7. References  Quarterman, J., "The Matrix: Computer Networks and Conferencing Systems Worldwide", Pg. 278, Digital Press, Bedford, MA, 1990.  Brand, R., "Coping with the Threat of Computer Security Incidents: A Primer from Prevention through Recovery", R. Brand, available on-line from: cert.sei.cmu.edu:/pub/info/primer, 8 June 1990.  Fites, M., Kratz, P. and A. Brebner, "Control and Security of
Computer Information Systems", Computer Science Press, 1989.  Johnson, D., and J. Podesta, "Formulating a Company Policy on Access to and Use and Disclosure of Electronic Mail on Company Computer Systems", Available from: The Electronic Mail Association (EMA) 1555 Wilson Blvd, Suite 555, Arlington VA 22209, (703) 522-7111, 22 October 1990.  Curry, D., "Improving the Security of Your UNIX System", SRI International Report ITSTD-721-FR-90-21, April 1990.  Cheswick, B., "The Design of a Secure Internet Gateway", Proceedings of the Summer Usenix Conference, Anaheim, CA, June 1990.  Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part I -- Message Encipherment and Authentication Procedures", RFC 1113, IAB Privacy Task Force, August 1989.  Kent, S., and J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part II -- Certificate-Based Key Management", RFC 1114, IAB Privacy Task Force, August 1989.  Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part III -- Algorithms, Modes, and Identifiers", RFC 1115, IAB Privacy Task Force, August 1989.  Merkle, R., "A Fast Software One Way Hash Function", Journal of Cryptology, Vol. 3, No. 1.  Postel, J., "Internet Protocol - DARPA Internet Program Protocol Specification", RFC 791, DARPA, September 1981.  Postel, J., "Transmission Control Protocol - DARPA Internet Program Protocol Specification", RFC 793, DARPA, September 1981.  Postel, J., "User Datagram Protocol", RFC 768, USC/Information Sciences Institute, 28 August 1980.  Mogul, J., "Simple and Flexible Datagram Access Controls for UNIX-based Gateways", Digital Western Research Laboratory Research Report 89/4, March 1989.  Bellovin, S., and M. Merritt, "Limitations of the Kerberos Authentication System", Computer Communications Review, October 1990.  Pfleeger, C., "Security in Computing", Prentice-Hall, Englewood
Cliffs, N.J., 1989.  Parker, D., Swope, S., and B. Baker, "Ethical Conflicts: Information and Computer Science, Technology and Business", QED Information Sciences, Inc., Wellesley, MA.  Forester, T., and P. Morrison, "Computer Ethics: Tales and Ethical Dilemmas in Computing", MIT Press, Cambridge, MA, 1990.  Postel, J., and J. Reynolds, "Telnet Protocol Specification", RFC 854, USC/Information Sciences Institute, May 1983.  Postel, J., and J. Reynolds, "File Transfer Protocol", RFC 959, USC/Information Sciences Institute, October 1985.  Postel, J., Editor, "IAB Official Protocol Standards", RFC 1200, IAB, April 1991.  Internet Activities Board, "Ethics and the Internet", RFC 1087, Internet Activities Board, January 1989.  Pethia, R., Crocker, S., and B. Fraser, "Policy Guidelines for the Secure Operation of the Internet", CERT, TIS, CERT, RFC in preparation.  Computer Emergency Response Team (CERT/CC), "Unauthorized Password Change Requests", CERT Advisory CA-91:03, April 1991.  Computer Emergency Response Team (CERT/CC), "TELNET Breakin Warning", CERT Advisory CA-89:03, August 1989.  CCITT, Recommendation X.509, "The Directory: Authentication Framework", Annex C.  Farmer, D., and E. Spafford, "The COPS Security Checker System", Proceedings of the Summer 1990 USENIX Conference, Anaheim, CA, Pgs. 165-170, June 1990. 8. Annotated Bibliography The intent of this annotated bibliography is to offer a representative collection of resources of information that will help the user of this handbook. It is meant provide a starting point for further research in the security area. Included are references to other sources of information for those who wish to pursue issues of the computer security environment.
