home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
InfoMagic Standards 1994 January
/
InfoMagic Standards - January 1994.iso
/
inet
/
scc
/
circular
< prev
next >
Wrap
Text File
|
1992-02-04
|
77KB
|
2,235 lines
DCA Circular 310-P115-1
COMMUNICATIONS SECURITY
DDN Security Management Procedures
for Host Administrators
VOLUME I
1. Purpose. This Circular is the first of two volumes
describing security management procedures for the Defense Data
Network (DDN). Volume I provides operational security
guidance for the DDN and describes the Host Administrator's
management responsibilities. It is based on review of
Government and industry documents on the DDN, local area
networks, and computer security. Volume I establishes methods
and procedures for detecting and reporting unauthorized
activity. It describes the resources and tools available to
the Host Administrator for investigating local incidents.
Additionally, it discusses the procedures and tools needed for
reporting network related incidents to the DDN Network
Security Officer (NSO). Volume II prescribes the policy for
enforcing network operational security and describes the
management responsibilities of the DDN Network Security
Officer (NSO). Volume II will receive limited distribution.
2. Applicability. This Circular applies to DCA Headquarters,
DCA field activities, and Government and commercial activities
using or managing the operation of the DDN.
3. Policy. DCA continually strives to improve its resources
for providing a reasonable level of security for the DDN.
These resources include the network access control system and
its audit trial analysis capabilities for detecting
unauthorized and illegal network activities. These detection
and audit capabilities will be used to identify and prosecute
unauthorized individuals who access or attempt to access
databases or system software of host computers connected to
the DDN. In addition, DCA has created the DDN Security
Coordination Center (SCC) to gather information regarding DDN
security problems and to disseminate problem definition,
status, and resolution information under the direction of the
NSO. These resources and tools alone are not sufficient.
Site personnel such as the Host Administrators need to assume
an active role and assure their constituents and the DDN that
they are providing for a reasonable level of protection of the
___________
OPR: DODM
Distribution: B,J,Special
ii DCAC 310-P115-1
network and computing resources under their jurisdiction.
Host Administrators are required to report suspicious
activities to their network manager. Formal investigations of
unauthorized or illegal activities occurring on the DDN must
be coordinated with the DDN Network Security Officer.
Individuals suspected of unauthorized access or use of host
computers over the DDN will be subject to prosecution under
Title 18 of the Federal Criminal Code.
4. Procedures. Chapters 4 and 5 describe the procedures for
performing the security functions of the Host Administrator.
5. Responsibilities. Chapter 1 describes the
responsibilities of the Host Administrator in performing the
security functions.
6. Related_Documents. The following documents are
recommended reference materials to supplement this document.
a. DoD Directive 5200.28, Security_Requirements_for
Automated_Information_Systems_(AISs), dated 21 March 1988.
b. DCAI 630-230-19, Security_Requirements_for_Automated
Information_Systems (draft), dated 18 October 1990.
c. Defense_Data_Network_Subscriber_Guide_to_Security
Services_1986-1992 (includes the DDN Security Classification
Guide at Appendix I).
d. Internet_Site_Security_Policy_Handbook (Internet
Draft). This document can be obtained by contacting the
Network Information Center (NIC), SRI International, 333
Ravenswood Ave., Menlo Park, CA 94025.
e. Computer Security Center (CSC-STD-002-85), Department
of_Defense_Password_Management_Guideline, aka "The Green
Book", dated 12 April 1985.
FOR THE DIRECTOR:
EDWARD J. HENDERSON, JR.
Colonel, USAF
Chief of Staff
DCAC 310-P115-1 iii
CONTENTS
BASIC CIRCULAR Paragraph__Page
Purpose................................. 1 i
Applicability........................... 2 i
Policy.................................. 3 i
Procedures.............................. 4 ii
Responsibilities........................ 5 ii
Related Documents....................... 6 ii
Illustrations........................... v
Glossary of Terms and Definitions....... vii
VOLUME I. DDN SECURITY MANAGEMENT PROCEDURES
FOR HOST ADMINISTRATORS
Chapter Paragraph__Page
1. INTRODUCTION
The DDN Security Resources............ 1 1-1
Responsibilities of the Host
Administrator....................... 2 1-2
Responsibilities of Other Site
Representatives..................... 3 1-2
2. THE DDN SECURITY PROBLEM
General............................... 1 2-1
Attack Points......................... 2 2-1
Categories of Network Abusers......... 3 2-1
Common Penetration Techniques......... 4 2-2
Necessary Precautions................. 5 2-4
3. NETWORK ACCESS SECURITY
General............................... 1 3-1
TAC Access Control System (TACACS).... 2 3-1
4. OPERATIONAL SECURITY MANAGEMENT OF
UNCLASSIFIED NETS
General............................... 1 4-1
Access Vulnerability.................. 2 4-1
Risk Assessment....................... 3 4-2
Security Policies and Procedures...... 4 4-2
Education Program..................... 5 4-5
5. OPERATIONAL SECURITY MANAGEMENT OF
CLASSIFIED NETS
General............................... 1 5-1
Limited Terminal Access Controls...... 2 5-1
Closed Community Characteristics...... 3 5-1
iv DCAC 310-P115-1
Chapter Paragraph__Page
Security Awareness.................... 4 5-1
6. DETECTION OF UNAUTHORIZED HOST ACCESS
General............................... 1 6-1
Detection Training.................... 2 6-1
Logging Events........................ 3 6-1
Peculiar Behavior..................... 4 6-1
Legal Recourse........................ 5 6-2
Prosecution as a Deterrent............ 6 6-2
Incident Reporting by Subscriber...... 7 6-2
Contacts.............................. 8 6-2
What Information To Report............ 9 6-3
Follow-up Information................. 10 6-3
7. TOOLS FOR INVESTIGATING INCIDENTS AT THE
HOST LEVEL
General............................... 1 7-1
Host System Logs...................... 2 7-1
Other Tools........................... 3 7-1
TACACS Reports........................ 4 7-1
8. SUMMARY
Penetration Techniques................ 1 8-1
Other Topics.......................... 2 8-1
DCAC 310-P115-1 v
ILLUSTRATIONS
Table Page
1 Vulnerability Analysis/
Operations Management and
Processing...................... 9-1
2 Vulnerability Analysis/
Communications.................... 9-3
3 Vulnerability Analysis/
Disasters......................... 9-4
4 Vulnerability Analysis/
Personnel......................... 9-5
5 Vulnerability Analysis/
Training.......................... 9-7
6 Vulnerability Analysis/
People Errors and Omissions....... 9-8
7 Tabulation of Vulnerability
Analysis/Self-Assessment
Results.......................... 9-9
vi DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 vii
GLOSSARY OF TERMS AND DEFINITIONS
ADP Automatic Data Processing.
