************************************************************************** Security Bulletin 9540 DISA Defense Communications System October 3, 1995 Published by: DISN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE INFORMATION SYSTEM NETWORK SECURITY BULLETIN The DISN SECURITY BULLETIN is distributed by the DISN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DISN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/disn-security-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/disn-security-9531). ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DISN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + -----BEGIN PGP SIGNED MESSAGE----- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 95-38 Release date: 3 October, 1995, 7:45 AM EDT (GMT -4) SUBJECT: DoD Anti-Virus (AV) tools site license extensions. SUMMARY: The DoD site licenses for the IBM Anti-Virus (IBMAV) and Norman Anti-Virus software tools have been extended past 30 Sept. 95. Each license extension was procured through a separate procurement action. BACKGROUND: The DoD site license for the IBMAV software has been extended through 31 December 1995. The DoD site license for Norman has been extended through 31 September 96 (end of the current fiscal year) via a one year option that was included in the original contract. NOTE: Expiration of these license agreements would/will not have required removal and discontinued use of the software from/on DoD systems. It would/will only result in DoD no longer getting updates to these programs, which would cause the virus detection capabilitites of the tools to progressively degrade from date of the last update. The DoD license contract allows for use of the AV tools by all DoD military and civilian employees, and contractors, on computer equipment owned by the U.S. Government. Access to the Norman AV tools on the ASSIST BBS and FTP servers is restricted to DoD verified personnel only. Any DoD component that further distributes the DoD licensed AV tools electronically must also verify that recipients are DoD affiliated personell. Failure to comply with contract quidelines will put the distributor in violation of the contract. See "ASSIST Information Resources" section in the trailer of this message and ASSIST 95-21 for additional information about downloading files from ASSIST, and DoD-only restricted access to AV tools. Please contact ASSIST if you encounter any problems downloading files from the ASSIST BBS or FTP systems. Monthly virus signature updates for the IBMAV products are issued monthly, usually on or about the 20th of the month, and are available from the DoD distribution sites listed later in this message. The latest update ASSIST will act as the sole DoD liaison with IBM and Norman Data Defense Systems Inc., for all matters related to DoD use of these AV tools. All questions, comments, problems, and suggestions related to DoD use of the IBMAV and Norman tools must be forwarded through the MILDEP representatives listed below to ASSIST, and non-MILDEP DoD personnel must contact ASSIST directly. The DoD licensed AV software and documentation are available from the following organizations. ASSIST: See "ASSIST Information Resources" section in the trailer of this message, and ASSIST 95-21 for additional information about contacting ASSIST, connecting to the ASSIST BBS and FTP systems, and DoD-only restricted access to AV tools. ASSIST anonymous ftp server: ftp://assist.mil/pub/tools/dos/DoDAV/ ASSIST BBS: 703-607-4710, DSN 327-4710, IBMAV and Norman File Areas Army: Army Information Systems Software Center (ISSC) Voice line: 703-806-4012, DSN 656-4012 Army ISSC anonymous FTP server: 160.147.66.30, /pub/virus_sw Army ISSC BBS: BBS 1-800-558-8881 Navy: Navy Computer Incident Response Team (NAVCIRT) Voice line: 800-628-8893, DSN 563-2030 ext. 5227 NAVCIRT anonymous FTP server: INFOSEC.NOSC.MIL (198.17.82.239), /pub/dos/virus/ NAVCIRT BBS: 800-494-9947 Air Force: Air Force Information Warfare Center (AFIWC) Voice line: 800-854-0187 AFCERT anonymous ftp server: afcert.csap.af.mil (192.203.2.249), /pub/tools/toolkit/dos AFC4A C4 Systems Security BBS: 618-256-4545 (DSN 576-4545) Personnel from each DoD element should download the software from their respective MILDEP distribution centers. Personnel affiliated with non-MILDEP elements should use the ASSIST BBS or FTP servers. IMPACT: Failure to maintain and use an up to date AV tool places systems at risk of malicious code infection. RECOMMENDED SOLUTIONS: Obtain, install, and begin using the DoD site licensed Norman Data Defense Systems AV tool as soon as possible. Ensure the AV tool is kept up to date by obtaining and installing the most current version of the software as soon as it is available from the DoD distribution centers. