**************************************************************************

Security Bulletin 9720 DISA Defense Communications System

August 12, 1997 Published by: DISN Security Coordination Center

(SCC@NIC.MIL) 1-(800) 365-3642

DEFENSE INFORMATION SYSTEM NETWORK

SECURITY BULLETIN

The DISN SECURITY BULLETIN is distributed by the DISN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DISN facilities. Back issues may be obtained via FTP from NIC.MIL [207.132.116.5] using login= "anonymous" and password="guest". The bulletin pathname is scc/sec-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/sec-9705.txt). These are also available at our WWW site, http://nic.mil.

**************************************************************************

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

! !

! The following important advisory was issued by the Automated !

! Systems Security Incident Support Team (ASSIST) and is being !

! relayed unedited via the Defense Information Systems Agency's !

! Security Coordination Center distribution system as a means !

! of providing DISN subscribers with useful security information. !

! !

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Automated Systems Security Incident Support Team

_____

___ ___ _____ ___ _____ | /

/\ / \ / \ | / \ | | / Integritas

/ \ \___ \___ | \___ | | < et

/____\ \ \ | \ | | \ Celeritas

/ \ \___/ \___/ __|__ \___/ | |_____\

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ADVISORY : 97-10

Release date: 11 Aug, 1997

DESCRIPTION: DOD site licensed Anti-Virus (AV) tools.

SUMMARY: The McAfee and Symantec Norton computer AV software has

been site licensed for use by DOD and will be available for use as of 1 September 97. The software will be available for use by the DOD antivirus support community on 15 August 97. The DOD license was procured by the Defense Information Systems Agency (DISA) contract DCA100-98-F-0004 to Stream International (Symantec's Norton AntiVirus) and DCA100-98-F-0005 to McAfee is valid through 30 Sept 98.

BACKGROUND: The DOD site license for the IBMAV and Norman

software expires on 30 September 97. DOD personnel may continue to use the IBMAV software after the expiration date, however virus signature updates will no longer be issued.

IMPACT: Failure to maintain and use an up to date AV tool places

systems at risk of malicious code infection.

RECOMMENDED SOLUTIONS: Obtain, install, and begin using the DOD site

licensed McAfee and Norton AV tool as soon as possible. Ensure the AV tool is kept up to date by obtaining and installing the most current version of the software as soon as it is available from the DOD distribution centers.

Army: Army Computer Emergency Response Team (ACERT)

Hotline: 1-888-203-6332 (DSN: 235-1113)

Anonymous FTP: ftp.acert.belvoir.army.mil

Web Server: http://www.acert.belvoir.army.mil

Navy: NISE East, Charleston, SC Information Systems Security (INFOSEC)

Technical Help Desk: 800-304-4636

Anonymous FTP: INFOSEC.NOSC.MIL (198.253.23.241)

BBS: 800-494-9947 (DSN 764-2474)

Air Force: Air Force Information Warfare Center (AFIWC)

Hotline: 800-854-0187

Anonymous FTP: afcert.csap.af.mil (192.203.2.249), Web Server: http://afcert.csap.af.mil (192.203.2.249), AFCA C4 Systems Security BBS: 618-256-4545 (DSN 576-4545)

Other: Automated Systems Security Incident Support Team (ASSIST)

Hotline: (800) 357-4231 (DSN: 327-4700)

Anonymous FTP: ftp.assist.mil (199.211.123.12)

Web Server: http://www.assist.mil (199.211.123.12)

BBS: (703) 607-4710 (DSN: 327-4710)

Personnel from each DOD element should download the software from their respective MILDEP distribution centers. Personnel affiliated with non-MILDEP elements should use the ASSIST BBS or FTP servers.

***************

The following is a copy of the license terms, conditions and coverage: DOD-Wide Anti-Virus Software Enterprise License Agreement Between Defense Information Systems Agency and McAfee Software, Inc.

1. Agreement: This software license agreement is entered into on this date, 16 July 1997, between the Defense Information Systems Agency, hereinafter referred to as DISA, and the anti-virus software manufacturer/developer, McAfee Software, Inc., hereinafter referred to as the Contractor to furnish the following anti-virus software product or products: VirusScan, NetShield, WebShield, BootShield, GroupShield, and GroupScan and WebScan.