CERT Computer Emergency Response Team.
DCA Defense Communications Agency.
DCS Defense Communications System.
FBI Federal Bureau of Investigation.
HOTLIST A list of all TAC user identifications which have
been stolen, have expired or which otherwise have
been compromised.
IPTO Information Processing Techniques Office.
LAN Local Area Network.
MILNET Military Network.
NAURS Network Auditing and Usage Reporting System.
NIC Network Information Center.
NSO Network Security Officer. Focal point for network
related operational security matters.
OSI Office of Special Investigations.
SCC DDN Security Coordination Center.
TAC Terminal Access Controller. C/30 computer that
connects end user terminals to the network and
provides an interface to the DDN. In this document
it also refers to a miniTAC which serves the same
function as a TAC.
TACACS TAC Access Control System. A system that controls
terminal access to the MILNET.
TACACS
GUEST
CARDS A temporary TACACS card given to a user who does not
have TACACS privileges but temporarily needs them.
A guest TACACS card may also be given to an
authorized new user who has not yet received a UID
or password.
TAC CARD A card authorizing the user TAC Access to the
MILNET.
viii DCAC 310-P115-1
TAC PORT Point where an end user terminal or modem is
connected to the TAC.
TASO Terminal Area Security Officer. Responsible for
enforcing all security requirements implemented by
the NSO for remote terminal areas. Also responsible
for ensuring that all countermeasures required to
protect the remote areas are in place.
UID User Identification.
WIN WWMCCS Intercomputer Network.
WWMCCS Worldwide Military Command and Control System.
DCAC 310-P115-1 1-1
CHAPTER 1. INTRODUCTION
1. The_DDN_Security_Resources. This Circular is intended to
provide Host Administrators a set of security guidelines to
operate on the Defense Data Network (DDN). This Circular will
assist you in maintaining the security of your local host
computer site, as well as the overall DDN. It does not in any
way supersede any current Service Regulations or Procedures
governing the security of ADP facilities not related to the
DDN. This Chapter provides you with a definition of your
security responsibilities as a Host Administrator. You must
have contact with certain offices to fulfill these
responsibilities. The duties of these offices are discussed
here to assist you in understanding their missions.
a. DDN_NSO_(Network_Security_Officer). The DDN NSO is
the single point of contact for dealing with network-related
operational security issues. The DDN NSO also implements
applicable policies included in DCAI 630-230-19, Security
Requirements for Automated Information Systems. The NSO
recommends security policy affecting the DDN and is
responsible for its general enforcement. The NSO also works
closely with Host Administrators to resolve network and
related computer security problems and incidents affecting
their sites.
b. Host_Administrator. A Host Administrator is the
person who has administrative responsibility for the policies,
practices, and concerns of a host, or hosts, connected to the
DDN, including responsibility for that host's DDN users.
Specifically, the Host Administrator is responsible for the
following activities:
(1) Assisting with network management by ensuring
that network policies and procedures are observed by the
users. Locally administering the TAC access control system
(TACACS), ensuring that all of their host users have been
authorized for DDN and TAC access and are registered in the
NIC user registration database (WHOIS/NICNAME).
(2) Locally managing the network access control
procedures and password system. Reporting network-related
host break-ins and assisting with investigations as needed.
c. NSC_(Node_Site_Coordinator). The NSC has physical
control over hardware and software, and coordination
responsibility for the DDN circuits and equipment located at
the DDN node site.
d. NIC_(Network_Information_Center). The NIC registers
all users in the WHOIS/NICNAME database and operates the
Network Auditing and Usage Reporting System (NAURS) computer
system that produces the MILNET TACACS audit and incident
reports. Call (800) 235-3155 for more information.
1-2 DCAC 310-P115-1
e. DDN_SCC_(Security_Coordination_Center). The SCC
gathers information about DDN computer and network security
incidents and works closely with the NSO to disseminate the
information necessary to contain, control, and resolve these
problems mainly through the DDN Security Bulletins. The
hotline number is (800) 235-3155.
f. CERT_(Computer_Emergency_Response_Team). The CERT
gathers and distributes information about Internet security
incidents. They work closely with the NSO and SCC on DDN-
related security problems. The hotline number is (412) 268-
7090.
2. Responsibilities_of_the_Host_Administrator. Host
administrators have the overall responsibility to provide a
reasonable level of protection to host sites from the
possibility of network compromises. They must act as liaisons
with the NSO, SCC, vendors, law enforcement bodies, and other
appropriate agencies to resolve any outstanding security
problems and prevent their future recurrence. They are
responsible for the enforcement of DDN policy at their site.
Because information acquisition and distribution is such a
vital part of the responsibility of the Host Administrator,
the use of electronic mail is a basic tool to support this
function and should be used whenever possible. Not all Host
Administrators have access to this valuable tool, but given
its value, these sites are strongly encouraged to implement
this capability.
3. Responsibilities_of_Other_Site_Representatives. There are
several other levels of responsibilities for the provision of
security for the DDN. At the most basic level, the individual
users should take the necessary precautions to minimize the
chances that their accounts could be compromised. They bear
the primary responsibility for the protection of their
information. If users took this responsibility seriously and
acted accordingly, the majority of computer incidents could
not occur. System managers have the responsibility to
maintain the resources and procedures to establish an
environment for "safe" computing (e.g., implementing
procedures for proper installation and testing of system
software, adequate backups, and reasonable system monitoring).
Vendors have the responsibility to notify their customers of
problems with their software (especially problems which could
compromise system security) and to distribute timely fixes.
DCAC 310-P115-1 2-1
CHAPTER 2. THE DDN SECURITY PROBLEM
1. General.
a. A computer network is a telecommunications system
primarily designed to allow a number of independent devices
(i.e., host computers, workstations, terminals, or
peripherals) to communicate with each other. Essentially, the
DDN is a worldwide collection of computer networks. As the
DDN expands its capabilities and resources, and as more
consitituents gain DDN access, the risk increases to the
overall security of the information and data flowing in the
network. Therefore, a major concern is that security problems
will rise in response to this expansion. Additionally, the
possibility of espionage activity also increases as the
network gets larger.
b. On November 2, 1988, Robert Tappan Morris, Jr.,
drastically changed the attitude of network users and
administrators regarding security network and computer
security problems. He unleashed his infamous Internet Worm
which afflicted over 6,000 MILNET and other Internet hosts.
