DDN Security Bulletin 90-03 DCA DDN Defense Communications System

***********************************************************************
DDN Security Bulletin 90-03 DCA DDN Defense Communications System
15 Feb 90 Published by: DDN Security Coordination Center
Obsoletes Sec. Bull. 90-01 ([email protected]) (800) 235-3155

DEFENSE DATA NETWORK
SECURITY BULLETIN

The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
Coordination Center) under DCA contract as a means of communicating
information on network and host security exposures, fixes, & concerns
to security & management personnel at DDN facilities. Back issues may
be obtained via FTP (or Kermit) from NIC.DDN.MIL [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest". The bulletin
pathname is SCC:DDN-SECURITY-yy-nn (where "yy" is the year the bulletin
is issued and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-90-01).
**********************************************************************

SECURITY VIOLATION REPORTING

---------------------------------------------------------------------
This bulletin replaces DDN Security Bulletin 90-01 and provides
corrections to that bulletin. Please destroy bulletin 90-01 and
use the guidelines in this version of the bulletin for reporting
security problems.
---------------------------------------------------------------------

a. Initial Notification. Any DDN user (person/department/agency)
having knowledge of a suspected network security violation must
contact the appropriate Defense Communications Agency OC/ACOC
(Operations Center/Area Communications Operations Center) MILNET
Monitoring Center to report the violation. If possible, reporting
should be via secure means.

Secure and commercial telephone numbers to DCA Operations Centers are:

WESTHEM/CONUS OC has KY3-2222; STU III (DSN) 312-746-1849;
(COMM) 202-692-5726/2268 or 1-800-451-7413.

PACIFIC ACOC has STU III (DSN) 315-456-2777; (COMM) 808-656-2777.

EUROPEAN ACOC has KY3-6429; STU III (DSN) 314-430-5244;
(COMM) 49-0711-680-5703.

The Monitoring Center supervisor will request the following information:

(1) Identity of caller:
-What is caller's name and phone number
-Where is caller calling from (organization)
-Where is caller calling from (city & state)
-What is the caller's DDN network address

(2) Details about the incident:
-When did the violation occur
-What happened
-How did the violation occur (if known)
-What damage was done
-What has the subscriber done about the violation
-What networks are they connected to
-What software is being used - Version
-How many subscribers are known to be affected
-How many subscribers are vulnerable (if known)
-Who else has been notified - Names & phone
numbers
-Does caller have any idea as to the identity of the
intruder/violator

(3) Anything else the caller wishes to report

Once a suspected violation is reported and the above
information collected, the PACIFIC and EUROPEAN ACOCs will
immediately relay this information back to the DCAOC
(WESTHEM/CONUS) for action.

b. Follow-on Network Information via the Security Coordination
Center. DCA, through direction provided by the DDN Network Security
Officer (NSO), will provide rapid and reliable follow-on information
on security exposures, fixes, and concerns via the SCC. Distribution
of information is accomplished via DDN Security Bulletins. Network
security and management personnel are encouraged to pay close
attention to these bulletins as they may be of great assistance either
in preventing network security problems or in solving existing
problems. DDN Security Bulletins will be published on as "as needed"
basis.

Downloaded From P-80 International Information Systems 304-744-2253