-------- From academic-firewalls-owner@net.tamu.edu Wed Oct 25 10:03:39 1995 Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 3.3 v118.2) Date: Wed, 25 Oct 95 09:59:05 -0500 From: Dave Hess Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Academic Computer Network Security Survey #1 Results I have compiled the results of the survey and I am making them publically available via ftp. I would encourage you to peruse them and discuss the results on this list. Unfortunately there were only 43 responses so I would be careful of any conclusions that you draw from the results. I've put all of the results together in a package available via the following URL: ftp://net.tamu.edu/pub/security/TAMU/survey1.tar.gz Included below is the README. I would appreciate hearing any comments you have on the survey. Dave - --- David K. Hess Network Analyst David-K-Hess@tamu.edu Computing and Information Services - Network Group (409) 845-0372 (work) Texas A&M University - ----------------------------------------------------------------- This package contains the results of the Academic Computer Network Security Survey #1. Please note that this survey was not designed scientifically and that its results should not be interpreted as though it were. It was meant as an informal means to gather and subsequently redistribute information about the state of computer network security at academic sites. Since there are so many interpretations that could be made of the data, I decided to only present a very informal summary of the data and to include the raw data so that anyone can analyze it any way they wish. FILES: survey - the original survey surveys.raw - the returned surveys concatenated into one file surveys.cooked - surveys.raw reduced to just the answers survey.summary - an informal summary of the results of the survey DIRECTORIES: bySurvey/ - the reduced answers broken out into files by survey byQuestion/ - the reduced answers broken out into files by question The format of the reduced files consists of repeating sections of a header followed by a body where the header is of the form --- followed by a body consisting of one or more lines composing an answer. For example: .... 40 --- 18.C) [ tcp_wrapper, cops, swatch, perl ] .... represents the answer to question 18.C provided by survey 40. Note that some questions could have multiple answers. I would appreciate any feedback you have on the concept of the survey, the results, and any topics you would like covered in the future. Dave Hess David-K-Hess@tamu.edu 10/25/95 -------- From academic-firewalls-owner@net.tamu.edu Wed Oct 25 10:57:57 1995 In-Reply-To: <9510251459.AA07368@posaune.tamu.edu> Date: Wed, 25 Oct 1995 10:53:18 -0500 From: Doug Hughes Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Academic Computer Network Security Survey #1 Results It might be useful to compile a list of all the free and commercial software products used and provide a short one-line description of each so that people know what is available for use and what it does. I notice that there are a lot of institutions out there that are heterogenous in nature. I imagine that makes a consistent implementation of security extremely difficult because of OS differences. Fortunately, we have only a few different OS's and have been lucky in that regard. I also notice that the majority of people only check their logs daily for attacking information, which leaves a pretty large window for attackers to get their licks in before being noticed. The attacks against the domain detection question was, for me, very difficult to answer, because often it is difficult to know whether you are under attack or not, and according to studies, more than 80% of attacks go undetected. On the other hand, it could be that the nature of our domains (educational as opposed to corporate) would make them a less attractive target for a concerted hacker effort. It would be interesting to know which domains believe they are being attacked hourly and why, though I don't expect them to say so here. - -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug@eng.auburn.edu Apple T-shirt on Win95 - "Been there, done that" -------- From academic-firewalls-owner@net.tamu.edu Wed Oct 25 13:29:00 1995 Date: Wed, 25 Oct 1995 19:24:16 +0100 (BST) From: Neil Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Academic Computer Network Security Survey #1 Results A list of freely available security programs with a short description and address for more info would be very useful to many prople, myself included. Sorry about the brief reply my terminal is broken. Cheers, Neil * Neil A Carson * The Royal Military College of Science, Shrivenham * e-mail carson@rmcs.cranfield.ac.uk, or if you must neil@samtech.demon.co.uk * Pink Floyd fossil, Keith Floyd fan, gardener, pianist, mountain biker etc. -------- From academic-firewalls-owner@net.tamu.edu Wed Oct 25 19:44:27 1995 Cc: academic-firewalls@net.tamu.edu In-Reply-To: <951025192416.1e62@rmcs.cranfield.ac.uk> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Wed, 25 Oct 1995 19:37:12 -0500 (CDT) From: Aleph One Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Academic Computer Network Security Survey #1 Results Here goes a plug. http://underground.org/utils/unix/ Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Wed, 25 Oct 1995, Neil wrote: > Date: Wed, 25 Oct 1995 19:24:16 +0100 (BST) > From: Neil > To: academic-firewalls@net.tamu.edu > Subject: Re: Academic Computer Network Security Survey #1 Results > > A list of freely available security programs with a short description > and address for more info would be very useful to many prople, myself > included. > > Sorry about the brief reply my terminal is broken. > Cheers, > > Neil > > * Neil A Carson > * The Royal Military