The incident caused a fair amount of panic because most of the
sites were ill-prepared for such a massive scale of
intrusions. It was fortunate that, due to a miscalculation,
the attack was unrestrained. In its original manifestation,
Morris' Worm might have gone undetected at many sites. The
main lesson to be learned from that incident is that everyone
connected with the use of network and computing facilities
must always take into account the vulnerabilities of network
resources to compromise or attack.
2. Attack_Points. The DDN security problem is defined as the
accidental or intentional disclosure, destruction, or
modification of information flowing or accessed through the
DDN. Potential points of attack include terminal-to-network
interface connections, terminal-to-terminal interface
connections, terminal-to-host interface connections, and
interfaces or circuits themselves.
3. Categories_of_Network_Abusers. Identifying the security
problem or threat is a key element in determining security
risks. Consider the fundamental characteristics of the
threats to your assets before you worry about specific
techniques (to be discussed in the following section). For
example:
a. Unauthorized access by persons or programs which
amounts to the use of any network or computer resource without
prior permission. Such unauthorized access may open the door
to other security threats including the use of your facility
to access other sites on a network.
2-2 DCAC 310-P115-1
b. Disclosure or corruption of information. Depending on
the sensitivity of the information, disclosure without
modification may have more damaging consequences if the event
goes unnoticed.
c. Denial of service which prevents users from performing
their work. In fact, an entire network may be made unusable
by a rogue packet, jamming, or by a disabled network
component. (The Morris Worm contained all of these
characteristics. If you have considered options to address
these general characteristics, you may be well-equipped to
handle variations of historic penetration strategies that may
evolve in the future.)
4. Common_Penetration_Techniques. In evaluating the security
relationships between the security of your host computer and
the DDN, you may wish to consider the following penetration
techniques. These are methods that may be used to penetrate
your computers. Therefore, you must take precaution to
prevent the possible success of these types of attacks.
Several techniques exist to aid in the unauthorized access to
computer system components. These techniques are closely
associated with a system's vulnerabilities. Therefore, their
successful application first requires identifying a system's
vulnerabilities. Through analyzing a systems protection
mechanisms (or lack thereof), how they function, and their
deficiencies, consideration can be given to how such
mechanisms can be circumvented, nullified, or deceived. Many
of these techniques can be categorized by the types of
activity they involve and the system vulnerabilities they
exploit. A particular type of technique may be used to
exploit more than one vulnerability, and a vulnerability may
be exploited by more than one technique. Some techniques
leave signatures (i.e., traces of their utilization), others
do not. Such signatures, their detection, and analysis are
fundamental to threat monitoring and security auditing.
a. Browsing. An individual gains unauthorized access to
a user's files by exploiting the vulnerability of a file
access authorization mechanism in the operating system.
"Browsing" requires knowledge of file names and use of a
program, and it characteristically includes the following
operations:
(1) User's program A references a file not authorized
for such use.
(2) The operating system does not check the activity
and permits access.
(3) Program A gains access to the file, reads it, and
formats it for printout, or deposits it into a local file
under the penetrator's control. Unauthorized system users (if
they know all the file names in a system) can use this
DCAC 310-P115-1 2-3
technique numerous times to browse through all the files
looking for classified or sensitive information. This is not
generally possible, however, when files are protected by
passwords.
b. Masquerading. Gaining unauthorized access to a system
component by assuming the identity of another authorized user
is called "masquerading". Success of this technique stems
from a computer system having no means of establishing a
user's identity other than through symbolic identifiers. The
easiest method of masquerading is to obtain the password and
other identifiers of an authorized user from some report or
document that was carelessly left exposed. This situation is
most likely to occur in installations that support remote
terminals where no option exists to have such identifiers
suppressed by the terminal during the SIGN-ON procedure. Even
when a suppression capability is provided by the terminal that
overtypes any such identifiers before or after their printing,
they can still possibly be discerned. A more sophisticated
technique for gaining access to an authorized user's
identifiers is to wiretap the terminal and intercept the
identifiers when they are transmitted in the clear over
communication lines.
c. Scavenging. This penetration technique exploits the
vulnerability of unerased residual data. Both primary and
secondary storage media used for processing sensitive
information may continue to retain that information after
they have been released for reallocation to another use. The
latter may then "scavenge" the information by reading the
storage media before making any other use of it.
d. Unknown_System-State_Exploitation. This method takes
advantage of certain conditions that occur after a partial or
total system crash. For example, some user files may remain
open without an "end-of-file" indication. The user can then
obtain unauthorized access to other files by reading beyond
that indicator when the system resumes operation.
e. Asynchronous_Interrupt. This technique exploits
system vulnerabilities arising from deficiencies in the
interrupt management facilities of an operating system. If a
processor suspends execution of a protection mechanism to
process an interrupt and is then erroneously returned to a
user program without completing the security check then the
protection has been circumvented.
f. Spoofing. Spoofing exploits the inability of a
system's remote terminal users to verify that at any given
time they are actually communicating with the intended system
rather than some masquerading system. This deception, also
known as a "Mockingbird Attack," can be perpetrated by
intercepting the terminal's communication lines and providing
system-like responses to the user. A variation of spoofing is
2-4 DCAC 310-P115-1
the use of an application program to provide responses similar
to the operating system, so the operator will unknowingly
provide the passwords to an applications program and not to
the operating system.
g. Trojan_Horse. In this technique computer processing
is covertly altered by either modifying existing program
instructions or inserting new instructions. Once this has
been accomplished, whenever the altered processes are used the
perpetrator will automatically benefit from unauthorized
functions performed in addition to the routine output. This
modification is usually done by hiding secret instructions in
either the original source-code or the machine-code version of
a lengthy program. An even harder to detect method would be
to alter the operating and utility system programs so that
they make only temporary changes in the target program as it
is executing. The hardware version of the Trojan Horse
technique is relatively rare. However, the replacement of
valid micro-chips with slightly altered counterfeit chips is
entirely possible and would be very hard to detect. In either
the software or hardware Trojan Horse method, only someone
with access to a program or the computer system could become a
perpetrator.
h. Clandestine_Machine_Code_Change. This technique is
closely related to the Trojan Horse technique. This method
allows system programmers to insert code into the system that
creates trapdoors. At specific times based on certain
combinations, these trapdoors can be activated by a user from
the user's program. Individuals who initially design the
system, contract maintenance personnel who fix the system, or
people who are able to gain access to the supervisory state
also have this opportunity. The technique could be as simple
as users stealing job card information on work that has
already gone through the system. They then resubmit this
information to the system on their own job card along with
another program. This particular job may have dealt with
sensitive data and therefore a security violation would have
occurred.
