************************************************************************** Security Bulletin 9120 DISA Defense Communications System 21 October 1991 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, & concerns to security & management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is SCC:DDN-SECURITY-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-9120). ************************************************************************** RE-REGISTRATION OF TAC USERS THIS BULLETIN IS MEANT TO NOTIFY ALL CONCERNED THAT THERE IS CURRENTLY A PROBLEM WITH THE TIMELINESS OF TAC USERS BEING RE-REGISTERED WITH THE NETWORK INFORMATION CENTER (NIC) ONCE THEIR HOSTS ARE MOVED BEHIND CONCENTRATORS/GATEWAYS. SPECIFICALLY, WHEN A MILNET DIRECT-CONNECTED HOST IS DISCONNECTED AMD MOVED BEHIND A CONCENTRATOR/GATEWAY HOST, USERS BEHIND THE ORIGINAL "AUTHORIZING" HOST NEED TO BE RE- REGISTERED WITH THE CONCENTRATOR/GATEWAY AS THE AUTHORIZING "HOST." THIS IS NOT HAPPENING IN ALL CASES, OFTEN DUE TO HOST ADMINISTRATORS ASSUMING THEY WILL CONTINUE TO BE ABLE TO AUTHORIZE TAC CARDS AFTER THEIR HOST IS RE-CONNECTED, AND TO CONCENTRATOR/GATEWAY ADMINISTRATORS ASSUMING THAT THEY DO NOT PLAY A ROLE IN THE TAC CARD AUTHORIZATION PROCESS. BEGINNING 15 DECEMBER 1991, THE NIC HAS BEEN DIRECTED TO TERMINATE NETWORK ACCESS TO ALL TAC USERS UTILIZING TAC CARDS REGISTERED TO "OLD" DIRECT CONNECTED HOSTS. THE USE OF THESE CARDS IS NO LONGER AUTHORIZED UNLESS RE-REGISTRATION HAS BEEN ACCOMPLISHED AS DESCRIBED ABOVE. IN THE FUTURE, TAC ACCESS WILL BE TERMINATED WITHIN 15 DAYS AFTER ANY HOST HAS BEEN DECONFIGURED. IT IS, THEREFORE, INCUMBENT UPON HOST ADMINISTRATORS TO COORDINATE WITH THE ADMINISTRATOR OF THE CONCENTRATOR/GATEWAY AND WITH THE NIC REGISTRAR TO ARRANGE THE TIMELY RE-REGISTRATION OF TAC USERS PRIOR TO THE DISCONNECTION OF THE HOST TO WHICH THOSE TAC USERS WERE ORIGINALLY REGISTERED. FOR FURTHER INFORMATION REGARDING THIS GENERAL POLICY OR TO COORDINATE SPECIFIC CASES, PLEASE SEND A MESSAGE TO REGISTRAR@NIC.DDN.MIL OR CALL 1-800-365-3642/703-802-4535.