Software Disk Protection
Specifying the use of a removable hard drive for computer systems
which only occasionally process classified information represents
an expense that may not always be necessary. Other possible
solutions should be considered before making a final decision on
how to implement processing security measures.
Certain application programs are readily available which are
intended to block writing attempts to the system hard disk. The
intent when using these programs is to place emphasis on
procedural
requirements and the user rather than the equipment. Procedural
measures assume that normal system users do not intentionally try
to circumvent their own security protection measures. When used
correctly these programs work very well, and are now becoming
widely accepted for stand alone computer systems.
The two common programs that are used to prevent writing to hard
disks are PROTECT.COM and WPHD.COM. Both programs are similar.
Each trap interrupt number 13, the normal interrupt used for
writing to the hard disk. This interrupt is also commonly used
by
other interrupts for disk writes. Most (but not all)
applications
use this interrupt for hard disk writing.
PROTECT.COM and WPHD.COM will NOT protect the hard disk against a
Virus or a low level format. In addition, if somehow a classified
file is written to the fixed disk, disk removal and control will
be
required. The IS Security Office will follow the same
procedures
as employed for other classified storage media when
de-classifying
the hard disk.
Determination of Program's Applicability
Placing control and operational constraints on classified
processing activities is not as complicated as it sounds. When
using the protection program, the IS may be operated in both an
unclassified and a classified security mode as needed without
changing equipment. However, during classified operation the
system will need to operate in a stand alone dedicated mode.
This
means it must not connected to a network, and be limited to one
user at any given time (no concurrent processing by more than one
user). This approach for security emphasizes the users
consciences
and active part in the classified processing operation.
Standard Operating Procedures For PROTECT.COM (Security
Supplement)
The Security Supplement is intended for use by Naval Research
Laboratory (NRL) personnel who have occasional need to perform
classified data processing or similar activities. Its purpose is
to serve as an example and to set forth standard practice
procedures for safeguarding classified data processed by
Microcomputer Data Processing Systems.
The generic standard practice and procedures were developed in
accordance with the requirements of DoD Directive 5200.28 and
SECNAV Instruction 5239.2. IS System Managers use the document
as
the basis to generate their own operating procedures. Once the
procedure for a specific system is approved, no deviations are
authorized without prior approval by the NRL IS Security Office.
Installing and Executing The Program
The NRL IS Security Group will supply a controlled disk
containing
the copy of PROTECT.COM software. After the program is stored on
the system the program is executed by typing in the file name
PROTECT, prior to starting any classified processing. The message
"Hard Disk Protection On" will be displayed on the CRT screen.
From
that point on any requests for DOS to write on Drive C: or above,
should be prevented by this hard disk write protect program. The
PROTECT program can be turned off by typing in the program name
again. When this is done, a "Hard Disk Protection Off" message
will
be displayed on the screen.