded Messages * press 4 * after 1 beep the unit will play back the messages * during playback of previously heard messages you can skip them by pressing 4 Rewinding/Fast-Forwarding the ICM while Hearing Messages * Push 1 to rewind 15 seconds * push 2 to skip forward 15 seconds Resetting the ICM for Future Messages * To record future messages from the beggining of the tape press 3 after all messages have been played * The unit will rewind the tape to the beginning & do 1 beep * If you have pressed 4 to listen to new messages only press 3 * The unit will rewind etc & beep once * Then press 3 again to rewind the tape * If you reset by mistake then press 2 and hang up to advance the tape to the end of all the messages Recording a Marker Message * After reviewing the messages 3 beeps will be heard, followed 10 seconds later by another 2 beeps. * Record your marker message right after the two beeps * If you hear 6 beeps the tape is full Changing the Outgoing Message * Press 7 * The OGM tape will rewind to the beginning with short beeps and then a long beep will be heard * Record the new outgoing message after you hear the long beep * When you have finished recording press 9 to stop recording * The new OGM will be played back to you Setting & Cancelling Answer Mode * To set: wait 20 rings then hang up * To Cancel: dial up and press 0 -- Right, that's the lot ... anyone else with answerphone manuals or lists of commands send them to us & we'll make sure they get a wide distribution :) +++ EOF ============================================================================= PHUK MAGAZINE - Phile 6 of 10 ============================================================================= ----------------------------- Simple Line Monitor - TheGoat ----------------------------- The simple line monitor provides a number of functions, initialy it was produced to give a visual indication of ringing. Parts : Line connection jack & cable. Two led's, green and red. Two resistors 33K. Small piece of vero. For convenience I used a ready molded phone jack cable scavenged from an old phone, I also found it had a .1" pin socket on the other end, the plug for which was also removeable from the phone, mounting the plug at one end of the vero, I put the resistors and LEDs in the middle to form a small square. 1 +----------------------+ 2 +------\ +----+ ==+2-\-R1----D1+----+ | 3/4 |P/jack]+----//--| + ==+ \--R2----+D2--+ | 5 +------/ +----+ ==+5----------------+ | 6 +----------------------+ Effectivly, pin 2 of the phone jack connects to both resistors each resistor to a diode, note positive of each diode. and finaly both diode ends lead back to pin 5 of the phone jack. Pin 2 ------------------+-------+ | | R1 R2 | | + | D1 D2 | + | | Pin 5 ------------------+-------+ The connection of pin 5 and 2 is not too important. When connected to a line one LED will be lit to show line voltage, if a ring signal is present both LEDs will light brightly in the ring pattern. (ie: flash-flash--blank-blank-..... etc). As such this met the initial requirements, but when we first tried it in anger we found it could also indicate a number of other things. When a phone is also attached to the line and is picked up the single LED will dim to about half its previous brightness. If a futher phone is added, then when the second phone is picked up a futher dimming is noticable. When tapping a line, indication that the destination phone is in use is important. Coming in the next article: Upgrading to give a direct connection to a computer port for Ring Indication. - TheGoat +++ EOF============================================================================= PHUK MAGAZINE - Phile 7 of 10 ============================================================================= ------------------------------ NO GIFT FROM HALLMARK - DrKaos ------------------------------ After the 2600 article by FyberLyte ("The Magical Tone Box", 2600 Vol 10, No.4), I hunted in vain through my local Rat Shack for an ISD1000A but without any joy. Of course I did not plan to do Red Boxing, as it doesn't work in the UK, but I did think that the chip had applications that could stretch as far as a whole number including CF, KP & ST .... When the buzz started about the Hallmark cards that could record speech & tones began, I looked all over for a UK source of the Hallmark cards, even going as far to phone their UK HQ, only to learn that they were not imported into the UK. I did however find a UK supplier, DISET UK, and phoned them with the express idea of engineering some "samples" out of them on the grounds that I wanted to buy several hundred or so of these cards (yeah right!). As this approach seemed to fail I took the backup approach of ordering two cards by mail order for about 12 quid. The cards arrived, and then some MORE cards arrived, and then still MORE cards arrived .... until I had 6 in all...:) I dismantled my card and removed the microphone and crappy little speaker and then put the whole mess into a DAT tape box along with a record/playback switch, an actuation press switch and a phono jack for the imput (throwing away the mike in the process). I won't bore you with the details of the actual construction because that was covered in 2600 Vol 11, No 1 ("A Gift from Hallmark" by Bernie S). Suffice it to say that anyone with half a brain and a soldering iron can figure out how it works and box it adding switches etc themselves. In testing my box I found that I had plenty of space for a good long sequence: Break, Clear Forward, KP2, , ST .... but never managed to succesfully seize a trunk with it (although the break seemed fine). About this time my tone generating machine (an Amiga) broke, and I also learned that the timings were suspect in the box proggie I was using, so I just put it down to the program, threw the box in the drawer and forgot about it. In the meantime I had given out cards to several people, so that they could experiment with them also. One of these nefarious individuals was at that time boxing with a Walkman and was suffering tape stretch, and thought that the Diset Box would be cool. I forgot all about the Diset Box for a while, being occupied with other things, but at a 2600 meeting a while ago the subject of the Diset cards came up and I asked the individual concerned whether he had ever constructed the box. Yes, he had, he replied, but it didn't work!! Apparently, using the same tones and trunks that he could succesfully box over with his Walkman, he had loaded up the box and set off only to find that what did work with his Walkman, did not work with the box :( Shame! Now I thought about this recently, and it seems that there could be several reasons for the failure: (i) volume not loud enough, (ii) distortion or clipping of frequencies caused by the algorithm used in the digitisation process, or (iii) distortion caused by using the crappy little speaker that came with the card. Unfortunately my Amiga is still broken, and until I buy a soundblaster card I cannot generate tones, and that has to wait until I get gainful employment! Still, if anyone has succesfully overcome the problems with the Diset box by improving amplification or speaker quality PHUK magazine would like to hear about it. In the meantime here is the address of Diset UK should anyone want to play with a Diset Box themselves. Diset UK, Portica House, Addison Road, Chilton Industrial Estate, Sudbury, Suffolk, CO10 6YJ. Phone: 0787-310775 - DrKaos +++ EOF============================================================================= PHUK MAGAZINE - Phile 8 of 10 ============================================================================= ------------------------------------------ British Telecom - Computer Security Manual ------------------------------------------ Mrs. Brady, of Doncaster ------------------------ Heads up!! This one is a goody! sent to us anonymously by someone who wishes only to be known by the name of Mrs. Brady of Doncaster, this is a delightful trashing find of the British Telecom Computer Security manual!! Run in PHUK as a three part series, here is the first part, right up to the bits about computers and networks ... which should make you all look forward to the next issue of PHUK magazine....:) SEC|POL|AO12 NOT TO BE SHOWN OUTSIDE BT ISIS Directive Computer Security Manual Origin: Security and Investigation Directorate Issue 7: March 1993 Contents Foreword by the chairman. . . . . . . . . . . . . . . . . iv Amendment record sheet. . . . . . . . . . . . . . . . . . . v List of effective pages . . . . . . . . . . . . . . . . . vii Introduction and scope. . . . . . . . . . . . . . . . . . 1-1 Introduction. . . . . . . . . . . . . . . . . . . . . . . 1-2 Scope and purpose . . . . . . . . . . . . . . . . . . . . 1-2 Relationship to the previous issue. . . . . . . . . . . . 1-3 Structure of the manual . . . . . . . . . . . . . . . . . 1-3 Feedback. . . . . . . . . . . . . . . . . . . . . . . . . 1-4 Use of the CSM by suppliers and contractors . . . . . . . 1-4 Acknowledgements. . . . . . . . . . . . . . . . . . . . . 1-4 Objectives and policy . . . . . . . . . . . . . . . . . . 2-1 Introduction. . . . . . . . . . . . . . . . . . . . . . . 2-2 Corporate policy on electronic system security. . . . . . 2-2 Objective . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Relationship to other security policies . . . . . . . . . 2-2 Responsibility for security . . . . . . . . . . . . . . . 2-3 Derivation of security requirements . . . . . . . . . . . 2-4 Security policy for the life cycle. . . . . . . . . . . . 2-6 Security evaluation, certification and accreditation. . . 2-7 Security approvals. . . . . . . . . . . . . . . . . . . . 2-9 Product security. . . . . . . . . . . . . . . . . . . . .2-10 Communications and network security . . . . . . . . . . . 3-1 Introduction. . . . . . . . . . . . . . . . . . . . . . . 3-2 System interconnection . . . . . . . . . . . . . . . . . 3-4 Network management . . . . . . . . . . . . . . . . . . . 3-5 Network architecture . . . . . . . . . . . . . . . . . . 3-5 Threats to networked systems . . . . . . . . . . . . . . 3-8 Cryptographic protection . . . . . . . . . . . . . . . .3-13 Electronic Mail Systems . . . . . . . . . . . . . . . . .3-14 Electronic systems insta11ations . . . . . . . . . . . . 4-1 Introduction . . . . . . . . . . . . . . . . . . . . . . 4-2 Accommodation . . . . . . . . . . . . . . . . . . . . . . 4-2 Services . . . . . . . . . . . . . . . . . . . . . . . . 4-4 Electronic system equipment sign posting . . . . . . . . 4-5 Physical access control strategy . . . . . . . . . . . . 4-5 Personnel access . . . . . . . . . . . . . . . . . . . . 4-7 System or master consoles . . . . . . . . . . . . . . . . 4-8 Other terminals . . . . . . . . . . . . . . . . . . . . . 4-9 Communications rooms and equipment . . . . . . . . . . . 4-9 Media libraries and disaster stores . . . . . . . . . . . 4-9 5 Personal computers . . . . . . . . . . . . . . 5-1 5.1 Introduction . . . . . . . . . . . . . . . . . 5-2 5.2 Personal security responsibility . . . . . . . 5-3 5.3 PC and data access security. . . . . . . . . . 5 4 5.4 Security of software . . . . . . . . . . . . . 5-8 5.5 Personal computer communications . . . . . . . 5-8 5.6 Contingency planning . . . . . . . . . . . . . 5-10 5.7 File Servers . . . . . . . . . . . . . . . . . 5-12 6 User access to computers . . . . . . . . . . . 6-1 6.1 Introduction . . . . . . . . . . . . . . . . . 6-3 6.2 Regulating access to computers . . . . . . . . 6-3 6.3 Identification . . . . . . . . . . . . . . . . 6-4 6.4 Passwords. . . . . . . . . . . . . . . . . . . 6-6 6.5 Limitations of password security . . . . . . . 6-10 6.6 Logging on . . . . . . . . . . . . . . . . . . 6-11 6.7 Logging off. . . . . . . . . . . . . . . . . . 6-14 6.8 User privileges. . . . . . . . . . . . . . . . 6-15 6.9 Access to user files . . . . . . . . . . . . . 6-16 6.10 Customer access to BT computers. . . . . . . . 