Internet Security Information Sources

William Steen and Emmett Dulaney

Keeping up to date on the latest in security trends and breaches can be a laborsome job for a system administrator. Such concerns become especially high priorities when part of your network is exposed through an Internet connection associated with a Web server. Fortunately, there are a number of organizations that specialize in providing users with bulletins and advice on Internet security. They are basically divided between government-sponsored groups such as the Computer Emergency Response Team (CERT), university organizations, such as COAST, and vendors. All of these organizations can help you protect your systems or deal with intrusions. Vendors typically offer free security bulletins to recipients of the appropriate mailing list, along with a Web/ftp archive of previous bulletins.

This article provides a review of the major sites of interest that readers may find useful, and a listing of pertinent security-related RFCs.

AT&T

For information on research being conducted at AT&T - including the new (so-called) java-killer language, Inferno, (and its operating system counterpart, Inferno), check out the Web site at http://www.research.att.com/ or the ftp site at ftp://Research.att.com/dist/internet_security.

bugtraq

bugtraq is a popular mailing list that involves detailed discussion of Unix vulnerabilities. The amount of email traffic generated by this source is quite substantial. To subscribe, send the text subscribe bugtraq to: listserv@netspace.org.

CERT

The U.S. Computer Emergency Response (CERT) Team was founded in 1989 by the U.S. Department of Defense to protect the infrastructure of the Internet. Situated at Carnegie-Mellon University, in Pittsburgh, Pennsylvania, CERT consists of about a dozen employees who respond to reports from Internet users regarding network security, issuing bulletins, notifying vendors, characterizing the state of the Internet from a security standpoint, working with the mass media to publicize and address concerns, and researching solutions to Internet security problems. CERT is frequently mentioned in media reports from publications such as the New York Times and Scientific American.

CERT has one of the largest mailing lists for security advisories, with more than 100,000 subscribers. Anyone can subscribe. The CERT ftp archive contains a wide range of security programs, as well as every advisory and bulletin that CERT has issued.

The CERT group recommends encrypting security information before emailing; they support DES, PGP, and PEM. They have a 24-hour hotline at (412) 268-7090. CERT advisories are posted on comp.security.announce. The ftp address is ftp://info.cert.org; email: cert@cert.org.

CIAC

The U.S. Department of Energy's Computer Incident Advisory Capability (CIAC) group was created in 1989 in response to the Internet Worm. It primarily serves the Department of Energy from its Lawrence Livermore National Laboratory site, but also provides email advisories and an ftp/Web site for anyone on the Internet. The Web offers advisories, security documents, and ftp links to many significant programs.

The ftp address is ftp://ciac.llnl.gov/pub/ciac. The Web address is http://ciac.llnl.gov; email: ciac@llnl.gov.

COAST

The Purdue University COAST project was founded by Eugene Spafford. It stands for Computer Operations, Audit, and Security Technology and is dedicated to improving network security. The COAST Web site features links to large numbers of security sites. There is also a comprehensive ftp archive and one of the largest collections of papers and tools on the topic of network security.

COAST also issues a newsletter, works closely with major companies and government agencies, and has created a number of useful tools. The ftp address is: ftp://coast.cs.purdue.edu. The Web site is: http://www.cs.purdue.edu/coast/coast.html; email: coast-request@cs.purdue.edu.

Cygnus

Cygnus is a vendor of GNU and Keberos-related products and services. For information on Kerberos, go to the Web site http://www.cygnus.com/data/cns. Additional Kerberos information can be obtained from MIT at: ftp://athena-dist.mit.edu \ /pub/ATHENA.

8lgm - Eight Little Green Men

This mailing list sends out advisories and exploit scripts for Unix vulnerabilities. They frequently adhere to full disclosure on security holes, so they are one of the best sources for understanding the source of vulnerabilities.

To subscribe, send the text subscribe 8lgm-list to: majordomo@8lgm.org.

FIRST

The Forum of Incident and Response Security Teams, or FIRST, is a non-profit corporation of representatives from the vendors, universities, national and international government agencies, and large private corporate computer users. A complete list of members (currently 45 groups), along with contact information, is available. CERT redirects requests regarding security problems to the appropriate FIRST member, so that FIRST can address the issue and provide resolution information to CERT for advisories or bulletins.

FIRST provides a forum for security response teams to share security information, tools, and practices. FIRST sponsors a yearly week-long meeting of representatives, a mailing list for discussions among members, and a point of contact for Internet users with security concerns.

The ftp address is: ftp://csrc.ncsl.nist.gov/pub/first. The email address is first-sec@first.org, and the web address is: http://www.first.org/first/.

