home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Forum of Incident Response & Security Teams
/
Forum_of_Incident_Response_and_Security_Teams_FIRST_October_1994.iso
/
teaminfo
/
assist
/
a9336.txt
< prev
next >
Wrap
Internet Message Format
|
1994-07-08
|
7KB
From: Bob Downey (1/3/94)
To: Dave_Martin.LLIX@smtpqm.llnl.GO, Doug_Coffland.LLIX@smtpqm.llnl.,
CC: ciac@llnl.GOV
Mail*Link¿ SMTP ASSIST 93-36
>To: assist-bulletin@assist.ims.disa.mil
>Subject: ASSIST 93-36
>Date: Thu, 23 Dec 93 14:54:30 -0500
>From: Pete Hammes <pch@assist.ims.disa.mil>
>
>
><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> Automated Systems Security Incident Support Team
> _____
> ___ ___ _____ ___ _____ | /
> /\ / \ / \ | / \ | | / Integritas
> / \ \___ \___ | \___ | | < et
> /____\ \ \ | \ | | \ Celeritas
> / \ \___/ \___/ __|__ \___/ | |_____
><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> Bulletin 93-36
>
> Release date: 23 December 1993, 2:55 PM EST
>
>Subject: PBX Fraud Christmas Alert.
>
>SUMMARY: Telephone company statistics show that PBX fraud activity
>rises significantly during the Christmas holiday season.
>
>BACKGROUND: The International Information Integrity Institute (I-4)
>has received reports of recent PBX fraud activity. Historical data
>on this subject shows that the dollar amount of PBX fraud incidents
>rises during the holiday season when phone system use is at peak
>levels. Persons who have gained unauthorized access to a PBX will
>sometimes wait to exploit the resource during this period when
>demand is high, and much of the PBX owner's work force is on
>holiday leave. Intercepted passwords and PINs are rapidly
>communicated through the PBX fraud community, and there are
>documented cases in which unauthorized charges of over $100,000
>have been in just a few days.
>
>IMPACT: PBX owners can be held liable for significant dollar
>amounts of PBX toll fraud charges.
>
>RECOMMENDED SOLUTION: Listed below are tips for detering PBX fraud.
>
>* Ask your telephone security people to scrutinize any suspicious
> activity.
>
>* Check with your vendor to see if you have Direct Inward Service
> Arrangement (DISA) or computer controlled support systems for your
> PBX. These computer controlled support systems are subject to
> possible manipulation by unauthorized users.
>
>* If you have a DISA PBX, find out what the password management
> policy is for the system, and recommend a password change before
> the holidays.
>
>* Ensure that the system is being monitored for suspicious activity
> during the holiday period.
>
>* Consider disconnecting the DISA if suspicious activity is
> detected.
>
>* Obtain the National Institute of Standards and Technology (NIST)
> PBX security document, "Private Branch Exchange (PBX) Security
> Guideline", NIST Government Contractor Report, NIST/GCR 93-635,
> September 7,1993. NIST POC for this matter is Marianne Swanson,
> 301-975-3359.
>
>ASSIST is an element of the Defense Information Systems Agency
>(DISA), Center for Information Systems Security (CISS), that provides
>service to the entire DoD community. If you have any questions
>about ASSIST or computer security issues, contact ASSIST using one of
>the methods listed below. If you would like to be included in the
>distribution list for these bulletins, send your Milnet (Internet)
>e-mail address to assist-request@assist.ims.disa.mil. Back issues
>of ASSIST bulletins are available on the ASSIST bbs (see below),
>and through anonymous ftp from assist.ims.disa.mil.
>
>ASSIST contact information:
>PHONE: 703-756-7974, DSN 289, duty hours are 06:30 to 17:00 Monday
> through Friday. During off duty hours, weekends, and holidays,
> ASSIST can be reached via pager at 800-SKY-PAGE (800-759-7243) PIN
> 2133937. Your page will be answered within 30 minutes, however if a
> quicker response is required, prefix your phone number with "999"
>ELECTRONIC MAIL: assist@assist.ims.disa.mil.
>ASSIST BBS: 703-756-7993/4, DSN 289, leave a message for the "sysop".
>
>Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key
> encryption tool, to digitally sign all bulletins that are
> distributed through e-mail. The section of seemingly random
> characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and "BEGIN
> ASSIST BULLETIN" contains machine-readable digital signature
> information generated by PEM, not corrupted data. PEM software for
> UNIX systems is available from Trusted Information Systems (TIS) at
> no cost, and can be obtained via anonymous FTP from ftp.tis.com
> (IP 192.94.214.100). Note: The TIS software is just one of several
> implementations of PEM currently available and additional versions
> are likely to be offered from other sources in the near future.
>-----END PRIVACY-ENHANCED MESSAGE-----
>
>
Sandy Sparks, ssparks@llnl.gov
------------------ RFC822 Header Follows ------------------
Received: by smtpqm.llnl.gov with SMTP;27 Dec 1993 08:39:28 -0800
Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92)
#254#id AA19586; Mon, 27 Dec 93 08:39:57 PST
Return-Path: <ssparks@llnl.gov>
Received: from aisa.llnl.gov by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92)
#254#id AA19576; Mon, 27 Dec 93 08:39:54 PST
Received: by aisa.llnl.gov (5.65/DEC-Ultrix/4.3)
#254#id AA19377; Mon, 27 Dec 1993 08:38:36 -0800
Message-Id: <9312271638.AA19377@aisa.llnl.gov>
Date: Mon, 27 Dec 1993 08:38:36 -0800
To: downey1@llnl.gov
From: ssparks@llnl.gov (Sandy Sparks)
X-Sender: 843468@aisa.llnl.gov
Subject: ASSIST 93-36
Cc: ciac@llnl.gov
#000#
------------------ RFC822 Header Follows ------------------
Received: by smtpqm.llnl.gov with SMTP;3 Jan 1994 09:22:12 -0800
Return-path: bob_downey@smtpqm.llnl.GOV
Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id
<01H78OKUF8RK96W2AP@icdc.llnl.gov>; Mon, 3 Jan 1994 09:21:15 PST
Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id
<01H78OKC0CY896W2AO@icdc.llnl.gov>; Mon, 3 Jan 1994 09:20:53 PST
Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA00191; Mon,
3 Jan 94 09:21:55 PST
Received: from cheetah.llnl.gov by pierce.llnl.gov
(4.1/LL L 1 1 /`l l g v 0 . 2