6-17 6.11 Contractors . . . . . . . . . . . . . . . . . .6-18 7 Software and data . . . . . . . . . . . . . . .7-1 7.1 Introduction. . . . . . . . . . . . . . . . . .7-2 7.2 Software installation and maintenance . . . . .7-2 7.3 Log facilities and system data. . . . . . . . .7-4 7.4 Data sensitivity. . . . . . . . . . . . . . . .7_7 7.5 Storage . . . . . . . . . . . . . . . . . . . .7-8 7.6 Disposal of media . . . . . . . . . . . . . . .7-9 7.7 Computer viruses. . . . . . . . . . . . . . . .7-11 8 Administraion . . . . . . . . . . . . . . . . .8-1 8.1 Introduction. . . . . . . . . . . . . . . . . .8-2 8.2 Personnel . . . . . . . . . . . . . . . . . . .8-2 8.3 Disaster protection . . . . . . . . . . . . . .8-7 9 Data protection act . . . . . . . . . . . . . .9-1 9.1 Introduction. . . . . . . . . . . . . . . . . .9-2 9.2 Data protection act principles. . . . . . . . .9-2 9.3 Definitions . . . . . . . . . . . . . . . . . .9-3 9.4 Registration. . . . . . . . . . . . . . . . . .9-4 10 Further information . . . . . . . . . . . . . .10-1 10.1 Introduction. . . . . . . . . . . . . . . . . .10-2 10.2 Security contacts . . . . . . . . . . . . . . .10-2 10.3 Sources of other guidance . . . . . . . . . . .10-4 10.4 Contingency Planning for Anton Piller Orders. .10-7 10.5 GLS conhcts (1993/94) . . . . . . . . . . . . .10-9 11 Approved products . . . . . . . . . . . . . . .11-1 11.1 Introduction. . . . . . . . . . . . . . . . . .11-2 11.2 List of products. . . . . . . . . . . . . . . .11-2 G Glossary. . . . . . . . . . . . . . . . . . . .G-1 Foreward by the chairman A vital element in our drive to achieve the highest quality of service standards is the provision of a secure work environment. This means that our resources - people, systems, information and physical assets must be protected against a variety of threats which range from the malicious to the criminal. We also have security obligations that form part of the legal and regulatory requirements we must observe. The Information Security Code, Computer Security Manual and Physical Security Handbook define the ways in which we can maintain a secure environment. They clarify our responsibilities and provide the expert guidance which we can use to achieve and maintain the levels of security appropriate to the various activities of BT. The rules outlined in these publications are mandatory. IDT Vallance Introduction and scope Contents 1.1 Introduction . . . . . . . . . . . . . . . . . . . 1-2 1.2 Scope and purpose. . . . . . . . . . . . . . . . . 1-2 1.3 Relationship to the previous issue . . . . . . . . 1-3 1.4 Structure of the manua1. . . . . . . . . . . . . . 1-3 1.5 Feedback . . . . . . . . . . . . . . . . . . . . . 1-4 1.6 Use of the CSM by supp1iers and contractors. . . . 1-4 1.7 Acknowledgements . . . . . . . . . . . . . . . . . 1-4 1.l Introduction British Telecom (BT) is highly reliant on electronic systems to support its business processes. Computers are used in many critical points in the business: in switching systems, administration systems and management systems. Many of these systems are either interconnected, or are planned to be interconnected, BT's infrastructure of systems will become highly integrated. This evolutionary process makes security even more important. It is becoming possible to access a wide variety of information from a single terminal. Furthermore, a security flaw or failure in one system may allow unauthorised access or misuse of other systems. BT possesses valuable information about its customers and their commercial operations which it is our responsibility to safeguard. Coupled with this should be an awareness of the possibility of computer crime by people inside and outside BT. While security failures are, like any other quality failure, bad business practice, the repercussions may be more serious. There are many motivators for good electronic security. BT is obliged under the terms of its current licence to observe a Code of Practice on disclosure of customer information. Disclosure of information could also provide likely movements in the price of BT shares or those of our suppliers. It could be used to embarrass the business by disclosure of commercial negotiations. The business could also suffer through corruption or loss of data. There could also be personal legal liability under the terms of the Data Protection Act in the event of security failure. All these possibilities make the security of BT computer operations increasingly important. Good security does not have to be expensive. Often simple, low-cost measures, combined with a positive attitude to security, can achieve considerable reduction in the vulnerability of BT systems. 1.2 Scope and purpose Although this manual is called the Computer Secunty Manual, it encompasses all electronic systems that are broadly computer-based. It applies equally, for example, to digital switching systems and building access control systems, as well as to the mainframe and personal computers for which it has customarily been used. BT is now operating in a global environment and its activities cover most parts of the world. Many of its non-core activities and overseas operations are carried out through subsidiary companies. All people working in these wholly-owned subsidiaries are also "BT people". "BT" refers to the parent company and all its wholly owned subsidiaries. Adoption of the CSM in partly-owned subsidiaries will be a matter negotiated between the Director of Security and Investigation and the senior management of each part-owned subsidiary. The purpose of the Computer Secunty Manual is to enable BT people to recognise possible threats to BT s systems, and to bring together the current guidance on electronic security principles and practices which may be used to minimise the risk. Examples of threats include: o natural calamities such as fire or flood o sophisticated tampering o software errors o hardware failure o vulnerability of communication links o unauthorised use of terminals o hacking o deliberate damage, and o fraud. The Computer Security Manual is primarily intended for those who specify security requirements in BTs systems and those who implement them, it is also essential reading for users of those systems so that they may understand the rationale behind the protective measures that may be imposed upon them. While it is recognised that the threats to BT's systems are constantly changing, the guidance given is the best available at the time of issue. It should be recognised however, that guidance will need to be revised when existing threats change or new threats appear. 1.3 Relationship to the previous issue Although some of the policies on electronic systems security affecting computers have changed since the last issue, the previous structure has been retained where possible, so as to cause minimum inconvenience to users of the manual. 1.4 Structure of the manual This version of the Computer Security Manual contains mandatory requirements, called CSM Policies, which should be followed in the design, implementation and operation of systems. The CSM Policies describe various mechanisms that can be employed to protect the security of an electronic system, and are derived from threats (that have been found) and countermeasures that can be used. The main text provides guidance and background to the CSM Policy statements. The chapters have been ordered to reflect the larger view of systems (networked systems and the supporting network infrastructure), and then narrowing that view to large computer systems, personal computers, and so on. The page number found at the bottom of each page is in the format chapter-page in chapter and facilitates the easy replacement of entire chapters without upsetting the numbering of pages in subsequent chapters. 1.5 Feedback The policy and guidance contained in e Computer Security Manual is prepared and issued after extensive discussion with experts in electronic security throughout the business. The Electronic Security Unit welcomes feedback from users on the adequacy of the guidance given, so that future issues may be improved. 1.6 Use of the CSM by suppliers and contractors The CSM is the baseline document for the protection of BT's electronic assets on BT premises, in transit, at employees' homes or on contractors' premises. Where a supplier or contractor has obligations to protect BT assets, a copy of the CSM may be loaned to supply the necessary guidance provided: Agreement is obtained from DSecI 2 A non-disclosure agreement is in place with the supplier or contractor based on the "Acceptance Agreement from BT"' contained within the Information Security Code 3 Sections 10 and 11 are removed from the manual before it is lent to anyone outside BT. 4 The manual is returned to BT upon completion or termination of the contract. Updates to the CSM will be sent to the manager who originally arranged the loan, who must ensure that the update arrangements meet criteria 3 and 4 above. The CSM must be returned on completion of termination of the contract. 1.7 Acknowledgements We would like to thank the help received by all parts of the BT Group in the production of this version of the Manual. In particular, Group Security, Group Information Services, British Telecom International, British Telecom Security Consultancy, Business Communications, Development and Procurement, Internal Audit, and to others for their feedback to this, and previous issues of the Manual. Objectives and policy Contents 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2-2 2.2 Corporate policy on electronic system security . . . . . 2-2 2.3 Objective. . . . . . . . . . . . . . . . . . . . . . . . 2-2 2.4 Relationship to other security policies. . . . . . . . . 2-2 2.4.1 Application . . . . . . . . . . . . . . . . . . . . . . 2-3 2.5 Responsibility for security . . . . . . . . . . . . . . . 2-3 2.5.1 Business operation or process owner. . . . . . . . . . . 2-3 2.5.2 System supplier. . . . . . . . . . . . . . . . . . . . . 2-4 2.6 Derivation of security requirements. . . . . . . . . . . 2-4 2.6.1 Value and impact analysis. . . . . . . . . . . . . . . . 2-4 2.6.2 Data sensitivity . . . . . . . . . . . . . . . . . . . . 2-4 2.6.3 Countermeasures . . . . . . . . . . . . . . . . . . . . .2-5 2.6.4 Risk analysis. . . . . . . . . . . . . . . . . . . . . . 2-6 2.7 Security policy for the life cycle . . . . . . . . . . . . 2-6 2.8 Security evaluation, certification and accreditation . . . 2-7 2.8.1 Scope of accreditation . . . . . . . . . . . . . . . . . 2-7 2.8.2 Four-stage approach to security accreditation. . . . . . 2-7 2.9 Security approva1s . . . . . . . . . . . . . . . . . . . 2-9 2.10 Product security . . . . . . . . . . . . . . . . . . . . 2-9 2.1 Introduction This chapter describes the objectives of the Computer Security Manual, and places electronic security in the context of the security infrastructure for BT s business operations and processes. 2.2 Corporate policy on electronic system security The electronic systems security policy for the BT Group as affirmed by Malcolm Argent, Group Director & Secretary, on 8th August 1990 is reproduced below. "The British Telecom Group attaches particular importance to the security of its business processes and systems. The Group's policy on electronic security is to ensure that we properly safeguard all our switching systems, information systems and other electronic assets, having regard to legal and regulatory requirements, our commercial interests and sound business practices. This policy covers all aspects of the electronic environment: systems; administration procedures; environmental controls; hardware; software; data and networks. It applies to all stages in the system life cycle, from feasibility study through to in service and operations. It applies no matter whether the system is developed or bought by BT. It is the responsibility of managers at all levels to observe this policy themselves and to ensure that it is fully understood and followed by their people. To help managers carry out their responsibilities, the Director of Security and Investigation will issue appropriate guidelines, on a continuing basis, supplementing the requirements of the Computer Security Manual, The Information Security Code and the Physical Security Handbook to take account of changing threats to BT's electronic systems. He will also be the central point of information for the Company's policy on electronic security and will monitor compliance with it. " 2.3 Objective The Computer Security Manual draws together the policies applying to computer systems in particular, and electronic systems in general, supplementing it with guidance and advice on implementation. Within the BT Group there are many different computer systems supporting a multitude of business processes. Therefore it is not possible to produce specific recommendations for the security of every aspect of every system. The objective of the Manual is to concentrate on the baseline policy and guidelines generally applicable to BT systems. 