                   
                  Ŀ
                   Vesoft and the Hewlett Packard 3000 
                              by Black IC              
                  
       
        There have been numerous articles written about the Hewlett Packard 
3000 and how to break the system.  This write up does not deal soley with 
the HP3000 but with the addon for tighter security by the VESOFT corporation.

        As time goes on and people begin to see the need for better security 
and a more productive system, it's becoming harder to exploit any weakness 
that could be on said system.  That's where VESOFT comes in.

VESOFT
1135 S. Beverly Dr.
Los Angeles, CA 
90035-1119

(310) 282-0420
(310) 785-9566 (Fax)

        They have been supporting Hewlett Packards since 1980 with excellent 
addons for the HP3000. In the following paragraphs I discuss the various 
utilites that VESOFT employs and what you might expect on a VESOFT secured 
system.
                          
                             Ŀ
                              MPEX 3000 
                             
                                
        The MPEX addon emulates and implements virtually all of the MPE/iX 
user interface features (variables, command files, implied :RUN, :CALC, 
:COPY, :PRINT, etc) on MPE/V.  Not only does this add a lot of power to the 
MPE/V system, but it also lets you use the same job streams on MPE/V and on 
the MPE/iX (If the owner of the Hewlett Packard has both setups!)

        So initially you wont see a difference with the target system.  Also 
if the system has VESOFT installed and not on the other systems their, 
that's not an issue right now cause if you are experienced with the 3000 
series and the likes you will be able to navigate with out a problem.

                            Ŀ        
                             VE AUDIT 3000 
                                   
        
        The Audit program from VESOFT is a resecurement utility very similar 
to the SATAN program for UNIX.  The purpose of VE AUDIT is to check the 
system for loopholes and to assist the Manager/System Administrator in 
resecuring the system.  VE AUDIT takes the laborous job of checking accounts 
(LISTACCT), users (LISTUSER), and groups (LISTGROUP) to see who has what 
access, capabilities, no passwords, etc.  The program goes through everything 
and then reports to manager what loopholes (if any) are found and what is the 
suggested step to resecure that system.  This program can also be used to 
alter the system accounting structure as well as look at it with a new set 
of commands.

        The program is run when you set the attributes (password, capability, 
access mask).  List them in one or two line object format. Create an MPEX 
command file that will rebuild the accounting structure when the program is 
executed.  Purge them after prompting. 

        As you can see this program will assist the manager/system 
administrator in an easy to use manner and allows the system security to be 
tightened in a way that was not as easy on the standard HP3000.

                            Ŀ
                             SECURITY 3000 
                            
                                 
        The VESOFT security program works in several ways to secure the 
Hewlett Packard system.  Most HP3000 systems will allow users to log on to 
the system using a non-unique name and generic session name with a session 
password (i.e. JOE.PAYROLL as opposed to JOE,CLERK.PAYROLL).  The VESOFT 
program will no matter what format the system uses to establish identity 
allow the use of a session name and a password for that individual, thus 
increasing the security 10-fold. It will also eliminate the annoying habit of 
users omitting the session name since the MPE operating system considers it
optional. 

        Changing of passwords become manditory through the security program.
Saving the account manger time by having a set time period for the users
to change their passwords (i.e. every 30 days or as set).

        Some HP3000 systems when accessed give the user access to the MPE 
prompt ":" which most users dont need access to all the commands. VESOFT now
sets up a menu of options which allows the user to use the given choices
and nothing else.

        If the system has dial-ups the security program allows passwords on 
a terminal by terminal basis thus adding in a second password to protect the 
system. Thus anyone calling up not only has to get past the dial-up sequence 
but they also have to log in to the system as if they were at the console.

        If the system is run on networks then the program will synchronize the 
network and allow file transfers with out actually logging into the
receiving system. Users will also have to login to a system at a different 
terminal just as if they were at that console.

        Embedded passwords are probably one of the biggest threats to HP3000
systems along with shared passwords and passwords that have not been changed 
in a long time. It then is easier for someone to access the system seeing as
it will be easier to figure out. Once a password has become embed the ability 
to change it in a job stream is very hard and time consuming. The security
program comes with what is called the "STREAMX" module which will do all the
handy work for the account manager.

        Logoff now has a built in timer so those users that are idle or leave 
the system unattended for a given amount of time will automatically be logged 
off and the integrity of the system brought back to normal.

        This covers the basics of the VESOFT programs.  As you can see any 
entry into an HP3000 using VESOFT will not react as usual and the 
accessability has been changed to that of seriously protected.  I'll save the 
coverage of surveillance, social engineering and dumpster diving for others.  
What I will say is you need to have a firm grasp of the target system and its 
users.

                               Ŀ
                                 DEFAULTS  
                               
                         
        The following is a list of some of the defaults in the Hewlett Packard 
MPEX System used on the 3000 and the likes. Keep in mind that a resecured 
system is going to have the defaults removed and replaced with a tighter 
setup.  Remote login maintenance has been a pride and joy of Hewlett Packard 
owners.  It is also one of the most exploited in terms of malicious entry. 
With the VESOFT programs properly installed the usual one password entry 
for remote will now be two.  The default accounts are almost always open if 
they still exist.  Aside from "dumpster diving" you should consider social 
engineering names and as much info as possible about the system you are 
attempting to get in on, just incase you are asked for a password.  Sometimes 
you will come across a system that uses the "terminal password" at login.  
This is an old option and thus being an option does not have any defaults.


operator.cognos                 mgr.hpword              field.hpword    
manager.hpoffice                mgr.hpoffice            wp.hpoffice     
spoolman.hpoffice               mailman.hpoffice        advmail.hpoffice
mail.hpoffice                   field.support           operator.support
operator.sys                    rsbcmon.sys             pcuser.sys
operator.system                 operator.disc           mgr.xlserver
manager.itf3000                 sys.telesup             manager.security
mgr.conv                        mgr.rje                 mgr.hpp187
mgr.hpp189                      mgr.hpp196              field.hpp187
mgr.intx3                       mgr.carolian            manager.tch
mgr.word                        mgr.telesup             field.service
operator.disc                   mgr.ccc                 field.hpunsup
field.hp                        mgr.hpp189              mgr.hpp196
mail.mail                       mail.netbase            mgr.rego
mgr.rje                         mgr.robelle             mgr.cnas
mgr.hpdesk                      mgr.vesoft


        I hope this write up will provoke more interest in the Hewlett Packard 
systems namely the HP3000.  If you have any comments or wish to discuss these 
systems more indepth please feel free to contact me at the following e-mail 
address:

black.ic@iirg.com

Hope to hear from some of you.

Black IC/IIRG



