Internet Security Information Sources
William Steen and Emmett Dulaney
Keeping up to date on the latest in security trends
and breaches can be
a laborsome job for a system administrator. Such concerns
especially high priorities when part of your network
is exposed through
an Internet connection associated with a Web server.
are a number of organizations that specialize in providing
bulletins and advice on Internet security. They are
between government-sponsored groups such as the Computer
Response Team (CERT), university organizations, such
as COAST, and
vendors. All of these organizations can help you protect
your systems or
deal with intrusions. Vendors typically offer free security
recipients of the appropriate mailing list, along with
a Web/ftp archive
of previous bulletins.
This article provides a review of the major sites of
readers may find useful, and a listing of pertinent
For information on research being conducted at AT&T
- including the new
(so-called) java-killer language, Inferno, (and its
counterpart, Inferno), check out the Web site at
http://www.research.att.com/ or the ftp site at
bugtraq is a popular mailing list that involves detailed
Unix vulnerabilities. The amount of email traffic generated
source is quite substantial. To subscribe, send the
bugtraq to: firstname.lastname@example.org.
The U.S. Computer Emergency Response (CERT) Team was
founded in 1989 by
the U.S. Department of Defense to protect the infrastructure
Internet. Situated at Carnegie-Mellon University, in
Pennsylvania, CERT consists of about a dozen employees
who respond to
reports from Internet users regarding network security,
bulletins, notifying vendors, characterizing the state
of the Internet
from a security standpoint, working with the mass media
to publicize and
address concerns, and researching solutions to Internet
problems. CERT is frequently mentioned in media reports
publications such as the New York Times and Scientific
CERT has one of the largest mailing lists for security
more than 100,000 subscribers. Anyone can subscribe.
The CERT ftp
archive contains a wide range of security programs,
as well as every
advisory and bulletin that CERT has issued.
The CERT group recommends encrypting security information
emailing; they support DES, PGP, and PEM. They have
a 24-hour hotline at
(412) 268-7090. CERT advisories are posted on comp.security.announce.
The ftp address is ftp://info.cert.org; email: email@example.com.
The U.S. Department of Energy's Computer Incident Advisory
(CIAC) group was created in 1989 in response to the
Internet Worm. It
primarily serves the Department of Energy from its Lawrence
National Laboratory site, but also provides email advisories
ftp/Web site for anyone on the Internet. The Web offers
security documents, and ftp links to many significant
The ftp address is ftp://ciac.llnl.gov/pub/ciac. The
Web address is
http://ciac.llnl.gov; email: firstname.lastname@example.org.
The Purdue University COAST project was founded by Eugene
stands for Computer Operations, Audit, and Security
Technology and is
dedicated to improving network security. The COAST Web
links to large numbers of security sites. There is also
ftp archive and one of the largest collections of papers
and tools on
the topic of network security.
COAST also issues a newsletter, works closely with major
government agencies, and has created a number of useful
tools. The ftp
address is: ftp://coast.cs.purdue.edu. The Web site
Cygnus is a vendor of GNU and Keberos-related products
and services. For
information on Kerberos, go to the Web site
http://www.cygnus.com/data/cns. Additional Kerberos
information can be
obtained from MIT at: ftp://athena-dist.mit.edu \ /pub/ATHENA.
8lgm - Eight Little Green Men
This mailing list sends out advisories and exploit scripts
vulnerabilities. They frequently adhere to full disclosure
holes, so they are one of the best sources for understanding
To subscribe, send the text subscribe 8lgm-list to:
The Forum of Incident and Response Security Teams, or
FIRST, is a
non-profit corporation of representatives from the vendors,
universities, national and international government
agencies, and large
private corporate computer users. A complete list of
45 groups), along with contact information, is available.
requests regarding security problems to the appropriate
FIRST member, so
that FIRST can address the issue and provide resolution
CERT for advisories or bulletins.