8.1 Computer Law [ABA89] American Bar Association, Section of Science and Technology, "Guide to the Prosecution of Telecommunication Fraud by the Use of Computer Crime Statutes", American Bar Association, 1989. [BENDER] Bender, D., "Computer Law: Evidence and Procedure", M. Bender, New York, NY, 1978-present. Kept up to date with supplements. Years covering 1978-1984 focuses on: Computer law, evidence and procedures. The years 1984 to the current focus on general computer law. Bibliographical references and index included. [BLOOMBECKER] Bloombecker, B., "Spectacular Computer Crimes", Dow Jones- Irwin, Homewood, IL. 1990. [CCH] Commerce Clearing House, "Guide to Computer Law", (Topical Law Reports), Chicago, IL., 1989. Court cases and decisions rendered by federal and state courts throughout the United States on federal and state computer law. Includes Case Table and Topical Index. [CONLY] Conly, C., "Organizing for Computer Crime Investigation and Prosecution", U.S. Dept. of Justice, Office of Justice Programs, Under Contract Number OJP-86-C-002, National Institute of Justice, Washington, DC, July 1989. [FENWICK] Fenwick, W., Chair, "Computer Litigation, 1985: Trial Tactics and Techniques", Litigation Course Handbook Series No. 280, Prepared for distribution at the Computer Litigation, 1985: Trial Tactics and Techniques Program, February-March 1985. [GEMIGNANI] Gemignani, M., "Viruses and Criminal Law", Communications of the ACM, Vol. 32, No. 6, Pgs. 669-671, June 1989.
[HUBAND] Huband, F., and R. Shelton, Editors, "Protection of Computer Systems and Software: New Approaches for Combating Theft of Software and Unauthorized Intrusion", Papers presented at a workshop sponsored by the National Science Foundation, 1986. [MCEWEN] McEwen, J., "Dedicated Computer Crime Units", Report Contributors: D. Fester and H. Nugent, Prepared for the National Institute of Justice, U.S. Department of Justice, by Institute for Law and Justice, Inc., under contract number OJP-85-C-006, Washington, DC, 1989. [PARKER] Parker, D., "Computer Crime: Criminal Justice Resource Manual", U.S. Dept. of Justice, National Institute of Justice, Office of Justice Programs, Under Contract Number OJP-86-C-002, Washington, D.C., August 1989. [SHAW] Shaw, E., Jr., "Computer Fraud and Abuse Act of 1986, Congressional Record (3 June 1986), Washington, D.C., 3 June 1986. [TRIBLE] Trible, P., "The Computer Fraud and Abuse Act of 1986", U.S. Senate Committee on the Judiciary, 1986. 8.2 Computer Security [CAELLI] Caelli, W., Editor, "Computer Security in the Age of Information", Proceedings of the Fifth IFIP International Conference on Computer Security, IFIP/Sec '88. [CARROLL] Carroll, J., "Computer Security", 2nd Edition, Butterworth Publishers, Stoneham, MA, 1987. [COOPER] Cooper, J., "Computer and Communications Security: Strategies for the 1990s", McGraw-Hill, 1989. [BRAND] Brand, R., "Coping with the Threat of Computer Security Incidents: A Primer from Prevention through Recovery",
R. Brand, 8 June 1990. As computer security becomes a more important issue in modern society, it begins to warrant a systematic approach. The vast majority of the computer security problems and the costs associated with them can be prevented with simple inexpensive measures. The most important and cost effective of these measures are available in the prevention and planning phases. These methods are presented in this paper, followed by a simplified guide to incident handling and recovery. Available on-line from: cert.sei.cmu.edu:/pub/info/primer. [CHESWICK] Cheswick, B., "The Design of a Secure Internet Gateway", Proceedings of the Summer Usenix Conference, Anaheim, CA, June 1990. Brief abstract (slight paraphrase from the original abstract): AT&T maintains a large internal Internet that needs to be protected from outside attacks, while providing useful services between the two. This paper describes AT&T's Internet gateway. This gateway passes mail and many of the common Internet services between AT&T internal machines and the Internet. This is accomplished without IP connectivity using a pair of machines: a trusted internal machine and an untrusted external gateway. These are connected by a private link. The internal machine provides a few carefully-guarded services to the external gateway. This configuration helps protect the internal internet even if the external machine is fully compromised. This is a very useful and interesting design. Most firewall gateway systems rely on a system that, if compromised, could allow access to the machines behind the firewall. Also, most firewall systems require users who want access to Internet services to have accounts on the firewall machine. AT&T's design allows AT&T internal internet users access to the standard services of TELNET and FTP from their own workstations without accounts on the firewall machine. A very useful paper that shows how to maintain some of the benefits of Internet connectivity while still maintaining strong security.
