U.S. DOE's Computer Incident Advisory Capability
___ __ __ _ ___ __ __ __ __ __
/ | /_\ / |\ | / \ | |_ /_
\___ __|__ / \ \___ | \| \__/ | |__ __/
Number 95-06 March 22, 1995
Welcome to the sixth issue of CIAC Notes, the United States Department
of Energy's (DOE) Computer Incident Advisory Capability (CIAC)
electronic publication for articles on relevant computer security
topics. CIAC is excited to announce its new WWW Home Page. See the
first feature article for more details. DOE or DOE contract employees
who have topics to address or have feedback on this issue of CIAC
Notes, please contact CIAC at (510) 422-8193 or send E-mail to
ciac@llnl.gov.
$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
$ Reference to any specific commercial product does not necessarily $
$ constitute or imply its endorsement, recommendation or favoring by $
$ CIAC, the University of California, or the United States Government.$
$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$-$
Table of Contents
==========================
FEATURE ARTICLES
CIAC's Home Page
Automation of CIAC UNIX Security Patches
Spamming & Urban Legends
MACINTOSH & PC USER ARTICLES
Netware 3.1x Security Features
CONFERENCE NOTICE
CIAC INFORMATION
Who Is CIAC?
CIAC Bulletins Issued recently
Contacting CIAC
CIAC'as Electronic Publications
Accessing CIAC's Electronic Information Servers
Publications Available from CIAC
==========================
FEATURE ARTICLES
------------------------------
CIAC's Home Page
The CIAC Team is pleased to announce its WWW home page is open for
business. The CIAC server offers easy Internet access to computer
security information and resources:
* CIAC Bulletins and Advisories
* CIAC Notes
* CIAC mailing lists
* Security documents
* A collection of tools
* Pointers to other security sites on the Web.
The CIAC WWW server can be found at the URL:
<http://ciac.llnl.gov>
If you have any comments or questions, please feel free to contact the
CIAC Team at ciac@llnl.gov.
------------------------------------------
Automation of CIAC UNIX Security Patches
One of the most common complaints made by system administrators
concerns the difficulty of maintaining and installing patches. Bruce
Oliver from DOE Richland has made available several powerful tools for
addressinging this problem. Similar to what Oliver has done,
administrators can collect the various vendor patches into a central
location, and maintain them with these tools. Contact your vendors for
their respective patch sites, or refer to
<http://www.alw.nih.gov/Security/security-patches.html> for some
common anonymous ftp sites.
Bruce Oliver
Westinghouse Hanford Network Security
e-mail e40483@rl.gov
Westinghouse Hanford Company, DOE Richland, has developed software to
help manage and install CIAC security patches on UNIX computer
systems. Security patches defined in CIAC bulletins are obtained from
computer vendors and evaluated. The security patches which are
determined to be applicable to the Richland site are distributed to
UNIX system administrators via an anonymous FTP server in the form of
a patch install package. Install packages contain programs and
documentation for the installation of patches across multiple UNIX
platforms using one standard automated process.
The patch manager programs provide an easy-to-use interface, that is
common across platforms. The use of these programs has helped to
increase security compliance, reduce cost, and provide better methods
for the tracking and auditing of patches. System Administrators have
the capability to back-out security patches and perform a patch
install simulation and verification. The verification scripts allow
for audits to be performed for a given system. The CIAC patches are
managed by patch numbers.
The software for managing the patch install packages can be difficult
to maintain and implement because of the diversity of UNIX hardware
platforms and operating system levels. The software was developed
specifically to meet the needs and requirements of the Richland site
so it might require customizing the Patch Manager software to meet the
requirements of another site.
If you are located at a DOE government site and want more details or
information on the Patch Manager software contact Bruce Oliver at
e40483@rl.gov. Please refer all other questions to ciac@llnl.gov
The following are samples of the process and the steps a System
Administrator would use along with the read me documentation.
CIAC Security Patches
Scripts are now available to automate the install of CIAC security
patches on UNIX workstations. The platforms currently supported are:
SUNOS, Solaris, HP, DEC, SGI and IBM. The patch install tar files are
located at <ftp://ciac.llnl.gov/pub/ciac/sectools/unix/patmng.tar.Z>.