2. Order of Precedence: The terms of this license agreement are a supplement to the Contractor's commercial license for the aforementioned product(s) and should any conflict arise between the two agreements, the terms of this agreement shall take precedence.

3. Coverage/Applicability: This license covers the entire Department of Defense (DOD) on a Perpetual, Enterprise basis during the Period of Performance of this license, including Technical Support, Distribution, and Home Use as defined below.

4. Definitions:

Period of Performance: This license covers the period from date of award through 30 September 1998, plus four additional one year options, if exercised by DISA.

Option prices: $410,000 per option period for a total license value of $2,050,000 if all 4 options are exercised.

DOD: For the purposes of this license this includes all employees of, and PC's owned by the: Army, Air Force, Navy, Marines, Coast Guard (in time of war only), defense agencies, military academies (on-site/campus only). It may be used by DOD contractors working on DOD owned PC's but not by DOD Contractors working on their company-owned PC's at their workplace.

Perpetual: This product is for DOD's use only, in perpetuity, however, anti-virus software technical support and signature file updates stop at the end of the designated period of the license. This also means that there is no requirement to de-install,destroy and/or return to the Contractor installed software at the end of the license period.

Enterprise This software is always owned by the software developer (Contractor) and is only used by the DOD, with no requirement to: account for or report individual DOD users or software copies, increase or decrease the price based on changes in the number of DOD users or PC's, and covers all product updates or upgrades based on new versions of operating systems or new platforms that occur for products originally provided under this license, during the period of this license.

Home use: DOD Employees only may use the anti-virus product on their own personal computers at their homes. This is to reduce incidents of virus infiltration from home computers owned by DOD Employees where a significant virus point-of-entry exists. It may not be used by DOD Contractors at their own home.

Technical support (and/or maintenance support): This includes any or all technical support normally associated with or provided with the commercial version of the product(s), to the Contractor's commercial market. This will include a 24 hour-7 day-a-week accessible technical support hot line. The Contractor is only required to furnish technical support under this license to the DISA ASSIST staff. In addition, the contractor will agree to accept technical support calls from DOD Activity Information Security and/or network systems administrators after coordination with or after being referred to by the ASSIST Staff.

Distribution: Software updates, signature updates, system administrator documentation, virus logging, reporting, as well as end-user software documentation covered by this license shall be primarily via contractors commercial automatically or manually downloadable FTP, INTERNET/web, or bulletin board site, by and distributed by DISA ASSIST staff or other mutually agreed-to method. In addition, a hard copy set of software updates and/or virus solutions shall be furnished as soon as available in the form of CD ROM(s), and/or 3 ½ inch Diskette(s) and shall be shipped via express mail (or equivalent) to the DISA ASSIST staff.

5. Changes: Signatures below constitute the entire agreement of this addendum between DISA and the Contractor. Any or all changes to this agreement must be made in writing by mutual agreement of the undersigned or their authorized representatives.

ADDENDUM TO SYMANTEC'S RETAIL LICENSE AND WARRANTY

This Addendum to License and Warranty (the "Addendum") dated 16 July 1997 shall serve to amend the standard retail package product License and Warranty (the "Agreement") which accompanies Symantec's Antivirus packaged product which will govern the Symantec Software Product purchased by the Defense Information Systems Agency, ("DISA"), pursuant to the GSA Schedule buy of a DOD-wide antivirus software license. DISA is the purchasing agency for the Department of Defense ("DOD"). The terms of the Addendum shall control in the event of arty conflict between the Agreement and the Addendum.

The Agreement will be amended as follows.

1. Notwithstanding anything to the contrary specified in the

Agreement, Symantec grants to DOD a nonexclusive, nontransferable license to make and use an unlimited number of copies of the English language versions of the Software in object code form only, solely for DOD's own internal data processing uses within the United States (and includes the international addendum for DOD use overseas). The licenses covered by the Agreement and this Addendum are perpetual in nature. Upgrade Insurance and PremiumCare Platinum Support (24X7 option, 6 designated persons) will be provided under the terms and conditions of Symantec's Upgrade Insurance and PremiumCare Platinum agreements for the term of the Agreement.