[CURRY] Curry, D., "Improving the Security of Your UNIX System", SRI International Report ITSTD-721-FR-90-21, April 1990. This paper describes measures that you, as a system administrator can take to make your UNIX system(s) more secure. Oriented primarily at SunOS 4.x, most of the information covered applies equally well to any Berkeley UNIX system with or without NFS and/or Yellow Pages (NIS). Some of the information can also be applied to System V, although this is not a primary focus of the paper. A very useful reference, this is also available on the Internet in various locations, including the directory cert.sei.cmu.edu:/pub/info. [FITES] Fites, M., Kratz, P. and A. Brebner, "Control and Security of Computer Information Systems", Computer Science Press, 1989. This book serves as a good guide to the issues encountered in forming computer security policies and procedures. The book is designed as a textbook for an introductory course in information systems security. The book is divided into five sections: Risk Management (I), Safeguards: security and control measures, organizational and administrative (II), Safeguards: Security and Control Measures, Technical (III), Legal Environment and Professionalism (IV), and CICA Computer Control Guidelines (V). The book is particularly notable for its straight-forward approach to security, emphasizing that common sense is the first consideration in designing a security program. The authors note that there is a tendency to look to more technical solutions to security problems while overlooking organizational controls which are often cheaper and much more effective. 298 pages, including references and index. [GARFINKEL] Garfinkel, S, and E. Spafford, "Practical Unix Security", O'Reilly & Associates, ISBN 0-937175-72-2, May 1991. Approx 450 pages, $29.95. Orders: 1-800-338-6887 (US & Canada), 1-707-829-0515 (Europe), email: email@example.com This is one of the most useful books available on Unix
security. The first part of the book covers standard Unix and Unix security basics, with particular emphasis on passwords. The second section covers enforcing security on the system. Of particular interest to the Internet user are the sections on network security, which address many of the common security problems that afflict Internet Unix users. Four chapters deal with handling security incidents, and the book concludes with discussions of encryption, physical security, and useful checklists and lists of resources. The book lives up to its name; it is filled with specific references to possible security holes, files to check, and things to do to improve security. This book is an excellent complement to this handbook. [GREENIA90] Greenia, M., "Computer Security Information Sourcebook", Lexikon Services, Sacramento, CA, 1989. A manager's guide to computer security. Contains a sourcebook of key reference materials including access control and computer crimes bibliographies. [HOFFMAN] Hoffman, L., "Rogue Programs: Viruses, Worms, and Trojan Horses", Van Nostrand Reinhold, NY, 1990. (384 pages, includes bibliographical references and index.) [JOHNSON] Johnson, D., and J. Podesta, "Formulating A Company Policy on Access to and Use and Disclosure of Electronic Mail on Company Computer Systems". A white paper prepared for the EMA, written by two experts in privacy law. Gives background on the issues, and presents some policy options. Available from: The Electronic Mail Association (EMA) 1555 Wilson Blvd, Suite 555, Arlington, VA, 22209. (703) 522-7111. [KENT] Kent, Stephen, "E-Mail Privacy for the Internet: New Software and Strict Registration Procedures will be Implemented this Year", Business Communications Review, Vol. 20, No. 1, Pg. 55, 1 January 1990.
