- Email: [email protected]
Random bits & bytes
Computers & Security, 11 (1992) 682-694
Random Bits & Bytes Harold Joseph Highland, FICS Editor-in-Chief
Emeritus
would hurt US companies in the international market. Seems that technology has made the old alligator clip technique obsolete.
Security Snippets ours for the Asking: Some 27 security specialists were interviewed for their opinions concerning the evolution of distributed heterogenous computer systems. Each was asked a standard set of questions designed to highlight possible trends and problems that organizations may face in the coming years.
Y
Among those interviewed were: William A.J. Bound [Coopers & Lybrand, UK], Robert Courmey [Robert Courtney, Inc.], Harry Demaio [Deloitte & Touche], Robert Moeller [Sears Roebuck & Company], and Peter G. Neumann [SRI International]. Some of the others included: G. J. Bologna [Computer Security Digest], Michael Cangemi [EDP Auditors Journal], Charles Cresson Wood paseline Software] and Harold Joseph Highland [Computers & Security]. This almost 60-page report, “Distributed Systems: Security Prospectives,” edited by Belden Menkus, editor of EDPACS, is available free of charge horn Demax Software [l]. The Security Industry Association @Just Say No: remains strongly opposed to the FBI’s request to leave trapdoors in secured networks. FBI wants this entry to ease its job when it receives court-approved wire taps. The industry claims that the built-in vulnerability
‘11Demax Software, 999 Baker Way, Suite 500, San Mateo, CA 94404, USA. In Canada write to: 1730 St. Laurent Blvd. Suite 310, Ottawa, Canada KlG 5Ll. In the UK write to Wren House, Sutton Court Road, Sutton, Surrey SMl 4TL, UK and in Germany to Striftstrasse 31.6200 Wiesbaden, Germany.
l
@Security Data Free: Travellers with laptops can now reach the US State Department’s bulletin board [202-647-92251 to get information about security and crime problems when overseas. The Consular Affairs Bulletin Board [CABB] is maintained by the department’s Bureau of Diplomatic Security. The CABB also contains information visas and other vital data. We tested the BBS and found it menu-driven and easy to use. Although designed for U.S. citizens the BBS can be accessed by anyone. Our family is well aware of its need. Several years ago our son and his wife, on a trip to the Pacific Rim, found themselves in the middle of a revolution in one of the countries. When my son took ill at night he was taken to a make-shift field hospital where he was examined on a field stretcher covered with blood; there was no time for niceties of cleaning the examining surface between patients. l
0 Compulit, Inc, 1992. All rights reserved.
682
Privacy Protector: The recently appointed Privacy Commissioner in New Zealand,Bruce Slane, speaking before a meeting of the Credit and Finance Institute noted:“The commercial incentives to exploit personal information are as strong as the government incentives to use the information collected for one purpose to match it against information collected for another.” When was the last time you checked company databases to see that they comply with company privacy/disclosure policies and government regulations?
Can You Spare $3 000 OOO?The National Institute of Standards and Technology [NIST] wants to speed
0167-4048/92/$5.00
0 1992, Elsevier Science Publishers Ltd
Computers & Security, Vol. I I, No. 8
privacy ethic, according to an editorial in PC Week. “When it comes to personal information, we tend to take a certain level of privacy for granted. That privacy has not, in general, been guaranteed as a matter of principle, but has rather been a by-product of the cost and inconvenience of examining non-digital data. Opening and reading hand-written mail, or combing through drawers of typed documents, are tasks just as difficult today as they were several centuries ago; reviewing recordings of telephone conversations is likewise a time-consuming process. When documents and personal communications go digital, this trade-off changes dramatically.” Does your company have a written clear statement, distributed to all employees, about protection of the privacy of personal data?