2. Notwithstanding anything to the contrary specified in the Agreement, employees of DOD who have been provided a copy of the Software for office use may also use a duplicate copy of such Software under the terms and conditions of the Agreement on their home computers so long as they remain employed by DOD.

3. DOD computers will include all computers owned by the Army, Air Force, Navy, Marines, Coast Guard (in time of war only), Defense agencies, Military Academies (on-site/campus only). DOD computers will include contractors working on DOD owned computers but not DOD contractors working on their company-owned computers at their workplace or at their home.

4. The terms of the Agreement and this Addendum shall begin from the date of execution by both parties through September 30, 1998. DOD will have the option to renew the Agreement for up to four additional one year periods. The pricing for the Software will be determined by Stream and DOD for the initial term as well as the option terms.

5. This Addendum and the Agreement constitute the entire understanding of the parties regarding the subject matter hereof and may be modified or waived only by a writing duly executed on behalf of both parties. No purchase order, invoice or similar memorandum will amend the Agreement or this Addendum even if accepted in writing by the receiving party.

Access to the McAfee and Norton AV tools on the ASSIST BBS, FTP and Web servers is restricted to DOD verified personnel only. Any DOD component that further distributes the DOD licensed AV tools electronically must also verify that recipients are DOD affiliated personnel. Failure to comply with contract guidelines will put the distributor in violation of the contract. See "ASSIST Information Resources" section in the trailer of this message and ASSIST 97-1 for additional information about downloading files from ASSIST, and DOD-only restricted access to AV tools. Please contact ASSIST if you encounter any problems downloading files from the ASSIST BBS, FTP, WebServer systems.

ASSIST will act as the sole DOD liaison with McAfee and Norton AV software, for all matters related to DOD use of the McAfee and Norton AV tools. All questions, comments, problems, and suggestions related to DOD use of the McAfee and Norton AV tools must be forwarded through the MILDEP representatives listed below to ASSIST, and non-MILDEP DOD personnel must contact ASSIST directly.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

ASSIST is an element of the Defense Information Systems Agency (DISA), Global Operations and Security Center (GOSC), which provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/institutions, contact the Forum of Incident Response and Security Teams (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts".

___________________________

ASSIST CONTACT INFORMATION:

E-mail: assist@assist.mil

Phone: (800)-357-4231 (DSN 327-4700) 24 hour hotline

Fax: (703) 607-4735 (DSN 327-4735) Unclassified

ASSIST Bulletins, tools and other security related information are available from:

http://www.assist.mil/

ftp://ftp.assist.mil/

To be added to our mailing list for ASSIST bulletins, send your e-mail address to:

assist-request@assist.mil In the subject line, type:

SUBSCRIBE your-email-address

___________________________________

OTHER DOD CERT CONTACT INFORMATION:

Air Force CERT Phone: (800) 854-0187

Air Force CERT Email: afcert@afcert.csap.af.mil

Navy CIRT Phone: (800) 628-8893

Navy CIRT Email: navcirt@fiwc.navy.mil

Army CERT Phone: (888) 203-6332

Army CERT Email: acert@vulcan.belvoir.army.mil

Stratcom CERT Phone: (402) 294-1985

Stratcom Email: stratcert@stratcom.af.mil

_________________

ASSIST BULLETINS:

Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710, 327-4710, and through anonymous FTP from ftp.assist.mil (IP address 199.211.123.12). Note: ftp.assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided.

ASSIST uses Pretty Good Privacy (PGP) as the digital signature mechanism for bulletins. PGP incorporates the RSAREF™ Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt. In accordance with the terms of that license, PGP may be used for non-commercial purposes only. Instructions for downloading the PGP software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins.

Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes.

****************************************************************************

* *

The point of contact for NIPRNET security-related incidents is the *
ASSIST: *

* *

E-mail address: ASSIST@ASSIST.MIL *

* *

Telephone: 1-(800)-357-4231 (24 hours/day) *

* *

You may also contact the Security Coordination Center (SCC) at the *
NIC: *

* *

E-mail address: SCC@NIC.MIL *

* *

Telephone: 1-(800)-365-3642 *

* *

NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, *
Monday through Friday except on federal holidays. *

* *

****************************************************************************

PLEASE NOTE: Some users outside of the DOD computing communities may receive DISN Security Bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts.

This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.