2.4 Relationship to other security policies The Computer Security Manual is an elaboration and extension of the information security strategy contained in the Information Security Code. 2.4.1 Application Except where inapplicable, the Policies enumerated in the Computer Security Manual are MANDATORY. For example: Passwords are not a mandatory feature of all BT systems, but where an analysis suggests that passwords are a sufficiently strong measure to regulate access to those systems, the relevant policies on passwords contained in this Manual become mandatory. Policies usually appear after any descriptive text and are numbered to assist the checking of compliance in systems. While Policies are mandatory, all supporting guidance and advice on implementing the policies is discretionary, although strongly recommended to achieve a harmonious and consistent approach to electronic security throughout the BT Group. Policies appear within boxes. POLICY 2.1: ASSIMILATION OF REVISED MANDATORY POLICY From the date of publication, this issue of the Computer Security Manual applies to all new systems supporting BT's business operations and processes. It also applies to any changes to existing systems, in particular where an opportunity to update security occurs, so as to achieve greater compliance with the policies given in this manual. 2.5 Responsibility for security Every BT employee, and those contracted to work for BT have the responsibility to ensure the security of BT assets. Where the asset is information, the degree of protection needed is defined by the owner of the information. Additional measures may be required beyond those necessary to protect BT's information assets because of legal requirements. 2.5.1 Business operation or process owner It is the responsibility of the owner of each business operation or process to recognise the value of their activity, and the potential impact on the business from security failure. In the context of the Computer Security Manual, ownership of a process is defined as the manager responsible or accountable for the process. The responsibility of the business operation or process owner also extends to ensuring that, in general terms, security of the systems supporting the process is adequate in relationship to the impact of security failure. A service level agreement should exist between the business process and the system owners. POLICY2.2: RESPONSIBILITY ASSIGNED TO PROCESS OWNERS The owner of each business process shall ensure that security is adequate in the systems that support the process. 2.5.2 System supplier The process owner will be responsible for evaluating the impact of security failure and deciding on the general requirements for security. The detailed implementation of security controls and countermeasures to meet the owner's requirements will be the responsibility of the system supplier whose computer systems support the process. The process owner and the computer supplier will usually be linked through a customer/supplier relationship. The quality of computer security, including the adherence to the policies described in this Manual should be the subject of a Service Level Agreement. 2.6 Derivation of security requirements 2.6.1 Value and impact analysis The security measures needed to safeguard each business process wil be determined from the sensitivity of the material handled and the impact of security failure, defined in terms of confidentiality, integrity and availability. The owner of each business operation or process will ensure that the value of the information processed and the impact of security failure are known since they are the core parameters in the rationale of cost-effective security. Sometimes the value of the information may be obvious and easily quantified as a monetary expression. On other occasions, the value of the information or processing capability is less apparent, protection being necessary to safeguard only the reputation or credibility of the Business. Impact of failure includes the concepts of asset value, importance, damage to the business because of information disclosure, loss of accuracy or currency of the information, and loss of the use of business-critical resources. 2.6.2 Data sensitivity The Informaion Security Code describes the privacy marking to be used to identify information which requires a level of protection beyond that provided by a clear desk policy. Currently this protection is defined only in terms of the confidentiality requirements of security. There is no comparable marking for integrity or availability. Information stored using electronic media is more vulnerable wen stored than information on paper . It can be easily modified without trace, and its content is not immediately obvious. It is readily deleted, and in large systems can be easily lost. Therefore the sensitivity of electronic data should be specified in terms of the impact of loss arising from failure of confidentiality, integrity or availability. To preserve compatibility with the paper-based system, data sensitivities for electronic information use the same criteria for assessing the impact of security failure, thus allowing common threat models to be used. 2.6.2.1 Sensitivity level 1 Information for which the impact of inaccuracy, alteration, disclosure or unavailability would be to cause inconvenience or reduction in operational efficiency. 2.6.2.2 Sensitivity level 2 Information for which the impact of inaccuracy, alteration, disclosure or unavailability would be to cause any of the following: o Significant financial loss to BT; o Significant gain to a competitor; o Marked embarrassment to BT; o Marked loss of confidence to BT and its commercial dealing; o Marked reduction of BT's standing in the community or to relationships generally. Information marked IN CONFIDENCE has sensitivity level 2. 2.6.2.3 Sensitivity 1evel 3 Information for which the impact of inaccuracy, alteration, disclosure or unavailability would be to cause any of the following: o Substantial financial loss to BT; o Substantial gain to a competitor; o Severe embarrassment to BT; o Serious loss of confidence in BT; o Serious reduction of BT's standing in the community or to relationships generally. Information marked IN STRICTEST CONFIDENCE has sensitivity level 3 and are called in this manual High Impact Systems. 2.6.2.4 Sensitivity levels above 3 Impact scenarios exist for failures of security for data beyond sensitivity level 3. Specialist advice is available from the Director of Security and Investigation on electronic systems which process: corporate plans; business propositions (new enterprises, flotations, joint ventures, take-overs); personnel and industrial relations matters; marketing strategies and plans; financial and tariff proposals, and high-level contractual matters, or other information which is price-sensitive within the terms of the Stock Exchange Listing Agreement. POLICY2.3: VALUE OF ASSETS AND IMPACT OF FAILURE The value of the information, assets or processing capability to be protected shall be estimated and recorded, as shall the impact of possible disclosure, inaccuracy, incompleteness or unavailability of that information. 2.6.3 Countermeasures A fundamental objective is to ensure that the countermeasures deployed to protect sensitive information or processes should be practical and appropriate to the threats against the electronic systems, giving due regard to the impact of security failure. While insufficient, inappropriate, or poorly implemented countermeasures may leave a system unduly vulnerable, excessive countermeasures may lead to complacency, the neglect of security operating procedures, and an unjustifiably high overhead of processing power, or severe operational difficulties. POLICY 2.4: COUNTERMEASURES The cost of countermeasures should be appropriate to the threats to security and business processes, the value of the information being protected and the impact of any security failure. 2.6.4 Risk analysis It is the responsibility of the owner of each business operation or process to assess and manage effectively the degree of risk to commercially sensitive information, and the resilience of critical business processes supported by computer-based systems. The risk analysis will take cognisance of the value of the information or critical processes being protected, and the perceived threats to the system. Furthermore, the risk analysis should not be a once-only exercise. It should be repeated regularly and revalidated whenever significant changes occur to the security assumptions. POLICY2.5: RISK ANALYSIS At all principal stages during the life cycle of each project involving the storage or processing of commercially sensitive information, or the provision of High Impact Systems, a risk analysis shall be undertaken. The analysis, which must be repeated periodically or revalidated to assess the impact of change, must be so as to determine the vulnerability of the commercially sensitive information or applications in its processing environment, given the prevailing threats to security, the countermeasures deployed, and the value of the information being processed. 2.7 Security policy for the life cycle The preparation of a Security Policy Document (Security Statement) should be viewed as an integral part of the life-cycle of business processes. At the beginning of each project a security policy will be prepared to guide the implementation of security in the systems that will support the business operation. This vital step is necessary to ensure that correct business planning decisions are taken. Where security is a relevant feature of a process, its provision will be costed and included in business cases going forward for financial approval. POLICY 2.6: SECURITY POLICY DOCUMENT A Security Policy Document will be prepared by the owner of a business process, outlining the system, the impact or loss associated with possible security failure, the threats to the system, the proposed countermeasures, and a risk analysis. The Security Policy Document will guide development and implementation of security features during the development life- cycle of the system that supports the business process, of which electronic security is an integral part. A Security Policy Document is also required for existing systems where the impact of security failure is high. Details of all BT multi-user, administration and management systems must be registered by the Development Manager on the Applications Inventory. This is the catalogue of the company's software assets, and is used to inform People of what systems exist and assist management of the portfolio. The requirement to register covers systems that are either developed or procured by BT. Details may be found in section 10. 2.8 Security evaluation, certification and accreditation The accreditation life cycle is a process for checking that appropriate security is built into the specification, development and operational procedures for systems, thereby ensuring that the security requirements of the business are met prior to the system becoming operational. Security accreditation for electronic systems has three main objectives: - to ensure that the level of security in BT's High Impact Systems is adequate; - to prevent systems without adequate security being deployed until remedial action has been undertaken; and - to provide a framework for the continued improvement of the quality of security in BT's systems. 2.8.1 Scope of accreditation System security accreditation is a process which is undertaken to ensure that security mechanisms, procedures and functions have been implemented in a way that guarantees a level of confidence in the quality of the system security. The BT scheme, which is broadly based upon the 'Information Technology Security Evaluation Criteria' (lTSEC), is facilitated through agents operating on behalf of the Director of Security and Investigation. 2.8.2 Four-stage approach to security accreditation The object of Security Accreditation is to reduce the risk of security failure without unduly delaying the implementation of important systems. To assist in meeting this objective a four-stage accreditation process has been developed. 