up its Trust Technology Assessment Program [TTAP]. NIST is strapped for funds and according to Dr. Stuart W. Katzke, “It’s expensive and the question is where do we put our resources. We need to know who wants it. How important is it, and is it important enough to get people to do it.” It is estimated that the testing program would take four to five years to establish and would cost about $3000000.00 Readers may remember that the National Computer Security Center [NCSC] had been doing this testing but the government decided to assign the job to NIST but failed to provide the money. NIST was to create security ratings for systems now rated in the C2 through Bl range by NSA. NCSC would handle ratings for B2 and higher. l
Many security product producers want faster and cheaper evaluations of their still unclassified products. Many of them feel that the US is far behind the European conununity in this respect. Some industry groups are considering setting up their own test facilities. Meanwhile NCSC director, Patrick Gallagher, noted that they will not abandon the low-end evaluations at least until TTAP is operational. Can’t help wondering what all the Executive and Congressional departments genuflecting really accomplished; in fact, was it really necessary? l
l
Disaster Management: Most organizations have contingency plans to maintain computer operations in case of a disaster. Have your stand-alone PC users and LAN managers been instructed what to do in event of an immediate evacuation of the office during working hours? One security director with whom we spoke recently learned the hard way Fire alarms went off and most employees followed the prescribed evacuation plan. But no instructions had been included about closing data files or turning the machines off. Several employees did turn their microcomputers off but they failed to terminate the programs being run. Preliminary estimate of losses showed the loss of about 15% of data files with an average need of two workdays to restore the missing data and check the integrity of the files. New Privacy Ethic: Digital disclosure needs a new
Downsizing Continues: When we wrote about the trend in industry to move from mainframe to miniand microcomputers, we received several letters from readers objecting to our ‘scare’ tactics. They insisted that mainframes would always remain the mainstay of major companies. Well we now have a plethora of workshops and seminars on this topic in the US we have a report about Sadia, the $200 000 OOOO-a-year food giant in Sao Paulo, Brazil. A year ago they converted their Cobol systems running on mainframes to LAN- and Unix-based systems. According to Chris Turnball of Sterling Software [Ottawa, Canada] their mainframe machine rooms are 70% empty and their savings on mainframe gear they returned is more than their investment in new systems. Seems like a good reason to plan now, if you haven’t done so, for new computer security policies to meet such possibilities.
Access Control /Menu Security Program PC SAM [2] is a highly effective, easy to use access control and menu program. It is designed to work on all IBM and compatible microcomputers and provide comprehensive administration and maintenance of the system -- user and resource access. The program offers
I4 Manager Corporate Security, Security and Risk Management Department, Databank Systems Limited, Wellington, New Zealand, PO Box 3647. Telephone: +64 4 473-5979 Fa +64 4 474 5063.
683
H. J. Highland/Random Bits & Bytes
the security administrator numerous worthwhile tures and includes several useful user utilities.
fea-
Despite some discrepancies between the older manual which we received and the revised program we used, PC SAM was easy and straightforward to install on our systems operating under version 5.0 of Compaq DOS. We encountered some difficulties using QEMM on our Compaq 386 system and a video problem on our Compaq 286 with an older RBG monitor. Both problems were quickly resolved with the excellent technical support received from Databank Systems by electronic mail. The revised manual provides added data to help users smooth the installation of the program. Actually PC SAM provides the user with a number of features that are valuable not only in a banking environment but it any business organization. There are two phases in the installation process. The first is installing the program on the system with administrator-selected options and controls. The second is the setting up of individual resource management.
Program Installation Although a default configuration file exists, we strongly recommend that the administrator reviews the options which appear on the first screen and selects only those which are suitable to the specific site requirements. There are three sets of option data: features, environment and password. Features: The first of these options provides administrator control over different security requirements for the system. The first options group [all of which are automatically invoked under the default configuration but can be easily changed by the security administrator] include: [a]
password expiry: when invoked it forces a user to change his/her password ifit is older than the date set in password expiry in the environment configuration.
I?1
suspension: when this is set, a user will be suspended if he/she has more than the number of logon attempts noted in the environment confguration.
[cl
684
time out: when invoked, the user is required to
re-enter his/her password after a time out delay, It must be noted that this occurs only within PC SAM and not within applications programs.
VI
embargo: if this is not set, the user may change his/her password at any time. If it is invoked the user may not change his/her password for the period designated in the environment configuration.
[el
hide user ID: when not selected the user ID is echoed on the screen; otherwise it is echoed as a series of ****.
VI
logfile: when invoked, the program logs all events as they occur on the system. [An illustration of a log file is shown later.]
The second part of the feature option includes control over virus scanning. Control can be set to invoke any anti-virus program the user wishes to run at every boot, once a day or never. The final option under features is the configuration the super user’s password. There are three choices: [al
for
none: this option is selected only ifthe super user is denied access to the system.
[b]
fixed password: the system uses the super user’s password that is entered in the options password and remains unchanged unless it is altered by the super user.
[cl
variable password: a special program module generates the super user’s password. Because of our interest and research in password selection and generation we found that the program created passwords which would be nearly impossible for anyone to use; they were too scrambled and difficult to remember. They could not be pronounced which would make them easier to remember; for example ZNEZEUYA [INEZ BUY A] or REDHUTWA [FLED HUT WA], passwords obtained from a more sophisticated generator.
Environment: This second set of options includes some seven variable features and four entries for program control. The default settings are shown in the illustration, Fig I.