[LU] Lu, W., and M. Sundareshan, "Secure Communication in Internet Environments: A Hierachical Key Management Scheme for End-to-End Encryption", IEEE Transactions on Communications, Vol. 37, No. 10, Pg. 1014, 1 October 1989. [LU1] Lu, W., and M. Sundareshan, "A Model for Multilevel Security in Computer Networks", IEEE Transactions on Software Engineering, Vol. 16, No. 6, Page 647, 1 June 1990. [NSA] National Security Agency, "Information Systems Security Products and Services Catalog", NSA, Quarterly Publication. NSA's catalogue contains chapter on: Endorsed Cryptographic Products List; NSA Endorsed Data Encryption Standard (DES) Products List; Protected Services List; Evaluated Products List; Preferred Products List; and Endorsed Tools List. The catalogue is available from the Superintendent of Documents, U.S. Government Printing Office, Washington, D.C. One may place telephone orders by calling: (202) 783-3238. [OTA] United States Congress, Office of Technology Assessment, "Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information", OTA-CIT-310, October 1987. This report, prepared for congressional committee considering Federal policy on the protection of electronic information, is interesting because of the issues it raises regarding the impact of technology used to protect information. It also serves as a reasonable introduction to the various encryption and information protection mechanisms. 185 pages. Available from the U.S. Government Printing Office. [PALMER] Palmer, I., and G. Potter, "Computer Security Risk Management", Van Nostrand Reinhold, NY, 1989. [PFLEEGER] Pfleeger, C., "Security in Computing", Prentice-Hall, Englewood Cliffs, NJ, 1989. A general textbook in computer security, this book provides an excellent and very readable introduction to classic computer
security problems and solutions, with a particular emphasis on encryption. The encryption coverage serves as a good introduction to the subject. Other topics covered include building secure programs and systems, security of database, personal computer security, network and communications security, physical security, risk analysis and security planning, and legal and ethical issues. 538 pages including index and bibliography. [SHIREY] Shirey, R., "Defense Data Network Security Architecture", Computer Communication Review, Vol. 20, No. 2, Page 66, 1 April 1990. [SPAFFORD] Spafford, E., Heaphy, K., and D. Ferbrache, "Computer Viruses: Dealing with Electronic Vandalism and Programmed Threats", ADAPSO, 1989. (109 pages.) This is a good general reference on computer viruses and related concerns. In addition to describing viruses in some detail, it also covers more general security issues, legal recourse in case of security problems, and includes lists of laws, journals focused on computers security, and other security-related resources. Available from: ADAPSO, 1300 N. 17th St, Suite 300, Arlington VA 22209. (703) 522-5055. [STOLL88] Stoll, C., "Stalking the Wily Hacker", Communications of the ACM, Vol. 31, No. 5, Pgs. 484-497, ACM, New York, NY, May 1988. This article describes some of the technical means used to trace the intruder that was later chronicled in "Cuckoo's Egg" (see below). [STOLL89] Stoll, C., "The Cuckoo's Egg", ISBN 00385-24946-2, Doubleday, 1989. Clifford Stoll, an astronomer turned UNIX System Administrator, recounts an exciting, true story of how he tracked a computer intruder through the maze of American military and research networks. This book is easy to understand and can serve as an interesting introduction to the world of networking. Jon Postel says in a book review,
"[this book] ... is absolutely essential reading for anyone that uses or operates any computer connected to the Internet or any other computer network." [VALLA] Vallabhaneni, S., "Auditing Computer Security: A Manual with Case Studies", Wiley, New York, NY, 1989. 8.3 Ethics [CPSR89] Computer Professionals for Social Responsibility, "CPSR Statement on the Computer Virus", CPSR, Communications of the ACM, Vol. 32, No. 6, Pg. 699, June 1989. This memo is a statement on the Internet Computer Virus by the Computer Professionals for Social Responsibility (CPSR). [DENNING] Denning, Peter J., Editor, "Computers Under Attack: Intruders, Worms, and Viruses", ACM Press, 1990. A collection of 40 pieces divided into six sections: the emergence of worldwide computer networks, electronic breakins, worms, viruses, counterculture (articles examining the world of the "hacker"), and finally a section discussing social, legal, and ethical considerations. A thoughtful collection that addresses the phenomenon of attacks on computers. This includes a number of previously published articles and some new ones. The previously published ones are well chosen, and include some references that might be otherwise hard to obtain. This book is a key reference to computer security threats that have generated much of the concern over computer security in recent years. [ERMANN] Ermann, D., Williams, M., and C. Gutierrez, Editors, "Computers, Ethics, and Society", Oxford University Press, NY, 1990. (376 pages, includes bibliographical references). [FORESTER] Forester, T., and P. Morrison, "Computer Ethics: Tales and Ethical Dilemmas in Computing", MIT Press, Cambridge, MA, 1990. (192 pages including index.)