2.8.2.1 Stage 1 - Security Policy Document (Creation and Approval) The Security Policy Document (SPD) outlines the system, the impact or loss associated with possible security failure, the threats to the system and the generic countermeasures. The SPD will also contain a risk analysis and an assurance rating to be used during subsequent evaluation and certification. Only high impact systems progress into the evaluation, certification and accreditation stages. Note, however, that all new systems must have a System Security Statement, regardless of the need to progress into stage 2. The SPD is created by the owner of the business process and approved by DSecI. 2.8.2.2 Stage 2 - Evaluation Those systems which are to be included in the accreditation process, as indicated within the SPD and agreed by Director of Security and Investigation (DSecl), will be evaluated to ascertain that the required level of assurance has been achieved. The SPD is the baseline document against which the system is evaluated. DSecI will nominate an evaluator to gain and subsequently analyse information on the following: Requirements - a detailed description of the system requirements relating to its security. Architectural design - an examination of the system architecture. Detailed design - a more detailed description on how specific security components have been designed. Implementation- evidence of functional and mechanism testing. Examination of source code and hardware drawings. Configuration control- evidence of an effective change control procedure which is able to provide unique identification of the system and details of an acceptance procedure. Program languages and compilers - details about the language(s) used. Developers' security- security procedures including physical and personnel arrangements. Operational documentation - examination of the user and administration documentation provided. Operational environment- - delivery and configuration - configuration information, delivery and audited system generation procedures and evidence of an approved distribution procedure; - startup and operation - secure startup and operation procedures, including a description of security functions that have a relevance during system startup. Evidence that effective hardware diagnostic test procedures exist. 2.8.2.3 Stage 3 - Certification Certification occurs after the system has been developed. In order for certification to be given, the evidence as described within the evaluation report(s) must show that security has been correctly applied during the development phase. 2.8.2.4 Stage 4 - Accreditation Final accreditation occurs after the system has been running for a limited period of time as agreed between DSecI and the Process Owner. The purpose of the trial is to allow the secure operating procedures to be assessed in a live environment. The system is then inspected in its operational environment to ascertain whether compliance has been achieved. When a security audit indicates that this aspect of security is satisfactory, final security accreditation can be given, after which the system enters the normal periodic security audit cycle. POLICY 2.7: SECURITY ACCREDlTATION It is the responsibility of the owner of each business process, for which the impact of failure is high, before making operational use of the system to furnish the Director of Security and Investigation with evidence that the security requirements described in its Security Policy Document have been observed during the development life cycle. 2.9 Security approvals Many of the policies within the Computer Security Manual require that only products approved by the Director of Security and Investigation may be used to protect BT commercially sensitive information and processes. SecID maintains a list of approved products. If you require a product to be submitted through the approvals procedure it is necessary to do this via SecID. See the contact data in Section 10. 2.10 Product security Developers and procurers of products for internal BT use should be aware of the target market for the products. An assessment must be made of the likely sensitivity of material handled by the product. Although security demands personal responsibility from the people carrying out a particular business process, managers should not avoid the responsibility of providing users with a secure product environment. It is much better to design security into products rather than to add it on as an afterthought. Substantial economies of scale can be achieved by building security into products. POLICY 2.8: PRODUCTS FOR INTERNAL USE Managers shall ensure that the security of products intended for internal BT use meet users' needs. A clear statement shall be included with all literature giving the sensitivity level for which the product is suitable, and the circumstances under which it will retain its suitability. Communications and network security Contents 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . 3-2 3.1.1 General policies . . . . . . . . . . . . . . . . . . . 3-2 3.2 System interconnection . . . . . . . . . . . . . . . . 3-4 3.3 Network management . . . . . . . . . . . . . . . . . . 3-5 3.4 Network architecture . . . . . . . . . . . . . . . . . 3-5 3.4.1 Private circuits . . . . . . . . . . . . . . . . . . . 3-5 3.4.2 Public Switched Telephone Network (PSTN) . . . . . . . 3-6 3.4.3 Public data networks . . . . . . . . . . . . . . . . . 3-6 3.4.4 Local area networks. . . . . . . . . . . . . . . . . . 3-7 3.5 Threats to networked systems . . . . . . . . . . . . . 3-8 3.5.1 Information disclosure . . . . . . . . . . . . . . . . 3-8 3.5.2 Unauthorised access. . . . . . . . . . . . . . . . . . 3-10 3.5.3 Modification, insertion and deletion . . . . . . . . . 3-12 3.5.4 Denial or failure of service . . . . . . . . . . . . . 3-12 3.6 Cryptographic protection . . . . . . . . . . . . . . . 3-13 3.7 E1ectronic Mail Systems. . . . . . . . . . . . . . . . 3-14 3.1 Introduction Transmitting information between computers and other electronic based systems can represent a substantial threat to security. Therefore safeguards appropriate to the sensitivity of the information and the transmission medium should be adopted during its transmission. Most of the measures described in this section are concerned only with the protection of communication links against attack by unauthorised persons. Few of the techniques safeguard against illicit activities by authorised users who misuse their privilege. This section gives guidance on the acceptability of various communications methods and services for the transfer of commercially sensitive information. The methods recommended do not necessarily give complete protection absolute security is never feasible. This section addresses the issues of computer systems connected by networks, either to other computers for exchange of information or to enable remote access where the users of computer-based applications are remote from the service or information provider. The advice and guidance offered herein is applicable to networks of mainframes, personal computers and terminals or any combination of them. 3.1.1 General policies The following general policies apply to every case of electronic transfer of privacy marked information. POLICY 3.1: INFORMATION CORRECTLY LABELLED The originator shall ensure that information to be communicated is correctly marked in accordance with the Information Security Code. POLICY 3.2: INFORMATION APPROPRIATELY PROTECTED It is the responsibility of the author and originator of privacy marked or commercially sensitive information communicated via electronic means to ensure that it is always correctly safeguarded. \POLICY 3.3: INFORMATION CORRECTLY ADDRESSED The originator shall ensure that IN STRICTEST CONFIDENCE information is sent only to a specific authorised recipient. POLICY 3.4: TRANSMISSION OF HIGH IMPACT OR IN STRICTEST CONFIDENCE ELECTRONIC INFORMATION HIGH IMPACT or IN STRICTEST CONFIDENCE information shall not be transmitted without the protection of an encryption system approved by Director of Security and Investigation except where one of the following is used: 1. private circuits for which access to all distribution frame and flexibility points are secured for HIGH IMPACT or IN STRICTEST CONFIDENCE information, and which are routed via ducts, risers and conduits having tamper detecting seals. 2. fibre optic circuits for which all connection points are secured for HIGH IMPACT or IN STRICTEST CONFIDENCE information, 3. an Exclusive LAN in a secured area used only by BT People. POLICY 3.5: TRANSMISSION OF IN CONFIDENCE ELECTRONIC INFORMATION IN CONFIDENCE information shall not be transmitted without the protection of approved encryption system unless communication is strongly authenticated, such as by: 1. via Private Circuits between BT buildings, 2. via the Public Switched Telephone Network with approved dialback systems, 3. via the PSS using closed user groups (or equivalent), or 4. via the PSS with a challenge response system. POLICY 3.6: USE OF ELECTRONIC MAIL SYSTEMS Privacy marked or sensitive information shall not be transmitted between systems using Electronic Mail Systems that have not been approved as suitable for that use by the Director of Security and Investigation. POLICY 3.7: SPECIAL DISPENSATION IN AN EMERGENCY Where special justification exists, for example in emergencies, IN STRICTEST CONFIDENCE information may exceptionally be transmitted according to the conditions for IN CONFIDENCE material. In these circumstances, prior authority from a person in the Senior Management Group shall be obtained on each occasion. System interconnection The connection of a system of computers by means of a network forms the basis for bilateral agreements and practices between those responsible for the security of the computers and those responsible for the security of the network. A failure by any of those involved to correctly secure the equipment for which they are responsible, may result in a failure of security of the entire network. It is the responsibility of the owners of all computer systems connected to a network to ensure that their security is not compromised by the network techniques used, or by any subsequent changes to the network configuration and topology. Before allowing connection of a computer system to a LAN or other network, the owners of the business processes entrusted to that system must satisfy themselves that their policy for security will not be violated. Connection must be refused by the computer system administrator on behalf of the business process owner if the networking arrangements are or become inconsistent with the security policy. These considerations apply to any network which permits access to several computer systems via a common telecommunications facility (whether all users need such access or not). The connection of any computer system to a network introduces a number of additional threats to the security of that system, to the security of the network and to any other computer system sharing the network. By far the greatest threat to a computer connected to a network is the possibility of unauthorised access from other network users. Other threats include the accidental or unintentional distribution of privacy marked information across the network. The vulnerability of the network increases because the authority to grant users permission to access the network is given to the administrator of the connected computer system. If that computer were already connected to another network, for example, the number of potential users might increase dramatically. POLICY 3.8: CONNECTION OF A COMPUTER SYSTEM TO NETWORKS The administrators of a computer system connected to networks shall ensure that the network arrangements do not contravene the security policy of the business processes or applications being supported by their system. POLICY 3.9: INTERCONNECTION OF NETWORKS Networks shall not be joined together unless it can be shown that the resulting network does not contravene the security policy of either network or of the security policy of those systems connected to either network. POLICY 3.10: ADMINISTRATION OF A COMPUTER CONNECTED TO A NETWORK The administrators of a computer system connected to networks shall ensure that the security administration of their system does not contravene the security policy of the network to which their system is connected. 