********************************************************************** DDN Security Bulletin 04 DCA DDN Defense Communications System 23 Oct 89 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) (800) 235-3155 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DCA contract as a means of communicating information on network and host security exposures, fixes, & concerns to security & management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [26.0.0.73 or 10.0.0.51] using login="anonymous" and password="guest". The bulletin pathname is SCC:DDN-SECURITY-nn (where "nn" is the bulletin number). ********************************************************************** HALLOWEEN PRECAUTIONARY NOTE Halloween is traditionally a time for tricks of all kinds. In order to guard against possible benign or malevolent attempts to affect the normal operation of your host, the DDN SCC staff suggests taking the following easy precautions: 1. Write a set of emergency procedures for your site and keep it up to date. Address such things as: - What would you do if you had an intruder (either a human or a computer virus)? - Who would you call for help? HINT: Read the top of this bulletin! Also, for 24 hour assistance: MILNET Trouble Desk -- (A/V) 231-1713 or (800) 451-7413 - Who is in charge of security at your site? - How would you apply a hardware/software fix if needed? 2. Save your files regularly, and make file back-ups often. Put the distribution copies of your software in a safe place away from your computer room. Don't forget where they're stored! 3. Avoid trivial passwords and change them often. (See the "Green Book" (Department of Defense Password Management Guideline), CSC-STD-002-85, for information on the use of passwords.) 4. Check to make sure your host has no unauthorized users or accounts. Also check for obsolete accounts (a favorite path for intruders to gain access). 5. Restrict system ("superuser", "maint", etc.) privileges to the minimum number of accounts you possibly can. 6. Well publicized accounts including "root", "guest", etc. AND the personal account for the system administrator should NOT have system privileges. (Past experience has shown that these IDs are more susceptible to successful intruder attacks.) 7. Keep your maintenance contracts active. Of course, these steps should be taken throughout the year as part of your regular operating procedure. ********************************************************************** X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X Another file downloaded from: NIRVANAnet(tm) &TOTSE 510/935-5845 Walnut Creek, CA Taipan Enigma Burn This Flag 408/363-9766 San Jose, CA Zardoz realitycheck 415/666-0339 San Francisco, CA Poindexter Fortran Governed Anarchy 510/226-6656 Fremont, CA Eightball New Dork Sublime 805/823-1346 Tehachapi, CA Biffnix Lies Unlimited 801/278-2699 Salt Lake City, UT Mick Freen Atomic Books 410/669-4179 Baltimore, MD Baywolf Sea of Noise 203/886-1441 Norwich, CT Mr. Noise The Dojo 713/997-6351 Pearland, TX Yojimbo Frayed Ends of Sanity 503/965-6747 Cloverdale, OR Flatline The Ether Room 510/228-1146 Martinez, CA Tiny Little Super Guy Hacker Heaven 860/456-9266 Lebanon, CT The Visionary The Shaven Yak 510/672-6570 Clayton, CA Magic Man El Observador 408/372-9054 Salinas, CA El Observador Cool Beans! 415/648-7865 San Francisco, CA G.A. Ellsworth DUSK Til Dawn 604/746-5383 Cowichan Bay, BC Cyber Trollis The Great Abyss 510/482-5813 Oakland, CA Keymaster "Raw Data for Raw Nerves" X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X