***********************************************************************
DDN Security Bulletin 90-06      DCA DDN Defense Communications System
27 Mar 90               Published by: DDN Security Coordination Center
                                    ([email protected])  (800) 235-3155

                       DEFENSE  DATA  NETWORK
                         SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [26.0.0.73]
using login="anonymous" and password="guest".  The bulletin pathname is
SCC:DDN-SECURITY-yy-nn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-90-01).
**********************************************************************

                         PRECAUTIONARY NOTE

April Fools' day (April 1) has traditionally been a time for pranks of
all kinds.  In order to guard against possible benign or malevolent
attempts to affect the normal operation of your host, we suggest taking
the following easy precautions:


  1. Write a set of emergency procedures for your site and keep it up
     to date.  Refer to DDN Security Bulletin 90-03 for help regarding
     the type of information to collect and whom to call.

  2. Save your files regularly, and make file  back-ups often.   Put
     the distribution copies of your  software in  a safe  place away
     from your computer room.  Don't forget where they're stored!

  3. Avoid trivial passwords and change them often.   (See the "Green
     Book"  (Department  of  Defense  Password Management Guideline),
     CSC-STD-002-85, for information on the use of passwords.)

  4. Check  to  make  sure  your  host  has no  unauthorized users or
     accounts.  Also check for obsolete accounts (a favorite path for
     intruders to gain access).

  5. Restrict system  ("superuser", "maint", etc.)  privileges to the
     minimum number of accounts you possibly can.

  6. Well publicized accounts including "root", "guest", etc., having
     system privileges should be renamed to avoid undue attention.

  7. Keep your maintenance contracts active.

Of course,  these steps should be taken throughout the year as part of
your regular operating procedures.

Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.