3.3 Network management Owners of systems connected to a network have a level of expectation about the services that the network provides. For example, network users may expect that the service: o is available when it is needed, o has sufficient capacity to carry the load, o is able to ensure the confidentiality of information in transit, o does not corrupt the information in transit, o delivers the information to the intended recipient, o restricts access to those so authorised. The level of service offered by the network should be well documented and will form the basis of any contract between the owner of the network and the owners of the connected systems. POLICY 3.11: NETWORK SECURITY POLICY Providers of networks that claim to provide security functions shall declare to their users and customers the protective measures, and conditions placed on the users of the network, for security offered by the network and shall make available a document describing these features and their applications. 3.4 Network architecture The following means of computer-to-computer and user-to-computer access are commonly encountered: o Private Circuits, o Public Switched Telephone Network, o Public data networks (PSS, for example), o Local Area Networks (of various types), and o Integrated Services Digital Network (called IDA in the UK). 3.4.1 Private circuits Private Circuits are often perceived as being secure because of their immunity to logical attack, that is, hacking. They are not necessarily physically secure because their fixed routing may make them vulnerable to direct interception. Typically, Private Circuits may be routed via the distribution frame of the local exchange and the building serving the user. Unless otherwise protected, the information on the Private Circuit is vulnerable to interception at these points. 3.4.2 Public Switched Telephone Network (PSTN) The PSTN is open to public access and is the favoured medium for unauthorised access world-wide. Because Calling Line Identification (CLI) is not currently provided as a basic facility, it is not easy to identify the origin of connection attempts. For this reason, dialup PSTN access to BT systems containing sensitive data is forbidden unless adequate precautions are taken. The connection of computers to the PSTN for the purposes of outward-bound connections to information service providers is strongly discouraged unless it can be demonstrated that the connection equipment cannot be subverted or incorrectly configured so as to permit inward-bound connections. POLICY 3.12: PSTN CONNECTION TO BT SYSTEMS BT computer systems containing or processing sensitive information shall not be connected to the PSTN unless adequate precautions are taken to protect the system from unauthorised access. 3.4.3 Public data networks Worldwide, there are many different data networks available to the public. The following comments refer specifically to BT's UK data network known as PSS. In general, there are two methods by which a connection to PSS can be achieved: ] o by direct connection (a private circuit connecting the user to the X25 network), or o by dial connection (via the PSTN, to an X25 PAD in the network). Each user of PSS is identified by a Network User Address (NUA) which is analogous to a telephone number. Where the user is directly connected to PSS, the NUA is permanently associated with that line and can provide a valuable check on the user's identity. If the user gains access to the PSS by dial connection to a PAD, he identifies himself to the network by means of a password (sometimes called the Network User Identity, NUI). This is, in turn, checked by the network management software to find the corresponding NUA of the user. Because the NUA does not identify a particular line or location, security may be compromised if a password is discovered by other people. Use of the following facilities can decrease the vulnerability of the PSS to attack: o All authorised users can be included in a Closed User Group (CUG). In effect, this creates a private network not available to unauthorised parties. However this advantage may be compromised if the CUG includes the NUAs of dial-up users who are authenticated only by passwords. o The caller's Network User Address (NUA) provided by PSS can be checked by the host against a list of authorised callers. 3.4.4 Local area netvorks Access to computers and computer-to-computer communications via LANs may present a substantial risk to security. Most LANs are implemented using a shared transmission medium which broadcasts all the signals to most or all of the attached nodes. Some LANs support Closed User Groups (CUGs) in a manner analogous to the PSS and so may also provide some call origination information. The relative ease of user access to LAN control software and hardware makes dependence on the security of any of these facilities unwise. The situation is especially aggravated where LANs are connected by gateways to one another, the PSS, or to the PSTN. In each case the risk of unauthorised access is increased enormously. See earlier CSM Policies in this section regarding the interconnection of networks. Data on LANs are generally regarded as being at risk because: o Most LANs are designed around a shared communications facility which generally broadcasts signals to all of the attached nodes, security being dependent on access points ignoring messages not specifically addressed to them. O LANs are frequently used as the carriers of Office Automation facilities in the office environment where system security was not necessarily a prime consideration in the original choice of the accommodation. O LAN signalling sometimes extends into the radio frequency spectrum and, if electromagnetic signals are emitted from the cabling, LAN traffic can be intercepted (see also TEMPESI) . Strong methods of user authentication must be implemented if privacy marked information is transmitted over the LAN so special precautions may need to be applied to LANs in order to enhance their operational security. Three particular types of LAN are defined below: 3.4.4.1 Exclusive LANs An Exclusive LAN is one where its security depends on: o its use being restricted to only those users who have an operational need to use it o its access points being within BT secure premises o its not being connected to another network - public or private. If the LAN spans several buildings, the links between those premises should be secured by encryption. 3.4.4.2 Access-controlled LANs An Access-controlled LAN is one which incorporates special precautions to restrict access between users and resources. All resources accessible from equipment under a user's control, for example a dumb terminal, PC or workstation are protected by strong authentication mechanism. Strong authentication is an authentication mechanism that is resilient to eavesdropping and masquerade attacks in the context of the communications network between user and system. Authentication of connections to LAN nodes may be implemented using systems based on Kerberos. (Further advice may be obtained from D&P Data Security Laboratories, see Section 11). Where there may be a number of separate LAN segments interconnected by bridges or gateways, each individual LAN segment must comply with the access control policy. 3.4.4.3 Ordinary LANs An Ordinary LAN is one which does not meet the security criteria for an Exclusive or an Access-controlled LAN. 3.4.4.4 LAN Usage In general the following applies: LAN Type Usage Exclusive In Strictest Confidence Access Controlled In Confidence Ordinary Non-Privacy marked Note that use of a specific LAN architecture does not negate the use of other mandatory features which may be required for handling sensitive information. The security of a LAN is a complex issue, especially when the mechanisms for processing, storing, or transmitting sensitive information do not all offer the same level of security. In this case contact the Commercial Security Unit for further guidance. POLICY 3.13: LOCAL AREA NETWORKS A LAN shall be characterised as one of Exclusive, Access Controlled, or Ordinary so that the owners, administrators, and users, are aware of the security controls that must be enforced. 3.5 Threats to networked systems Four major threats exist to networked systems: 1 Disclosure of information stored or in transit on the network. 2 Masquerading as an authorised user. 3 Accidental or unauthorised modification, insertion or deletion of the information stored or in transit on the network, and 4 Denial of the use of the network to those entitled to use it. 3.5.1 Information disclosure Much sensitive information (access information as well as user data) can be gained from illicit interception of telecommunications signals by tapping and bugging. These activities are usually committed against local lines rather than the main network. This is because local plant is more accessible to illicit interception and there is little or no confusion from other multiplexed signals. All forms of radio, microwave, infrared and other beam transmission techniques are also vulnerable to interception. Four classes of countermeasures may be brought to bear to reduce the risk of information disclosure. These are: o Data separation, o Physical protection, o TEMPEST protection, and o Cryptographic protection. 3.5.1.1 Data sparation Depending on the architecture of the chosen network, information of varying sensitivity may be in transit simultaneously across a single channel. Under these circumstances, there needs to be a clear distinction between the level of sensitivity of information. This can be achieved by either: o commencing a new single-level communications session each time there is a change to the level of data sensitivity, or o Labelling each item of data with its sensitivity in such a way that the protocol used on the multi-level channel provides clear indication of the sensitivity, and facilitates unambiguous pairing between the label and the associated data received or sent. In either circumstance, the communication channel should be secured to handle the most sensitive information that it is expected to carry. 3.5.1.2 Physical protection Because any network may be vulnerable to eavesdropping, special care must be taken when transmitting highly sensitive information. Many networks are located in buildings that are considerably less secure than purpose-built computer centres. When planning the installation of the network, the guidelines and suggestions detailed in the section on Electronic Systems Installations should be followed as far as possible. On these occasions, where it is operationally necessary to install networks in insecure buildings, including those to which members of the public have access, the following additional points must be considered: o cabling should be continuous and not be routed through areas where public access is permitted. If this is not possible it should be contained in heavy duty grounded metal conduit preferably requiring a specialised tool to remove the inspection plates. o where sensitive information is likely to be transmitted on a network, consideration should be given to using protected cable. o where sensitive information is transmitted, consideration should be given to housing termination points, ie. wall mounted coaxial sockets, in proprietary lockable metal boxes. These must be kept locked at all times when authorised staff are not present. o after the installation of cabling, particularly when completed by outside contractors and in a building not dedicated to BT use, the routing of the cable must be thoroughly inspected to ensure that it meets the original specification and that it has not been routed to locations which could be used by potential eavesdroppers. o the power switches of network connected terminals should be fitted with proprietary lockable boxes (which are kept locked!) . POLICY 3.21: NETWORK MONlTORING The use of network monitoring equipment must be strictly controlled. 3.5.1.3 Tempest protection Communications lines, personal computers, Visual Display Units (VDUs) and printers may radiate significant amounts of radio frequency energy and it is possible for data displayed on a screen or being printed to be intercepted. TEMPEST is the name of the technology that enables this unintentional radio emission to be reduced to acceptable proportions. In practice the signals can only be received over a short distance and identifying one particular VDU/printer among several others is difficult. Although the threat may be real in some military situations, for the commercial world it must be considered a threat only when the information being handled is extremely sensitive. For specialist advice on the applicability and methods of TEMPEST protection, refer to Section 10. 