CStacy@REAGAN.AI.MIT.EDU (Christopher C. Stacy) (02/28/89)
Date: Thu, 23 Feb 89 10:41:46 PST
From: Peter Scott <PJS@naif.JPL.NASA.GOV>
Subject: Reach Out and Spy on Someone
To: RISKS-LIST@KL.SRI.COM
An article in _Digital Review_, February 20, under the title "Reach Out And
Help Someone" reviews a package for VAX/VMS called Video, from Performance
Software. The subtitle says, "...system managers and training coordinators can
keep an eye on user activity". Among other things, this package allows anyone
with appropriate privileges to see what anyone else is typing and receiving on
their terminal (passwords excepted, I suspect), or to "take over" another
terminal and broadcast their own commands to it. You can also record terminal
sessions and play them back at leisure.
"With the Video Seer utility, system managers can monitor terminal sessions to
detect system abuse or simply to identify performance drains on their systems."
Oh joy.
The ITS operating system (created about 15 years ago on PDP-10s, still
in use today) allows users to spy on each others screens anonymously,
and also to type on each others consoles. I believe that some other
old systems (such as PLATO) may have had similar capabilities.
On ITS, I found these features invaluable for assisting users who were
having trouble, for observing students, and also for monitoring system
intruders. ITS did not implement any system security, and anyone
could Spy, read anyone's files, etc.
Spying is similar to the capability on most systems of some privileged
user(s) being able to access anyone's files and mailboxes without
their knowledge. The information privacy issues and potential abuses
are probably exactly the same. If access to someone's files is like
access to their desk drawers or their locker, spying on them is like
looking over their shoulder. There are clearly legitimate ways in
which these capabilities can be used, notably in educational settings;
it's all a matter of the involved parties understanding and agreeing
to the situation.
As a security tool, spying is only useful for monitoring the session
of an intruder in action; having a security officer to sit around
spying on users at random would be ridiculously ineffiecient, and
would violate security principles.
Monitoring the sessions of users on a keystroke basis is fairly
obviously a pretty stupid way to conduct either a machine performance
or operator productivity analysis. There may be some legislation
somewhere about using these sorts of capabilities, and I imagine that
the unions have an opnion on the matter.EVERHART%ARISIA.decnet@GE-CRD.ARPA (02/28/89)
There have been several programs on the DECUS VAX SIG tapes and in other places for this purpose over the years. Best one so far is WATCH which was on the Fall '88 tapes (complete with source). It allows you to monitor what goes on at any other terminal, except DECnet remote terminals (whose internal architecture is very different from all other examples.) When used in conjunction with PHOTO one can very easily obtain a machine readable log of someone else's session. If used also in conjunction with BOSS, one can do this without giving up one's terminal. This involves some extra processes and system diddling, but is not too heavy a load even for a 750. However, watching someone's terminal sessions is not something that's desirable overall due to the generation of lots of junk information. The best way to handle people who are suspect seemed to be to force them in their logins to fire up PHOTO with a logfile that can be read later as needed, then log the session out if PHOTO finished. A logfile created in this way could perhaps be transferred via mail to a holding area where it could be examined and would be outside the security domain of the victim. Since it would be open during the entire session, it could not be deleted from the photo session. (Batch or the like are another matter; a short window would have to exist.) This avoids need for things like WATCH. However, WATCH is very handy for dialins, both to ensure they are attempting nothing dangerous and to offer help as needed. It needs hefty privs to run, but since it's PD, the capability exists in essentially ALL VMS installations. Does Unix have a similar capability? Is it PD? Glenn Everhart everhart%Arisia.decnet@ge-crd.arpa