Documentation on required CIAC patches for different platforms is
contained in <ftp://ciac.llnl.gov/pub/ciac/patches>. There is
also the pchk script for checking a workstation to verify if the CIAC
patches are current. It is located in the pub directory or is included
in all patch tar files.
Notification of Required Patchs
The following are new (or updated versions) of CIAC security patches
required on UNIX workstations.
Platform Patch Name Patch Number Location on systech
-----------------------------------------------------------------------
SunOS 4.1.x sendmail 100224-06 pub/sun/patch/mail_100224.tar.Z
SunOS 4.1.x mail 100377-08 pub/sun/patch/smail_100377.tar.Z
SunOS 4.1.x loadmodule 100448-02 pub/sun/patch/ldm_100448.tar.Z
SunOS 4.1.x modload 101200-02 pub/sun/patch/mdl_101200.tar.Z
Solaris 2.2 expreserve 101090-01 pub/solaris/patch/101090-01.tar.Z
Solaris 2.2 sendmail 101077-03 pub/solaris/patch/101077-03.tar.Z
Solaris 2.3 sendmail 101371-03 pub/solaris/patch/101371-03.tar.Z
Solaris 2.x fsckfail E06 pub/solaris/patch/fsckfail_E06.tar.Z
HP hp-ux 8.x ypbind 1707 pub/hp/patch/ypb_1707.tar.Z
(NIS HOSTS ONLY)
DEC xterm 4034 pub/dec/patch/xterm_4034.tar.Z
(ULTRIX 4.3 ONLY)
Check the file pub/patch.lst for a complete listing of CIAC patches.
NOTES:
There currently are no patches required for SGI (IRIX) or IBM (AIX)
systems. The SunOS sendmail and loadmodule patches are updated
versions of existing patches. The new versions must be installed in
place of the old.
How To Get Patches
ftp login to systech:
% ftp systech
Connected to systech.rl.gov.
220 systech FTP server (SunOS 4.1) ready.
Name (systech:e6b564): anonymous --> Enter anonymous for user account
331 Guest login ok, send ident as password.
Password: --> Password is entered.
230 Guest login ok, access restrictions apply.
ftp>
Example of getting a tar file off of systech:
ftp> cd pub/sun/patch
ftp> bin --> set binary mode for binary type files
ftp> get exp_101080.tar.Z
Example of how to untar the file on your workstation:
% zcat exp_101080.tar.Z | tar xf -
% rm exp_101080.tar.Z --> once untarred you can delete the tar file.
A directory named patch is created by the zcat command and contains
documentation and scripts for installing the patch.
Installing Patches
After untarring the tar file and moving to the patch directory, check
the quick readme file on how to install the patch. You can also look
at the file README for more detailed documentation.
The script patch_ins (pi) is used to install patches, while
patch_deins (pd) is used to deinstall patches. The following arguments
can be used when executing the scripts:
-d (simulate install of the patch)
-o filename (specify an output file)
-f (force install, no confirmation prompt)
Example: pi (patch name) -d -o /tmp/patch.log
Patch Check Utility
The pchk script is included to check a workstation to see if the
correct patches have been installed. The script must be run under the
root account. You can run this script from the patch directory after
patches have been installed on a system. This script replaces the sun
specific pchk.sun script. Periodically Network Security will request
an administrator to e-mail pchk output from hosts that he/she is
responsible to them.
Note: pchk has not yet been integrated into the COPS software.
References
pub/patch_process.doc Process for implementing security patches on
UNIX workstations.
pub/patch_policy.doc Policy for implementing security patches on UNIX
workstations.
This is summary documentation for a given patch:
Quick Readme file, sun CIAC patch 101665-02, OS 4.1.3_U1 sendmail
patch
a) Purpose
Fix security problems with the sendmail daemon
b) Scripts
patch_ins (pi) (install the patch)
patch_deins (pd) (deinstall the patch)
c) Output Files
Default output file: log/patch_ins-(host)-(YYMMDD).log
example: log/patch_ins-systech-931012.log
You can optionally specify your own output file.
Examples:
# patch_ins sendmail -o /tmp/patch.log
d) Simulation
Simulate patch install:
# pi sendmail -d
Check for errors output by the script (messages with a -E or -W).
Check the commands that would be executed by the patch if it were
running in live mode.
e) Install
Install the patch:
# pi sendmail
The force option can be specified to disable the confirmation
prompt.
# pi sendmail -f
Check for errors output by the script (messages with a -E or -W).