From the preface: "The aim of this book is two-fold: (1) to describe some of the problems created by society by computers, and (2) to show how these problems present ethical dilemmas for computers professionals and computer users. The problems created by computers arise, in turn, from two main sources: from hardware and software malfunctions and from misuse by human beings. We argue that computer systems by their very nature are insecure, unreliable, and unpredictable -- and that society has yet to come to terms with the consequences. We also seek to show how society has become newly vulnerable to human misuse of computers in the form of computer crime, software theft, hacking, the creation of viruses, invasions of privacy, and so on." The eight chapters include "Computer Crime", "Software Theft", "Hacking and Viruses", "Unreliable Computers", "The Invasion of Privacy", "AI and Expert Systems", and "Computerizing the Workplace." Includes extensive notes on sources and an index. [GOULD] Gould, C., Editor, "The Information Web: Ethical and Social Implications of Computer Networking", Westview Press, Boulder, CO, 1989. [IAB89] Internet Activities Board, "Ethics and the Internet", RFC 1087, IAB, January 1989. Also appears in the Communications of the ACM, Vol. 32, No. 6, Pg. 710, June 1989. This memo is a statement of policy by the Internet Activities Board (IAB) concerning the proper use of the resources of the Internet. Available on-line on host ftp.nisc.sri.com, directory rfc, filename rfc1087.txt. Also available on host nis.nsf.net, directory RFC, filename RFC1087.TXT-1. [MARTIN] Martin, M., and R. Schinzinger, "Ethics in Engineering", McGraw Hill, 2nd Edition, 1989. [MIT89] Massachusetts Institute of Technology, "Teaching Students About Responsible Use of Computers", MIT, 1985-1986. Also reprinted in the Communications of the ACM, Vol. 32, No. 6, Pg. 704, Athena Project, MIT, June 1989.
This memo is a statement of policy by the Massachusetts Institute of Technology (MIT) on the responsible use of computers. [NIST] National Institute of Standards and Technology, "Computer Viruses and Related Threats: A Management Guide", NIST Special Publication 500-166, August 1989. [NSF88] National Science Foundation, "NSF Poses Code of Networking Ethics", Communications of the ACM, Vol. 32, No. 6, Pg. 688, June 1989. Also appears in the minutes of the regular meeting of the Division Advisory Panel for Networking and Communications Research and Infrastructure, Dave Farber, Chair, November 29-30, 1988. This memo is a statement of policy by the National Science Foundation (NSF) concerning the ethical use of the Internet. [PARKER90] Parker, D., Swope, S., and B. Baker, "Ethical Conflicts: Information and Computer Science, Technology and Business", QED Information Sciences, Inc., Wellesley, MA. (245 pages). Additional publications on Ethics: The University of New Mexico (UNM) The UNM has a collection of ethics documents. Included are legislation from several states and policies from many institutions. Access is via FTP, IP address ariel.umn.edu. Look in the directory /ethics. 8.4 The Internet Worm [BROCK] Brock, J., "November 1988 Internet Computer Virus and the Vulnerability of National Telecommunications Networks to Computer Viruses", GAO/T-IMTEC-89-10, Washington, DC, 20 July 1989. Testimonial statement of Jack L. Brock, Director, U. S. Government Information before the Subcommittee on Telecommunications and Finance, Committee on Energy and
Commerce, House of Representatives. [EICHIN89] Eichin, M., and J. Rochlis, "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", Massachusetts Institute of Technology, February 1989. Provides a detailed dissection of the worm program. The paper discusses the major points of the worm program then reviews strategies, chronology, lessons and open issues, Acknowledgments; also included are a detailed appendix on the worm program subroutine by subroutine, an appendix on the cast of characters, and a reference section. [EISENBERG89] Eisenberg, T., D. Gries, J. Hartmanis, D. Holcomb, M. Lynn, and T. Santoro, "The Computer Worm", Cornell University, 6 February 1989. A Cornell University Report presented to the Provost of the University on 6 February 1989 on the Internet Worm. [GAO] U.S. General Accounting Office, "Computer Security - Virus Highlights Need for Improved Internet Management", United States General Accounting Office, Washington, DC, 1989. This 36 page report (GAO/IMTEC-89-57), by the U.S. Government Accounting