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST is an element of the Defense Information Systems Agency (DISA), Center for Information Systems Security (CISS), that provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/institutions, contact the Forum of Incident Response and Security Teams (FIRST) (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ASSIST Information Resources: To be included in the distribution list for the ASSIST bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.mil. Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710, 327-4710, and through anonymous FTP from assist.mil (IP address 199.211.123.11). Note: assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided. ASSIST Contact Information: PHONE: 800-357-4231 (or 703-607-4700, DSN 327), duty hours are 06:00 to 22:30 EDT (GMT -4) Monday through Friday. During off duty hours, weekends and holidays, ASSIST can be reached via pager at 800-791- 4857. The page will be answered within 30 minutes, however if a quicker response is required, prefix the phone number with "999". ELECTRONIC MAIL: Send to assist@assist.mil. ASSIST BBS: Leave a message for the "sysop". ASSIST uses Pretty Good Privacy (PGP) 2.6.2 as the digital signature mechanism for bulletins. PGP 2.6.2 incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt. In accordance with the terms of that license, PGP 2.6.2 may be used for non-commercial purposes only. Instructions for downloading the PGP 2.6.2 software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP 2.6.2 and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins. Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi4uZ40AAAEEAM1uraimCNeh5PtzX7KoGxC2u8uMTdl8V5sujk3MHbWvCuOM W0FqDy5s9iwfQLZWzJ7cbM6L0mNOj8eJGoz7TqGKZDDRFlKAwg0x8joleZLC2gXw FVdF/g6Mdv7ok7heoa+Y//YMeADnsSrmzqLCnhFbKYffww3EbdH6sbnW3Io9AAUR tB9BU1NJU1QgVGVhbSA8YXNzaXN0QGFzc2lzdC5taWw+iQCVAwUQL1xx7tH6sbnW 3Io9AQEBYwP9FvIJbnKjtMLUj8ghd6hophSx8WZnfQsOmZX/BbX8vKz1a5BkBn4q ANvW+uKGdUlE8LLMEm1PD59Cihcb3OoWDOU8zIOIErvry4eqa+LzEXV8nnBdes+A a1MCMGSz+K3OaP78lQ7JCGoY9TXTWIelfAdBVBG4VQcSQRn8tjRdG2e0KEFTU0lT VCBUZWFtIDxhc3Npc3RAYXNzaXN0Lmltcy5kaXNhLm1pbD6JAJUCBRAuLnHoh0Y9 0jC+b6kBAU0TA/4yXSL7K6tcfVm9ACnP4crCoutFM2w10e7YKxD850ajhWrh6rI9 O+sjU5WObqiPJ7sZHdEw/KARzPSijH/5h8HlyYa6ClksWxYuymzCsUYYJctdjcGr uakfXgYQ1TkkyUfNrN5G90NuRK/vTRe7bkmyGNYjN9Njac1Q18WVF59Chg== =d5rP - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMHEjs9H6sbnW3Io9AQG9egP+JeELmIkn481az/6iKtvHNiFMTV2G0UWt aias+rea3cebl13AOl9VeTimcCLf1ft2FYcrUp0uVlvJnuuMSyNGArJ8Fu3WsndB pAWF+rIGYfoY65yJGmmMMhFzfDwD9OOWC3nCUxYxDHkz3Q5s3pafofe+BojnoVsN M26+wx/v+bg= =J5dA -----END PGP SIGNATURE----- **************************************************************************** * * * The point of contact for NIPRNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * **************************************************************************** PLEASE NOTE: Some users outside of the DOD computing communities may receive DISN Security Bulletins. If you are not part of the DOD community, please contact your agency's incident response team to report incidents. Your agency's team will coordinate with DOD. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained by sending email to docserver@first.org with an empty subject line and a message body containing the line: send first-contacts. This document was prepared as an service to the DOD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government. The opinions of the authors expressed herein do not necessarily state or reflect those of the United States Government, and shall not be used for advertising or product endorsement purposes.