3.5.1.4 Cryptographic protection The use of cryptographic techniques is not limited in its application to the protection of communications networks. This topic is covered in the Cyptographic Protection section. 3.5.2 Unauthorised access Connection requests across a network should be verified as to their authenticity. The chosen authentication mechanism should not place undue or unwarranted trust on the network to carry the authentication information accurately or in secrecy unless it has been proved able to carry out that function. Care should be taken to ensure that the chosen mechanisms for user authentication are sufficiently strong and that they are managed correctly. It is important to realise that user authentication information is carried across the network and should be appropriately protected, that is, with the same rigour as that afforded to the information that it protects. If cryptographic methods are used to facilitate access control, then the algorithm, configuration and key management must be approved by the Director of Security and Investigation. Where cryptographic keys are shared, a method of personal authentication should be used in addition. If a strong method of authentication (eg. a one time password) is used, then this may be adequate as the sole means of authentication. Otherwise, in addition to personal authentication, authentication of the recipient's point of entry to the communications network is required. To be acceptable this must reliably identify the recipient as being at a fixed physical location. This location must be authenticated as one at which the recipient may receive the information. Suitable methods are dependent on the type of connection and are as follows: o PRIVATE CIRCUIT - The recipient should be connected via a private circuit to a fixed location. o PUBLIC DATA NETWORK - The recipient should be at an authorised fixed address which is verified by the originator, or should be a member of an authorised CUG, or authenticated by a one-time password system in the network. o PUBLIC SWITCHED TELEPHONE NETWORK- The recipient should be at an authorised fixed address which is verified by the originator by dialling-out or by a dialback device approved by the Director of Security and Investigation. o INTEGRATED DIGITAL ACCESS - The recipient should be at an authorised address which is verified by the originator by dialling-out or by checking the Calling Line Identification. o LOCALAREA NETWORKS - The recipient should be at an authorised port on an access-controlled LAN, or at any port on an exclusive LAN. o OTHER DATA NETWORKS - The recipient should be at an authorised port on a BT-only data network which does not use broadcast transmission. POLICY 3.14: NETWORK ORIGIN AUTHENTICATION The identity of network users shall be authenticated. Where the method of authentication is weak, strong technical methods shall be employed to determine the point of access of the originator into the network. 3.5.2.1 Dialback The security of dial in access may be enhanced by providing an 'Automatic Dialback' facility whereby the caller is forced, at the outset of a call, to declare his identity to the system. The equipment terminates the call and dials the caller on a different outgoing-only line using a telephone number it associates with the caller's declared identity. This prevents access from arbitrary telephone locations and offers an audit and accountability mechanism. Some types of dialback device may be defeated by quite simple techniques, and therefore do not give the intended protection. Only the system administrator should be able to modify the list of authorised telephone numbers stored in the dialback equipment. Dialback systems used to protect BT's commercially sensitive information must be approved by the Director of Security and Investigation. In some systems manual dialback may be appropriate, however, whether dialback is automatic or manual, a full log of each access should be maintained. Because Dialback units only provide authentication of the point of entry into the Public Switched Telephone Network (PSTN), other measures should be taken for High Impact Systems. Dialback techniques can be rendered ineffective if the exchange offers a Call Diversion facility. POLICY 3.15: DIALBACK Where the method of network user authentication is weak, the point of access into the network shall be established using a dialback unit that has been approved by the Director of Security and Investigation. 3.5.3 Modification, insertion and deletion Special measures may need to be taken to ensure that information is not lost or corrupted in transit across a network. For example, message sequence numbers can be used to detect the accidental or deliberate deletion or insertion of entire blocks of information in the information stream. Accidental modification of the information in transit can be detected by the use ofcomparatively simple techniques, for example checksums or Cyclic Redundancy Checks (CRCs). Where it is anticipated that deliberate attempts will be made to modify information then cryptographic techniques may be appropriate. Cryptographic techniques may be used to prove: o that data has not been modified, o the identity of the originator of information, o that information has been delivered to its intended destination, and o the source of information into a network. Note that the adoption of cryptographic techniques for one purpose may offer the opportunity of other checks. For example, the adoption of Digital Signatures will provide a facility to enable the detection of accidental or deliberate modification of information. Cryptographic techniques are technically difficult to design and implement such that their use and management is not prone to errors and subsequent security failures. Because of this, the use of any such equipment must have the approval of the Director of Security and Investigation. POLICY 3.16: DIGITAL SIGNATURES In the design of systems where proof of origin of a message must be ascertained, Digital Signature techniques shall be considered and documented. POLICY3.17: NON REPUDIATION SERVICES In the design of systems where it is necessary to prove that the intended recipient has received information, cryptographic techniques to manufacture an incontrovertible receipt note shall be considered and documented. POLICY 3.18: DATA ORIGIN AUTHENTICATION In the design of systems where there is a requirement to prove the identity of the origin of data then cryptographic techniques shall be considered and documented. 3.5.4 Denial or failure of service In the office environment there is generally no need to provide fallback communication systems as the standard response time for fault correction is adequate for most requirements. However, for systems which use private circuits or the PSS as the prime means of communication, it is worth considering using PSTN as a fallback for nonsensitive data provided that the PSTN connection is not made permanent. At purpose-built computer centres the situation is somewhat different as most systems would become useless in the event of loss of their communications links. Some link redundancy is generally necessary to protect against this. Communication links that are provisioned as backup should if possible, be terminated on different hardware in the system and routed via different cable ducts and transmission routes so as to minimise the danger of loss of both links in the event of a hardware failure. POLICY 3.19: NETWORK AVAILABILITY In the design of systems, measures shall be taken to ensure that the availability of the network satisfies the system's requirement. 3.6 Cryptographic protection Modern encryption techniques are regarded as offering a formidable barrier to any adversary and probably an insurmountable barrier unless substantial computing power is available or the key and algorithm are compromised. The use of cryptographic techniques can contribute significantly to security by offering strong mechanisms to: o authenticate the user, o authenticate the calling location, o assure message integrity, o maintain the confidentiality of messages. The use of encryption is not without operational problems some of which are listed below: o encryption packages inevitably involve an overhead in terms of key management and administration although, in some public key systems, this overhead is reduced. o serious problems can arise if individuals forget their keys or become indisposed etc. As a precaution, it may be prudent to keep duplicate cryptographic keys or copies of the files in unencrypted form. Any such duplicates must be kept securely. o encrypted information may contain control characters which make it a prerequisite that any protocol used to transmit a file electronically is completely transparent to the file contents. It is likely that encrypted data would interfere with many network operating systems. As a result either considerable tailoring of a system or specially developed encryption packages would be required to enable encrypted data to be transmitted. o some encryption systems are not suitable for every type of network so expert advice must be sought. Encryption systems used to protect BT's commercially sensitive information must be approved by the Director of Security and Investigation. POLICY 3.20: APPROVAL OF USE OF CRYPTOGRAPHY Any cryptographic techniques or encryption systems selected to safeguard BT information shall have been approved by the Director of Security and Investigation prior to their use. 3.7 Electronic Mail Systems There are considerable risks associated with current electronic mail systems. In particular, data may be forged, altered, redirected or intercepted. Although techniques are being developed to solve many of these problems, users of electronic mail systems should be aware of their present limitations. The advice given here is for guidance and is intended to highlight areas of concern. In the future specific policies will be produced to cover electronic mail security. Authentication Currently, most systems authenticate users by means of User IDs and passwords. This is not a strong means of authenticating users. Electronic mail systems should not be used as a means of providing authorisation to other individuals for carrying out tasks unless they have been specified, designed and installed for that purpose. For example, it should not be possible to requisition goods on the basis of an uncorroborated electronic mail message. At present, in the UK, a handwritten signature is a legally-binding proof of authorisation. Electronic mail systems using weak authentication do not offer the required level of proof and assurance of the origination of a message. Designers of electronic mail systems should look at currently-available technologies which offer scope for proof of origination. Integrity Without appropriate coding techniques, messages may easily be intercepted and modified or replayed. Designers of systems should ensure that the threats are understood and that appropriate countermeasures are adopted. Digital signatures can be used very effectively to ensure the integrity and authenticity of a message. Labelling Labelling is a way of attaching a marker to a message, file or segment of data, to indicate a specific attribute. Often the attribute is the sensitivity of the information. Systems which make use of labels are able to utilise sophisticated access methods for permitting access to data An example might be a system which permitting IN CONFIDENCE material to be redirected to a colleague for action, perhaps because of holiday arrangements, but which did not permit STAFF IN CONFIDENCE material to be so directed. Mail redirection Automatic electronic mail redirection should not be used unless it is possible for the message originator to know that message redirection is in operation. Account usage Where it is operationally necessary for another person to use an electronic mail account for a short time, it is imperative that a hand over is arranged in a manner which ensures: o that any password is only known by one person o that the time period during which the account is temporarily managed by the other person is documented and recorded by the system manager. The system manager is the only person authorised to make and record such a change, and must ensure that the required written authorisation is signed by the user. Electronic systems installations Contents 4.1 Introduction . . . . . . . . . . . . . . . . . . 