If there were problems use patch_deins to deinstall.
Detail Readme file for a given patch install scripts:
NAME
patch_ins, pi - patch install script
patch_deins, pd - patch deinstall script
SYNOPSIS
patch_ins [patch name] [-d ] [-f] [-o outfile]
DESCRIPTION
The patch install scripts provide an automated means of installing
CIAC and functional patches on unix workstations.
Platforms supported: sun 4.1.x , sun (solaris) 5.x, hp, sgi, ibm,
dec, dg
OPTIONS
patch name
Name of the patch to be installed. This argument must be first on the
command line ($1). The Patch name can be abbreviated. The file
patch.lst contains a list of patch names and descriptions for the
different unix platforms. You can not specify a patch which is not
valid for your platform and architecture.
Examples:
# patch_ins expreserve
# pi lpd
-d
Run the install script in simulation or dummy mode. Commands are
echoed out but not executed. Confirmation prompts are ignored.
Example:
# patch_ins lpd -d
-f
Force the install or deinstall of the patch. No confirmation of the
install or deinstall of the patch is performed. The -f option is
ignored if -d is specified.
Example:
# pi exp -f
-o output file
Specify a script output file. This overrides the default script
file. The file name must be specified and can be a relative or full
pathname.
Default output file format:
log/(script name)-(host)-(YYMMDD).log
example: log/patch_ins-systech-931012.log
Example:
# pi exp -o /tmp/patch.log
MENU MODE
If no options are specified then patch_ins and patch_deins run in menu
mode. In menu mode you are prompted to use the default script log
file. Entering "y" or pressing RETURN takes the default. If you enter
"n" you are prompted to enter a new log file. You then enter the Patch
Install Menu where you are prompted to select a patch to install.
After you specify a number from the menu then you are prompted on
whether to simulate the install. The default response is "y" if
simulation has not yet been run for the patch. The default is "n" if
simulation has already been run.
Example of menu mode on a Sun system:
# patch_ins
Use script log file: log/pi-systech-931012.log [y]
**** pi, version 1.5, 09/30/93 14:36:12 ****
Host: systech, sun4c, OS 4.1.3
Patch install Menu (ver 1.5)
-----------------------------
1. expreserve patch, #101080
2. loadmodule patch, #100448
3. lpd patch, #100305
4. mfree patch, #100567
5. nfs patch, #100173
6. permissions patch, #100103
7. /bin/mail patch, #100224
Enter your selection or press RETURN to exit 1
Simulate install (y or n) [y]
Entries are only listed in the Patch Install Menu if files exist for
the patch in the patch directory.
MESSAGES
If no patches are found which are valid for your platform and
architecture then the patch install script exits with the following
message:
No patches found which are applicable for host (hostname)
If valid patches are found but no corresponding install directories
or files exist then the patch install script exits with the following
message:
Valid patches were found for host (hostname) but NO corresponding
install directories were found
If a patch is already installed and you try to install it, you get
the following message:
Warning: (patch name) patch appears to be already installed on
host (host name)
If a patch is not installed and you try to deinstall it, you get the
following message:
Warning: (patch name) patch DOES NOT appear to be installed on
host (host name)
ERRORS
Errors while executing the patch install scripts have the following
format:
(script name)-(error code), (function name) error message
Example:
patch_ins-E, (pat_ins) error executing patch install commands
Error codes are "E" for errors or "W" for warnings. All error and
warning messages are written to the script log file. If errors or
warnings occur installing a patch then the patch_deins script can be
used to back out the patch.
------------------------------
Spamming & Urban Legends
John Fisher
CIAC, LLNL
fisher23@llnl.gov
The greatest and worst characteristic of the Internet is that any
single user is capable of making as little or as much noise as he/she
pleases. While free discussion and communication is the trademark of a
free society, its abuse can create severe problems for the Internet
community.
Monty Python's Flying Circus has a humorous sketch on the abundance of
foods that spam goes with, from eggs and bacon to lobster. No matter
what the main dish was, spam was the side dish.
While Monty Python's sketch is amusing, the "spamming" that occurs on
the Internet is considerably less so. Spamming, in Internet terms, is
the practice of distributing a message to anyone who could possibly
read it, utilizing email, but more commonly, Usenet groups. Spamming
is the Internet equivalent of junk mail.
