ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Vesoft and the Hewlett Packard 3000 ³ ³ by Black IC ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ There have been numerous articles written about the Hewlett Packard 3000 and how to break the system. This write up does not deal soley with the HP3000 but with the addon for tighter security by the VESOFT corporation. As time goes on and people begin to see the need for better security and a more productive system, it's becoming harder to exploit any weakness that could be on said system. That's where VESOFT comes in. VESOFT 1135 S. Beverly Dr. Los Angeles, CA 90035-1119 (310) 282-0420 (310) 785-9566 (Fax) They have been supporting Hewlett Packards since 1980 with excellent addons for the HP3000. In the following paragraphs I discuss the various utilites that VESOFT employs and what you might expect on a VESOFT secured system. ÚÄÄÄÄÄÄÄÄÄÄÄ¿ ³ MPEX 3000 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÙ The MPEX addon emulates and implements virtually all of the MPE/iX user interface features (variables, command files, implied :RUN, :CALC, :COPY, :PRINT, etc) on MPE/V. Not only does this add a lot of power to the MPE/V system, but it also lets you use the same job streams on MPE/V and on the MPE/iX (If the owner of the Hewlett Packard has both setups!) So initially you wont see a difference with the target system. Also if the system has VESOFT installed and not on the other systems their, that's not an issue right now cause if you are experienced with the 3000 series and the likes you will be able to navigate with out a problem. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ VE AUDIT 3000 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ The Audit program from VESOFT is a resecurement utility very similar to the SATAN program for UNIX. The purpose of VE AUDIT is to check the system for loopholes and to assist the Manager/System Administrator in resecuring the system. VE AUDIT takes the laborous job of checking accounts (LISTACCT), users (LISTUSER), and groups (LISTGROUP) to see who has what access, capabilities, no passwords, etc. The program goes through everything and then reports to manager what loopholes (if any) are found and what is the suggested step to resecure that system. This program can also be used to alter the system accounting structure as well as look at it with a new set of commands. The program is run when you set the attributes (password, capability, access mask). List them in one or two line object format. Create an MPEX command file that will rebuild the accounting structure when the program is executed. Purge them after prompting. As you can see this program will assist the manager/system administrator in an easy to use manner and allows the system security to be tightened in a way that was not as easy on the standard HP3000. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ SECURITY 3000 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ The VESOFT security program works in several ways to secure the Hewlett Packard system. Most HP3000 systems will allow users to log on to the system using a non-unique name and generic session name with a session password (i.e. JOE.PAYROLL as opposed to JOE,CLERK.PAYROLL). The VESOFT program will no matter what format the system uses to establish identity allow the use of a session name and a password for that individual, thus increasing the security 10-fold. It will also eliminate the annoying habit of users omitting the session name since the MPE operating system considers it optional. Changing of passwords become manditory through the security program. Saving the account manger time by having a set time period for the users to change their passwords (i.e. every 30 days or as set). Some HP3000 systems when accessed give the user access to the MPE prompt ":" which most users dont need access to all the commands. VESOFT now sets up a menu of options which allows the user to use the given choices and nothing else. If the system has dial-ups the security program allows passwords on a terminal by terminal basis thus adding in a second password to protect the system. Thus anyone calling up not only has to get past the dial-up sequence but they also have to log in to the system as if they were at the console. If the system is run on networks then the program will synchronize the network and allow file transfers with out actually logging into the receiving system. Users will also have to login to a system at a different terminal just as if they were at that console. Embedded passwords are probably one of the biggest threats to HP3000 systems along with shared passwords and passwords that have not been changed in a long time. It then is easier for someone to access the system seeing as it will be easier to figure out. Once a password has become embed the ability to change it in a job stream is very hard and time consuming. The security program comes with what is called the "STREAMX" module which will do all the handy work for the account manager. Logoff now has a built in timer so those users that are idle or leave the system unattended for a given amount of time will automatically be logged off and the integrity of the system brought back to normal. This covers the basics of the VESOFT programs. As you can see any entry into an HP3000 using VESOFT will not react as usual and the accessability has been changed to that of seriously protected. I'll save the coverage of surveillance, social engineering and dumpster diving for others. What I will say is you need to have a firm grasp of the target system and its users. ÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ DEFAULTS ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÙ The following is a list of some of the defaults in the Hewlett Packard MPEX System used on the 3000 and the likes. Keep in mind that a resecured system is going to have the defaults removed and replaced with a tighter setup. Remote login maintenance has been a pride and joy of Hewlett Packard owners. It is also one of the most exploited in terms of malicious entry. With the VESOFT programs properly installed the usual one password entry for remote will now be two. The default accounts are almost always open if they still exist. Aside from "dumpster diving" you should consider social engineering names and as much info as possible about the system you are attempting to get in on, just incase you are asked for a password. Sometimes you will come across a system that uses the "terminal password" at login. This is an old option and thus being an option does not have any defaults. operator.cognos mgr.hpword field.hpword manager.hpoffice mgr.hpoffice wp.hpoffice spoolman.hpoffice mailman.hpoffice advmail.hpoffice mail.hpoffice field.support operator.support operator.sys rsbcmon.sys pcuser.sys operator.system operator.disc mgr.xlserver manager.itf3000 sys.telesup manager.security mgr.conv mgr.rje mgr.hpp187 mgr.hpp189 mgr.hpp196 field.hpp187 mgr.intx3 mgr.carolian manager.tch mgr.word mgr.telesup field.service operator.disc mgr.ccc field.hpunsup field.hp mgr.hpp189 mgr.hpp196 mail.mail mail.netbase mgr.rego mgr.rje mgr.robelle mgr.cnas mgr.hpdesk mgr.vesoft I hope this write up will provoke more interest in the Hewlett Packard systems namely the HP3000. If you have any comments or wish to discuss these systems more indepth please feel free to contact me at the following e-mail address: black.ic@iirg.com Hope to hear from some of you. Black IC/IIRG