This is the home page for the program "TOPSECRET_NET".
Down load the latest version (includes source code):
Down load Topsecret-Net (for Linux) v0.90 beta
This program is freely distributable and fully functional with no time
limits;
Shareware registration is $10 for each client computer use.
For program questions or current registration address contact author
at : nomad01@fdn.com
---------------------------------------------------------------------------------------------------
What is Topsecret_Net ?
-----------------------
Topsecret_net is a network encryption program.
It allows you to transfer files across a lan or internet and
offers protection against electronic eavesdropping of data in transit.
If you are new to networks please see "New to networks?" section below.
Is it easy to eavesdrop on a network?
------------------------------------
The short answer is, yes.
-You can mechanically splice into a line somewhere in your building.
-You can remotely monitor electromagnetic signals.
-You can remotely monitor through software alone.
So in reality passwords, fire walls and sensitive data
are very much at risk.
Will Topsecret_Net take care of ALL of my security needs?
------------------------------------------------------
No, you should never rely on a single program for all of your
security needs, especially if your data is highly sensitive.
But this program is a GREAT step in the right direction,
since the net is so vulnerable.
It is also advisable to use encryption programs like "Topsecret"
(available on the net for Dos and Linux), and others, so your
data
can be scrambled with several algorithms even before it is scrambled
by Topsecret_Net.
Linux programs are ideal for security because both the operating
system and the program source codes are available for inspection.
How does Topsecret_Net secure data?
-----------------------------------
Each user maintains a three letter "xxx/" user directory on both the
server and client machine. Within the user directory a separate
"catalyst" directory is maintained.( A catalyst is like a key.)
You have to have at least one catalyst in the catalyst directory,
it must be identical in both the server and client machine.
Different sections of the catalyst are continuously changing for
each different file that is transported on the net.
Even though the catalysts are continuously modified, depending
on your security needs, you should periodically replace them.
They should be fairly random and and their length should be,
your guess of the average length of the files transmitted.
Longer catalysts offer higher security for transmitting
large files, but will take a little more c.p.u. crunching time.
Usage topsnet (server)
----------------------
The number of parameter inputs for the program may seem
intimidating at first, but once you understand the function
of each, and implement the proper directories and catalysts,
the program is fairly simple to use. The command line input
format is ideal for incorporating the client programs into
scripts.
Note: All of the following arguments are entered as a command
line with a single space between each parameter.
1)./topsnet
2) /topsnet/download/
3) /topsnet/upload/
4) /topsnet/catalyst/
5) password
6) 3
1) Starts server, and shows "accepting connections..."
message when ready.
2) Download directory for server,
Must start and end with "/".
3) Upload directory for server,
Must start and end with "/".
4) Catalyst directory for server ,
Must start and end with "/".
NOTE: All directories MUST have a three letter xxx/
sub directory for EACH (user id.,) on server storage device.
5) password, All clients must use this password. In addition
to the catalyst the password is also used to encrypt data.
6) mode
mode-1-serve topsget
mode-2-serve topssend
mode-3-serve topsget and topssend
usage for topsget (client)
--------------------------
Note: All of the following arguments are entered as a command
line input with a single space between each parameter.
1) ./topsget
2) 192.168.1.2
3) remote_read_file
4) local_write_file
5) xxx/data_catalyst_file
6) password
1) Starts topsget client.
note: You must be start topsget from the root directory of xxx/
on your client computer. That means that xxx/ must be
a sub directory of your current directory.
2) I.P. address or domain name of server.
3) This is the name of the file on the server, located at e.g..;
(topsnet/download/xxx/remote_read_file)
do not put "/" in front or after parameter, in the middle is
ok for multiple directory access within user id.
xxx/ = user id. directory.
/**************/
If you ask for file "topsdir.txt",
you will get a directory listing for that directory.
/**************/
4) This is the file name you want to write locally.
5) This is the name of the catalyst to be used on server,
located at e.g.,;
(topsnet/catalyst/xxx/data_catalyst_file)
do not put "/" in front or after parameter, in the middle is
ok for multiple directory access within user id.
6) This is the password for server.
usage for topssend (client)
----------------------------
Note: All of the following arguments are entered as a command
line input with a single space between each parameter.
1) ./topssend
2) 192.168.1.2
3) local_read_file
4) remote_write_file
5) xxx/data_catalyst_file
6) password
1) Starts topssend client.
note: You must be start topssend from the root directory of
xxx/
on your client computer. That means that xxx/ must be a
sub directory of your current directory.