FIRST provides a forum for security response teams to
information, tools, and practices. FIRST sponsors a
meeting of representatives, a mailing list for discussions
members, and a point of contact for Internet users with
The ftp address is: ftp://csrc.ncsl.nist.gov/pub/first.
address is email@example.com, and the web address
The newsgroups shown below are excellent day-to-day
information for security-minded people, whether novice
Investigate them all to start, and stay with the ones
you find most
comp.security.unix The primary newsgroup for security
comp.security.misc A great newsgroup for
alt.security Increasingly becoming one of the
most widely frequented
sci.crypt Theory on cryptography
alt.2600 Concentrates on phone hacking and
vending machine breaking
comp.security.firewalls Discusses firewalls
comp.security.announce CERT advisories
alt.security.pgp Discusses of PGP
alt.security.ripem Discusses PEM
comp.protocols.kerberos Discusses Kerberos
PGP-related information and utilities are available
from a number of
PGP and IDEA Archives:
PGP Public Key Server:
For information on cryptography by the company responsible
for one of
the most widely used algorithms, go to http://www.rsa.com.
Firewall information, and even a copy of the TIS Toolkit
- used for
building firewalls - can be found at: http://www.tis.com.
information can be obtained from Greatcircle's ftp site
There are a number of security related utilities available.
following list gives the name of the utility and the
site from which it
can be obtained:
RFC Index List
The remainder of this article contains selected citations
for the past
few years of RFCs containing information pertinent to
security. RFCs are
listed in reverse numeric order (as of 5/20/1996), and
appear in the
NUM STD Author 1, Author 5., "Title of RFC,"
Issue date. (Pages=##)
(Format=.txt or .ps) (FYI ##) (STD ##) (RTR ##) (Obsoletes
Key to Citations
#### is the RFC number; ## p. is the total number of
The format and byte information follows the page information
parenthesis. The format, either ASCII text (TXT) or
PostScript (PS) or
both, is noted, followed by an equals sign and the number
of bytes for
that version (PostScript is a registered trademark of
Incorporated). The example (Format: PS=xxx TXT=zzz bytes)
shows that the
PostScript version of the RFC is xxx bytes and the ASCII
text version is
The (Also FYI ##) phrase gives the equivalent FYI number
if the RFC was
also issued as an FYI document.
"Obsoletes xxx" refers to other RFCs that
this one replaces; "Obsoleted
by xxx" refers to RFCs that have replaced this
one. "Updates xxx" refers
to other RFCs that this one merely updates (but does
"Updated by xxx" refers to RFCs that have
updated this one (but not
replaced). Only immediately succeeding and/or preceding
indicated, not the entire history of each related earlier
or later RFC
in a related series.
1129 D. Mills, "Internet time synchronization:
The Network Time
Protocol", 10/01/1989. (Pages=29) (Format=.ps)
Many RFCs are available online; if not, this is indicated
online). Online copies are available via ftp from the
and Database Services server, ds.internic.net, as rfc/rfc####.txt
rfc/rfc####.ps (#### is the RFC number without leading
Paper copies of all RFCs are available from InterNIC
Services. For more information, contact firstname.lastname@example.org
1-800-444-4345 (choose prompt 3 from the InterNIC menu).