4-2 4.2 Accommodation. . . . . . . . . . . . . . . . . . 4-2 4.2.1 Natural disasters. . . . . . . . . . . . . . . . 4-2 4.2.2 Civil unrest . . . . . . . . . . . . . . . . . . 4-2 4.2.3 Neighbouring accommodation . . . . . . . . . . . 4-3 4.2.4 Fire . . . . . . . . . . . . . . . . . . . . . . 4-3 4.3 Services . . . . . . . . . . . . . . . . . . . . 4_4 4.3.1 Electrical power . . . . . . . . . . . . . . . . 4-4 4.3.2 Maintenance of local environments. . . . . . . . 4-5 4.4 Electronic system equipment sign posting . . . . 4-5 4.5 Physical access conol strategy . . . . . . . . . 4-5 4.5.1 Access to secure areas . . . . . . . . . . . . . 4-6 4.5.2 Data cabinets and safes. . . . . . . . . . . . . 4-6 4.6 Personnel access . . . . . . . . . . . . . . . . 4-7 4.6.1 Staff, official visitors and other personnel . . 4-7 4.6.2 'General interest' visits. . . . . . . . . . . . 4-7 4.7 System or master consoles. . . . . . . . . . . . 4-8 4.8 Other terminals. . . . . . . . . . . . . . . . . 4-9 4.9 Communications rooms and equipment . . . . . . . 4-9 4.10 Media libraries and disaster stores. . . . . . . 4-9 4.1 Introduction Security of significant computer or network installations concerns not only the security of the computer and electronic hardware but also the protection of systems in general, software, user data, media library facilities, communications networks and the safety and well being of personnel. These installations need to be protected against the effects of events such as fire, flood, loss of power, failure of air-conditioning and ancillary plant and damage by natural or man-made hazards. This chapter should be read in conjunction with the Physical Security Handbook. 4.2 Accommodation During the planning of an electronic installation due consideration must be given to both the location of the building that will house the equipment and the placement of the equipment within the building as this has a direct effect on the overall security requirements. The following factors must be considered when selecting installation sites: o natural disasters, o civil unrest, o neighbouring accommodation, o fire. 4.2.1 Natural disasters Certain natural disasters could either severely damage the installation directly, or prevent its operation by unavailability of staff. These include: o Local flooding including fracture of air conditioning or water cooling equipment. o Local landslide, subsidence and so on, o exceptional weather conditions. 4.2.2 Civil unrest Electronic system installations might be popular targets for attack by politically motivated groups and individuals as well as by mobs. It is undesirable that an electronic system site should be in a vicinity with: o unusually high risk of mob violence, o unusually high incidence of criminal and malicious damage, o unusually high risk terrorist activity. If such a site is unavoidable, additional levels of physical security may be appropriate. 4.2.3 Neighbouring accommodation Even if the areas housing the electronic system equipment are well designed, there could be possible hazards from incompatible neighbouring accommodation both internal and external to the equipment such as: o staff restaurants, fuel storage areas (risk of fire), o washrooms, piped water facilities and tanks (risk of flood), o electrical generator rooms, railways, radio and radar transmitting stations (risk of vibration and electromagnetic interference). POLICY 4.1: SlTlNG OF ELECTRONIC SYSTEMS The physical siting and location of an electronic system shall be planned with due regard to security considerations from the inception of the planning process. The effects of natural disasters, civil unrest and threats from incompatible neighbouring accommodation shall be taken into consideration when planning purpose-built electronic system installations. 4.2.4 Fire Fire remains one of the most serious of all security hazards especially in data preparation and media library areas where large quantities of combustible material are present and electronic equipment is often allowed to run unattended. Detailed advice on fire precautions must be sought from local fire safety experts but the main considerations are: o limitation of whole-building fire risk, o limitation of fire risk in main computer and electronic system room, o limitation of fire risk in data preparation areas. The necessary preventative measures include: o partitioning of the installation into fire compartments, o use of fire-retardant construction materials, automatic fire detection equipment, o automatic fire alarm systems (may be linked directly to local fire station), o automatic fire suppression equipment (especially Halon gas or similar systems in the main computer and electronic system room. The traditional view is that sprinklers are inappropriate here because of the affect of water on the electronic hardware. Halon has environmental and safety problems so expert advice must be sought.), o manual fire fighting equipment, and o enforcement of fire safety procedures (such as no smoking areas) . For specific guidance you should refer to Chapter 10 for the BT Fire Safety Manager in the BT Safety Unit. POLICY 4.2: FIRE THREATS The threat and impact of fire shall be taken into consideration when planning dedicated electronic systems installations. 4.3 Services The security of services and especially electric light and power should be considered where appropriate during the siting of electronic system installations. Provisions may need to be made to cater for a growth in requirements. 4.3.1 Electrical power Standby power sources should be available for all systems where availability has been identified as important. Any emergency power supplies should provide no-break protection otherwise data will be corrupted during switching. It should be tested regularly and there should be sufficient fuel available. When the power load of a unit is extended, checks should be carried out to ensure the power of the standby source is sufficient. Standby power should be invoked not only in the event of total disruption of primary power, but also at any time that primary power falls outside (above or below) the equipment manufacturer's specification. Standby power should also be available to ensure continued operation of all security monitoring and access control devices. The provision of adequate monitoring facilities should enable switch over to occur before the equipment manufacturer's specification is exceeded. POLICY 4.3: EMERGENCY POWER SUPPLY Electronic systems shall be safeguarded from the threat of disrupted electric power by the provision of standby power facilities where appropriate. Power supplies used for systems containing high-sensitivity or high-availability applications and data must be monitored periodically to ensure sufficient quality of power for the safe and reliable operation of these systems. Computer systems are extremely sensitive to the quality of power delivered. Good grounding, "clean" isolated power (no transient voltage spikes, brownouts, sags, intermittent losses) and reliable connections and cabling are essential. Preferably, these should be verified prior to the installation of a system. For all applicable systems, the power conditions should be measured at the point where power is applied to the system cabinets or boxes. Periodic checks should be supplemented by checks done when known power conditions change due to modifications in electrical supply or load. Power distribution panels, cabinets and rooms must be considered sensitive areas and protected appropriately. 4.3.2 Maintenance of local environments For electronic systems requiring a controlled environment (temperature and humidity) main and standby air conditioning facilities should also be provided. Any vents to the outside should also be physically secured to prevent intruders. POLICY 4.4: MAINTENANCE OF LOCAL ENVIRONMENT The threat of electronic systems operating outside of their specified temperature and humidity ranges shall be minimised by provision of adequate equipment 4.4 Electronic system equipment sign posting The location of electronic system equipment within a building, for example connection points, communications frames, has a direct effect on the overall security arrangements and must be considered carefully. Ideally, computer and electronic systems should be located above ground level, but below the top floor and away from exterior windows. It is preferable that the installation should be windowless and with no equipment visible from outside the building. Windows not only represent a security hazard but also can have an adverse effect on environmental controls. All external signposts of the facility or obvious displays should be minimised. POLICY 4.5: SIGN POSTING OF ELECTRONIC SYSTEMS Buildings housing electronic systems shall not be obviously marked or signposted. 4.5 Physical access control strategy General site security is never a substitute for control of direct access to the electronic system installation, which must always be a secure area in its own right. Physical security is enhanced by enforcing several layers of defence, often called 'Defence in depth'. Access to the site should be controlled through a manned station which, in turn, regulates entry to buildings specifically those housing important electronic systems. Further access controls can then be enforced at the entrance to the general computing area, and again at the doors to rooms containing the computer and electronic systems, communications plant and media library. In summary, access to the actual computing and electronic system facility must not be possible except o past a manned station, or o through locked doors requiring speciat keys or codes to open. To ensure compliance with a system security policy it may be a requirement that sensitive systems are separated physically as well as logically. For more specific advice and guidance, refer to the Physical Securiy Handbook. POLICY 4.6: PHYSICAL ACCESS CONTROLS In the design of systems, physical access controls shall be implemented so as to prevent unauthorised access to sensitive areas. Small installations which cannot economically justify a manned station but use access control methods shall record the issue and receipt of keys, and, where oractical, their use. POLICY 4.7: SECURITY OF UNATTENDED BUILDING Sensitive installations in unattended buildings should be physically secure and alarmed through to an alarm monitoring station. POLICY 4.8: PHYSICAL SECURlTY HANDBOOK In the planning of accommodation and siting of electronic systems attention shall be paid to the recommendations and guidance documented in the Physical Security Handbook. 4.5.1 Access to secure areas Subject to fire regulations, there should be a minimum number of physical access points to the secure area housing the electronic system installation, preferably one usual portal and one emergency exit, the latter opening outwards only from the installation. Even if authorised staff are present in the vicinity of computer and electronicsystems, all routes of entry should normally be locked; the use of self-closing and self-locking doors is recommended. 4.5.2 Data cabinets and safes In addition to the access controls, physical protection for the data itself must be provided. A Data Cabinet or Data Safe is used to protect magnetic media against hazards such as Fire, Dust, Pilferage, Accidental or Malicious damage and the effects of water from sprinklers. Where the information recorded on the magnetic media warrants a higher level of physical security, the Data Cabinet or Safe should be kept in a Strongroom or a proprietary Security Safe. IN CONFIDENCE and encrypted IN STRICTEST CONFIDENCE marked media may be stored in Data Cabinets, provided correct procedures are in force for the control of the data cabinet keys or combination locks. Unencrypted IN STRICTEST CONFIDENCE marked media may also be stored on an occasional basis. For regular storage of small quantities of IN CONFIDENCE or unencrypted IN STRICTEST CONFIDENCE marked media, a data insert for filing cabinets is available which may be used to store such media in approved security furniture. For further advice, refer to the Information Security Code. There are standing arrangements for the purchase of Data Safes; refer to Chapter 10 for further information. 