College of Science, Shrivenham > * e-mail carson@rmcs.cranfield.ac.uk, or if you must neil@samtech.demon.co.uk > * Pink Floyd fossil, Keith Floyd fan, gardener, pianist, mountain biker etc. > -------- From academic-firewalls-owner@net.tamu.edu Wed Oct 25 23:39:33 1995 Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 3.3risc v118.3) Date: Wed, 25 Oct 95 23:33:59 -0500 From: David-Hess@net.tamu.edu Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Security tools Since the previously mentioned site appears to be down, you can also look at http://www.alw.nih.gov/Security/security-prog.html They have listings of tools with short descriptions. If you are looking for an all purpose place for security stuff, you should check out coast.cs.purdue.edu. There is all kinds of good stuff there including a nice collection of security tools in /pub/tools/unix. Another site to poke around is ftp.cert.org. You can find the canonical collection of CERT advisories there. Also, there is (or was) a mailing list sponsored by CERT about security tools. The announcement for that is available as ftp://ftp.cert.org/pub/papers/cert-tools.announcement And there are plenty more security sites.... Yahoo has a pretty good index of them at http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/ Dave - --- David K. Hess Network Analyst David-K-Hess@tamu.edu Computing and Information Services - Network Group (409) 845-0372 (work) Texas A&M University -------- From academic-firewalls-owner@net.tamu.edu Thu Oct 26 00:14:47 1995 From: academic-firewalls-owner@net.tamu.edu Apparently-To: academic-firewalls@net.tamu.edu Date: Thu, 26 Oct 1995 12:52:36 +0800 Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu ***** UNDELIVERABLE MAIL sent to mike, being returned by marsh!root ***** mail: Error # 2 'Problem with mailfile' encountered on system marsh Received: from net.tamu.edu by marsh with SMTP id AA15443 (5.67a/IDA-1.5); Thu, 26 Oct 1995 12:51:46 +0800 Received: (from daemon@localhost) by net.tamu.edu (8.7.1/8.7.1) id XAA00165 for academic-firewalls-a; Wed, 25 Oct 1995 23:34:59 -0500 (DST) Received: from myhost.tamu.edu (ppp04-09.rns.tamu.edu [165.91.64.72]) by net.tamu.edu (8.7.1/8.7.1) with SMTP id XAA00157 for ; Wed, 25 Oct 1995 23:34:48 -0500 (DST) Received: by myhost.tamu.edu (NX5.67e/NX3.0M) id AA17267; Wed, 25 Oct 95 23:34:08 -0500 Message-Id: <9510260434.AA17267@myhost.tamu.edu> Content-Type: text/plain Mime-Version: 1.0 (NeXT Mail 3.3risc v118.3) Received: by NeXT.Mailer (1.118.3) Date: Wed, 25 Oct 95 23:33:59 -0500 Precedence: bulk From: David-Hess@net.tamu.edu Sender: academic-firewalls-owner@net.tamu.edu Errors-To: academic-firewalls-owner@net.tamu.edu Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Security tools Since the previously mentioned site appears to be down, you can also look at http://www.alw.nih.gov/Security/security-prog.html They have listings of tools with short descriptions. If you are looking for an all purpose place for security stuff, you should check out coast.cs.purdue.edu. There is all kinds of good stuff there including a nice collection of security tools in /pub/tools/unix. Another site to poke around is ftp.cert.org. You can find the canonical collection of CERT advisories there. Also, there is (or was) a mailing list sponsored by CERT about security tools. The announcement for that is available as ftp://ftp.cert.org/pub/papers/cert-tools.announcement And there are plenty more security sites.... Yahoo has a pretty good index of them at http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/ Dave - --- David K. Hess Network Analyst David-K-Hess@tamu.edu Computing and Information Services - Network Group (409) 845-0372 (work) Texas A&M University -------- From academic-firewalls-owner@net.tamu.edu Thu Oct 26 14:07:22 1995 X-Organization: Brigham & Womens Hospital, A Teaching Affiliate of Harvard Medical School In-Reply-To: from "Doug Hughes" at Oct 25, 95 10:53:18 am X-PGP: 0xE794DA91 FD3C3450FEB4A0B8 18F2E72CA82D29B8 X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Thu, 26 Oct 1995 15:01:39 -0400 (EDT) From: Adam Shostack Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Academic Computer Network Security Survey #1 Results You wrote: | The attacks against the domain detection question was, for me, very | difficult to answer, because often it is difficult to know whether you | are under attack or not, and according to studies, more than 80% of | attacks go undetected. On the other hand, it could be that the nature | of our domains (educational as opposed to corporate) would make them | a less attractive target for a concerted hacker effort. It would be | interesting to know which domains believe they are being attacked hourly | and why, though I don't expect them to say so here. I get 3-4 password grabs a day on my ftp server. Some are people snarfing everything here. Not sure why they do it.. Adam - -- "It is seldom that liberty of any kind is lost all at once." -Hume -------- From academic-firewalls-owner@net.tamu.edu Thu Oct 26 19:07:17 1995 In-Reply-To: <199510261901.PAA04317@calloway.bwh.harvard.edu> Date: Thu, 26 Oct 1995 18:59:34 -0500 From: Doug Hughes Reply-To: academic-firewalls@net.tamu.edu To: academic-firewalls@net.tamu.edu Subject: Re: Academic Computer Network Security Survey #1 Results > > I get 3-4 password grabs a day on my ftp server. Some are >people snarfing everything here. Not sure why they do it.. > >Adam > > Hmm, I never even thought to count that as an attack.. But yes, as silly as anybody must be to think that would work, I guess it would be a legitimate attack. :) I may have to start logging that just for kicks. - -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug@eng.auburn.edu Apple T-shirt on Win95 - "Been there, done that"