|
********************************************************************** DDN Security Bulletin 01 DCA DDN Defense Communications System 22 Sep 89 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) (800) 235-3155 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed online by the DDN Security Coordination Center under DCA contract as a means of communicating information on network and host security exposures, fixes, & concerns to security & management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or 10.0.0.51] using login="anonymous" and password="guest". The pathname for bulletins is DDN-NEWS:DDN-SECURITY-nn.TXT (where "nn" is the bulletin number). ********************************************************************** DDN SECURITY COORDINATION CENTER OPERATIONAL 1. The Defense Communications Agency has created a facility to help the DDN community when security-related situations occur. The function of the DDN Security Coordination Center (SCC) is to provide a centralized and coordinated capability for the rapid, reliable, and secure distribution and coordination of security related information between DDN users, operations staff, and system maintenance providers. 2. The Defense Data Network Security Coordination Center is now operational. 3. In the past, the unclassified DoD Internet has seen a rash of security incidents. Typically, these incidents were due to commonly known software weaknesses in UNIX-based host products. In one instance, the exposure had had a fix published several weeks before it was exploited by a hacker. DARPA and other Agencies established Computer Emergency Response Teams (CERTs) to report security-related problems to vendors and assist in validating/verifying their fixes. 4. But there was no central clearinghouse in place coordinating and disseminating security-related fixes to MILNET users. In the past, the Network Information Center (NIC) had been pressed into this service, and the contractor (SRI) has done an excellent job when called upon. But the NIC was never intended to handle such a task. Now DCA has funded SCC to be DDN's clearinghouse for host/user security problems and fixes and to work with the DDN Network Security Officer as needed. 5. The SCC is ready to assist you with network-related host security problems. Call (800) 235-3155 (7:00 a.m. to 5:00 p.m. Pacific Time) or send e-Mail to SCC@NIC.DDN.MIL. For 24 hour coverage, call the MILNET Trouble Desk (800) 451-7413 or AUTOVON 231-1713. **********************************************************************