**************************************************************************
Security Bulletin 9123                  DISA Defense Communications System
7 November 1991             Published by: DDN Security Coordination Center
                                     ([email protected])   1-(800) 365-3642

                       DEFENSE  DATA  NETWORK
                         SECURITY  BULLETIN

The DDN  SECURITY BULLETIN is distributed  by the  DDN SCC  (Security
Coordination Center) under DISA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [192.112.36.5]
using login="anonymous" and password="guest".  The bulletin pathname is
SCC:DDN-SECURITY-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-9123).
**************************************************************************

              NETWORK SECURITY TESTING AND MONITORING


   1. IN ACCORDANCE WITH NATIONAL TELECOMMUNICATIONS AND INFORMATION
      SYSTEMS SECURITY DIRECTIVE (NTISSD) NO. 600, "COMMUNICATIONS
      SECURITY (COMSEC) MONITORING," 10 APR 90 (FOUO), IT IS REQUIRED
      THAT USERS OF GOVERNMENT TELECOMMUNICATIONS SYSTEMS BE NOTIFIED
      IN ADVANCE THAT THEIR USE OF THESE SYSTEMS CONSTITUTES CONSENT
      TO MONITORING FOR COMSEC PURPOSES.  THE SAME APPLIES TO SECURITY
      TESTING OF AUTOMATED INFORMATION SYSTEMS AND NETWORKS.

   2. ADEQUATE NOTICE TO USERS CAN BE ACCOMPLISHED BY ANY OF THE
      FOLLOWING MEANS OR ANY COMBINATION THEREOF:

      (A). DISPLAYING A PRINTED MESSAGE DURING THE LOG-ON PROCESS.

      (B). DISPLAYING A PRINTED MESSAGE PERIODICALLY OR CONTINUALLY
           DURING SYSTEM OPERATION.

      (C). DECALS PLACED ON PROCESSING TERMINALS, TRANSMITTING AND
           RECEIVING DEVICES.

      (D). NOTICES IN DAILY BULLETINS OR SIMILAR MEDIUM.

      (E). A SPECIFIC MEMORANDUM TO USERS.

      (F). A STATEMENT IN THE STANDING OPERATING PROCEDURES,
           INSTRUCTIONS, OR SIMILAR DOCUMENTS.

   3. RECOMMEND, AS SOON AS POSSIBLE, ALL USERS OF THE DEFENSE DATA
      NETWORK (DDN) BE PUT ON NOTICE THAT THEIR USE OF THE DDN CONSTITUTES
      CONSENT TO SECURITY MONITORING AND SYSTEM TESTING.  PROPER
      NOTIFICATION IN TERMS OF CONTENT AND SPECIFICITY IS:

      "GOVERNMENT TELECOMMUNICATIONS SYSTEMS AND AUTOMATED INFORMATION
      SYSTEMS ARE SUBJECT TO A PERIODIC SECURITY TESTING AND MONITORING TO
      ENSURE PROPER COMMUNICATIONS SECURITY (COMSEC) PROCEDURES ARE BEING
      OBSERVED.  USE OF THESE SYSTEMS CONSTITUTES CONSENT TO SECURITY
      TESTING AND COMSEC MONITORING."

   4. ON DDN HOSTS WITH LIMITED CHARACTERS AVAILABLE IN THE LOG-IN
      BANNERS, ADEQUATE NOTICE WOULD BE PROVIDED BY DISPLAYING THE
      FOLLOWING:

      "USE CONSTITUTES CONSENT TO SECURITY TESTING AND MONITORING."

   5. POINT OF CONTACT IS MAJOR BOYD, CODE DODM, AT COMM (703) 692-7580
      OR DSN (312) 222-7580.

Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.