**********************************************************************
 
DDN Security Bulletin 01         DCA DDN Defense Communications System
                        Published by: DDN Security Coordination Center
                                     ([email protected])  (800) 235-3155
 
                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN
 
The DDN SECURITY  BULLETIN is distributed  online by the  DDN Security
Coordination Center  under DCA  contract as  a means  of communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be obtained via  FTP (or Kermit)  from the SRI-NIC  host [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The pathname
for  bulletins  is  DDN-NEWS:DDN-SECURITY-nn.TXT  (where  "nn"  is the
bulletin number).
 
**********************************************************************
 
             DDN SECURITY COORDINATION CENTER OPERATIONAL
 
1.  The Defense  Communications Agency has  created a facility to help
the  DDN  community  when  security-related  situations  occur.   The
function of the DDN Security Coordination Center (SCC) is to provide a
centralized and  coordinated capability  for the  rapid, reliable, and
secure distribution  and coordination of security  related information
between DDN users, operations staff, and system maintenance providers.
 
2.  The  Defense  Data  Network  Security  Coordination  Center is now
operational.
 
3.  In the past,  the unclassified  DoD Internet  has seen  a rash  of
security incidents.  Typically, these  incidents were due to  commonly
known  software  weaknesses  in  UNIX-based  host  products.   In  one
instance, the exposure had had a fix published several weeks before it
was  exploited  by  a  hacker.   DARPA  and other Agencies established
Computer Emergency Response  Teams (CERTs) to  report security-related
problems to vendors and assist in validating/verifying their fixes.
 
4.  But there was no central clearinghouse in place coordinating  and
disseminating security-related  fixes to  MILNET users.   In the past,
the  Network  Information  Center  (NIC)  had  been  pressed into this
service,  and  the  contractor  (SRI)  has  done an excellent job when
called upon.   But the NIC was never intended  to handle  such a task.
Now  DCA  has  funded  SCC  to  be  DDN's  clearinghouse for host/user
security problems and fixes and to work with the DDN Network  Security
Officer as needed.
 
5.  The SCC is ready to assist you with network-related host security
problems.  Call (800) 235-3155 (7:00 a.m. to 5:00 p.m. Pacific Time) or
send e-Mail to [email protected].  For 24 hour coverage, call the MILNET
Trouble Desk (800) 451-7413 or AUTOVON 231-1713.
 
**********************************************************************
Downloaded From P-80 Systems 304-744-2253