Several famous spammings have occured in recent years. The "Green Card
Lottery" message, an advertisement for a law firm, was distributed to
thousands of Usenet groups. The numerous angry responses that resulted
made the drain on bandwidth and disk space even greater. Another
incident, with the posting of a message titled "MAKE.MONEY.FAST" was
an electronic chain letter.
One DOE site was recently spammed with an inappropriate message to
over 5000 users. So many messages were received that the mail queue
filled up completely, and no legitimate mail was allowed through.
Spamming is not the only communication problem encountered on the
Internet. Several "urban legends" have made considerable waves in the
electronic community. The most recent example is the "Good Times
Virus" hoax. A few students sent out a few messages warning of
dangerous email messages containing viruses in their body. These mail
messages would supposedly have a subject of "Good Times". The hoax
took on a life of its own, as concerned system administrators
forwarded the warning to all their users. The result was wasted time
and resources, and angry Internet users.
Protecting Against Spamming
Hoaxes such as the "Good Times Virus" are hard to avoid, since it is
based on disinformation. One should always react on the side of
caution. But, the system administrators who forwarded the warning
believed they were doing just this.
Spamming on the other hand, can be protected against in several
ways. First, always put the mail queue on a separate partition. If the
mail queue fills up, at least the entire system won't be brought to
its knees.
Another, more severe protection, is to filter out mail from unknown
sites. This can be done by having inetd control sendmail, and then
using tcp_wrappers around sendmail to control which sites execute
it. While this won't help all problems and can be overkill, it will at
least insure that mail is coming from the proper router. The package
tcp_wrappers can be found at
ftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/tcp_wrappers_7.2.tar.Z
=============================
MACINTOSH & PC USER ARTICLES
Netware 3.1x Security Features
------------------------------
Troy Thompson
Information Resource Management
Raytheon Services for DOE Nevada
Netware 3.1x has some very powerful security features built in,
although many of these features are disabled by default. Out of the
box, Netware is not a very secure Network Operating System
(NOS). Immediately upon installation, the SUPERVISOR account has no
password, and will never be required unless actions on the system
administrator's part are taken. This was most likely done to simplify
the installation of a Netware system and make it a viable option for
small organizations where security is not an issue. I have seen
several Netware LANS with a handful of nodes where every user account
had full rights to everything on the server. This may be alright
(although not very wise) for some organizations, but intolerable in
areas where information must be kept secure from any one of hundreds
of potential problems. Don't throw out your Netware servers just yet!
I said that out of the box, Netware was not a secure very secure
NOS. User account defaults can be changed very to make Netware
as tight a NOS as you wish. We'll discuss some of the security
features that should be changed before creating user accounts. All the
security features discussed are set within the SYSCON utility, and
most are found on the Default Account Balance/Restrictions screen.
The front line in any security system is the password. While debate
continues as to the effectiveness of passwords, their use as the
primary means of authentication will continue for many years to
come. When changing the Require Password option from NO to YES, other
password options become available. Minimum Password Length has a
default of five characters. This is probably sufficient for most
installations. The next option is Days Between Forced Changes. This,
along with the length of the password, determine much of the security
of your system. Short passwords that are kept for long periods of time
are security threats. No better are long passwords that are required
for short periods of time; their users will undoubtedly write their
frequently changing password on a post-it note and paste it on the
screen. A balance of the two must be determined, and that factored in
with the sensitivity of the information being protected. Require
Unique Passwords should be set to YES to ensure that the same password
is not reused over and over again.
Login restrictions on accounts may be imposed to prevent both
authorized users and intruders from gaining access to the system. The
most obvious is the Intruder Detection/Lockout feature. After a
certain number of invalid login attempts, that user's account will be
locked for the specified amount of time. The user, or intruder, will
be unable to login to their target account until that time has passed,
unless the system administrator removes the lock from the account. The
Default Time Restrictions will prevent users from accessing the system
after hours, or when they are not supposed to be, such as during a
backup. You can set the Limit Concurrent Connections option to prevent
an authorized user from logging in to multiple workstations. And if a
user is to login to certain workstations, the Station Restrictions can
be set for each individual user to limit the which workstations the
user can login to.
These are some of the features available to Netware 3.1x preventing
access to a Netware server. These are by no means the end to Netware's
security structure. Once logged in, the user is still subject to
directory and file restrictions, as well as auditing. Although it
comes out of the box a very passive and insecure system, Netware can
be brought up to acceptable levels of security, with a small amount of
effort on the system administrator's part.
