home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
teaminfo
/
assist
/
a9335.txt
< prev
next >
Wrap
Internet Message Format
|
1994-07-08
|
11KB
From: Pete Hammes (12/20/93)
To: assist-bulletin@assist.ims.disa,
Mail*Link¿ SMTP ASSIST 93-35
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate: MIICozCCAgwCAREwDQYJKoZIhvcNAQECBQAwgYYxC
zAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c3Rlb
XMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c3Rlb
XMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczAeFw05MzEyMDkxO
DU5MTZaFw05NTEyMDkxODU5MTZaMIGxMQswCQYDVQQGEwJVUzErMCkGA1UEChMiR
GVmZW5zZSBJbmZvcm1hdGlvbiBTeXN0ZW1zIEFnZW5jeTEwMC4GA1UECxMnQ2Vud
GVyIGZvciBJbmZvcm1hdGlvbiBTeXN0ZW1zIFNlY3VyaXR5MRgwFgYDVQQLEw9Db
3VudGVybWVhc3VyZXMxEzARBgNVBAsTCk9wZXJhdGlvbnMxFDASBgNVBAMTC1Bld
GUgSGFtbWVzMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDFFJkcaDOuS+6Ai2vmT
bwY6JRbhdzPsl6X60hnXruOw2WvrAhc8BTFB+id75m3M55i+Th6MxWH20QHyQq5u
yVghOu/s37OxIrj7irNPjtUdPv8b2m4hNGEW53QH6GmXkxLmgLzOhookpoYPC+uw
2MzibDnleVI50d2m//XsWs7hwIBAzANBgkqhkiG9w0BAQIFAAOBgQDHH6CmBoyWU
zPlqVnEWYKIBsifqdTJzkKfnoST7NDRIakUP49FP86Cyy1+2AKpUCWaxjq+wGHCH
RCNFCCrOwdC9z8XwJal/c69ml6eLRhOoX77ANndpU9E5+eHxP+6Ute6lc63K7+Lz
5xOULjmgaMmKDkTXveVcQO6R2CTY37vcA==
Issuer-Certificate: MIICNTCCAZ4CARswDQYJKoZIhvcNAQECBQAwRDELMAkGA
1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a
W9uIFN5c3RlbXMgUENBMB4XDTkzMTExMDIxMjIxNloXDTk0MDIxODIxMjIxNlowg
YYxCzAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c
3RlbXMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c
3RlbXMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczCBmjAKBgRVC
AEBAgIEAAOBiwAwgYcCgYEA19l6BN7iTGYEU61qJETIjBh3iAeHzoL8sZ5KwFRZD
S/a1KnYlD1zJHR/KeQCOBWW2HzX43TFLCNGU7UD9i6m8AymLe5IJf/bGh0Rne7Jd
Q1GAOLw7/J4hE57IMbGETZpzeU1D9IYxiERRNio/oa422lUlS9JZHLA5jaPNcUrX
P8CAQMwDQYJKoZIhvcNAQECBQADgYEAtk4EYPgH0//H896t95E+4m8zWRxwyAULr
a5wWThZ1TNjwdDQ3HbYC2IhXUA2N2Vzic5SWBFI6BRmEjWQrrgUNi4a26zZc6jiS
3OebUYo75t1kkzyRaEf0o3DPnkvo0FQziUJaFpu6Z1/+ZoGu4UURwr/jaA+g1oZC
6kDyRnygWc=
Issuer-Certificate: MIIB8jCCAVsCAQEwDQYJKoZIhvcNAQECBQAwRDELMAkGA
1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a
W9uIFN5c3RlbXMgUENBMB4XDTkzMDUyODE3MTEyN1oXDTk1MDUyODE3MTEyN1owR
DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZ
m9ybWF0aW9uIFN5c3RlbXMgUENBMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDbL
xaRlS3u54yyRgVDI5dcE9nlasL8fJqOGlyo7xH2FZnr3kUfsFj7OGiYsr6UbvqwK
nyfMIRUrXDUa64leGmft3SK27psDUHOynRSCc40d/HrDf810U5tnTamBKUIMqivK
4GoL0tMRA1eX6hALAvLLgK1HbnwZAo6GqQGW8CIJQIBAzANBgkqhkiG9w0BAQIFA
AOBgQDBp5aC6oV6IuFi8JCctq57bew604HHNllgjjp7zdXafq6jctRg2g91k/yFW
h19bJC/tNrb0WVwuZOs5L/FToPMNIIHzaW/YSROBmyhTDYaKHZGj0P1+iNjMbHt9
dm1QEHGIfKgBwFidItnOa74DfkXdijlPRnr/+E2Ib6PM+hEfQ==
MIC-Info: RSA-MD5,RSA,oYEr/QAEej7xkIKviazYDYRo/M7nX1boTNsLaA2xA3J
wDz5UUaoOlCFpdDJwMQj1vqSt6VfHeLhnbRgjqetMRWiyhpg7a/2NhH92CUQcLfT
DhUPAJqVfXDwaeLo1cvzg1T14+HFjHeR/vjmQnV+Mp6Ujq77ua1BpQaXSFC0bFdk
=
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Automated Systems Security Incident Support Team
_____
___ ___ _____ ___ _____ | /
/\ / \ / \ | / \ | | / Integritas
/ \ \___ \___ | \___ | | < et
/____\ \ \ | \ | | \ Celeritas
/ \ \___/ \___/ __|__ \___/ | |_____
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Bulletin 93-35