Computers & Security, Vol. I I, No. 8
^ __^^ PC SAM Version 2.1 Installation LZIIJt( Uninstall Options 12fO811992 14:17:32 Install ....... ........................... ................................. ..................................................................................................................................................................... .. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .................................................................................................. ................................................................................................................................................................ .... PC”..~~...~~~~~~~~~~~...~~~~~~~~~~~~ illii!lIiiiilIiiIiii~~~~~~~~~~~~~~~~ 11111111,11,111111,1,,,,,,,,,,,,,~~~~~~~~~ ....:i;;;i;;;;;;i;;;;;;;;;;;i;;;;;;;;;;;; iiiiiiiiiIiiiiiiiiiiii!lii!i!iiil c [.] .......... .............. ................~........ ..1.~..~..... ....... .................................... ::::::::::::::::::::::::::::::::: ................................. :::::::::::::::::::::::::::::::::::: ,1,,,1111,11111111111111111111111 11111,111111111111111111111111111 ................................. .................................... ::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::: Compulit, Inc. Company Name .. ..1..111111111..~1...,., ....... ,.1..1..111.11111111,,~..,,..,,,,,, , ..................................................................... ..................................................................... ..................................................................... ................................. 1111,111111111111111llllllllll ................................. ::::::::::::::::::::::::::::::::: ................................. ................................. 5 0 Password Expiry........(Day s l-99) 1,,,11.,111,1,1,1,1111111111(1111 ................................. !!!!!!!!!!!!I!!!!!!!!!!!!!!!!! ................................. .................................... ................................. .................................... 4 No. Login Attempts.....(l-9) ............................ .............. ..1...1............... .... . .................................... ::::::::::::::::::::::::::::::::: ................................. :::::::::::::::::::::::::::::::::::: Password Embargo.......(Day s l-9) 5 ,,,,,,,,,, 1,,,1111,11~11111111111 ................................. Time Out Delay.........(Minute s l-99) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ................................. ................................. :::::::::::::::::::::::::::::: 60 ................ ..1..........~.. , !!!!!!!!!!!!!!!!!!!!!!!!!:!!!: ................................. .................................... ................................. 10 Screen Save Delay......(Minute s l-99) ..,...........................~, , ... ..1.......1.................. ., ................................. ................................. :::::::::::::::::::::::::::::: .................................... Log File Retention.....(Month s 1-12) 4 1111,1111‘11111111111111111111 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .................................... ................................. ................................. :::::::::::::::::::::::::::::::::::: 160 ,,a,,,1 I,,,.,.,.,.,........1..... DOS Environment Size...(Byte s 160-9999) .... ..............................~. ::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::: ..................................................................... ~11111~11111111111.11111111((111( 1,,11111.111111,11111111111111 ..................................................................... .................................... ::::::::::::::::::::::::::::::::: ......1.......................... System Timer Command Line ..... ..~.....1..........~.~.....~ ... .................................... ::::::::::::::::::::::::::::::::: ................................. Command Line for Virus Checker :::::::::::::::::::::::::::::::::::: 1.111.11~111,111‘1111(1(11111( .................................... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ................................. ................................. :::::::::::::::::::::::::::::::::::: Path for Command Processor C:\COMMAND.COM .. .............................. ..1....1....................... ................................. .................................... ::::::::::::::::::::::::::::::::: Path for PC-SAM :::::::::::::::::::::::::::::::::::: C:\PCSAM\ 11.11~,11~11~11,~11.1(1(11((1(11((1( !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ................................. :::::::::::::::::::::::::::::::::::: ..................................................................... 11,11,1111111111.1.1,,.,,...~~~‘. 1111111111.1,111111.,.~.~,~,~~,,~,,~ ................................. ................................. :::::::::::::::::::::::::::::::::::: ................................. .................................... Cancel , ,,,,,,,,,, .... . .... . ............. ~.................1.,.,......,,..,~. ::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::: ..................................................................... 1111111,11111,11,,11.,,,,.,,.‘~~~ l**llll‘**tll‘l*l**l*~*~**‘***,~**‘, ................................. :::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::: .................................... .............................. ...... ::!:!!:::!!::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .................................... ............................................................................................................................................................................................................................... ............... :::::::::::::::::::::::::::::,::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 488216 ALT-X Exit FigureI The seven environment options are clearly defined and can be changed easily. Because of the numerous device drivers and extended PATH statement used on our systems, we use the following statement in our AUTOEXEC.BAT file: SET COMSPEC=C:\COMMAND.COM /E: 1024
/P
Therefore we changed the DOS Environment Size option to 1024 in setting up the environment configuration. This lead to problems in running PC SAM because the program handles COMPSEC. When we removed the COMPSEC line from the AUTOEXEC.BAT file, operations proceeded without diffiCulty.
not to use this option and left the line blank during our tests of the program. [c]
path for command processor and pathfor PC Sum must be entered.
[d]
password: This final installation option is used to enter the super user’s name and password. The administrator will also be prompted to enter a key that is used to encrypt the hard disk. This key is an 8-byte hexadecimal number, using any valid hexadecimal character in the range of’O’to ‘FFFF FFFF FFFF FFFE’
Note: It is essential to save the three sets of options, a choice available under the options’ menu. They can be updated at any time by the super user.