==========================
CONFERENCE NOTICES
CIAC is a founding member of the Forum of Incident Response and
Security Teams (FIRST). FIRST will be holding its 7th annual workshop
September 18-22, 1995, in Karlsruhe, Germany.
Topics to be discussed include preventive meaures, tools for incident
handling, awareness building, and legal issues with specific emphasis
on international issues. More information can be found at FIRST's WWW
server, at <http://www.first.org/first/>.
==========================
CIAC INFORMATION
------------------------------
Who Is CIAC?
CIAC is the U.S. Department of Energy's Computer Incident Advisory
Capability. Established in 1989, shortly after the Internet Worm,
CIAC provides various computer security services free of charge to
employees and contractors of the DOE, such as:
* Incident Handling Consulting
* Computer Security Information
* On-site Workshops
CIAC is located at Lawrence Livermore National Laboratory in
Livermore, California, and is a part of its Computer Security
Technology Center. Further information can be found at
<http://ciac.llnl.gov>. CIAC is also a founding member of FIRST, the
Forum of Incident Response and Security Teams, a global organization
established to foster cooperation and coordination among computer
security teams worldwide. See <http://www.first.org/first> for more
details.
------------------------------
CIAC Bulletins Issued recently
CIAC issues two categories of computer security announcements: the
information bulletin and the advisory notice. Information bulletins
describe security vulnerabilities and recommend countermeasures.
Advisory notices are more imperative, urging prompt action for
actively exploited vulnerabilities. Advisory notices are delivered as
quickly as possible via E-mail and FAX.
F-01 SGI IRIX serial_ports Vulnerability Oct. 4, 1994
Advisory 1600 PDT
F-02 Summary of HP Security Bulletins Nov. 17, 1994
Bulletin 1300 PDT
F-03 Restricted Distribution
Bulletin
F-04 Security Vulnerabilities in DECnet/OSI Nov. 28, 1994
Bulletin for OpenVMS 0900 PDT
F-05 SCO Unix at, login, prwarn, sadc, and Dec. 06, 1994
Bulletin pt_chmod Patches Available 0800 PDT
F-06 Novell UnixWare sadc, urestore, and Dec. 14, 1994
Bulletin suic_exe Vulnerabilities 0800 PDT
F-07 New and Revised HP Bulletins Jan. 20, 1995
Bulletin 1300 PST
F-08 Internet Address Spoofing and Hijacked Jan. 23, 1995
Advisory Session Attacks 1100 PST
F-09 Unix /bin/mail Vulnerabilities Jan. 27, 1995
Bulletin 1030 PST
F-10 HP-UX Remote Watch Feb. 6, 1995
Bulletin 1200 PST
F-11 Unix NCSA httpd Vulnerability Feb. 14, 1995
Advisory 1030 PST
F-12 Kerberos Telnet Encryption Vulnerabilty Feb. 21, 1995
Bulletin 1000 PST
F-13 Unix Sendmail Vulnerabilities Feb. 22, 1995
Bulletin 1600 PST
F-14 HP-UX Malicious Code Sequences Feb. 23, 1995
Bulletin 1200 PST
F-15 HP-UX "at" and "cron" vulnerabilities Feb. 23, 1995
Bulletin 1200 PST
F-16 SGI IRIX Desktop Permissions Tool Mar. 8, 1995
Bulletin Vulnerability 1500 PST
------------------------------
Contacting CIAC
DOE and DOE contractor sites that require additional assistance or
wish to report a vulnerability: call CIAC at 510-422-8193, fax
messages to 510-423-8002 or send E- mail to ciac@llnl.gov.
CIAC's Electronic Publications
Previous CIAC Bulletins and other information are available via
anonymous FTP from ciac.llnl.gov.
CIAC has several self-subscribing mailing lists for electronic
publications:
1. CIAC-BULLETIN for Advisories, highest priority - time critical
information and Bulletins, important computer security information;
2. CIAC-NOTES for Notes, a collection of computer security articles;
3. SPI-ANNOUNCE for official news about Security Profile Inspector
(SPI) software updates, new features, distribution and availability;
4. SPI-NOTES, for discussion of problems and solutions regarding the
use of SPI products.