Release date: 20 December 93, 4:45 PM EST
Subject: Release of Security Profile Inspector (SPI) Version 3.0.
SPI is an automated security tool for Unix and VMS operating systems
designed to assist system managers and computer security personnel in
providing and maintaining computer systems security. The program
could also be a useful tool for designated approval authorities,
accreditors, and other DoD personnel involved in computer system
accreditations/certifications. SPI inspects various aspects of a
computer system and generates reports on items that may create
security problems for the system. The program was developed by
Lawrence Livermore National Labs under contract to the U.S. Department
of Energy. ASSIST provides funding support to the project, and is the
authorized distribution agent for SPI 3.0 within the DoD.
SPI 3.0 provides 6 major inspection utilities:
a. Quick System Profile (QSP)
b. Access Control Test (ACT)
c. Password Security Inspector (PSI)
d. Binary Inspector Tool (BIT)
e. Change Detector Tool (CDT)
f. Configuration Query Language (CQL)
"a" through "d" above are vulnerability detection tools, "e" is an
intrusion (change) detection tool, and "f" is a flexible system for
making varied security inquiries or requests for system data. All of
SPI's security functions, and some administrative functions are
accessible through a menu-driven user interface that was developed
with ease of use as a priority. SPI/Unix has been tested on standard
System V, Berkeley Unix, Sunos 4.X, and Solaris 2.X operating
systems. An extensive configuration script is also included which
will try to configure SPI to as many different version of Unix as
possible.
SPI 3.0 represents a significant revision in the program
architecture, and several new or enhanced features. The new product
structure contains several "OS extraction libraries" that map
operating system data into elements of a SPI unified security model.
Unix and VMS libraries have been written which allow the security
inspection codes to operate in varied environments. CQL is employed
as a major new security inspector, and serves as an inspector in it's
own right as well as being an intelligent server of information to
other inspector functions. The CDT replaces the "file inode" and
"file data change detector" routines contained in previous versions
of SPI, and the consolidation has improved efficiency and reduced
false positives.
The development and increased availablility of automated tools that
probe systems for weaknesses, and information about how to exploit
system weaknesses have added significant new threats to network
environments. Programs like the Internet Security Scanner (ISS), and
Security Analysis Tool for Auditing Networks (SATAN), will make it
easier for persons with limited expertise to exploit system
vulnerabilities. ASSIST strongly urges DoD security and system
administration personnel to implement SPI where ever possible, make
every effort to learn about their systems vulnerabilities, and prepare
for an increased volume of network attacks in the near future.
ASSIST will make SPI 3.0 Available to DoD personnel responsible
for security and/or administration on any DoD owned computer system.