5. Necessary_Precautions. The aforementioned techniques are
only a few ways that unauthorized access or usage of your host
computer system may be obtained. You must enforce proper
access control on remote terminals to prevent unauthorized
personnel from abusing unattended terminals used for input or
data modification. You must also emphasize the physical
protection of the terminal and the administration and control
of password access and use. Terminal users must be instructed
on the importance of protecting their user identification
(UID)/password.
DCAC 310-P115-1 3-1
CHAPTER 3. NETWORK ACCESS SECURITY
1. General. Access control is the primary method of
providing protection from unauthorized access into the DDN.
There are two basic kinds of access control systems -- those
that detect intrusion and those that stop an intruder from
gaining access to the network. Both intrusion detection and
network access control are functions of the TAC Access Control
System (TACACS) which monitors terminal network access. The
security of both the network and connected hosts is greatly
enhanced if the Host Administrator can provide local security
systems which can complement the TACACS. Possibilities
include installing security systems which limit physical
access to terminals connected to their hosts. Another weak
link in the security chain is dial-up access and host-to-host
connections (not under TACACS control). There is a great need
to establish some manner of access control with auditing
capabilities to cover these situations.
2. TAC_Access_Control_System_(TACACS). This section on
TACACS is provided to inform you of the tracking capability
that exists if your computer terminal is connected to a
Terminal Access Controller (TAC). The information obtained by
the TACACS will be quite useful in enforcing proper access
control for those users entering the MILNET through TACs.
TACACS uses a login procedure to control access to MILNET.
When a MILNET user attempts to open a connection to a host,
the TAC prompts for the user's TAC user ID and access code.
TACACS is automatically monitored; a variety of reports are
available for use by the NSO.
a. User_Registration. DCA's Data Network Operations
Division establishes policy for the MILNET and administers the
MILNET TAC access and control system through the Network
Information Center (NIC). TACs are used on MILNET to provide
controlled network access to most locations. The Host
Administrator is responsible for registering all users of
their hosts who have network access and who have been
authorized for MILNET TAC access through MILNET TACS. All of
those users must be registered and given TAC access cards by
the NIC. The access cards are valid for one year at which
time the TAC User must request a renewal from the Host
Administrator. If a password is compromised, the UID/password
can be invalidated (hotlisted).
b. Guest_Accounts. A limited number of temporary guest
cards are available for distribution by each Host
Administrator on MILNET. These cards have a limited lifetime
and are not for permanent use. They are for users without
TACACS privileges who temporarily need network access, or for
new users at startup time before they receive their own UID
and password.
3-2 DCAC 310-P115-1
c. WHOIS/NICNAME_Database. Every request to authorize a
new TAC user or renew an existing TAC user must come from a
MILNET Host Administrator. Information about authorized users
is kept in the WHOIS/NICNAME database on a host at the NIC.
Host Administrators can request information on authorized TAC
users that are changed or deleted from the database. The
WHOIS/NICNAME database can be accessed by anyone on the MILNET
but can be changed only by operators at the NIC.
DCAC 310-P115-1 4-1
CHAPTER 4. OPERATIONAL SECURITY MANAGEMENT OF
UNCLASSIFIED NETS
1. General.
a. This Chapter provides operational guidance on security
management of an unclassified network. Chapter 5 provides
guidance for operating on a classified net. The potential
exists for authorized and unauthorized users to conduct
illegal activities on shared communications networks such as
the DDN. Network abusers fall into three categories:
(1) A person sponsored and authorized on the DDN who
engages in an unauthorized activity.
(2) A person accessing the network illegally.
(3) A person with access to a host system who need
not log-in through a TAC and engages in unauthorized activity.
b. While your individual databases may be unclassified,
compiling large amounts of unclassified data may result in the
creation of sensitive information. [SENSITIVE UNCLASSIFIED
INFORMATION is defined as any information the loss, misuse, or
unauthorized access to, or modification of which adversely
might affect U.S. national interest, the conduct of DoD
programs, or the privacy of DoD personnel (e.g., FOIA exempt
information and information whose distribution is limited by
DoD Directive 5230.24.)] Network security can only be as
effective as what the local Host Administrator/ADP system
security officer does to enforce strict access control
procedures. Network security is a principle responsibility of
Host Administrators.
c. You may wish to investigate additional authentication
systems to protect local computing assets (i.e., systems such
as smart cards or Kerberos, developed at MIT. This is a
collection of software used in a network to establish a user's
claimed identity and to control access to a large number of
interconnected workstations).
2. Access_Vulnerability. Connection to the DDN will require
a reevaluation of the risk assessment concerning threat and
vulnerability of your host locations. Users accessing these
hosts should be told what level of data security will be
provided. For example, do maintenance contracts exist with
the system software vendors to fix defects that might
otherwise compromise the resources? You should consider what
is the level of sensitivity of data that users should store on
your systems. It would be unwise for users to store very
sensitive information on a vulnerable system whether the
information was classified or not. It is also very important
that your site does not seem to encourage penetration attempts
through the use of a welcome banner as part of the login
4-2 DCAC 310-P115-1
request response of the host. The courts have given great
leeway to intruder defendants who claimed that they were
encouraged to browse by the banner. Additionally, your login
challenge should not include information about the operating
system. It helps a would-be abuser determine which
penetration techniques would probably be most effective.
3. Risk_Assessment. Risk assessment is a requirement of DCAI
630-230-19. A checklist providing guidelines for reevaluating
the threat and vulnerability that results from connecting to
the DDN has been included (see Tables 1-6, Vulnerability
Analysis).
4. Security_Policies_and_Procedures. This section covers
many diverse aspects such as physical security and data
security, authorizations, education, and training.
a. Physical_Security. Physical security includes the
facilities that house computers as well as remote computer
terminals. Within security parameters established by the Host
Administrator, work areas must be restricted with physical
barriers, appropriate placement and storage of equipment and
supplies, and universal wearing of identification badges, as
applicable.
b. Authorization. Another crucial factor that must be
considered in devising a security program is user
authorization. Only people with a "need to know" and with a
realization of proper precautions can be given access to
sensitive or proprietary information or to ADP facilities.