Our mailing lists are managed by a public domain software package
called ListProcessor, which ignores E-mail header subject lines. To
subscribe (add yourself) to one of our mailing lists, send requests of
the following form:
subscribe list-name LastName, FirstName PhoneNumber
as the E-mail message body, substituting CIAC-BULLETIN, CIAC-NOTES,
SPI- ANNOUNCE or SPI-NOTES for list-name and valid information for
LastName FirstName and PhoneNumber. Send to: ciac-listproc@llnl.gov
(not to: ciac@llnl.gov) e.g.,
subscribe ciac-notes OÕHara, Scarlett W. 404-555-1212 x36
subscribe ciac-bulletin OÕHara, Scarlett W. 404-555-1212 x36
You will receive an acknowledgment containing address, initial PIN,
and information on how to change either of them, cancel your
subscription, or get help. To subscribe an address which is a
distribution list, first subscribe the person responsible for your
distribution list. You will receive an acknowledgment (as described
above). Change the address to the distribution list by sending a
second E-mail request. As the body of this message, send the
following request, substituting valid information for list-name, PIN,
and address of the distribution list:.
Send E-mail to ciac-listproc@llnl.gov:
set list-name address PIN distribution_list_address
e.g., set ciac-notes address 001860 rE-mailer@tara.georgia.orb
To be removed from this mailing list, send the following request:
unsubscribe list-name
For more information, send the following request:
help
If you have any questions about this list, you may contact the list's
owner: listmanager@cheetah.llnl.gov.
------------------------------
Accessing CIAC's Electronic Information Servers
CIAC operates a security information server for anonymous FTP at
ciac.llnl.gov which contains all of the publicly available CIAC,
CERT/cc, NIST, and DDN bulletins, virus descriptions, the virus-l
moderated virus bulletin board, copies of public domain and shareware
virus detection/protection software, copies of useful public domain
and shareware utility programs, and patch files for some operating
systems.
Use FTP to access it either by name or IP address (128.115.19.53).
The operation and prompt will depend on which vendor's FTP you are
running. Usually, you must first log in before you can list directory
contents and transfer files. Use "FTP" or "anonymous" for Name or
Foreign username unless given a general prompt such as ciac.llnl.gov>
or FTP>. In that case, enter the keyword "user" or "login" before
"FTP" or "anonymous" (e.g., user FTP). Use your Internet E-mail
address for the Password. Once logged in you may type a question mark
to find out what key-words are recognized. The file 0-index.txt (in
the top level directory /FTP) is a document explaining the directory
structure for downloadable files. The file whatsnew.txt (in directory
/FTP/pub/ciac) contains a list of the new files placed in the archive.
Use the command get [for single files] or mget [for multiple files] to
download one or more files to your own machine.
--------------------------------
Publications Available from CIAC
CIAC prepares publications on a variety of computer security related
topics, the CIAC 2300 series. Many of these will be updated as needed
to keep the information current. We welcome suggestions for topics
that you feel would be valuable. We also make available some
documents from other sources. In the table below, column E is for
electronic documents available via CIACÕs servers (see above). Column
P is for printed documents, for those who do not have Internet or
telephone-modem access. If neither column is checked, the document is
soon to be released. The electronic formats are: *.txt for ASCII,
*.ps for PostScript(TM), *.hqx for bin-hexed Microsoft Word, *.wp5 for PC
Word Perfect v5.0.
No. E P TITLE
2300 x x Abstracts of the CIAC-2300 Series Documents
2301 x x Computer Virus Information Update
2302 Accessing The CIAC Computer Security Archives
2303 x x The Console Password Feature for DEC Workstations
2304 Data Security Vulnerabilities of Facsimile Machines
and Digital Copiers
2305 x Unix Incident Guide: How To Detect A Unix Intrusion
2308 x Securing Internet Information Servers
CIAC x Incident Handling Guidelines
LLNL x User Accountability Statement, E. Eugene Schultz, Jr.
SRI x Improving the Security of your Unix System, David
A. Curry
LLNL x Incident Handling Primer, Russell L. Brand
ORNL x Terminal Servers and Network Security, Curtis E. Bemis
& Lynn Hyman
To obtain further information, contact CIAC at 510-422-8193 or send
E-mail to ciac@llnl.gov.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
End of CIAC Notes Number 95-06 95_3_22
Credits
-- UnKnown --
|