Office, describes the Internet worm and its effects. It gives a good overview of the various U.S. agencies involved in the Internet today and their concerns vis-a-vis computer security and networking. Available on-line on host nnsc.nsf.net, directory pub, filename GAO_RPT; and on nis.nsf.net, directory nsfnet, filename GAO_RPT.TXT. [REYNOLDS89] The Helminthiasis of the Internet, RFC 1135, USC/Information Sciences Institute, Marina del Rey, CA, December 1989. This report looks back at the helminthiasis (infestation with, or disease caused by parasitic worms) of the Internet that was unleashed the evening of 2 November 1988. This document provides a glimpse at the infection,its festering, and cure. The impact of the worm on the Internet community, ethics statements, the role of the news media,
crime in the computer world, and future prevention is discussed. A documentation review presents four publications that describe in detail this particular parasitic computer program. Reference and bibliography sections are also included. Available on-line on host ftp.nisc.sri.com directory rfc, filename rfc1135.txt. Also available on host nis.nsf.net, directory RFC, filename RFC1135.TXT-1. [SEELEY89] Seeley, D., "A Tour of the Worm", Proceedings of 1989 Winter USENIX Conference, Usenix Association, San Diego, CA, February 1989. Details are presented as a "walk thru" of this particular worm program. The paper opened with an abstract, introduction, detailed chronology of events upon the discovery of the worm, an overview, the internals of the worm, personal opinions, and conclusion. [SPAFFORD88] Spafford, E., "The Internet Worm Program: An Analysis", Computer Communication Review, Vol. 19, No. 1, ACM SIGCOM, January 1989. Also issued as Purdue CS Technical Report CSD-TR-823, 28 November 1988. Describes the infection of the Internet as a worm program that exploited flaws in utility programs in UNIX based systems. The report gives a detailed description of the components of the worm program: data and functions. Spafford focuses his study on two completely independent reverse-compilations of the worm and a version disassembled to VAX assembly language. [SPAFFORD89] Spafford, G., "An Analysis of the Internet Worm", Proceedings of the European Software Engineering Conference 1989, Warwick England, September 1989. Proceedings published by Springer-Verlag as: Lecture Notes in Computer Science #387. Also issued as Purdue Technical Report #CSD-TR-933. 8.5 National Computer Security Center (NCSC) All NCSC publications, approved for public release, are available from the NCSC Superintendent of Documents. NCSC = National Computer Security Center
9800 Savage Road Ft Meade, MD 20755-6000 CSC = Computer Security Center: an older name for the NCSC NTISS = National Telecommunications and Information Systems Security NTISS Committee, National Security Agency Ft Meade, MD 20755-6000 [CSC] Department of Defense, "Password Management Guideline", CSC-STD-002-85, 12 April 1985, 31 pages. The security provided by a password system depends on the passwords being kept secret at all times. Thus, a password is vulnerable to compromise whenever it is used, stored, or even known. In a password-based authentication mechanism implemented on an ADP system, passwords are vulnerable to compromise due to five essential aspects of the password system: 1) a password must be initially assigned to a user when enrolled on the ADP system; 2) a user's password must be changed periodically; 3) the ADP system must maintain a 'password database'; 4) users must remember their passwords; and 5) users must enter their passwords into the ADP system at authentication time. This guideline prescribes steps to be taken to minimize the vulnerability of passwords in each of these circumstances. [NCSC1] NCSC, "A Guide to Understanding AUDIT in Trusted Systems", NCSC-TG-001, Version-2, 1 June 1988, 25 pages. Audit trails are used to detect and deter penetration of a computer system and to reveal usage that identifies misuse. At the discretion of the auditor, audit trails may be limited to specific events or may encompass all of the activities on a system. Although not required by the criteria, it should be possible for the target of the audit mechanism to be either a subject or an object. That is to say, the audit mechanism should be capable of monitoring every time John accessed the system as well as every time the nuclear reactor file was accessed; and likewise every time John accessed the nuclear reactor file.