The use of passwords and terminal access restrictions can
provide extra security for highly sensitive information.
Passwords can be used to reduce accidental or non-accidental
modification by authorized personnel by restricting access to
their respective database files.
c. Data_Security. Although it is not foolproof, the best
known identification/authentication scheme is the use of
passwords. The Host Administrator must assure that passwords
are kept secret by their users. The Host Administrator must
also assure that passwords are long enough to thwart
exhaustive attack by changing them often and by adequately
protecting password files. (In the case of MILNET TAC Users,
the TACACS generates passwords with the proper attributes.
The users are not given the option to create their own TAC
passwords.) When creating passwords, the following
restrictions should be observed. Failure to do so will result
in passwords that could be found in a database dictionary, or
otherwise easily discovered.
(1) Don't use words that can be found in a
dictionary.
DCAC 310-P115-1 4-3
(2) Don't use traceable personal data.
(3) Don't allow users to create their own passwords.
(4) Change passwords frequently.
(5) Keep passwords private.
d. One-Time_Passwords. [The following is excerpted from
CSC-STD-002-85.] One-time passwords (i.e., those that are
changed after each use) are useful when the password is not
adequately protected from compromise during login (e.g., the
communication line is suspected of being tapped). The
difficult part of using one-time passwords is in the
distribution of new passwords. If a one-time password is
changed often because of frequent use, the distribution of new
one-time passwords becomes a significant point of
vulnerability. There are products on the market that generate
such passwords through a cryptographic protocol between the
destination host and a hand-held device the user can carry.
e. Failed_Login_Attempt_Limits. [The following is
excerpted from CSC-STD-002-85.] In some instances, it may be
desirable to count the number of unsuccessful login attempts
for each user ID, and base password expiration and user
locking on the actual number of failed attempts. (Changing a
password would reset the count for that user ID to zero.)
f. Monitoring_Terminal_Use. The Host Administrator
should also have some method of monitoring terminal use. A
log-in sheet is convenient to provide an audit trail if the
host has no automated access control and audit capability.
This record should contain such information as login and
logout times, purpose, project being worked on, project
classification, and anything else deemed necessary by you as
the Host Administrator. Additionally, the classification
level at which the terminal may be used should be prominently
displayed at the terminal location. You will need to work
closely with the system manager to assure that host activities
are monitored as well. This information will be extremely
valuable in conjunction with TAC connections and will be the
primary information for incidents where access originated from
an external host and no network audit data is available.
g. Terminal_Usage. You must also ensure that proper
procedures are enforced when using computer terminals. The 4-
following points should be considered:
(1) Automated login procedures that include the use
of stored passwords should not be allowed.
(2) Terminals logged onto the DDN network or to the
host computer should not be left unattended.
4-4 DCAC 310-P115-1
(3) Some form of access control for dial-up telephone
connections, such as dial-back procedures, should be used.
[Note: Dial-back is not acceptable on lines that may be
subject to Call Forwarding.]
(4) Unclassified sensitive information in printed
form or in terminal display should be revealed on a "need to
know" basis only.
(5) Proper disposal of printed information (i.e.,
tearing, shredding, or otherwise obliterating such material)
is mandatory.
(6) Securing of terminals and access lines during
non-business hours.
(7) Securing of software programs and stored data
during non-business hours.
(8) Recording of equipment, custodians, serial
numbers, and equipment locations to aid in identifying lost or
stolen equipment.
h. Electronic_Mail. Any electronic mail host
administrator should have written procedures for users to
follow in the event that any mail in the host is determined to
be classified. The Host Administrator must be notified
immediately to purge any backup files containing the
classified mail, retrieve it from addresses and mail boxes,
and remove it from the active data base. Such an event is an
administrative security violation that must be reported to the
offender's organization security officer immediately.
i. Internal_Controls. Even the most sophisticated access
control system is ineffective if an organization has weak
internal controls. Case studies of commercial firms often
describe abuses made by employees who have resigned from a
company, but still have active user IDs and passwords. It is
just as important for Military or DoD organizations to remove
network access, as well as local host computer access, from
anyone being transferred, retired, or otherwise leaving the
organization. Changing (all of) the password(s) associated
with a user's account(s) should be part of the local exit
procedures. Every Host Administrator should have written
procedures for retiring e-mail accounts. Consideration should
also be given to establishing a procedure to reevaluate an
individual's requirement to access the network when the person
is transferred within the organization. It is the Host
Administrator's responsibility to enact the following:
(1) Procedures to remove individuals' access to the
DDN upon that individual's departure.
DCAC 310-P115-1 4-5
(2) If sponsoring a non-DOD organization's access to
the DDN, procedures must be established to require a written
agreement that the non-DOD organization will have an
individual's access to the DDN removed upon that individual's
departure.
j. Encryption. Another method of securing data is
encryption, a powerful method of protecting information
transmitted between the host computer and remote terminals.
It limits access to information stored in the computer's data
base. An individual user not possessing the proper encryption
key has little chance of gaining usable information from a
computer protected in this manner.
5. Education_Program. Security training is a key element of
a security program. Evaluating the risks within a DDN
environment and implementing an active DDN security program
requires properly trained personnel. An effective training
program will provide both formal and informal instruction.
Depending on the size and complexity of the ADP environment
and the level of data being processed, the instruction will
range from security awareness education for top-level
management, to highly technical security training for DDN
operations personnel. (See DCAI 630-230-19).
a. General_Information. Users of the host system should
be provided with information regarding their computing and
network environment and their responsibilities within that
setting. Users should be made aware of the security problems
associated with access to the systems via local and wide-area
networks. They should be told how to properly manage their
account and workstation. This includes explaining how to
protect files stored on the system, and how to log out or lock
the terminal/workstation. Policy on passwords must be
emphasized. An especially important point that must be
emphasized is that passwords are not to be shared.
b. Specific_Topics. The below listed training areas must
be taught at the appropriate administrative, management, and
staff levels. You must also implement testing plans to assure
that personnel will know their responsibilities in emergency
situations. Drills should be scheduled periodically to
determine that the emergency procedures are adequate for the
threat to be countered. The Host Administrator's security
training program should include specifics in the following
areas as applicable:
(1) General security awareness.
(2) User security.
(3) Security administration.
(4) Transition control and computer abuse.
4-6 DCAC 310-P115-1
(5) Software security.
(6) Telecommunications security.
(7) Terminal/device security.
(8) System design security.
(9) Hardware security.
