***********************************************************************

DDN Security Bulletin 90-04 DCA DDN Defense Communications System

2 Mar 90 Published by: DDN Security Coordination Center

(SCC@NIC.DDN.MIL) (800) 235-3155

DEFENSE DATA NETWORK

SECURITY BULLETIN

The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DCA contract as a means of communicating information on network and host security exposures, fixes, & concerns to security & management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [26.0.0.73 or 10.0.0.51] using login="anonymous" and password="guest". The bulletin pathname is SCC:DDN-SECURITY-yy-nn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. SCC:DDN-SECURITY-90-01).

**********************************************************************

COMPUTER SYSTEM "WELCOME" BANNERS

1. The Defense Communications Agency/Data Systems Management Division (DDO) is in the process of fielding a patch to all Defense Data Network (DDN) Terminal Access Controllers (TACs) that will remove the DDN "Welcome" banners. This is being accomplished as a security measure for the following principle reasons:

a. To terminate the identification of the system as belonging to the DDN/MILNET, and to terminate the identification of the type of operating system or software in use on the system. All too often intruders stumble by chance upon a MILNET host because the system is identified in the banner as being "defense" and/or "For Official Use Only". Intruders can also use software or operating system information from the banner to facilitate an intrusion. Therefore, it is best not to identify a system at all in its banner.

b. A court recently threw out a suit against a computer system intruder because the logon prompt was preceded with "Welcome to...".

2. Request Host Administrators and other addressees, in favor of tighter security, take an active role in getting their commands/units/organizations to change existing logon banners to make certain that the identity of their data systems is not displayed, and to halt the use of "Welcome".