RFCs can also
be requested through email from the InterNIC Directory
Services automated mail server by sending a message
to the following
address: email@example.com. In the body of the
the following command:
in which NNNN is the number of the RFC. For PostScript
RFCs, specify the
extension (e.g., document-by-name rfcNNNN.ps). Multiple
requests can be
sent in a single message by specifying each document
comma-separated list (e.g., document-by-name rfcNNNN,
rfcYYYY), or by
including multiple document-by-name commands on separate
The RFC Index can be requested by typing document-by-name
1790 I V. Cerf, "An Agreement between the Internet
Society and Sun
Microsystems, Inc. in the Matter of ONC RPC and XDR
04/17/1995. (Pages=6) (Format=.txt)
1789 I C. Yang, "INETPhone: Telephone Services
and Servers on Internet,"
04/17/1995. (Pages=6) (Format=.txt)
1780 S J. Postel, "INTERNET OFFICIAL PROTOCOL STANDARDS,"
(Pages=39) (Format=.txt) (Obsoletes RFC 1720) (STD 1)
1761 I B. Callaghan, R. Gilligan, "Snoop Version
2 Packet Capture File
Format," 02/09/1995. (Pages=6) (Format=.txt)
1760 I N. Haller, "The S/KEY One-Time Password
1757 DS S. Waldbusser, "Remote Network Monitoring
Base," 02/10/1995. (Pages=91) (Format=.txt) (Obsoletes
1750 I D. Eastlake, S. Crocker, J. Schiller, "Randomness
for Security," 12/29/1994. (Pages=25) (Format=.txt)
1746 I B. Manning, D. Perkins, "Ways to Define
12/30/1994. (Pages=18) (Format=.txt)
1734 PS J. Myers, "POP3 AUTHentication command,"
1713 I A. Romao, "Tools for DNS debugging,"
(Pages=13)(Format=.txt) (FYI 27)
1712 E C. Farrell, M. Schulze, S. Pleitner, D. Baldoni,
"DNS Encoding of
Geographical Location," 11/01/1994. (Pages=7) (Format=.txt)
1704 I N. Haller, R. Atkinson, "On Internet Authentication,"
1675 I S. Bellovin, "Security Concerns for IPng,"
1663 PS D. Rand, "PPP Reliable Transmission,"
1644 E R. Braden, "T/TCP - TCP Extensions for Transactions
Specification," 07/13/1994. (Pages=38) (Format=.txt)
1642 E D. Goldsmith, M. Davis, "UTF-7 - A Mail-Safe
Format of Unicode," 07/13/1994. (Pages=14) (Format=.txt)
1636 I I. Architecture Board, R. Braden, D. Clark, S.
Huitema, "Report of IAB Workshop on Security in
Architecture -February 8-10, 1994," 06/09/1994.
1635 I P. Deutsch, A. Emtage, A. Marine, "How to
Use Anonymous FTP,"
05/25/1994. (Pages=13) (Format=.txt) (FYI 24)
1627 I E. Lear, E. Fair, D. Crocker, T. Kessler, "Network
Harmful (Some Practices Shouldn't be Codified),"
1624 I A. Rijsinghani, "Computation of the Internet
Incremental Update," 05/20/1994. (Pages=6) (Format=.txt)
1579 I S. Bellovin, "Firewall-Friendly FTP,"
1545 E D. Piscitello, "FTP Operation Over Big Address
11/16/1993. (Pages=5) (Format=.txt) (Obsoleted by RFC1639)
1541 PS R. Droms, "Dynamic Host Configuration Protocol,"
(Pages=39) (Format=.txt) (Obsoletes RFC1531)
1537 I P. Beertema, "Common DNS Data File Configuration
10/06/1993. (Pages=9) (Format=.txt)
1536 I A. Kumar, J. Postel, C. Neuman, P. Danzig, S.
Miller, "Common DNS
Implementation Errors and Suggested Fixes," 10/06/1993.
1535 I E. Gavron, "A Security Problem and Proposed
Widely Deployed DNS Software," 10/06/1993. (Pages=5)
1534 PS R. Droms, "Interoperation Between DHCP
and BOOTP," 10/08/1993.