(10) Physical security.
(11) Personnel security.
(12) Audit.
(13) Data security.
(14) Risk assessment.
(15) Contingency/backup planning.
(16) Disaster recovery.
(17) Security accreditation.
(18) Security test and evaluation (ST&E).
(19) DDN security and contractor interface.
(20) Common penetration techniques.
DCAC 310-P115-1 5-1
CHAPTER 5. OPERATIONAL SECURITY MANAGEMENT OF
CLASSIFIED NETS
1. General. Unauthorized user activities obviously pose a
greater threat to the classified nets. Since the classified
communications nets are closed communities, classified hosts
must maintain their own access control and audit system to
detect and analyze problems. For specific details concerning
security in the WIN Communications System (DSNET 1), refer to
JCS Pub 6-03.7, Security_Policy_for_the_WWMCCS_Intercomputer
Network (Unclas), dated April 88. For specific details
concerning security in the Sensitive Compartmented Information
Network (DSNET 3), refer to the following documents: DIAM 50-
3, Physical_Security_Standards_for_SCI_Facilities (FOUO); DIAM
50-4, Security_of_Compartmented_Computer_Operations (C), dated
June 80; and DCID 1/16, Security_Policy_for_Uniform_Protection
of_Intelligence_Processed_in_Automated_Information_Systems_and
Networks (S), dated July 88.
2. Limited_Terminal_Access_Controls. Terminal access
controllers, when used on the classified subnetworks, are
currently limited to controlling access into the network. The
TACs do not collect and forward audit information of network
activity to a central location for analysis, usage data
collection, and processing as is done on the unclassified
networks. The TAC Access Control System (TACACS), necessary
for dial-in access, has not been implemented on the classified
networks because there is no dial-in access. In the WIN
Communications System, for example, TACs are not used; network
access is controlled by the interconnected hosts. The WWMCCS
Intercomputer Network (WIN) hosts also collect audit data of
user activity at each host location.
3. Closed_Community_Characteristics. Most, if not all, of
the guidance given in Chapter 4 is incorporated in creating a
"closed" community. A major difference in access control of
classified networks is that no dial-up access is allowed.
Also, personnel having access to a facility will have, as a
minimum, a system high clearance level for their site. There
are multiple classification levels at some locations. The
Host Administrator must take special precautions to ensure
that the classification of passwords and the access authority
of operating personnel are at or above the classification
level of the operation being performed.
4. Security_Awareness. Because of the nature of classified
systems and the greater threat that security infractions can
cause, it is incumbent that the host administrator assure that
there exists sufficient exposure to security awareness and
training. The listed training areas must be taught at the
appropriate administrative, management, and staff levels. You
must also implement testing plans to assure that personnel
will know their responsibilities in emergency situations.
The Host Administrator's security training program must
5-2 DCAC 310-P115-1
include specifics in the following areas:
(1) General security awareness.
(2) User security.
(3) Security administration.
(4) Transition control and computer abuse.
(5) Software security.
(6) Telecommunication security.
(7) Terminal/device security.
(8) System design security.
(9) Hardware security.
(10) Physical security.
(11) Personnel security.
(12) Audit.
(13) Data security.
(14) Risk assessment.
(15) Contingency/backup planning.
(16) Disaster recovery.
(17) Security accreditation.
(18) Security test and evaluation (ST&E).
(19) DDN security and contractor interface.
(20) Most common penetration techniques.
DCAC 310-P115-1 6-1
CHAPTER 6. DETECTION OF UNAUTHORIZED HOST ACCESS
1. General. Because you, as the Host Administrator, are
responsible for the security of the host computer, early
detection of potential abuse will serve to prohibit losses.
Effective monitoring will also deter potential perpetrators
from attempting to experiment with illegal schemes if the
probability of detection is high. The following points
provide guidance for the types of events you should look for
to detect unauthorized activity:
a. Unexplained use of disk space.
b. Unknown files listed in the directory.
c. Repeated failed attempts to access the host.
d. Unusual log-in times.
e. A file being accessed by someone who has no
authorization to be in that file.
f. Excessive time (hours) on line or a pattern of
unusually short access times (less than one minute).
2. Detection_Training. Detection of unauthorized activities
at host locations is a responsibility shared by all personnel
within the work place. The Host Administrator, however, may
find it necessary to educate personnel on this point and
delegate responsibilities. Apart from the measures taken to
manage the security environment, Host Administrators must act
with diligence regarding technical or quasi-technical areas
affecting security. For example, their responsibilities might
include enforced cycling of password changes,
compartmentalizing proprietary information away from the
generally accessible system and limiting its accessibility to
those with a bona fide "need-to-know," monitoring access logs
and maintaining audit trails to facilitate detection of
unusual activity, and using security systems and services
offered by their network systems and service providers.
3. Logging_Events. Illegal attempts to gain access into
sensitive areas (i.e., trespassing or guessing at passwords in
order to sign on or access files from remote terminals) should
be logged and reviewed regularly. One effective detection of
unauthorized activities is to display the last log-on time and
date on the screen after the user has successfully logged onto
the system. Statistics of access violations should be
collected with regard to details of the particular terminals
being abused and the files being accessed. The results should
be reviewed by the NSO.
4. Peculiar_Behavior. If not typical of or appropriate for
your organization, beware of unsupervised work especially if a
6-2 DCAC 310-P115-1
person regularly volunteers for overtime work and is allowed
to stay on the premises unsupervised. Have two-man control
procedures for sensitive information work. In addition, be
advised that many computer crimes occur during holiday
periods, or during times when host computers are experiencing
low traffic. Pay particular attention to peculiar activities
during these periods.
5. Legal_Recourse. Public Law 98-473, known as the
"Counterfeit Access Device and Computer Fraud and Abuse Act of
1984" added Section 1030 to Title 18 United States Code on
October 12, 1984. It was the first federal computer crime law
that criminalized unauthorized access to classified national
security information or information in certain financial
records. Additionally, it criminalized certain unauthorized
accesses to computers operated on behalf of the Government.
6. Prosecution_as_a_Deterrent. When there is adequate
evidence collected for conviction, the perpetrator should
always be prosecuted. This action would serve as a serious
warning to others contemplating making similar attempts and
can be extremely effective as a deterrent. However, as recent
world events have revealed, this really doesn't deter abuse
adequately. Therefore, you must assure proper protection of
your computer systems.