News Groups

The newsgroups shown below are excellent day-to-day sources of information for security-minded people, whether novice or expert. Investigate them all to start, and stay with the ones you find most useful.

comp.security.unix           The primary newsgroup for security
information
comp.security.misc           A great newsgroup for
security-related information
alt.security                 Increasingly becoming one of the
most widely frequented
sci.crypt                    Theory on cryptography
alt.2600                     Concentrates on phone hacking and
vending machine breaking
comp.security.firewalls      Discusses firewalls
comp.security.announce       CERT advisories
alt.security.pgp             Discusses of PGP
alt.security.ripem           Discusses PEM
comp.protocols.kerberos      Discusses Kerberos
alt.hacker                   Self-explanatory
talk.politics.crypto         Cryptography

PGP

PGP-related information and utilities are available from a number of sources, including:

PGP and IDEA Archives:

ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk
ftp://ftp.dsi.unimi.it:/pub/security/crypt/code
http://www.ifi.uio.no/~staalesc/PGP/home.html
http://web.mit.edu/network/pgp-form.html

PGP Documentation:

http://www.pegasus.esprit.ec.org/people/arne/pgp.html

PGP elm:

ftp://ftp.viewlogic.com/pub/elm2.4pl24pgp2.tar.gz

PGP Public Key Server:

http://www-swiss.ai.mit.edu/~bal/pks-toplev.html

RSA

For information on cryptography by the company responsible for one of the most widely used algorithms, go to http://www.rsa.com.

TIS

Firewall information, and even a copy of the TIS Toolkit - used for building firewalls - can be found at: http://www.tis.com. Other firewall information can be obtained from Greatcircle's ftp site at: ftp://ftp.greatcircle.com/pub

Utilities

There are a number of security related utilities available. The following list gives the name of the utility and the site from which it can be obtained:

RFC Index List

The remainder of this article contains selected citations for the past few years of RFCs containing information pertinent to security. RFCs are listed in reverse numeric order (as of 5/20/1996), and appear in the following format:

NUM STD Author 1, Author 5., "Title of RFC," Issue date. (Pages=##) (Format=.txt or .ps) (FYI ##) (STD ##) (RTR ##) (Obsoletes RFC####) (Updates RFC####)

Key to Citations

#### is the RFC number; ## p. is the total number of pages.

The format and byte information follows the page information in parenthesis. The format, either ASCII text (TXT) or PostScript (PS) or both, is noted, followed by an equals sign and the number of bytes for that version (PostScript is a registered trademark of Adobe Systems Incorporated). The example (Format: PS=xxx TXT=zzz bytes) shows that the PostScript version of the RFC is xxx bytes and the ASCII text version is zzz bytes.

The (Also FYI ##) phrase gives the equivalent FYI number if the RFC was also issued as an FYI document.

"Obsoletes xxx" refers to other RFCs that this one replaces; "Obsoleted by xxx" refers to RFCs that have replaced this one. "Updates xxx" refers to other RFCs that this one merely updates (but does not replace); "Updated by xxx" refers to RFCs that have updated this one (but not replaced). Only immediately succeeding and/or preceding RFCs are indicated, not the entire history of each related earlier or later RFC in a related series.

For example:

1129 D. Mills, "Internet time synchronization: The Network Time Protocol", 10/01/1989. (Pages=29) (Format=.ps)

Many RFCs are available online; if not, this is indicated by (Not online). Online copies are available via ftp from the InterNIC Directory and Database Services server, ds.internic.net, as rfc/rfc####.txt or rfc/rfc####.ps (#### is the RFC number without leading zeroes).

Paper copies of all RFCs are available from InterNIC Information Services. For more information, contact info@is.internic.net or call 1-800-444-4345 (choose prompt 3 from the InterNIC menu). RFCs can also be requested through email from the InterNIC Directory and Database Services automated mail server by sending a message to the following address: mailserv@ds.internic.net. In the body of the message, include the following command:

document-by-name rfcNNNN

in which NNNN is the number of the RFC. For PostScript RFCs, specify the extension (e.g., document-by-name rfcNNNN.ps). Multiple requests can be sent in a single message by specifying each document in a comma-separated list (e.g., document-by-name rfcNNNN, rfcYYYY), or by including multiple document-by-name commands on separate lines.

The RFC Index can be requested by typing document-by-name rfc-index.