4.6 Personnel access 4.6.1 Staff, official visitors and other personnel Access to sensitive computer and electronic system installations should be allowed only to those with a genuine need to perforrn their duties. Other personnel (maintenance engineers, cleaners) must conform with a formal logging procedure for entry. They should be accompanied at all times. A visitor remains the responsibility of the host for the duration of the visit. All personnel, including visitors and non-BT staff such as cleaners and maintenance engineers, must be issued with passcards. The style of the passcards should be such that the bearer can be identified as regular staff or a visitor, as such, the passcard must be displayed clearly at all times whilst within the building. Special consideration should be given to controlling the access of ancillary personnel such as cleaners and service engineers (BT and non-B. Temporary changes such as building work or accommodation moves must not be used to justify a relaxation in procedures. Special arrangements should be made to accommodate these. POLICY 4.9: PERSONNEL IN SENSITIVE AREAS Only authorised people shall have access to sensitive areas. Procedures shall be in place and maintained to control the access of external maintenance engineers or other personnel. POLICY 4.10: MANAGEMENT AND USE OF PASSCARDS Passcards shall be issued and worn at all times. Their style shall be such as to enable a clear distinction between regular staff, BT and non-BT visitors. For specific advice and guidance, the Information Security Code applies. 4.6.2 'General interest' visits Although BT wishes to maintain good relations with the community, general visitors are not permitted into operational computer centres. Visits to associated premises may be permitted but should not be actively encouraged. Any request for a visit should be considered on its merits by local management. When a visit is arranged, the following measures must be taken to minimise the risk: 1 Formal entry and exit procedures must be scrupulously followed. 2 Visitors must be issued with passcards. 3 Parties must be organised so that they are of manageable size so as to ensure that all visitors are accompanied and supervised at all times. A ratio of five visitors to each BT guide one of whom must be at least a level 2 manager (MPG4), is suggested. 4 The route and timetable must be preplanned and strictly followed so as to avoid all sensitive areas. 5 Areas of work which are demonstrated must be selected to avoid close up viewing of sensitive information (such as logging on procedures, network access numbers and customer data) . 6 Staff must be given adequate warning of impending visits so that sensitive material and access methods can be concealed. 7 Passwords must be changed after any such visit if it is considered that any have been compromised. 8 Any handouts must have been authorised by the local manager in accordance with the Information Security Code. 9 The carrying by visitors of cameras and electronic devices capable of interference with computer systems must be prohibited. POLICY 4.11: GENERAL INTEREST VISlTS Local rules governing visitors and visits shall be documented. Visitors shall be guided so as to exclude them from all sensitive areas. Refer to the Physical Security Handbook for guidance. 4.7 System or master consoles Controls against unauthorised activity are essential on electronic access to computer and electronic system facilities, in particular over communications links but also to computer and electronic system consoles. System or master consoles usually provide access to highly privileged activities, for example system administration and software or machine maintenance; others may provide enhanced operator privileges necessary for efficient machine usage. Master consoles must be located in the most physically secure environment available within the computer and electronic system building complex to prevent unauthorised use of the console. The consoles must be sited so that use may not be overlooked and cabled so that their traffic cannot be intercepted. Access to master consoles must be restricted and all operations recorded. The log or journal should be regularly scrutinised to identify any signs of irregular or unauthorised usage. POLICY 4.12: USE OF SYSTEM CONSOLES Procedures concerning the proper use of primary system consoles or system terminals shall be documented and the application of those procedures enforced. 4.8 Other terminals Terminals outside the computer and electronic system room should not have access to operator or other special privileges. Other users which might need access to privileged commands might include software support groups, network management groups and remote software engineers. If privileged access is required, and the temporary use of a terminal other than the primary or system console cannot be avoided, its use should be strictly controlled, supervised and, in some circumstances, audited. Terminals located in non-BT buildings deserve special attention to ensure that their use cannot compromise the security of BT systems to which they may be connected. 4.9 Communications rooms and equipment All communications equipment must be sited in a physically secure environment within the installation and must be subject to their own restricted access controls. Where it is not possible to locate communications equipment within dedicated accommodation then the equipment itself should be physically secured in purpose built lockable furniture. Cable entry points, risers and runs shall be provided with adequate protection to prevent unauthorised access, and accidental or deliberate damage. POLICY 4.13: COMMUNICATIONS EQUIPMENT PHYSICAL SECURITY Communications equipment shall be located in its own secure environment or in secure furniture and subject to restricted access control appropriate to the sensitivity of the data being communicated. 4.10 Media libraries and disaster stores Special care must be taken to safeguard media libraries and disaster stores. Data held in a compact form is particularly vulnerable to accidental or malicious damage and its security depends on physical protective measures, access control and staff reliability. Both the media library and the disaster store must be restricted to specifically authorised staff. The disaster store must be sited so that it will be unaffected by any incident at the computer centre. It must also be sited so that the contents are not affected by strong electromagnetic influences. See the Physical Security Handbook for further guidance. POLICY 4.14: DISASTER STORE Any disaster store shall be physically protected and remote from the computer centre. Access to the store shall be governed by local operational instructions. +++ EOF ============================================================================= PHUK MAGAZINE - Phile 9 of 10 ============================================================================= --------------- Notes & Queries --------------- Note: Notes & Queries is the section where the readers send in any questions, problems etc that they might have, and other readers can send in the answers. Obviously, in the first issue of a magazine, this is not going to work!! However, just to be a pain in the arse, and just to pad out this section, we have gone to all the trouble to .... ... make some up!!! Q: Does anyone have a full list of BT Star services? A: It just so happens that I do ..... ------------------------------------------------------------------------------ SYSTEM X STAR SERVICES - QUICK REFERENCE SHEET ------------------------------------------------------------------------------ Divert all calls *21*TEL NO# #21# TO CANCEL Divert on busy *67*TEL NO# #67# TO CANCEL Divert on no reply *61*NUMBER# #61# TO CANCEL ------------------------------------------------------------------------------ Bar incoming calls *261# #261# TO CANCEL Bar outgoing call *34X# ; x below: OLD -CODES- NEW Stop all but 999 & 151 N/A 1 Stop national/international N/A 2 Stop calls starting "0" (non-local) 2 N/A Stop international "010" 3 3 Stop operator calls/services NOT 151 4 4 Stop star services except this one! 5 5 Cancel outgoing call barring #34X*KEYWORD# To check outgoing call barring *#34# ------------------------------------------------------------------------------ Storing a code calling number *51*CODE*NUMBER# Checking a stored code *#51*CODE# Dialling a stored number **CODE Repeat Last Called Number **00 ------------------------------------------------------------------------------ Reminder call *55*TIME# #55# TO CANCEL Reminder call (DAY) *56*TIME*X# #56*TIME*X# CANCELS x=1-Mon, 2-Tue, 3-Wed, 4-Thu, 5-Fri, 6-Sat, 7-Sun, 8-Mon-Fri, 9-Every Check what reminder calls are active *#56# ------------------------------------------------------------------------------ To hold caller one and make call 2 [R] NUMBER Shuttle between (holding other) [R] 2 Open a three way conversation [R] 3 End call with current, shuttle to other [R] 1 Disconnect from caller 1 on a three way [R] 5 Disconnect from caller 2 on a three way [R] 7 ------------------------------------------------------------------------------ Call waiting *43# #43# TO CANCEL Reject an incoming call [R] 0 Take a waiting call (After current call) [R] 1 Take a waiting call (hold current caller) [R] 2 Shuttle between callers [R] 2 ------------------------------------------------------------------------------ Advice on call cose *40*TEL NO# Set up for all calls *411# #411# TO CANCEL ------------------------------------------------------------------------------ Check on services currently operating *#001# (Sys X only) ------------------------------------------------------------------------------ -- Q: In the light of the recent BT "hacking" case can anyone tell me the difference between what the media call "hacking" and what the lawyers call "Breach of Confidentiality"? A: Um, No! Can any of our more legal-eagle style readers please enlighten us? -- Q: In the light of the recent BT "hacking" case, I was just wondering, what WAS the oh-so-secret telephone number for the Queen? A: Last time I looked the Queen's telephone number was 071-445-2865, oh and by the way, that oh-so-secret MI5 number was probably 0800-894-410, because they gave everyone a hard time when you rang it!! (Let's just say that they got all secretive and asked where we had got this number ......) Just remember ... PHUK magazine ...you heard it here LAST!!! -- Q: Can you make up anymore stupid questions before everyone gets bored? A: No, we can't! That's why we want YOU the reader to send your questions and answers to us, at anon93143@anon.penet.fi .... so that we have more to publish and can keep phukmag goin with the minimum of effort on our part (of course) so that we can spend more time playing with computers and less time asking people for the articles they promised 3 months ago ...... +++ EOF ============================================================================= PHUK MAGAZINE - Phile 10 of 10 ============================================================================= ----- OUTRO ----- Well, its been fun hasn't it? What's that I hear you say? It hasn't! What the articles were too biased towards phones and not enough hacking? You thought the articles were feeble? You think you could do better!! Well thats more like it .... if you think you can do better than the articles in PHUK-zine then write them and send them to us. We always need snippets of news, articles, code, numbers, hints, tips and general ideas to keep the ball rolling. Anyhow, next month we have the following goodies for you .... Green Boxing - DrKaos & TheGoat BT Computer Security Manual Part II Something on Novell Networks ... Some trash from BT wastebins .... And maybe something on hacking for a change ....:) Send all articles, flames, Letters of Comment etc etc to PHUK magazine, anon93143@anon.penet.fi, OR speak to any of the PHUK crew at any London 2600 meeting ......... - have PHUN and be careful out there ... it a dangerous world and getting worse by the minute! - Phuk-Ed +++ EOF .