The four entries for program control include:
[al
[bl
system timer command line: this information is needed when installing PC SAM on XTs to set time and date. For ATs with batteries to control time and date this entry is lefi blank. command line for virus checker: the path for the virus program must be entered here. We decided
Phase Two of Installation The second phase of installation is required using the full install option on the main screen of the program. During this phase both the AUTOEXEC.BAT and CONFIGSYS files on the system are altered by PC SAM. The rest of the process is straightforward and should present no difficulties.
685
H. J. Highland/Random Bits & Bytes
Using PC SAM Once the system is rebooted, a logon screen appears [see Fig 21. During this process a user attempt will fail if there is an invalid user ID, invalid password or if the user has been suspended. The logon denied message does not indicate the reason for the denial, an effective security feature.
Figure2.
Before the program installs boot protection, the inability to access drive C by anyone booting the system with a floppy disk in drive A, a disaster recovery disk must be prepared. This step is critical so that the security administrator or a deputy would be able to boot from drive A in case of emergency. The boot PC SAM. Without impossible
protection [encryption] is an essential part of All vital areas of the hard disk are encrypted. the disaster recovery disk it would be to access drive C. .
Once these steps have been completed, PC SAM takes over control of the system upon a reboot.
After the system has been accessed, the user screen [see Fig 31 is displayed. The object-oriented window environment has three major components: the menu bar at the top, the main menu and the command line at the bottom. The six options in the top bar menu include such items as: log off, lock system, exit to DOS, edit facilities, maintenance including use of mouse and colour preferences, several utilities and control of the size of the window. Among the utilities, for example, are: l
an ASCII table
l
calculator
l
calendar
l
editor
l
security
PC SAM Version
Figure 3
686
2.1
Computers & Security, Vol. I I, No. 8
System =[=I =[.I
Edit
Alarm
PC SAM Version 2.1 Maintenance Utilities Windows User Maintenance Add a New User
User Id
larkin
User Info
audit department
25/08/1992
14:05:02 [$I=
Access to PC SAM functions System [ ] Edit Autoexec.bat [ ] Edit Config.sys [ ] Edit Pcstop.bat [ ] DOS Access
Last Edit
= Aug 25, 1992
Alarm [X] Display
Maintenance [ ] Menus [ ] Users [X] Colors [X] Mouse [X] Preferences
Utilities [X] Text Editor [ 1 Decrypt [X] Encrypt [ ] Secure Delete
1:23pm
Fl Help 1 Add new users information and menu bar access User=HARRIS Licensed to Harold Joseph Highland
130800
Fig. 4
The last of these utilities provides for encryption, decryption and secure deletion of a file. A fast proprietary algorithm as well as DES is available for the user. The secure deletion utility overwrites a file three times, first with OS,then with 1s and finally with random characters. It may not be up to US DOD standards but is highly effective in almost all business environments. Which of the many options available to a specific user is determined when the administrator adds a new user. Four basic option areas are controllable as shown in Fig 4. An ‘x’ in the appropriate box indicates the specific access for the user. Particularly use&l is the ALARM [Access Logging and Report Management] utility. A sample of the detailed report [generated primarily for this product review] is shown in Fig 5. Note that at 2:47pm there is a failed logon, an invalid user ID. Although normally it would not be possible to identify an illegal attempt to access
the system, the “LAS” indicates an aborted attempt by Larkin.
A Final Note PC SAM is available under licence agreement. It is one of the best comprehensive access control packages we have tested and we were impressed by the options and flexibility offered by the program. This program was tested without using some of the security packages we have in place on the two systems. We have a high-speed Public Key/DES encryption communications board on one system and found that it could not be used concurrently with PC SAM. We have Lattice’s Secret Disle on the other system and found that we could not access the ‘secret disks’ when using PC SAM. But that is a problem which can be resolved by abandoning other security programs in favour of PC SAM since it offered a high level of overall security
687
H. J. Highland/Random Bits & Bytes
Edit Alarm System -181 Date/Time 2:43pm 251 S/1992 2:44pm 251 a/1992 2:44pm 251 a/1992 251 S/1992 2:44pm 2:45pm 251 a/1992 251 S/1992 2:45pm 251 S/1992 2:45pm 2:46pm 251 S/1992 2:46pm 251 a/I992 2:47pm 251 S/1992 2:47pm 251 S/1992 2:47pm 251 S/I992 2:47pm 251 S/I992 251 S/1992 2:47pm 2:4apm 251 B/1992 2:4apm 251 S/1992 2:4apm 251 S/1992 2:49pm 251 S/1992 Fl Help Licensed
PC SAM Version 2.1 25/08/1992 14:50:44 Maintenance Utilities Windows Audit log Userid Operation * JOSEPH Menu maintenance JOSEPH Logged off Failed: Logon (User HARRIS invalid HARRIS Logged on HARRIS Execute 'Encryption' Execute 'Communications' HARRIS Logged off HARRIS JOSEPH Logged on JOSEPH Execute 'Polution' JOSEPH Logged off REBECCA Logged on Execute 'StatProgram' REBECCA REBECCA Logged off Failed: Logon (Invalid user LAS LARKIN Logged on Execute 'Publisher' LARKIN . LARKIN Logged off . HARRIS Logged on
F3,ESC Close ALT-P Print to Harold Joseph Highland
ALT-F To File User=HARRIS
I28728
Figure5
Problems and Solutions -
Q: and A:
Over the years we have received letters, telephone calls, fax and electronic mail from readers about security and security-related problems they face. We would like to extend that service to all readers who have heretofore not availed themselves of our assistance. [l]
Postal address: Dr. Harold Joseph Highland, Compulit, Inc, 562 Croydon Road, Elmont, NY 11003-2814,
[2] Electronic mail: [email protected] [which is interconnected with Internet] [email protected] [an Internet address which is used as a backup; this mail is read less frequently]. [3] Telex:
[+l] 650.406.5012
USA or
[which is routed through MCI mail].
