- Email: [email protected]
Confessions of a security consultant
Computers
& Security,
9 (1990) 509-511
Confessions of a Security Consultant Keith Jackson SIlodram-by-sea, W. Sussex, U.K.
eople who are professionally involved in computer security like to think that the procedures which they follow whilst using a computer will not lead them into the dark depths plumbed by mere mortals. The following is an account of an occasion where things went seriously wrong, even though I think that 1 was acting perfectly correctly throughout. It is hoped that others can learn from this sad tale.
P
I often test security products, and write rcvicws based upon my findings, so I don’t bclicvc that I came to the following scenario as a complctc novice, which makes what happcncd all the more worrying. 1 was rcccntly tcsring a sofrwarc security package which offcrcd access control, cncrypdon, along with a host of closely allied security features. I don’t intend to publish the name of this product, or its manufacturer, as it could easily have been one of many security products that USC similar techniques. As a first step the manual advised me to take a
0167-4048/90/$3.50
complete back-up of my hard disk This was a useful precaution, as the product intended to alter the partition table of the hard disk during installation, so a back-up (or two) was definitely called for. After taking a back-up, I followed the installation instructions to the letter. I made a copy of the special installation disk, placed this copy in drive A, and rebooted the computer as instructed. I should explain at this point that my test computer had one 3.5 inch floppy disk drive, two 5.25 inch flo py disk drives, and a 30 Mbyte phard disk. The 3.5 inch disk drive was configured as drive A, so as the softwart security package provided both rypcs of floppy disk, I naturally chose to USCthe 3.5 inch floppy disk. The first phase of the installation was succcssfully completed, and I moved on to the second phase At that point my 3.5 inch disk drive promptly died.
Being a cautious fellow, and rather alarmed by this sudden
0 1990, Elsevier Science
Publishers
Ltd.
hardware failure, before I proceeded any further I tested the deinstallation process. However deinstallation requires programs which arc stored on the floppy disk used for installation, and the 3.5 inch disk drive had just expired. No problem, just isolate the 3.5 inch disk drive persuade a 5.25 inch drive that it is now drive A, and use one of the 5.25 inch disks so thoughtfully providcd by the manufacturer. The software rcfuscd to co-opcratc with this, and insisted that I USC the original disk. It nccdcd to rctricvc information written to the floppy disk during installation. Ncvcr mind, insert the disk in my second computer (a Toshiba laptop portable) and copy the disk. It would not copy. The disk used a proprietary format which appcarcd to offer a 360K (nonstandard) disk in a 720K disk media. The authors of the softwart have obviously come across this problem bcforc, as they had provided a special program to be used to make a copy of the non-standard installation disk. The bad news was
509
K. Jackson/Confessions
of a Security
that this program would work on the Toshiba.
used the MS-DOS
not
I felt the first signs of panic at this point, but quickly suppressed such thoughts. Taking stock of the situation, I now had a PC with information written to the partition table of the hard disk (and elsewhere for all I knew) which could not bc removed, because the only disk capable of effecting removal had to fit into a disk drive which had ceased to function. It was of course Friday night, and the computer was despcratcly nccdcd the next morning. I had no chance of obtaining a new disk drive, and as thcrc were many live projects stored on the Tosliiba, I was extremely rcluctant to cannibalize that computer. What to do? For what it’s worth, the following took mc most of the night to figure out, and hopefully its publication may help others who come to the same impasse. I decided that the only way out was to rely on the back-up disks. The hard disk could cvcntually bc rcstorcd without erasing data, but this rcquircd a new disk drive which could not bc obtained for scvcral days. I thcrcfort tried to format the hard disk. This failed bccausc the data in the partition table was garbage (probably cncryptcd). Thcrcforc the format program did not know which parts of the disk wcrc to bc rewritten. I thcrcforc
510
Consultant
program FDISK to try and dcletc the partitions on the hard disk. FDISK looked at the partition table, decided that the hard disk did not contain any DOS partitions, and rcfuscd to touch the disk. Quite right, why should a DOS program cvcr want to manipulate a non-DOS partition? Howcvcr, this did not solve my problem, as my hard disk only appeared to contain nonDOS partitions because of the mcaninglcss encrypted information in the partition table. In desperation I resorted to the Norton Utilities. Thank goodness I have floppy topics of these programs. After much thought, I eventually hit upon the idea of changing the rclcvant marker bytes so that the partitions looked as though they wcrc DOS partitions (containing garbage). FDISK could then bc used to dclctc thcsc false DOS partitions. After all the garbage partitions had been dclctcd, FDISK was used once again to create the desired partition(s), and the MSDOS FORMAT program was used to format the disk. The hard disk was then a usable MSDOS disk, albeit empty. I used the SYS command to make the hard disk bootable. Note that FDISK, FORMAT and SYS, along with MS-DOS itself. must all bc available on floppy disks. I then turned to reloading all of the files from the original backup disks. Howcvcr, the back-ups arc on 3.5 inch disks, and that
particular floppy disk drive is dead. How can they bc restored? I decided that the only possible solution was to USCmy Toshiba portable. First back-up the Toshiba to floppy disks; twice (just in case). Then rcstorc the original floppy disk data to a new directory structure on the Toshiba, and USCa communications program to transfer the files to the PC. The back-up program and the communications program were both rcquircd on floppy disk. As I watched the dawn rise, all was now back to a usable state. It is intcrcsting to note that the many stages that wcrc required to get out of a problem caused by a single hardware failure. Would you be able to do likewise if it happcncd to you? If not, would anyone nearby bc able to figure things out? I make no special claims for competcncc or knowlcdgc of the MS-DOS operating system. I gleaned the above by long hours of work, and patient dctcctivc work. Thcrc may well bc a better way of doing the above. That’s not the point. My methods worked, but should not have been ncccssary in the first place. The lessons lcarncd: (I) When the manual says take a back-up, take two. If my back-up disks had not been rcadablc, I would have lost the entire content of the hard disk. It you don’t have full and complete back-ups available you’re just being stupid.