1533 PS S. Alexander, R. Droms, "DHCP Options and
Extensions," 10/08/1993. (Pages=30) (Format=.txt)
1532 PS W. Wimer, "Clarifications and Extensions
for the Bootstrap
Protocol," 10/08/1993. (Pages=22) (Format=.txt)
(Obsoleted by RFC1542)
1531 PS R. Droms, "Dynamic Host Configuration Protocol,"
(Pages=39) (Format=.txt) (Obsoleted by RFC1541)
1510 PS J. Kohl, B. Neuman, "The Kerberos Network
(V5)," 09/10/1993. (Pages=112) (Format=.txt)
1509 PS J. Wray, "Generic Security Service API:
1508 PS J. Linn, "Generic Security Service Application
Interface," 09/10/1993. (Pages=49) (Format=.txt)
1507 E C. Kaufman, "DASS - Distributed Authentication
09/10/1993. (Pages=119) (Format=.txt)
1498 I J. Saltzer, "On the Naming and Binding of
08/04/1993. (Pages=10) (Format=.txt)
1496 PS H. Alvestrand, J. Romaguera, K. Jordan, "Rules
messages from X.400/88 to X.400/84 when MIME content-types
in the messages," 08/26/1993. (Pages=7) (Format=.txt)
1472 PS F. Kastenholz, "The Definitions of Managed
Objects for the
Security Protocols of the Point-to-Point Protocol,"
1457 I R. Housley, "Security Label Framework for
05/26/1993. (Pages=14) (Format=.txt)
1455 E D. Eastlake, III, "Physical Link Security
Type of Service,"
05/26/1993. (Pages=6) (Format=.txt)
1446 PS J. Galvin, K. McCloghrie, "Security Protocols
for version 2 of
the Simple Network Management Protocol (SNMPv2),"
1424 PS B. Kaliski, "Privacy Enhancement for Internet
Part IV: Key Certification and Related Services,"
1423 PS D. Balenson, "Privacy Enhancement for Internet
Part III: Algorithms, Modes, and Identifiers,"
(Format=.txt) (Obsoletes RFC1115)
1422 PS S. Kent, "Privacy Enhancement for Internet
Electronic Mail: Part
II: Certificate-Based Key Management," 02/10/1993.
(Format=.txt) (Obsoletes RFC1114)
1421 PS J. Linn, "Privacy Enhancement for Internet
Electronic Mail: Part
I: Message Encryption and Authentication Procedures,"
(Pages=42) (Format=.txt) (Obsoletes RFC1113)
1412 E K. Alagappan, "Telnet Authentication: SPX,"
1411 E D. Borman, "Telnet Authentication: Kerberos
01/26/1993. (Pages=4) (Format=.txt)
1409 E D. Borman, "Telnet Authentication Option,"
(Format=.txt) (Obsoleted by RFC1416)
1408 H D. Borman, "Telnet Environment Option,"
(Format=.txt) (Updated by RFC1571)
1404 I B. Stockman, "A Model for Common Operational
01/20/1993. (Pages=27) (Format=.txt)
1355 I J. Curran, A. Marine, "Privacy and Accuracy
Issues in Network
Information Center Databases," 08/04/1992. (Pages=4)
1352 H J. Davin, J. Galvin, K. McCloghrie, "SNMP
07/06/1992. (Pages=41) (Format=.txt)
1351 H J. Davin, J. Galvin, K. McCloghrie, "SNMP
07/06/1992. (Pages=35) (Format=.txt)
1321 I R. Rivest, "The MD5 Message-Digest Algorithm,"
1320 I R. Rivest, "The MD4 Message-Digest Algorithm,"
(Pages=20) (Format=.txt) (Obsoletes RFC1186)
1319 I B. Kaliski, "The MD2 Message-Digest Algorithm,"
(Pages=17) (Format=.txt) (Updates RFC1115)
1288 DS D. Zimmerman, "The Finger User Information
12/19/1991. (Pages=12) (Format=.txt) (Obsoletes RFC1196)
1282 I B. Kantor, "BSD Rlogin," 12/04/1991.
1281 I S. Crocker, B. Fraser, R. Pethia, "Guidelines
for the Secure
Operation of the Internet," 11/27/1991. (Pages=10)
1244 I P. Holbrook, J. Reynolds, "Site Security
(Pages=101) (Format=.txt) (FYI 8)
About the authors
William Steen owns and operates a consulting firm specializing
networking small businesses and local governmental agencies.
Emmett Dulaney is a publishing manager for New Riders
Publishing and can
be reached on Compuserve at 74507.3713.