Citations

1790 I V. Cerf, "An Agreement between the Internet Society and Sun

Microsystems, Inc. in the Matter of ONC RPC and XDR Protocols," 04/17/1995. (Pages=6) (Format=.txt)

1789 I C. Yang, "INETPhone: Telephone Services and Servers on Internet," 04/17/1995. (Pages=6) (Format=.txt)

1780 S J. Postel, "INTERNET OFFICIAL PROTOCOL STANDARDS," 03/28/1995. (Pages=39) (Format=.txt) (Obsoletes RFC 1720) (STD 1)

1761 I B. Callaghan, R. Gilligan, "Snoop Version 2 Packet Capture File Format," 02/09/1995. (Pages=6) (Format=.txt)

1760 I N. Haller, "The S/KEY One-Time Password System," 02/15/1995. (Pages=12) (Format=.txt)

1757 DS S. Waldbusser, "Remote Network Monitoring Management Information Base," 02/10/1995. (Pages=91) (Format=.txt) (Obsoletes RFC 1271)

1750 I D. Eastlake, S. Crocker, J. Schiller, "Randomness Recommendations for Security," 12/29/1994. (Pages=25) (Format=.txt)

1746 I B. Manning, D. Perkins, "Ways to Define User Expectations," 12/30/1994. (Pages=18) (Format=.txt)

1734 PS J. Myers, "POP3 AUTHentication command," 12/20/1994. (Pages=5)(Format=.txt)

1713 I A. Romao, "Tools for DNS debugging," 11/03/1994. (Pages=13)(Format=.txt) (FYI 27)

1712 E C. Farrell, M. Schulze, S. Pleitner, D. Baldoni, "DNS Encoding of Geographical Location," 11/01/1994. (Pages=7) (Format=.txt)

1704 I N. Haller, R. Atkinson, "On Internet Authentication," 10/26/1994. (Pages=17) (Format=.txt)

1675 I S. Bellovin, "Security Concerns for IPng," 08/08/1994. (Pages=4) (Format=.txt)

1663 PS D. Rand, "PPP Reliable Transmission," 07/21/1994. (Pages=7) (Format=.txt)

1644 E R. Braden, "T/TCP - TCP Extensions for Transactions Functional Specification," 07/13/1994. (Pages=38) (Format=.txt)

1642 E D. Goldsmith, M. Davis, "UTF-7 - A Mail-Safe Transformation Format of Unicode," 07/13/1994. (Pages=14) (Format=.txt)

1636 I I. Architecture Board, R. Braden, D. Clark, S. Crocker, C. Huitema, "Report of IAB Workshop on Security in the Internet Architecture -February 8-10, 1994," 06/09/1994. (Pages=52) (Format=.txt)

1635 I P. Deutsch, A. Emtage, A. Marine, "How to Use Anonymous FTP," 05/25/1994. (Pages=13) (Format=.txt) (FYI 24)

1627 I E. Lear, E. Fair, D. Crocker, T. Kessler, "Network 10 Considered Harmful (Some Practices Shouldn't be Codified)," 07/01/1994. (Pages=8) (Format=.txt)

1624 I A. Rijsinghani, "Computation of the Internet Checksum via Incremental Update," 05/20/1994. (Pages=6) (Format=.txt) (Updates RFC1141)

1579 I S. Bellovin, "Firewall-Friendly FTP," 02/18/1994. (Pages=4) (Format=.txt)

1545 E D. Piscitello, "FTP Operation Over Big Address Records (FOOBAR)," 11/16/1993. (Pages=5) (Format=.txt) (Obsoleted by RFC1639)

1541 PS R. Droms, "Dynamic Host Configuration Protocol," 10/27/1993. (Pages=39) (Format=.txt) (Obsoletes RFC1531)

1537 I P. Beertema, "Common DNS Data File Configuration Error," 10/06/1993. (Pages=9) (Format=.txt)

1536 I A. Kumar, J. Postel, C. Neuman, P. Danzig, S. Miller, "Common DNS Implementation Errors and Suggested Fixes," 10/06/1993. (Pages=12) (Format=.txt)

1535 I E. Gavron, "A Security Problem and Proposed Correction With Widely Deployed DNS Software," 10/06/1993. (Pages=5) (Format=.txt)

1534 PS R. Droms, "Interoperation Between DHCP and BOOTP," 10/08/1993. (Pages=4) (Format=.txt)

1533 PS S. Alexander, R. Droms, "DHCP Options and BOOTP Vendor Extensions," 10/08/1993. (Pages=30) (Format=.txt) (Obsoletes RFC1497)

1532 PS W. Wimer, "Clarifications and Extensions for the Bootstrap Protocol," 10/08/1993. (Pages=22) (Format=.txt) (Updates RFC0951) (Obsoleted by RFC1542)