The program will also be made available to DoD contractors who submit
a letter of request for SPI 3.0 from the DoD element that is the
sponsor of their activity. Requests for SPI 3.0 can be submitted to
ASSIST using any of the contact points listed in the final paragraph
of this message. The program will be available on tape, floppy disk,
and via Milnet ftp. Note: ftp transfers will only be done with SPI
in DES encrypted format to Milnet sites that have obtained the DES
key from ASSIST. ASSIST will also be maintaining a mailing list of
SPI-user Milnet email addresses that will be used to distribute and
collect information about SPI 3.0. Anyone who wants to be included
in this mailing list should send a request via milnet to
dod-spi-request@assist.Ims.Disa.Mil.
ASSIST is an element of the Defense Information Systems Agency
(DISA), Center for Information Systems Security (CISS), that provides
service to the entire DoD community. If you have any questions
about ASSIST or computer security issues, contact ASSIST using one of
the methods listed below. If you would like to be included in the
distribution list for these bulletins, send your Milnet (Internet)
e-mail address to assist-request@assist.ims.disa.mil. Back issues
of ASSIST bulletins are available on the ASSIST bbs (see below),
and through anonymous ftp from assist.ims.disa.mil.
ASSIST contact information:
PHONE: 703-756-7974, DSN 289, duty hours are 06:30 to 17:00 Monday
through Friday. During off duty hours, weekends, and holidays,
ASSIST can be reached via pager at 800-SKY-PAGE (800-759-7243) PIN
2133937. Your page will be answered within 30 minutes, however if
a quicker response is required, prefix your phone number with "999"
and ASSIST will return your call within 5 minutes.
ELECTRONIC MAIL: assist@assist.ims.disa.mil.
ASSIST BBS: 703-756-7993/4, DSN 289, leave a message for the "sysop".
Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key
encryption tool, to digitally sign all bulletins that are
distributed through e-mail. The section of seemingly random
characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and "BEGIN
ASSIST BULLETIN" contains machine-readable digital signature
information generated by PEM, not corrupted data. PEM software for
UNIX systems is available from Trusted Information Systems (TIS) at
no cost, and can be obtained via anonymous FTP from ftp.tis.com
(IP 192.94.214.100). Note: The TIS software is just one of several
implementations of PEM currently available and additional versions
are likely to be offered from other sources in the near future.
-----END PRIVACY-ENHANCED MESSAGE-----
------------------ RFC822 Header Follows ------------------
Received: by smtpqm.llnl.gov with SMTP;20 Dec 1993 13:51:56 -0800
Return-path: pch@assist.ims.disa.MIL
Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id
<01H6PDWJNH3K96VTFN@icdc.llnl.gov>; Mon, 20 Dec 1993 13:51:04 PST
Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id
<01H6PDVXDME896VTFM@icdc.llnl.gov>; Mon, 20 Dec 1993 13:50:40 PST
Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA05422; Mon,
20 Dec 93 13:51:31 PST
Received: from cheetah.llnl.gov by pierce.llnl.gov
(4.1/LLNL-1.18/llnl.gov-05.92) id AA05393; Mon, 20 Dec 93 13:51:21 PST
Received: from pierce.llnl.gov (pierce.llnl.gov [128.115.18.253]) by
cheetah.llnl.gov (8.6.4/8.6.4) with SMTP id NAA22073 for
<ciac@cheetah.llnl.gov>; Mon, 20 Dec 1993 13:50:05 -0800
Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA05369; Mon,
20 Dec 93 13:51:08 PST
Received: from assist.ims.disa.mil by pierce.llnl.gov
(4.1/LLNL-1.18/llnl.gov-05.92) id AA05330; Mon, 20 Dec 93 13:50:23 PST
Received: from shilo.ims.disa.mil by assist.ims.disa.mil (4.1/2.4) id AA05567;
Mon, 20 Dec 93 16:45:32 EST
Received: by shilo.ims.disa.mil (4.1/2.4) id AA04521; Mon,
20 Dec 93 16:44:53 EST
Date: 20 Dec 1993 16:44:15 -0500
From: Pete Hammes <pch@assist.ims.disa.MIL>
Subject: ASSIST 93-35
Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV
To: assist-bulletin@assist.ims.disa.MIL
Resent-message-id: <01H6PDWJQ5JM96VTFN@icdc.llnl.gov>
Message-id: <9312202144.AA04521@shilo.ims.disa.mil>
X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov
X-VMS-To: IN%"assist-bulletin@assist.ims.disa.MIL"
Content-transfer-encoding: 7BIT
======================================================================