************************************************************************** Security Bulletin 9324 DISA Defense Communications System December 22, 1993 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/ddn-security-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/ddn-security-9302). ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DDN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 93-35 Release date: 20 December 93, 4:45 PM EST Subject: Release of Security Profile Inspector (SPI) Version 3.0. SPI is an automated security tool for Unix and VMS operating systems designed to assist system managers and computer security personnel in providing and maintaining computer systems security. The program could also be a useful tool for designated approval authorities, accreditors, and other DoD personnel involved in computer system accreditations/certifications. SPI inspects various aspects of a computer system and generates reports on items that may create security problems for the system. The program was developed by Lawrence Livermore National Labs under contract to the U.S. Department of Energy. ASSIST provides funding support to the project, and is the authorized distribution agent for SPI 3.0 within the DoD. SPI 3.0 provides 6 major inspection utilities: a. Quick System Profile (QSP) b. Access Control Test (ACT) c. Password Security Inspector (PSI) d. Binary Inspector Tool (BIT) e. Change Detector Tool (CDT) f. Configuration Query Language (CQL) "a" through "d" above are vulnerability detection tools, "e" is an intrusion (change) detection tool, and "f" is a flexible system for making varied security inquiries or requests for system data. All of SPI's security functions, and some administrative functions are accessible through a menu-driven user interface that was developed with ease of use as a priority. SPI/Unix has been tested on standard System V, Berkeley Unix, Sunos 4.X, and Solaris 2.X operating systems. An extensive configuration script is also included which will try to configure SPI to as many different version of Unix as possible. SPI 3.0 represents a significant revision in the program architecture, and several new or enhanced features. The new product structure contains several "OS extraction libraries" that map operating system data into elements of a SPI unified security model. Unix and VMS libraries have been written which allow the security inspection codes to operate in varied environments. CQL is employed as a major new security inspector, and serves as an inspector in it's own right as well as being an intelligent server of information to other inspector functions. The CDT replaces the "file inode" and "file data change detector" routines contained in previous versions of SPI, and the consolidation has improved efficiency and reduced false positives. The development and increased availablility of automated tools that probe systems for weaknesses, and information about how to exploit system weaknesses have added significant new threats to network environments. Programs like the Internet Security Scanner (ISS), and Security Analysis Tool for Auditing Networks (SATAN), will make it easier for persons with limited expertise to exploit system vulnerabilities. ASSIST strongly urges DoD security and system administration personnel to implement SPI where ever possible, make every effort to learn about their systems vulnerabilities, and prepare for an increased volume of network attacks in the near future. ASSIST will make SPI 3.0 Available to DoD personnel responsible for security and/or administration on any DoD owned computer system. The program will also be made available to DoD contractors who submit a letter of request for SPI 3.0 from the DoD element that is the sponsor of their activity. Requests for SPI 3.0 can be submitted to ASSIST using any of the contact points listed in the final paragraph of this message. The program will be available on tape, floppy disk, and via Milnet ftp. Note: ftp transfers will only be done with SPI in DES encrypted format to Milnet sites that have obtained the DES key from ASSIST. ASSIST will also be maintaining a mailing list of SPI-user Milnet email addresses that will be used to distribute and collect information about SPI 3.0. Anyone who wants to be included in this mailing list should send a request via milnet to dod-spi-request@assist.Ims.Disa.Mil. ASSIST is an element of the Defense Information Systems Agency (DISA), Center for Information Systems Security (CISS), that provides service to the entire DoD community. If you have any questions about ASSIST or computer security issues, contact ASSIST using one of the methods listed below. If you would like to be included in the distribution list for these bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.ims.disa.mil. Back issues of ASSIST bulletins are available on the ASSIST bbs (see below), and through anonymous ftp from assist.ims.disa.mil. ASSIST contact information: PHONE: 703-756-7974, DSN 289, duty hours are 06:30 to 17:00 Monday through Friday. During off duty hours, weekends, and holidays, ASSIST can be reached via pager at 800-SKY-PAGE (800-759-7243) PIN 2133937. Your page will be answered within 30 minutes, however if a quicker response is required, prefix your phone number with "999" and ASSIST will return your call within 5 minutes. ELECTRONIC MAIL: assist@assist.ims.disa.mil. ASSIST BBS: 703-756-7993/4, DSN 289, leave a message for the "sysop". Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key encryption tool, to digitally sign all bulletins that are distributed through e-mail. The section of seemingly random characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and "BEGIN ASSIST BULLETIN" contains machine-readable digital signature information generated by PEM, not corrupted data. PEM software for UNIX systems is available from Trusted Information Systems (TIS) at no cost, and can be obtained via anonymous FTP from ftp.tis.com (IP 192.94.214.100). Note: The TIS software is just one of several implementations of PEM currently available and additional versions are likely to be offered from other sources in the near future. **************************************************************************** * * * The point of contact for MILNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * ****************************************************************************