***********************************************************************
DDN Security Bulletin 90-06      DCA DDN Defense Communications System
27 Mar 90               Published by: DDN Security Coordination Center
                                     (SCC@NIC.DDN.MIL)  (800) 235-3155

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [26.0.0.73]
using login="anonymous" and password="guest".  The bulletin pathname is
SCC:DDN-SECURITY-yy-nn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-90-01).
**********************************************************************

                          PRECAUTIONARY NOTE
 
April Fools' day (April 1) has traditionally been a time for pranks of
all kinds.  In order to guard against possible benign or malevolent
attempts to affect the normal operation of your host, we suggest taking
the following easy precautions:
 
 
   1. Write a set of emergency procedures for your site and keep it up
      to date.  Refer to DDN Security Bulletin 90-03 for help regarding
      the type of information to collect and whom to call.
 
   2. Save your files regularly, and make file  back-ups often.   Put
      the distribution copies of your  software in  a safe  place away
      from your computer room.  Don't forget where they're stored!
 
   3. Avoid trivial passwords and change them often.   (See the "Green
      Book"  (Department  of  Defense  Password Management Guideline),
      CSC-STD-002-85, for information on the use of passwords.)
 
   4. Check  to  make  sure  your  host  has no  unauthorized users or
      accounts.  Also check for obsolete accounts (a favorite path for
      intruders to gain access).
 
   5. Restrict system  ("superuser", "maint", etc.)  privileges to the
      minimum number of accounts you possibly can.
 
   6. Well publicized accounts including "root", "guest", etc., having
      system privileges should be renamed to avoid undue attention.
 
   7. Keep your maintenance contracts active.
 
Of course,  these steps should be taken throughout the year as part of
your regular operating procedures.