[4] Fax: [+l] 516.488.6868 [B ecause we use a Fax board in our microcomputer this requires telephoning our office to notify us about pending transmission so we can activate the Fax board. This can be done only during office hours -_ 14:30 to 21:30 Zulu.]
Q: Our company wilI enter the world of telecommunications by joining Internet later this year. I have been given the job of preparing materials for our staff to use the network. The manuals are far from adequate since I have no previous networking experience. I did get some help from a local college; they sent me a copy of their user manual. I need more! Is there anything that will give me a background overnight?
A: Two quick references you might find of value. The first is the October 1992 issue of IEEE Spectrum and the other is a recently published book, The Whole Internet.
The October issue of IEEE Spectrum13] has a series of well-written and informative articles on e-mail in a section, “E-mail: Pervasive and Persuasive” by Telka S.
Computers & Security, Vol. I I, No, 8
E-mail
is rather
bland
as compared
with
other
forms
of communications
-- no body
language,
voice
inflection
letterheads.
Here. are
or fancy
some symbols used by e-mail writers to enliven their copy. To read the symbols rotate this illustration 90-degrees clockwise. :-
)
Amusing
or joking
comment
or flirting
comment
;-I
Sarcastic
:-(
Frown
: - ( (
Wince or flinch reaction
- one is upset
>:-<
Very angry comment
:-D
A laugh
:-@
A scream Confused
%-I :-x .
reaction
or comment
Won’t say a word
Symbols
used
by authors
article and those we’ve
of IEEE
Spectrum
found in our e-mail.
Perry and John A. Adam, senior and senior associate editors, respectively. This section includes: E-mail at work Playing on the net Forces for social change To probe further The Whole Internet: User’s Guide & Catalog [4] by Ed Krol is a valuable reference addition to any company or individual’s library. Although written primarily to explain Internet, there are many useful sections for anyone
13]lEEE Spectrum, 345 East 47th Street, New York, NY 10017, USA. Telephone: 212-705-7555 or l-800-678-4333 [41This 376-page soft-covered book is available for $24.95 f&n O’Reilly & Associates, Inc. 103 Morris Street, Suite A,Sebastopol, CA 95472 USA. Overseas it is available corn Addison-Wesley but in Japan horn Toppan Company Ltd in Tokyo..
interested in obtaining the benefits of being on a network or exploring what is available on other networks. File Transfer Protocol [FTP] is clearly explained and easy to understand. The step-by-step instructions are easily followed with an explanation of common file types and modes.The appendix on international network connectivity is a handy guide to understanding country extensions used in e-mail addresses. There are several worthwhile chapters that take the mystery out of many aspects of networking. The one on electronic mail covers such topics as carbon copies,blind carbon copies, mail forwarding, sending binary data as ASCII and setting up mailing lists. The chapter on finding someone on a net is well written and exceedingly handy when you try to reach someone whose e-mail address is not known to you. The resources available over Internet can satisfy any network gourmet with data about scientific areas -astronomy, chemistry, biology, computing; CERT security advisories; refer8th edition of the Concise Oxford ence books dictionary, CIA World Fact book; resource directories. For the adventurous there is information about science fiction literature, Chinese classical literature, and even a guide for home brewers.
