Spyglass/iX offers back-seat system management
SpyGlass/iX
Version 2.02

Workgroup Solutions
25422 Trabuco Rd. #105-273
Lake Forest, CA 92630
Phone 949.766.4850
Fax 949.766.7978

SpyGlass/iX includes one 38-page manual and all the software required to run on your HP 3000. It requires the Reflection terminal emulator to install from diskette.

SpyGlass/iX for the HP 3000 runs on all HP 3000 Series 900s, MPE/iX 5.0 or later. The software is tier-based, ranging from $1,200 to $2,000 with discounting for multiple CPUs. Support is 20 percent of the purchase price per year and includes phone-in and electronic support, and new releases of the software. Prices are in US dollars.

Utility looks over shoulders of 3000 users online to trouble-shoot operations
Review by Shawn M. Gordon
Security audit checking and user trouble-shooting aren’t the most interesting and glamorous things to have to do, but a tool like SpyGlass/iX can make life a lot easier for you. At its most basic, SpyGlass will let you point at a terminal and see everything that a user is doing, just as though you were looking over their shoulder.

Another feature of SpyGlass is the ability to just record what a terminal does, and play it back later. This means you could set it up on a console port or something, and see what all your dial-in people were doing. The playback speed can be controlled, but there is no search capability. Some of my preliminary testing yielded fascinating results about people abusing their 3000 privileges.

How does it work?

I don’t know how SpyGlass does its magic. It totally amazes me and everyone I’ve shown it to. What is more amazing is that the main program is a compatibility mode program — I’m assuming it’s written in SPL. SpyGlass will keep track of who ran it, and what function they performed, but it will only report on its WATCH and SPY modes, as shown in Figure 1 below:

 Display Audit Transactions

Seq     Watcher                     User                      Date    Time
Cmd

---- -------------------------- -------------------------- ---------- -----
---
                                             

1    SHAWN,MANAGER.SYS          COWAJX01,MGR.FHMRMDEV      11/09/1998 08:37
WAT
2    SHAWN,MANAGER.SYS          PFIRMX01,MGR.FHMRMDEV      11/09/1998 08:28
SPY

Features

There are four basic modes for “spying” on users. In WATCH mode, the user who is being “watched” will have a message pop up over their function keys telling them that they are being watched. In SPY mode, the user is not notified that they are being watched. This is the only difference between WATCH and SPY mode.

SpyGlass will do its best to capture the current screen contents if you direct it to, but it’s not always successful. To get around this, there is a MONITOR mode. This mode requires that you know who you are going to watch beforehand. The user would have to run SpyGlass with the MONITOR entry point, and then when you go to Spy/Watch them, the contents of their screen will all be ready to go, so you will be sure to get the contents. This can be important when a user calls with a screen error, but you don’t have the context of the rest of the screen. It might be a good idea to just have a logon UDC that has everyone go into MONITOR mode so you will always be prepared.

The final mode of screen collection in SpyGlass is the LOG. This is an entry point in the program that will record everything that the user sees and types. This allows you to peruse activity at your leisure, and I found it one of the most useful modes for security auditing — because it’s pretty tedious watching someone type if you are looking for security problems. Figure 2 below shows an example of the LOG.

 Display Log Files

Seq  Logon ID                    Group    Date      Time Device Session

---- -------------------------- -------- ---------- ----- ---- ------

1    BOB,MGR.SMGA               SOURCE   11/09/1998 08:35 46    34
2    LARRY,USER.PROD            PUB      11/09/1998 07:56 46    30
3    ARCLERK,MGR.AR             AR       11/06/1998 14:27 12    525
4    SHAWN,MGR.SMGA             PUB      11/06/1998 14:08 4     523

You can selectively remove log or audit entries from the SpyGlass history with either the REMOVE or DELETE COMMANDS.

There is security built into the software, but it is all geared towards controlling who the manager can watch. While this is definitely useful, the product also needs the ability to control access to the program itself, so you can specify who has Spy, Watch, or Log viewing/manipulation capability.

There are other, less obvious, applications for this software. Imagine that you want to do training, or walk someone through something that is remote to your location. Just have them point to your terminal and run the program. They can sit and watch everything that you do and get a clear understanding of the process.

Installation and Documentation

The software comes on a single diskette, which is pretty handy, but it requires that you have the Reflection terminal emulator. The problem with this is that a lot of shops use the MiniSoft emulator, so you might be in trouble when you try to install the software. The documentation indicates that you can also receive the software on tape, but they didn’t ask how I wanted it. Other than that restriction, the scripts install it quite easily, and everything was ready to go.

The manual is done as a reference guide and not a training guide. The first two commands are WATCH and SPY, then the rest are documented in alphabetical order. Overall the manual is a bit sparse, and some topics aren’t really covered adequately, but the product isn’t that complex, so in general it’s okay.

The TestDrive

I was asked by a client to help pin down some security problems they were having. So I brought in SpyGlass because it was going to tell us everything without having to try to piece it out of the system log files. What we found was shocking, and we were able to have absolute proof of what was going on.

I was able to watch people in COBOL, CI, block mode, PowerHouse, and QEdit visual mode, as well as my proprietary terminal interface, without a problem. Some of these things can use some strange terminal handling, so I was pleased that they all appeared to work correctly. I wasn’t able to produce any error conditions within the product, but you may want to disable typeahead — having this enabled at the CI can make it a little tough to get the Y sequence to catch.

Conclusions

I love this product, especially the logging function. It is so awesome to be able to just point this thing at ports or users and then be able to play back the log files at any time. It would be nice if you could scan the log files for strings, but that may not be practical, since you could have block mode and all sorts of bizarre things. SpyGlass/iX is going to join my toolbox of “must have” utilities.