************************************************************************** Security Bulletin 9505 DISA Defense Communications System February 8, 1995 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/ddn-security-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/ddn-security-9428). ************************************************************************ SUBJECT: DDN SECURITY CONSIDERATIONS AND NETWORK CONDUCT REQUEST NODE SITE COORDINATORS AND HOST ADMINISTRATORS DISSEMINATE THIS INFORMATION TO ALL DDN USERS This DDN Security Bulletin provides information regarding security policy, procedures and network conduct relative to the DDN community. It provides a general overview of the responsibilities of the DDN NSO, SCC, Host Administrator and Network User. It also includes point of contact information for the Network Security Officer, the Security Coordination Center, and the Automated Systems Security Incident Support Team (ASSIST). This bulletin duplicates the policy stated in DDN Management Bulletin 9503. Information on ASSIST has been added. ********************************************************************** 1. There has been an increasing number of DOD policy violations concerning proper use of the Defense Data Network (DDN). These include unauthorized advertising, commercial organizational recruitment, electronic chain-mail, and transmission of unofficial or commercial information. 2. Network users are reminded that forwarding this type of unofficial correspondence is in direct violation of DOD policy. The Defense Data Network is intended "For Official Use Only". Only authorized users engaged in U.S. Government Business or applicable research or those who are directly involved in providing operations or systems support for Government-owned or -sponsored computer communications equipment may use the DDN. It is the policy of the U.S. Government that agencies shall establish and maintain a cost-effective system of internal controls to provide reasonable assurance that Government resources are protected against fraud, waste, mismanagement, or misappropriation. 3. Users of the DDN must not violate privacy or other applicable laws and should NOT use the networks for advertising or recruiting purposes without the express permission of the Defense Information Systems Agency. Unauthorized use of the DDN is illegal, and violators are subject to prosecution under Title 18 of the Federal Criminal Code. 4. Use of the DDN constitutes consent to adhere to DOD policy regarding security considerations and network conduct. DISA reserves the right to discontinue DDN access to any user(s) who are not conducting legitimate Government business/activity. 5. The DDN Network Security Officer (NSO) is the security point-of-contact within DISA for the operational management of the DDN. The NSO is responsible for establishing and issuing DDN operational security procedures and guidelines. The NSO conducts investigations of network-related security incidents, working closely with the SCC, network managers, host administrators and federal investigative agencies, as appropriate. The DISA NSO point-of- contact is listed below: RM1 Kyra T. Jenkins, DISA/WE3353, COMM: (703)487-8066, DSN: 364 E:mail JENKINSK@CC.IMS.DISA.MIL 6. The Security Coordination Center (SCC) acts in conjunction with the DDN NSO to coordinate actions related to security incidents and network vulnerabilities. The SCC relays security-related information to the NSO and works with him/her in handling network security problems. The SCC also issues DDN Security Bulletins to network users. The SCC can be reached by the following means: Phone: 1-800-365-DNIC or E:mail SCC@NIC.DDN.MIL. 7. ASSIST is an element of the Defense Information Systems Agency (DISA), Center for Information Systems Security (CISS), that provides service to the entire DoD community. This includes incident response, containment, and resolution. Constituents of the DoD with questions about ASSIST or computer security issues, can contact ASSIST using one of the methods listed below. Phone: 1-800-357-4231 (or 703-756-7974 DSN 289), duty hours are 06:00 to 22:30 EDT (GMT -4) Monday through Friday. During off duty hours, weekends and holidays, ASSIST can be reached via pager at 800-791- 4857. 8. Host Administrators are responsible for the enforcement of all DDN policies at their site(s), and for maintaining a reasonable level of protection from the possibility of network compromise. They must act as liaisons with the DDN Network Security Officer (DDNNSO), the Security Coordination Center (SCC), vendors, law enforcement bodies, and other appropriate agencies to resolve any outstanding security problems and prevent their recurrence. 9. Network users are responsible for keeping abreast of current security policy and guidelines. The DDN is routinely monitored and users are reminded that improper activity on the network is strictly prohibited. Violations should be reported in accordance with established procedures. Questions concerning procedures, security considerations and network conduct should be addressed to the appropriate host administrator, service or agency. 10. POC for this bulletin is RM1 Kyra T. Jenkins, DISA-WE3353, (703)487-8066. **************************************************************************** * * * The point of contact for MILNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DDN Security bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.