Communications Line Noise Q: Last month my department was moved to another building in our company complex. Almost everybody has been plagued by a high level of ‘garbage’ during telecommunications. Furthermore, the number of illegal sign-ons to the company network has increased to an annoying level. Also the department has wasted time because it is often necessary to duplicate transmission of documents. There has been no equipment changes and the problem did not exist in our former facilities. My job is microcomputer supervisor and I have not been able to obtain cooperation from our main computer centre. Is there any simple solution to the problem? A: We do not have sufficient technical information about your specific situation, but over the years we have found problems such as yours. Some of the older modems create external noise. Even though you have the same hardware, the units might be arranged differently. Ifyou are not already doing so,you might try using
689
H. J. Highland/Random Bits & Bytes
a shielded RS232 cable to connect a modem to the microcomputer and see if there is noise reduction. Another test you can make is changing the baud transmission rate used by the modem. Higher rate modems are more intolerant of line noises than those operating at lower baud rates. If the noise is greatly reduced or eliminated at the lower baud rate, you might solve the problem by obtaining high-speed modems. We have found that a 9600 modem working at 4800 baud is less sensitive to line noise than a 4800 unit. True this may be a costly solution but detecting and eliminating other causes of line noise may be much more expensive. Line noise can be caused by either of the following.
[1]
Older fake telephone lines: It is possible that the telephone lines within your building are an older type which have a tendency to be noisy. Do you still have the same telephone exchange? If you have a different one, it might be caused by older lines somewhere along the route between your microcomputers and the central telephone company exchange.
First, you can try to reduce the noise by using a built-in utility contained in most microcomputer telecommunications programs. If this helps, then make certain that all microcomputers are configured to use that utility Second, to try to narrow down your problem you might try disconnecting during a noisy transmission and redialing the number. If the noise persists, the cause may be older lines. [2]
Electrical interjrence: This is another cause of line noise. You can do some of the checking but it may be necessary to obtain the assistance of the building maintenance department.
Noise is sometimes induced by having the telephone lines and/or telephone junction boxes situated next to or near electric power lines. In one case we found the telephone line junction box located next to an elevator motor in the basement. In another we found that the builder used a conduit for all cables during construction so that power and telephone lines were side by side. Does your building contain any production facilities? If the electrical lines used by your computers are also used by industrial equipment, you probably will have line
690
noise. We found one facility that had the company printing plant next to the data centre and shared the electrical lines. In another we found several photocopy machines sharing the computer lines. Mentioning your company complex reminded us of a computer centre in its own building but across a single driveway there were aluminum arc-welding machines. Their arcing, when in use, induced noise and damaged magnetic tapes stored in a case on the wall facing the driveway.
Data Integrity [?] The US Federal District Court’s computer in Connecticut declaredall Hartford citizens dead for the past three years - only the people did not know it, nor did the court. The computer is used to obtain a list of prospective grand jurors and not one Hartford resident, a part of that pool, had been selected. The chiefclerk ofthe US court in an attempt to discover why no one in that city has been considered for grand jury duty discovered, according to an Associated Press release, a “computer error.” According to the report the city name had been placed in the wrong column forcing the ‘d’ in Hardord into another column. The ‘d’ in that other field is used to describe the status of the individual juror. In its search, the computer program found the character ‘D,’ which was used in the court computer records to note that the juror was dead. Because of this every time a prospective grand juror list was created, the program skipped any legal Hartford resident since questionnaires are not sent to dead people. This program error was found after three years when there was a challenge to the racial composition of the grand jury that indicted a defendant in a $7 100 000.00 robbery at Wells Fargo back in 1983. We are aware that a good programmer should attempt to conserve file space by limiting the length offields, but
NTIS Volumes of Interest The National Technical Information Service (NTIS) is a self-supporting agency of the US Department of
Computers & Security, Vol. I I, No. 8
Commerce. It provides access to the results of both US and foreign government-sponsored research and development and engineering activities. For copies of any of the publications we consider of interest to computer security directors and personnel, you can communicate with:
experimental results indicated there was no significant difference between the CIC system using an inking stylus and the Sign/On systems and that both systems had Type 1 error rates of less than 3% and Type 11 error rates of less than 1%. The results also indicated that the operating conditions test did not favour either system.
U.S. Department of Commerce National Technical Information 5285 Port Royal Road Springfield, VA 22161 USA Orders: +l 703 487-4650 Telex: 89-9405 or 64617 Fax: +1 703 321-8547
User Authentication: A State-of-the-Art Service
Review of US and European Security Evaluation Criteria C.R.Dinkel,National Inst.ofStandardsandTechnology, Gaithersburg MD, Computer Security Div., March 1992,29pp., PB92-172022WCC. Several US and European documents describing criteria for specifying and evaluating the trust of computer products and systems have been written. The report reviews five of these documents and discusses the approach each one uses to provide criteria for speci@ing and evaluating the trust of computer products and systems. Signature Verification for Access Control S.C. Geshan, Naval Postgraduate School, Monterey CA, September 1991,55pp.,AD-A245 334/8/WCC. Access control to sensitive information is a vital concern for Department of Defense agencies. Current methods employed to control access are vulnerable to unauthorized users and frequently inadequate. The use of biometric access control devices, such as signature verification systems, may represent a solution to the access control problem. This thesis looked at two dynamic signature verification systems and compared their performance in general as well as under the different operating conditions of lined and unlined paper and morning and afiernoon use. The two signature verification systems were the CIC system and the Sign/On system. Additionally, the thesis compared the CIC system under both sets of operating conditions using an inking stylus pen and a non-inking stylus pen. The
Review
J.A. Coley, Naval Postgraduate School, Monterey September l991,124pp., AD-A245 612/7/WCC.