Computers and Security, Vol. 9, No. 6
(2) Use a back-up program that gives flexible control over the whole process of back-up and restoration. Remember that I had to restore the data into different directories, on a different computer, for the above process to work The MS-DOS programs BACKUP and RESTORE arc hopeless for such purposes, but many excellent commercial products are available (e.g. Fastback Plus). (3) B eware of disks formatted in a proprietary manner. They can cause an infinite variety of prob-
lems if things start to go wrong. (4) Bear in mind that security products by their very nature arc likely to alter parts of your computer system that are left untouched by most software packages. (5) Always keep copies of the operating system, and other useful utility programs, close to hand on floppy disk (write protected!). (6) If you can possibly afford it, purchase a spare floppy disk
drive. This would have prevcntcd most of the problems outlined above (7) The restoration process required use of a large number of floppy disks. Make sure sufficient disks arc available in stock. (8) Never install new products last thing on a Friday night. (9) Don’t panic. (10) All this wasted an incrcdiblc amount of time.
511
& Security,
9 (1990) 509-511
Confessions of a Security Consultant Keith Jackson SIlodram-by-sea, W. Sussex, U.K.
eople who are professionally involved in computer security like to think that the procedures which they follow whilst using a computer will not lead them into the dark depths plumbed by mere mortals. The following is an account of an occasion where things went seriously wrong, even though I think that 1 was acting perfectly correctly throughout. It is hoped that others can learn from this sad tale.
P
I often test security products, and write rcvicws based upon my findings, so I don’t bclicvc that I came to the following scenario as a complctc novice, which makes what happcncd all the more worrying. 1 was rcccntly tcsring a sofrwarc security package which offcrcd access control, cncrypdon, along with a host of closely allied security features. I don’t intend to publish the name of this product, or its manufacturer, as it could easily have been one of many security products that USC similar techniques. As a first step the manual advised me to take a
0167-4048/90/$3.50
complete back-up of my hard disk This was a useful precaution, as the product intended to alter the partition table of the hard disk during installation, so a back-up (or two) was definitely called for. After taking a back-up, I followed the installation instructions to the letter. I made a copy of the special installation disk, placed this copy in drive A, and rebooted the computer as instructed. I should explain at this point that my test computer had one 3.5 inch floppy disk drive, two 5.25 inch flo py disk drives, and a 30 Mbyte phard disk. The 3.5 inch disk drive was configured as drive A, so as the softwart security package provided both rypcs of floppy disk, I naturally chose to USCthe 3.5 inch floppy disk. The first phase of the installation was succcssfully completed, and I moved on to the second phase At that point my 3.5 inch disk drive promptly died.