2) I.P address or domain name of server.
3) This is the local name of file to send.
4) This is the name you want to give on the server,
file will go to dir e.g..;
(topsnet/upload/xxx/remote_write_file)
do not put "/" in front or after parameter, in the middle is
ok for multiple directory access within user id.
xxx/ = user id. directory.
5) This is the name of the catalyst to be used on server,
located at e.g.,;
(topsnet/catalyst/xxx/data_catalyst_file)
do not put "/" in front or after parameter, in the middle is
ok for multiple directory access within user id.
6) This is the password for server.
Files created for use by program.
---------------------------------
-A scratch pad file with a "t" in front of the catalyst name.
source code label twodatacatalyst
-A lock flag file with "l" in front of the catalyst name.
source code label lkdatacatalyst
The lock file TRIES to deny a second command from accessing the
same data catalyst while in use. But if the commands are only a
few mili seconds apart it may cause a lock up and possibly corrupt
the catalyst. Your script programs should wait until one transfer
is complete before ordering another, if they are using the SAME
data catalyst (on server and client). If you see a lock file
and no transfer is associated with that catalyst, there
may have been a bad process where the transfer was not
completed. If you are sure all parameters are correct you
can try deleting the lock file for user id. catalyst on
server and/or client, and retry the process.
Another possible source of catalyst corruption is if your storage
media does not write or store the catalyst data accurately.
If those two possibilities can be ruled out,
then intentional corruption by someone is a possibility.
Requested files cannot start with a "#" because topssend uses this
as a flag. Files cannot have ".." or "//" for security reasons.
port number
-----------
The port numbers are set to 4333, if you require a different number,
you can go to the source code and change the port number and
recompile the program, using a command line like.
"gcc -o topsnet topsnet.c"
All three programs must have the same data.
topsnet.c
topsget.c
topssend.c
If you get a "no permission" to execute message,
you will need to enter;
"chmod +x topsnet"
or "chomd +x ./topsnet"
New to Networks?
----------------
An excellent book for you is;
"The Linux Network" by Fred Butzen and Christopher Hilton.
ISBN 1-55828-589-X
53999
You can try this program even on one computer at home.
On one computer you can simulate a network by addressing 127.0.0.1
which is a "loop back" i.p. address.
If you enter;
ping 127.0.0.1
and if you see lines that look like this;
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.1 ms
your tcp/ip networking is working.
-------------
If your ethertnet card did not get setup by the kernel you
may have to compile the current vendor source code to your version
to get a e.g.... "dmfe.o" file.
Then enter e.g..;
insmod dmfe.o
ifconfig eth0 192.168.1.1 netmask 255.255.255.0
ping 192.168.1.1
If you get a good ping response from your computer, and/ or
different computers on your net, you are in business!
security/hints/info
-------------------
The author of this program has also written "Topsecret" an encryption
program for Dos and Linux, which has received good marks from
"www.zdnet.com"
(This program is a network program and does not use the same
algorithms that are used by the encryption program "topsecret".
Therefore data encrypted by that program will not be decrypted
by this program.)
Also if you are picky about words the "catalysts" are
intentionally changed after the encryption "reaction"
and not during, so the definition holds true. :)
If you have obtained the executable program from questionable
sources, then it would be a good idea to compare program
by using the "cmp" command with more reliable sources.
For example:
If "cmp /util/tops /download/tops"
returns only a prompt and no errors,
then the compare operation was successful.
The encrypted data is the same size as the input data.
This means that there is less chance of compromising clues
being left in the data.
Since command line input script programs may contain sensitive
information, the scripts and the associated files/data should
not be compromised.
History files such as;
/root/.bas_history
/home/yourusername/.bash_history
may also store sensitive information. In this case one thing
you could you do is try is the following commands
for EVERY session ;
myterm: HISTFILESIZE=1
myterm: HISTSIZE=1
myterm: set ----(shows current values for bash variables)
The command line input is ideal for time critical operations when
used in conjunction with RAM drives and scripts for
real time network data encryption.
If sensitive data was written to a disk,
format the disk and overwrite the whole disk before disposal.
Ensure personnel have proper security clearance.
Have building and personnel checked for surveillance equipment.
"The business of security, is the business of paranoia."