[NCSC2] NCSC, "A Guide to Understanding DISCRETIONARY ACCESS CONTROL in Trusted Systems", NCSC-TG-003, Version-1, 30 September 1987, 29 pages. Discretionary control is the most common type of access control mechanism implemented in computer systems today. The basis of this kind of security is that an individual user, or program operating on the user's behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user's control. [...] Discretionary controls are not a replacement for mandatory controls. In any environment in which information is protected, discretionary security provides for a finer granularity of control within the overall constraints of the mandatory policy. [NCSC3] NCSC, "A Guide to Understanding CONFIGURATION MANAGEMENT in Trusted Systems", NCSC-TG-006, Version-1, 28 March 1988, 31 pages. Configuration management consists of four separate tasks: identification, control, status accounting, and auditing. For every change that is made to an automated data processing (ADP) system, the design and requirements of the changed version of the system should be identified. The control task of configuration management is performed by subjecting every change to documentation, hardware, and software/firmware to review and approval by an authorized authority. Configuration status accounting is responsible for recording and reporting on the configuration of the product throughout the change. Finally, though the process of a configuration audit, the completed change can be verified to be functionally correct, and for trusted systems, consistent with the security policy of the system. [NTISS] NTISS, "Advisory Memorandum on Office Automation Security Guideline", NTISSAM CONPUSEC/1-87, 16 January 1987, 58 pages. This document provides guidance to users, managers, security officers, and procurement officers of Office Automation Systems. Areas addressed include: physical security, personnel security, procedural security, hardware/software security, emanations security (TEMPEST), and communications
security for stand-alone OA Systems, OA Systems used as terminals connected to mainframe computer systems, and OA Systems used as hosts in a Local Area Network (LAN). Differentiation is made between those Office Automation Systems equipped with removable storage media only (e.g., floppy disks, cassette tapes, removable hard disks) and those Office Automation Systems equipped with fixed media (e.g., Winchester disks). Additional NCSC Publications: [NCSC4] National Computer Security Center, "Glossary of Computer Security Terms", NCSC-TG-004, NCSC, 21 October 1988. [NCSC5] National Computer Security Center, "Trusted Computer System Evaluation Criteria", DoD 5200.28-STD, CSC-STD-001-83, NCSC, December 1985. [NCSC7] National Computer Security Center, "Guidance for Applying the Department of Defense Trusted Computer System Evaluation Criteria in Specific Environments", CSC-STD-003-85, NCSC, 25 June 1985. [NCSC8] National Computer Security Center, "Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements", CSC-STD-004-85, NCSC, 25 June 85. [NCSC9] National Computer Security Center, "Magnetic Remanence Security Guideline", CSC-STD-005-85, NCSC, 15 November 1985. This guideline is tagged as a "For Official Use Only" exemption under Section 6, Public Law 86-36 (50 U.S. Code 402). Distribution authorized of U.S. Government agencies and their contractors to protect unclassified technical, operational, or administrative data relating to operations of the National Security Agency. [NCSC10] National Computer Security Center, "Guidelines for Formal Verification Systems", Shipping list no.: 89-660-P, The Center, Fort George G. Meade, MD, 1 April 1990.
