White Paper: How to "Hide" Data Files Using Revelation Software's Universal Driver (Deployment)

Kevin Ruane

Revelation Software

 

One of the unique features of the Universal Driver (UD) is the ability to establish virtual directories. A common use of this is to  hide  data files in directories where users cannot access or modify them from outside OpenInsight (OI). This allows sites with sensitive data to add an extra layer of security.

 

Due to the multiple platform installs of the UD, we will need to break this process of  hiding  data files down to two separate categories: Netware/Linux Networks and Windows Networks.

 

Hiding Data Files in Netware and Linux Networks

 

One change between previous Revelation NLMs and the UD install for Netware is the lh3srvc.ini file. In this file you specify where the application data resides,specifically where on the server the data volumes reside. While you need to point to the directory where the application resides, you are not limited to all your data residing in the same directory, or even the same share. For example, a typical lh3srvc.ini file would contain:

 

 

 

The Revparam file, a necessary component in any Revelation Network Product, takes on a new role with the Universal Driver;directing the data back to the Universal Driver. The Revparam file in that Revsoft\OI directory would contain:

 

 

No other reference is needed for the UD to  protect  the data under the OI directory. All data and subdirectories under Revsoft\OIare encompassed with the singular revparam in the main application directory.

 

If you have sensitive data that needs to be in a secured or remote section of the file server, this  hiding  is done with modifications to the Shares section of the lh3srvc.ini.

For instance, if you have a subdirectory named STUDENTS that needs to be removed from under \Revsoft\OI and moved into its own secure directory under the SCHOOLS directory, you would add the following line to the Shares section of the lh3srvc.ini:

 

 

STUDENTS=SYS:SCHOOLS\STUDENTS

 

 

 

This new share entry instructs the UD to point the Revelation application to where the  hidden  data resides.

 

With the modification from above, the contents of the lh3srvc.ini will look like:

 

 

Although you needed only one Revparam for the OI application when all data was underneath the \Revsoft\OIdirectory, you will now need to create another Revparam in the STUDENTS subdirectory. The format is the same as the Revparam under Revsoft\OI, but you will need to enter the share name that you created for the STUDENTS directory:

 

The two Revparam files will look like:

 

 

 

Stop and restart the UD for the changes in the lh3srvc.ini and Revparam files to take effect. Now from the application in the \Revsoft\OIdirectory, you will be able to attach and see the contents of the STUDENTS directory, though it is no longer underneath \Revsoft\OI.

 

Although the installation of the UD varies slightly between Netware and Linux, how they use their corresponding lh3srvc.ini and lh3srvc.conf files is the same. The explanation of how to configure the lh3srvc.ini will also apply to the lh3srvc.conf.

 

 

Hiding Data in Windows Networks:

 

On Windows installations of the UD, there is no lh3srvc.ini or lh3srvc.conf files to modify to  hide  data. Instead, to  hide  data, a change is made to the registry of the server on which the Universal Driver is installed. This change to the registry is creating something similar to a mount point  where the data resides. In order to have  hidden  data, you will need to be running the Universal Driver in pure TCP/IP mode.

 

Using the STUDENTS example again, let s say the application directory structure is:

 

C:\Revsoft\OI\data

 

There is a Revparam in the \revsoft\OI that is protecting all the data and subdirectories in the \OI directory.

 

There is a second directory "C:\SCHOOLS\STUDENTS" with a Revparam with the contents "ServerOnly=1".

 

For the application to be able to find the STUDENTS data using the UD, you will need to make it possible for OI to see where the data is.

 

Goto the registry entry Universal Driver:

 

HKEY_LOCAL_MACHINE  SOFTWARE  Revsoft  Revelation Universal Driver  3.0

 

Under the 3.0 folder, create a new key called "Shares".

 

Under "Shares" create a new string value - give it a descriptive name, like "student". The value data should be the path to where the data is -in this case, "C:\SCHOOLS\STUDENTS".

 

 

Now the STUDENTS data is in place, and the UD knows where to find it. The last step is to create a  mount point  in OI to point to where the student data resides.

 

Under the C:\OI\Revsoft\data directory, create a subdirectory called  STUDENTS. 

 

In that directory create a Revparam file. This Revparam needs to contain the information:

 

 

Once the Linear Hash Service is restarted, you will be able to access your STUDENTS data in its new location.

 

Conclusion

 

The Universal Driver can be a valuable tool in protecting your data from users on your network. In this time when data security is more important than ever, it is a necessary tool.

 

References

 

The Universal Driver 3.0 Installation Manual

 

Mysteries of the Universal Driver Revealed   presented at the Revelation Software Users Conference,2004