7. Incident_Reporting_by_Subscriber. The flow of security
incident reporting should be from the end user to the Host
Administrator, or other appropriate individual who determines
if the problem is local or network related. If the problem is
network related, the problem should be referred to the
appropriate Network Manager/Security Officer. The Network
Manager/Security Officer would contact the DDN NSO, if
appropriate, for assistance in obtaining audit trail data from
the NIC for MILNET. Depending on the seriousness of the
incident, the DDN NSO would assure that the appropriate
investigating agency was involved, and support requests for
information for formal investigations.
8. Contacts. To correspond with the DDN NSO, use any one of
the following methods of contact:
a. Via network mail to: SCC@NIC.DDN.MIL or
DCA-MMC@DCA-EMS.DCA.MIL
b. Via U.S. mail to: HQ Defense Communications Agency,
Code: DODM, Attn: DDN-NSO, Washington, DC 20305-2000
c. Via commercial phone to: (800) 451-7413, or
(800) 235-3155 for the SCC
d. Via DSN/AUTOVON to: 312-222-2714/5726
e. Via AUTODIN to: DCA WASHINGTON DC//DODM//
DCAC 310-P115-1 6-3
f. Classified correspondence must be forwarded via
AUTODIN or U.S. mail using procedures appropriate for its
classification level.
9. What_Information_To_Report. Your incident reports must
include certain minimal information to enable the DDN NSO to
take action. The DDN NSO requires a brief, unclassified
description of the incident and the name, telephone number,
and organization of the person reporting the incident. If the
incident's occurrence is classified, the report and any
classified discussions between the DDN NSO and officials at
the affected organization must take place using secure modes
of communication. The following is the minimum information
necessary for an incident report:
a. Date of report (Day-Month-Year, e.g., 01 Jan 87)
b. Date and time period of incident(s) (Zulu time)
c. Personal data of person reporting the incident:
(1) Name
(2) Telephone number
(3) Organization
d. Network involved (e.g., MILNET, DSNET 1, 2, or 3)
e. Did unauthorized access come from the DDN, if known?
(If not, refer reporting person to his/her Host
Administrator).
f. Presumed classification of incident (i.e.,
Unclassified, Confidential, Secret, Top Secret, Top
Secret/Sensitive Compartmented Information. [Note: Contact
the DDN NSO should you have any questions concerning the level
of classification of a particular incident.]
g. Brief description of incident (Unclassified).
10. Follow-up_Information. Follow-up contact with Host
Administrators might be required to obtain more detailed
information that may not have been initially available. The
DDN NSO would try to determine the following factors:
a. Where the activity was initiated (i.e., at another
host or specific TAC)
b. What routines the intruder ran on the host system
c. What files the intruder accessed on the host system
6-4 DCAC 310-P115-1
d. What user identification log-in was used. For
example, was there a password? Was the password the same as
the log-in? Was the account password protected? Did the user
change the password initially provided? Security incidents
that are discovered to be a local problem will be investigated
at the Host Administrator level.
DCAC 310-P115-1 7-1
CHAPTER 7. TOOLS FOR INVESTIGATING INCIDENTS
AT THE HOST LEVEL
1. General. This Chapter will help you, the Host
Administrator, with investigations of security incidents that
are determined to be a local problem. The tools available for
investigating network incidents are products of audit trail
data collected in the TAC Access and Control System for the
unclassified networks and in the audit data collection systems
of the individual hosts (if they exist) in both the classified
and unclassified networks. The network traffic data collected
by the network utilities at the community of interest
monitoring centers is useful for network control and design
purposes, but its use for network security investigative
purposes is limited.
2. Host_System_Logs. The host system can provide a wealth of
information that can complement the network data. Most
operating systems automatically store numerous bits of
information in log files. Examination of these log files on a
regular basis is often the first line of defense in detecting
unauthorized use of the system. Lists of currently logged in
users and past login histories can be compared. Most users
typically log in and out at roughly the same time each day.
An account logged in outside the "normal" time for the account
may be in use by an intruder. System logging facilities, such
as the UNIX "syslog" utility, should be checked for unusual
error messages from system software. For example, a large
number of failed login attempts in a short period of time may
indicate someone trying to guess passwords. Operating system
commands which list currently executing processes can be used
to detect users running programs they are not authorized to
use, as well as to detect unauthorized programs which have
been started by a cracker.
3. Other_Tools. The tools available for conducting an
incident investigation on unclassified nets consist of the
TACACS reports, provided to the DDN NSO, and the Host audit
and log book, if used. Additionally, personnel may be
interviewed to provide necessary insight. The tools available
for conducting an investigation on classified nets include the
Host audit, system logs, physical log book, and personnel as
well. Additionally, the UID/password and the specific
terminal will provide further useful information. No TACACS
reports are available for the classified nets.
4. TACACS_Reports. TACACS incident reports are reviewed by
the DDN NSO for unauthorized network activity. Other TACACS
reports are available to the DDN NSO to help investigate
illegal or unauthorized network activity. You as the Host
administrator can request investigative assistance from the
DDN NSO to obtain TACACS audit data for MILNET. Assistance
may also be requested by the Host Administrator to involve an
investigating agency (e.g., FBI, OSI, NIS, MI, etc.).
7-2 DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 8-1
CHAPTER 8. SUMMARY
1. Penetration_Techniques. This document has provided you,
as Host Administrators, guidelines for securing your host
computer locations. Security problems arise and espionage
activity may increase as access to computers increases.
Therefore, you must apply these instructions because you are
ultimately responsible for the security of the DDN. This
instruction has covered common penetration techniques you must
guard against.
2. Other_Topics. The major items this document emphasizes
are the following:
a. Proper access control procedures
b. Reevaluation of the risk assessment of your host site
c. Security education training
d. Detection of unauthorized or suspected unauthorized
access
e. Incident reporting
f. Tools for local incident investigation
g. Assistance from the DDN NSO for network incident
investigations
8-2 DCAC 310-P115-1
THIS PAGE INTENTIONALLY LEFT BLANK
DCAC 310-P115-1 9-1
TABLE 1: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Operations Management and Processing**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Has a systems security officer | |
been appointed? | |
-------------------------------------------------------------
Have procedures been developed | |
defining who can access the | |
computer facility, and how and | |
when that access can occur? | |
-------------------------------------------------------------
Have procedures been established | |
to provide physical protection of | |
local and remote terminal access | |
equipment? | |
-------------------------------------------------------------
Have procedures been established | |
to provide physical protection of | |
host computers?