Being a cautious fellow, and rather alarmed by this sudden
0 1990, Elsevier Science
Publishers
Ltd.
hardware failure, before I proceeded any further I tested the deinstallation process. However deinstallation requires programs which arc stored on the floppy disk used for installation, and the 3.5 inch disk drive had just expired. No problem, just isolate the 3.5 inch disk drive persuade a 5.25 inch drive that it is now drive A, and use one of the 5.25 inch disks so thoughtfully providcd by the manufacturer. The software rcfuscd to co-opcratc with this, and insisted that I USC the original disk. It nccdcd to rctricvc information written to the floppy disk during installation. Ncvcr mind, insert the disk in my second computer (a Toshiba laptop portable) and copy the disk. It would not copy. The disk used a proprietary format which appcarcd to offer a 360K (nonstandard) disk in a 720K disk media. The authors of the softwart have obviously come across this problem bcforc, as they had provided a special program to be used to make a copy of the non-standard installation disk. The bad news was
509
K. Jackson/Confessions
of a Security
that this program would work on the Toshiba.
used the MS-DOS
not
I felt the first signs of panic at this point, but quickly suppressed such thoughts. Taking stock of the situation, I now had a PC with information written to the partition table of the hard disk (and elsewhere for all I knew) which could not bc removed, because the only disk capable of effecting removal had to fit into a disk drive which had ceased to function. It was of course Friday night, and the computer was despcratcly nccdcd the next morning. I had no chance of obtaining a new disk drive, and as thcrc were many live projects stored on the Tosliiba, I was extremely rcluctant to cannibalize that computer. What to do? For what it’s worth, the following took mc most of the night to figure out, and hopefully its publication may help others who come to the same impasse. I decided that the only way out was to rely on the back-up disks. The hard disk could cvcntually bc rcstorcd without erasing data, but this rcquircd a new disk drive which could not bc obtained for scvcral days. I thcrcfort tried to format the hard disk. This failed bccausc the data in the partition table was garbage (probably cncryptcd). Thcrcforc the format program did not know which parts of the disk wcrc to bc rewritten. I thcrcforc
510
Consultant
program FDISK to try and dcletc the partitions on the hard disk. FDISK looked at the partition table, decided that the hard disk did not contain any DOS partitions, and rcfuscd to touch the disk. Quite right, why should a DOS program cvcr want to manipulate a non-DOS partition? Howcvcr, this did not solve my problem, as my hard disk only appeared to contain nonDOS partitions because of the mcaninglcss encrypted information in the partition table. In desperation I resorted to the Norton Utilities. Thank goodness I have floppy topics of these programs. After much thought, I eventually hit upon the idea of changing the rclcvant marker bytes so that the partitions looked as though they wcrc DOS partitions (containing garbage). FDISK could then bc used to dclctc thcsc false DOS partitions. After all the garbage partitions had been dclctcd, FDISK was used once again to create the desired partition(s), and the MSDOS FORMAT program was used to format the disk. The hard disk was then a usable MSDOS disk, albeit empty. I used the SYS command to make the hard disk bootable. Note that FDISK, FORMAT and SYS, along with MS-DOS itself. must all bc available on floppy disks. I then turned to reloading all of the files from the original backup disks. Howcvcr, the back-ups arc on 3.5 inch disks, and that
particular floppy disk drive is dead. How can they bc restored? I decided that the only possible solution was to USCmy Toshiba portable. First back-up the Toshiba to floppy disks; twice (just in case). Then rcstorc the original floppy disk data to a new directory structure on the Toshiba, and USCa communications program to transfer the files to the PC. The back-up program and the communications program were both rcquircd on floppy disk. As I watched the dawn rise, all was now back to a usable state. It is intcrcsting to note that the many stages that wcrc required to get out of a problem caused by a single hardware failure. Would you be able to do likewise if it happcncd to you? If not, would anyone nearby bc able to figure things out? I make no special claims for competcncc or knowlcdgc of the MS-DOS operating system. I gleaned the above by long hours of work, and patient dctcctivc work. Thcrc may well bc a better way of doing the above. That’s not the point. My methods worked, but should not have been ncccssary in the first place. The lessons lcarncd: (I) When the manual says take a back-up, take two. If my back-up disks had not been rcadablc, I would have lost the entire content of the hard disk. It you don’t have full and complete back-ups available you’re just being stupid.
Computers and Security, Vol. 9, No. 6
(2) Use a back-up program that gives flexible control over the whole process of back-up and restoration. Remember that I had to restore the data into different directories, on a different computer, for the above process to work The MS-DOS programs BACKUP and RESTORE arc hopeless for such purposes, but many excellent commercial products are available (e.g. Fastback Plus). (3) B eware of disks formatted in a proprietary manner. They can cause an infinite variety of prob-
lems if things start to go wrong. (4) Bear in mind that security products by their very nature arc likely to alter parts of your computer system that are left untouched by most software packages. (5) Always keep copies of the operating system, and other useful utility programs, close to hand on floppy disk (write protected!). (6) If you can possibly afford it, purchase a spare floppy disk
drive. This would have prevcntcd most of the problems outlined above (7) The restoration process required use of a large number of floppy disks. Make sure sufficient disks arc available in stock. (8) Never install new products last thing on a Friday night. (9) Don’t panic. (10) All this wasted an incrcdiblc amount of time.
511