CA,
Access control of computing systems is considered a key issue among Information Systems managers. There are different methods available to computing systems to ensure a proper authentication of a user. Authentication mechanisms can use simple user-generated passwords to complicated combinations of passwords and physical characteristics ofthe user (i.e.,voice recognition device, retina scanner, signature recognition device, etc.). This thesis looks at the various authentication mechanisms available to a security manager. It describes how different authentication mechanisms operate and the advantages and disadvantages associated with each mechanism. It also reports on several commercially available software products that support the user authentication process. Finally, a discussion of password use in the military environment and the unique requirements of the Department of Defense. Security Considerations in Distributed Systems D.R. Rhead, Naval Postgraduate School, Monterey CA, September l991,102pp., AD-A246 807/2/WCC. This thesis investigates computer security considerations in distributed systems. In particular, it concentrates on assisting managers to gain an appreciation for what distributed systems are and what are the inherent security issues in these systems. A survey of the literature on computer security was conducted to identify those issues unique to distributed systems, Although many controls are discussed, management must design and support a comprehensive security plan tailored to their unique organization. SPAN: A Decision Plan Analysis
Support System for Security
S.H.Ramsey,NavaI Postgraduate School,Monterey September 1991,79pp.,AD-A245 016/1/WCC.
CA,
691
H. J. Highland/Random Bits & Bytes
Computer-based information systems provide countless opportunities to improve an organization’s functioning and enhance its products or services. They also expose organizations to significant risks as they become increasingly dependent on information resources. To minimize the risks to an organization’s information systems, an Information System (IS) security plan must be formulated. A Decision Support System (DSS) can provide managers with consistent and concise guidance for the development and analysis of an IS security plan. SPAN, a Decision Support System for Security Plan Analysis has been developed to provide IS managers with information necessary to make informed IS security plan decisions. This thesis will address how SPAN can be applied for security plan analysis resulting in better and more informed security plan decisions. Sample Statements of Work for Federal Computer Security Services: For Use in-House or Contracting Out D.M. Gilbert and N. Lynch, National Inst. of Standards and Technology, Gaithersburg MD, December 1991, 97pp.. PB92-148261/WCC. Each federal organization is fully responsible for its computer security program whether the security program is performed by in-house staff or contracted out. Time constraints, budget constraints, availability or expertise of staff, and the potential knowledge to be gained by the organization from an experienced contractor are among the reasons a federal organization may wish to get external assistance for some of these complex, labour intensive activities. An interagency working group of federal and private sector security specialists developed the document. The document presents the ideas and experiences of those involved with computer security, It supports the operational field with a set of Statements of Works (SOWS) describing significant computer security activities. While not a substitute for good computer security management, organization staff and government contractors can use these SOWS as a basis for a common understanding of each described activity. The sample SOWS can foster easier access to more consistent, high-quality computer security services. The descriptions apply to contracting for services or obtaining them from within the organization.
American Computer COMPSEC-11
Security
Industries,
Inc,
B.A. Maguschak, C. Reese and R.L. Williamson, National Computer Security Center, Fort George G. Meade MD, 10 June 1991, 52pp., AD-A247 210/8/WCC. The National Computer Security Center (NCSC) examined the security protection mechanisms provided by American Computer Security Industries, Incorporated’s COMPSEC-11 USA American Version, release B3.1. COMPSEC-11 is a subsystem, not a complete trusted computer system. Therefore, it was evaluated against the Computer Security Subsystem Interpretation (CSSI). Specifically, the applicable requirements for this evaluation included Identification Authentication (I and A), Discretionary Access Control (DAC), audit and object reuse. The evaluation team determined that the highest class at which COMPSEC-11 satisfies the I and A, DAC, audit and object reuse requirements of the CSSI is class D. This report documents the findings of the evaluation. Securing Applications in Personal Computers: The Relay Race Approach J.M. Wright, Naval Postgraduate School, Monterey CA, September l991,107pp., AD-A246 94O/l/WCC. This thesis reviews the increasing need for security in a personal computer (PC) environment and proposes a new approach for securing PC applications at the application layer. The Relay Race Approach extends two standard approaches: data encryption and password access control at the main program level, to the subprogram level by the use of a special parameter, the Baton. The applicability of this approach is demonstrated in an original Basic application and an existing Dbase IV application, representing both third generation language (3GL) and fourth generation language (4GL) environments. The Approach can add to overall network security in the PC LAN environment as well. The Approach is successful and proposed enhancements can strengthen the Approach. Software and the Virus Threat: Providing Authenticity in Distribution G.M. LaVenture, Naval Postgraduate School, Monterey CA, March 1991,82pp., AD-A246 083/O/WCC.
