home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
InfoMagic Standards 1994 January
/
InfoMagic Standards - January 1994.iso
/
inet
/
scc
/
9123
< prev
next >
Wrap
Text File
|
1991-12-05
|
3KB
|
67 lines
**************************************************************************
Security Bulletin 9123 DISA Defense Communications System
7 November 1991 Published by: DDN Security Coordination Center
(SCC@NIC.DDN.MIL) 1-(800) 365-3642
DEFENSE DATA NETWORK
SECURITY BULLETIN
The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
Coordination Center) under DISA contract as a means of communicating
information on network and host security exposures, fixes, & concerns
to security & management personnel at DDN facilities. Back issues may
be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5]
using login="anonymous" and password="guest". The bulletin pathname is
SCC:DDN-SECURITY-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-9123).
**************************************************************************
NETWORK SECURITY TESTING AND MONITORING
1. IN ACCORDANCE WITH NATIONAL TELECOMMUNICATIONS AND INFORMATION
SYSTEMS SECURITY DIRECTIVE (NTISSD) NO. 600, "COMMUNICATIONS
SECURITY (COMSEC) MONITORING," 10 APR 90 (FOUO), IT IS REQUIRED
THAT USERS OF GOVERNMENT TELECOMMUNICATIONS SYSTEMS BE NOTIFIED
IN ADVANCE THAT THEIR USE OF THESE SYSTEMS CONSTITUTES CONSENT
TO MONITORING FOR COMSEC PURPOSES. THE SAME APPLIES TO SECURITY
TESTING OF AUTOMATED INFORMATION SYSTEMS AND NETWORKS.
2. ADEQUATE NOTICE TO USERS CAN BE ACCOMPLISHED BY ANY OF THE
FOLLOWING MEANS OR ANY COMBINATION THEREOF:
(A). DISPLAYING A PRINTED MESSAGE DURING THE LOG-ON PROCESS.
(B). DISPLAYING A PRINTED MESSAGE PERIODICALLY OR CONTINUALLY
DURING SYSTEM OPERATION.
(C). DECALS PLACED ON PROCESSING TERMINALS, TRANSMITTING AND
RECEIVING DEVICES.
(D). NOTICES IN DAILY BULLETINS OR SIMILAR MEDIUM.
(E). A SPECIFIC MEMORANDUM TO USERS.
(F). A STATEMENT IN THE STANDING OPERATING PROCEDURES,
INSTRUCTIONS, OR SIMILAR DOCUMENTS.
3. RECOMMEND, AS SOON AS POSSIBLE, ALL USERS OF THE DEFENSE DATA
NETWORK (DDN) BE PUT ON NOTICE THAT THEIR USE OF THE DDN CONSTITUTES
CONSENT TO SECURITY MONITORING AND SYSTEM TESTING. PROPER
NOTIFICATION IN TERMS OF CONTENT AND SPECIFICITY IS:
"GOVERNMENT TELECOMMUNICATIONS SYSTEMS AND AUTOMATED INFORMATION
SYSTEMS ARE SUBJECT TO A PERIODIC SECURITY TESTING AND MONITORING TO
ENSURE PROPER COMMUNICATIONS SECURITY (COMSEC) PROCEDURES ARE BEING
OBSERVED. USE OF THESE SYSTEMS CONSTITUTES CONSENT TO SECURITY
TESTING AND COMSEC MONITORING."
4. ON DDN HOSTS WITH LIMITED CHARACTERS AVAILABLE IN THE LOG-IN
BANNERS, ADEQUATE NOTICE WOULD BE PROVIDED BY DISPLAYING THE
FOLLOWING:
"USE CONSTITUTES CONSENT TO SECURITY TESTING AND MONITORING."
5. POINT OF CONTACT IS MAJOR BOYD, CODE DODM, AT COMM (703) 692-7580
OR DSN (312) 222-7580.