-------------------------------------------------------------
Is someone designated as a terminal | |
area security officer? | |
-------------------------------------------------------------
Have procedures been established to | |
positively identify transactions | |
occurring to and from remote | |
locations? | |
-------------------------------------------------------------
Have security procedures been | |
established for the microcomputers | |
which will communicate with the DDN? | |
-------------------------------------------------------------
Have procedures been established | |
for providing physical security over | |
these microcomputers and the data | |
processed by them? | |
-------------------------------------------------------------
Have procedures been established | |
to protect data within the custody | |
of the microcomputer user? | |
-------------------------------------------------------------
Have alternate means of processing | |
been established in the event either | |
the individual or the personal | |
computer is lost? | |
-------------------------------------------------------------
9-2 DCAC 310-P115-1
TABLE 1: VULNERABILITY ANALYSIS (con't)
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Is the security over the micro- | |
computer environment regularly | |
reviewed? | |
-------------------------------------------------------------
Have the vendor installed pass- | |
words been changed? | |
-------------------------------------------------------------
Does someone verify that all current | |
passwords are different from a list | |
of commonly used or vendor installed | |
passwords? | |
-------------------------------------------------------------
DCAC 310-P115-1 9-3
TABLE 2: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Communications**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Is sensitive information transmitted | |
over common carrier lines protected | |
(e.g., through cryptography)? | |
-------------------------------------------------------------
Can data being transmitted or | |
processed be reconstructed in | |
the event either main processing | |
or remote processing loses integrity?| |
-------------------------------------------------------------
Are processing actions restricted | |
based on the point of origin or the | |
individual making the request? | |
-------------------------------------------------------------
Have procedures been established | |
for providing host connection | |
access control over remote terminals | |
and on-site terminals? | |
-------------------------------------------------------------
Is a log maintained of accesses | |
to computer resources? | |
-------------------------------------------------------------
Do non-employees have access to | |
communications facilities (except | |
where the system specifically is | |
designed for those non-employees)? | |
-------------------------------------------------------------
9-4 DCAC 310-P115-1
TABLE 3: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Disasters**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Have the types of potential | |
disasters been identified? | |
-------------------------------------------------------------
Has equipment been provided to | |
deal with minor disasters, such | |
as fire and water damage? | |
-------------------------------------------------------------
Have alternate processing | |
arrangements been made in the | |
event of a disaster? | |
-------------------------------------------------------------
Have procedures been established | |
to provide back-up equipment or | |
automatic data processing (ADP) | |
processing capabilities in event of | |
loss of primary ADP resources? | |
-------------------------------------------------------------
Have simulated disasters been | |
conducted to ensure that disaster | |
procedures work? | |
-------------------------------------------------------------
Are critical programs and data | |
retained in off-site storage | |
locations? | |
-------------------------------------------------------------
Have users been heavily involved | |
in developing disaster plans for | |
applications that affect their areas?| |
-------------------------------------------------------------
DCAC 310-P115-1 9-5
TABLE 4: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Personnel**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are formal reports required for | |
each reported instance of computer | |
penetration? | |
-------------------------------------------------------------
Are records maintained on the most | |
common methods of computer | |
penetration? | |
-------------------------------------------------------------
Are records maintained on damage | |
caused to computer equipment and | |
facilities? | |
-------------------------------------------------------------
Is one individual held accountable | |
for each data processing resource? | |
-------------------------------------------------------------
Does management understand threats | |
posed by host connection to DDN? | |
-------------------------------------------------------------
Is management evaluated on its | |
ability to maintain a secure computer| |
facility? | |
-------------------------------------------------------------
Are the activities of any non- | |
employees in the computer center | |
monitored? Is an escort policy | |
enforced? | |
-------------------------------------------------------------
Are contractor personnel subject to | |
the same security procedures as other| |
non-employees? | |
-------------------------------------------------------------
Are procedures installed to restrict | |
personnel without a "need to know"? | |
-------------------------------------------------------------
Have procedures been established | |
to limit the damage, corruption, or | |
destruction of data base information?| |
-------------------------------------------------------------
Has a security incident report form | |
been created? | |
-------------------------------------------------------------
9-6 DCAC 310-P115-1
TABLE 5: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Training**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are employees instructed on how to | |
deal with inquiries and requests | |
originating from individuals without | |
a "need to know"? | |
-------------------------------------------------------------
Has an adequate training program | |
been devised to ensure that employees| |
are aware of the requirements to pro-| |
tect their equipment from unauthor- | |
ized use or unauthorized purposes? | |
-------------------------------------------------------------
Have personnel been advised on | |
penalties of the Federal Computer | |
Crime Law for unauthorized access to | |
Government ADP systems? | |
-------------------------------------------------------------
DCAC 310-P115-1 9-7
TABLE 6: VULNERABILITY ANALYSIS
-------------------------------------------------------------
**People Errors and Omissions**
-------------------------------------------------------------
Item Response
Comments (Yes, No, N/A)
-------------------------------------------------------------
Are errors made by the computer | |
department categorized by type | |
and frequency, such as programming | |
errors? | |
-------------------------------------------------------------
Are records maintained on the | |
frequency and type of errors | |
incurred by users of data | |
processing systems? | |
-------------------------------------------------------------
Are users provided a summary of | |
the frequency and types of user- | |
caused errors identified by the | |
application system? | |
-------------------------------------------------------------
Are the losses associated with | |
data processing errors quantified? | |
-------------------------------------------------------------
Are records maintained on the | |
frequency and type of problems | |
occurring in operating systems? | |
-------------------------------------------------------------
Are abnormal program terminations | |
on computer software summarized | |
by type and frequency so that | |
appropriate action can be taken? | |
-------------------------------------------------------------
Are personnel trained to recognize | |
attempts to access their system by | |
common penetration techniques? | |
-------------------------------------------------------------
9-8 DCAC 310-P115-1
TABLE 7: TABULATION OF VULNERABILITY ANALYSIS
-------------------------------------------------------------
**Self-Assessment Results**
---------------------------
HOW TO IDENTIFY VULNERABILITIES
-------------------------------------------------------------
| # of | Rank for |
Component | "No's" | Action | Comments
-------------------------------------------------------------
Operations Management | | |
and Processing | | |
-------------------------------------------------------------
| | |
Communications | | |
-------------------------------------------------------------
| | |
Disasters | | |
-------------------------------------------------------------
| | |
Personnel | | |
-------------------------------------------------------------
| | |
Training | | |
-------------------------------------------------------------
People Errors and | | |
Omissions | | |
-------------------------------------------------------------