1531 PS R. Droms, "Dynamic Host Configuration Protocol," 10/07/1993. (Pages=39) (Format=.txt) (Obsoleted by RFC1541)

1510 PS J. Kohl, B. Neuman, "The Kerberos Network Authentication Service (V5)," 09/10/1993. (Pages=112) (Format=.txt)

1509 PS J. Wray, "Generic Security Service API: C-bindings," 09/10/1993. (Pages=48) (Format=.txt)

1508 PS J. Linn, "Generic Security Service Application Program Interface," 09/10/1993. (Pages=49) (Format=.txt)

1507 E C. Kaufman, "DASS - Distributed Authentication Security Service," 09/10/1993. (Pages=119) (Format=.txt)

1498 I J. Saltzer, "On the Naming and Binding of Network Destinations," 08/04/1993. (Pages=10) (Format=.txt)

1496 PS H. Alvestrand, J. Romaguera, K. Jordan, "Rules for downgrading messages from X.400/88 to X.400/84 when MIME content-types are present in the messages," 08/26/1993. (Pages=7) (Format=.txt) (Updates RFC1328)

1472 PS F. Kastenholz, "The Definitions of Managed Objects for the Security Protocols of the Point-to-Point Protocol," 06/08/1993. (Pages=11) (Format=.txt)

1457 I R. Housley, "Security Label Framework for the Internet," 05/26/1993. (Pages=14) (Format=.txt)

1455 E D. Eastlake, III, "Physical Link Security Type of Service," 05/26/1993. (Pages=6) (Format=.txt)

1446 PS J. Galvin, K. McCloghrie, "Security Protocols for version 2 of the Simple Network Management Protocol (SNMPv2)," 05/03/1993. (Pages=51) (Format=.txt)

1424 PS B. Kaliski, "Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services," 02/10/1993. (Pages=9) (Format=.txt)

1423 PS D. Balenson, "Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers," 02/10/1993. (Pages=14) (Format=.txt) (Obsoletes RFC1115)

1422 PS S. Kent, "Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management," 02/10/1993. (Pages=32) (Format=.txt) (Obsoletes RFC1114)

1421 PS J. Linn, "Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures," 02/10/1993. (Pages=42) (Format=.txt) (Obsoletes RFC1113)

1412 E K. Alagappan, "Telnet Authentication: SPX," 01/27/1993. (Pages=4) (Format=.txt)

1411 E D. Borman, "Telnet Authentication: Kerberos Version 4," 01/26/1993. (Pages=4) (Format=.txt)

1409 E D. Borman, "Telnet Authentication Option," 01/26/1993. (Pages=7) (Format=.txt) (Obsoleted by RFC1416)

1408 H D. Borman, "Telnet Environment Option," 01/26/1993. (Pages=7) (Format=.txt) (Updated by RFC1571)

1404 I B. Stockman, "A Model for Common Operational Statistics," 01/20/1993. (Pages=27) (Format=.txt)

1355 I J. Curran, A. Marine, "Privacy and Accuracy Issues in Network Information Center Databases," 08/04/1992. (Pages=4) (Format=.txt) (FYI 15)

1352 H J. Davin, J. Galvin, K. McCloghrie, "SNMP Security Protocols," 07/06/1992. (Pages=41) (Format=.txt)

1351 H J. Davin, J. Galvin, K. McCloghrie, "SNMP Administrative Model," 07/06/1992. (Pages=35) (Format=.txt)

1321 I R. Rivest, "The MD5 Message-Digest Algorithm," 04/16/1992. (Pages=21) (Format=.txt)

1320 I R. Rivest, "The MD4 Message-Digest Algorithm," 04/16/1992. (Pages=20) (Format=.txt) (Obsoletes RFC1186)

1319 I B. Kaliski, "The MD2 Message-Digest Algorithm," 04/16/1992. (Pages=17) (Format=.txt) (Updates RFC1115)

1288 DS D. Zimmerman, "The Finger User Information Protocol," 12/19/1991. (Pages=12) (Format=.txt) (Obsoletes RFC1196)

1282 I B. Kantor, "BSD Rlogin," 12/04/1991. (Pages=5) (Format=.txt) (Obsoletes RFC1258)

1281 I S. Crocker, B. Fraser, R. Pethia, "Guidelines for the Secure Operation of the Internet," 11/27/1991. (Pages=10) (Format=.txt)

1244 I P. Holbrook, J. Reynolds, "Site Security Handbook," 07/23/1991. (Pages=101) (Format=.txt) (FYI 8)

About the authors

William Steen owns and operates a consulting firm specializing in networking small businesses and local governmental agencies.

Emmett Dulaney is a publishing manager for New Riders Publishing and can be reached on Compuserve at 74507.3713.