**************************************************************************
Security Bulletin 9202                  DISA Defense Communications System
23 January 1992             Published by: DDN Security Coordination Center
                                      (SCC@NIC.DDN.MIL)   1-(800) 365-3642

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security
Coordination Center) under DISA contract as a means of communicating
information on network and host security exposures, fixes, and concerns
to security and management personnel at DDN facilities.  Back issues may
be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5]
using login="anonymous" and password="guest".  The bulletin pathname is
scc/ddn-security-yynn (where "yy" is the year the bulletin is issued
and "nn" is a bulletin number, e.g. scc/ddn-security-9201).
**************************************************************************

    First, we at the SCC hope you had a safe, secure, and happy new
    year.  

    For some time now, the SCC has produced daily reports on TAC
    activity and suspected TAC Security Incidents.  It has only
    been recently, however, that the SCC has been tasked by the DDN
    Network Security Officer (NSO) to perform follow-up on these
    suspected TAC Security Incidents with the user's Host
    Administrator (HA).  As a result, HA's are now receiving a
    portion of the Security Incident Report as it applies to their
    user(s).  The HA's are being asked to investigate these 
    suspected security incidents and respond back to the SCC with
    the results of their inquiries.  If a breach of DDN/TAC security
    has occurred, that user's TAC card will be deactivated.  If the HA
    fails to respond, it will also cause that user's TAC card to be
    deactivated.  The following acts are considered a breach of DDN/TAC
    security.

          Allowing your TAC access code to be used by anyone
          except yourself.

          Imbedding TAC access codes in software.

          Including TAC access codes in login files or scripts.

          Logging into a TAC for someone else.

    The TAC access codes are to be manually entered every time a user
    logs into the TAC.  HA's can request TAC cards for anyone who has
    a genuine need to utilize the network.  HA's can also request
    guest TAC cards for temporary users and for users who are waiting
    for their own TAC cards to arrive.  In 1992, let's make the DDN
    more secure than it has ever been before.