***********************************************************************
DDN Security Bulletin 90-01       DCA DDN Defense Communications System
25 Jan 90                Published by: DDN Security Coordination Center
                                      (SCC@NIC.DDN.MIL)  (800) 235-3155

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The bulletin
pathname is SCC:DDN-SECURITY-yy-nn (where "yy" is the year the bulletin
is issued and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-90-01).
**********************************************************************
 
                   SECURITY VIOLATION REPORTING
 

    a.  Initial Notification.  Any DDN user (person/department/agency)
having knowledge of a suspected network security violation must
contact the appropriate Defense Communications Agency OC/ACOC
(Operations Center/Area Communications Operations Center) to report
the violation.  If possible, reporting should be via secure means.

Secure and commercial telephone numbers to DCA Operations Centers are: 

  WESTHEM/CONUS OC has KY3-2222; STU III (DSN) 312-746-1849;
                       (COMM) 202-692-5726/2268 or 1-800-451-7413.

  PACIFIC ACOC has STU III (DSN) 315-456-2777; (COMM) 808-656-2777.  
 
  EUROPEAN ACOC has KY3-6429; STU III (DSN) 314-430-5703; 
                    (COMM) 49-0711-680-5703.  

The SCO or MC supervisor will request the following information:
 
        (1) Identity of caller:
            -What is caller's name and phone number
            -Where is caller calling from (organization)
            -Where is caller calling from (city & state)
            -What is the caller's DDN network address
 
        (2) Details about the incident:
            -When did the violation occur
            -What happened
            -How did the violation occur (if known)
            -What damage was done
            -What has the subscriber done about the violation
            -What networks are they connected to
            -What software is being used - Version
            -How many subscribers are known to be affected
            -How many subscribers are vulnerable (if known)
            -Who else has been notified - Names & phone
             numbers
 
        (3) Anything else the caller wishes to report
 
Once a suspected violation is reported and the above
information collected, the PACIFIC and EUROPEAN ACOCs will
immediately relay this information back to the DCAOC
(WESTHEM/CONUS) for action.
 

    b.  Follow-on Network Information via the Security Coordination
Center.  DCA, through direction provided by the DDN Network Security
Officer (NSO), will provide rapid and reliable follow-on information
on security exposures, fixes, and concerns via the SCC.  Distribution
of information is accomplished via DDN Security Bulletins.  Network
security and management personnel are encouraged to pay close
attention to these bulletins as they may be of great assistance either
in preventing network security problems or in solving existing
problems.  DDN Security Bulletins will be published on as "as needed"
basis.

Note: this bulletin starts a new numbering scheme for DDN Security
Bulletins.  From now on, all bulletin numbers, including those of 
previously issued bulletins, will follow the form YY-NN, where YY is
the year the bulletin is issued and NN is the number of the bulletin 
for that year.  Thus, this is DDN Security Bulletin 90-01; it is 
online at NIC.DDN.MIL as SCC:DDN-SECURITY-90-01.
-------