[NCSC11] National Computer Security Center, "Glossary of Computer Security Terms", Shipping list no.: 89-254-P, The Center, Fort George G. Meade, MD, 21 October 1988. [NCSC12] National Computer Security Center, "Trusted UNIX Working Group (TRUSIX) rationale for selecting access control list features for the UNIX system", Shipping list no.: 90-076-P, The Center, Fort George G. Meade, MD, 1990. [NCSC13] National Computer Security Center, "Trusted Network Interpretation", NCSC-TG-005, NCSC, 31 July 1987. [NCSC14] Tinto, M., "Computer Viruses: Prevention, Detection, and Treatment", National Computer Security Center C1 Technical Report C1-001-89, June 1989. [NCSC15] National Computer Security Conference, "12th National Computer Security Conference: Baltimore Convention Center, Baltimore, MD, 10-13 October, 1989: Information Systems Security, Solutions for Today - Concepts for Tomorrow", National Institute of Standards and National Computer Security Center, 1989. 8.6 Security Checklists [AUCOIN] Aucoin, R., "Computer Viruses: Checklist for Recovery", Computers in Libraries, Vol. 9, No. 2, Pg. 4, 1 February 1989. [WOOD] Wood, C., Banks, W., Guarro, S., Garcia, A., Hampel, V., and H. Sartorio, "Computer Security: A Comprehensive Controls Checklist", John Wiley and Sons, Interscience Publication, 1987. 8.7 Additional Publications Defense Data Network's Network Information Center (DDN NIC) The DDN NIC maintains DDN Security bulletins and DDN Management
bulletins online on the machine: NIC.DDN.MIL. They are available via anonymous FTP. The DDN Security bulletins are in the directory: SCC, and the DDN Management bulletins are in the directory: DDN-NEWS. For additional information, you may send a message to: NIC@NIC.DDN.MIL, or call the DDN NIC at: 1-800-235-3155. [DDN88] Defense Data Network, "BSD 4.2 and 4.3 Software Problem Resolution", DDN MGT Bulletin #43, DDN Network Information Center, 3 November 1988. A Defense Data Network Management Bulletin announcement on the 4.2bsd and 4.3bsd software fixes to the Internet worm. [DDN89] DCA DDN Defense Communications System, "DDN Security Bulletin 03", DDN Security Coordination Center, 17 October 1989. IEEE Proceedings [IEEE] "Proceedings of the IEEE Symposium on Security and Privacy", published annually. IEEE Proceedings are available from: Computer Society of the IEEE P.O. Box 80452 Worldway Postal Center Los Angeles, CA 90080 Other Publications: Computer Law and Tax Report Computers and Security Security Management Magazine Journal of Information Systems Management Data Processing & Communications Security SIG Security, Audit & Control Review
9. Acknowledgments Thanks to the SSPHWG's illustrious "Outline Squad", who assembled at USC/Information Sciences Institute on 12-June-90: Ray Bates (ISI), Frank Byrum (DEC), Michael A. Contino (PSU), Dave Dalva (Trusted Information Systems, Inc.), Jim Duncan (Penn State Math Department), Bruce Hamilton (Xerox), Sean Kirkpatrick (Unisys), Tom Longstaff (CIAC/LLNL), Fred Ostapik (SRI/NIC), Keith Pilotti (SAIC), and Bjorn Satdeva (/sys/admin, inc.). Many thanks to Rich Pethia and the Computer Emergency Response Team (CERT); much of the work by Paul Holbrook was done while he was working for CERT. Rich also provided a very thorough review of this document. Thanks also to Jon Postel and USC/Information Sciences Institute for contributing facilities and moral support to this effort. Last, but NOT least, we would like to thank members of the SSPHWG and Friends for their additional contributions: Vint Cerf (CNRI), Dave Grisham (UNM), Nancy Lee Kirkpatrick (Typist Extraordinaire), Chris McDonald (WSMR), H. Craig McKee (Mitre), Gene Spafford (Purdue), and Aileen Yuan (Mitre). 10. Security Considerations If security considerations had not been so widely ignored in the Internet, this memo would not have been possible. 11. Authors' Addresses J. Paul Holbrook CICNet, Inc. 2901 Hubbard Ann Arbor, MI 48105 Phone: (313) 998-7680 EMail: firstname.lastname@example.org Joyce K. Reynolds University of Southern California Information Sciences Institute 4676 Admiralty Way Marina del Rey, CA 90292 Phone: (213) 822-1511 EMail: JKREY@ISI.EDU