692
Computers & Security, Vol. I I, No. 8
Computer viruses have threatened the integrity and reliability of computer systems since 1983. Literally hundreds of viruses exist for the IBM compatible computer alone. These viruses can cause corruption or loss ofprogram and data files, incidental damage to hardware, and degradation or loss of system performance. This paper examines the nature of the virus threat by discussing virus types, methods and rates of propagation, relative frequencies of occurrence, and genealogy. Possible methods for virus detection and identification, followed by disinfections, are outlined. Minimum capabilities and testing criteria for these products are also detailed. Methods for controlling and limiting infection and damage are discussed. These are considered minimum acceptable safeguards to be implemented by an organization. Lastly, sot&are authentication means are examined which, when used in conjunction with the minimum safeguards, would eliminate the possibility of viral infection. Computer the Navy
Virus Security in the Department
of
M.J. Salters, Naval Postgraduate School, Monterey CA, March 1992,63 pp., AD-A247 476/5/WCC. This thesis discusses the growing threat of computer viruses and their impact on Automated Information Systems. In particular, it attempts to show a need to establish sound security programs that properly address computer viruses. A major area of the thesis focuses on current guidance by the Department ofDefense and the Department of the Navy and provides recommendation for a Navy organization to effectively combat the security threat fi-om computer viruses. Sicherheitsarchitektur &et Verteilte Systeme (Security Architecture for Distributed Systems) M. Kaeding, Technische Univ. Berlin (Germany), Fachgebiet Raumfahrt, 1991, 184 pp., text in German, N92-20170/6/WCC. A Subject, Object and Function (SOF) model is developed for the modeling and technical integration of the access control mechanism in a distributed system. A system is defined for the description ofthe access control ratings ofa user, e.g., a subject.The access control system is composed ofthree system duties which are controlled by a security manager, and work with logic object marking. The three duties also control the access f&c-
tion realization of an object and the transport of an object within the distributed systems. The field of communication security is covered by known coding processes. Is Hypertext a Solution ADP Security Program Problems
to Implementing an in DON. Issues and
R.A. VanMeter, Naval Postgraduate School, Monterey CA, September 1991,14lpp., AD-A245 868/5/WCC. The goal of this thesis is to provide an overview of hypertext to determine its feasibility for resolving some of the problems currently facing newly assigned and inexperienced ADP security officers. The proclivity within DOD for using documents in virtually every facet of work suggests that hypertext has a promising future in the DOD. To implement an ADP security program in the Navy, the information presented in the DON AID Security Guidelines should be carefully selected and filtered to derive a tool that provides an effective and circumstance-shaped source of information, guidance and reference. From a design standpoint, it is important to integrate hypertext technology with other computer based tools - such as expert systems and simulation models - to fully exploit the potential of this new technology.
Professor Harold Joseph Highland, FICS is a dinosaur* who was graduated from the university and commissioned as a Second Lieutenant in 1938. He is Managing Director of Compulit, Inc [Elmont, NY, USA] and heads its Microcomputer Security Laboratory. He retired more than a decade ago with the academic rank of Distinguished Professor from the State University of New York. He is the founding editor of Computers & Security. As Editor-in-Chief Emeritus, he writes his “Random Biti GBytes” column that appears regularly in the journal. Furthermore he serves on the editorial board ofseven professional magazines in the United States and overseas, and writes special features periodically. He is the author of 26 books and numerous professional and technical papers. In addition to his writing and speeches Dr. Highland conducts workshops in computer security, especially in the areas of microcomputer security and cryptography Also he currently is: l
Chairman of IFIP/WGll.8 on information and training, an international committee industry, government and universities,
security education of members horn
693
H. J. Highland/Random Bits & Bytes
*President
of the Virus
non-profit l
Security
an international
Chairman of the ACM International Plan Task Force.
@Associate
of the Information
Security
Queensland University of Technology l
Institute,
organization,
Public
Information
Officer
Research
Centre
of
[Brisbane, Australia], and
of IFIP/TCll
[the International
Federation for Information Processing’s Technical Committee on information security
1 I]
Professor Highland is also counsel to the Computer Security Technical Committee of the Chinese Computer Federation [Beijing, PRC] and to other government agencies in the US and overseas. Active in a number of professional associations, Dr. Highland has been a Fellow of the Irish Computer Society [ICS] since 1985. He is also a member ofthe New York Academy of Sciences [NYAS], the Association for Computer Management [ACM], the IEEE’s Computer Society [IEEEKS], Information Systems Security Association [ISSA], American Association for the Advancement of Science [AAAS], Computer Professionals for Social Responsibility [CPRS], and the Society for Irreproducible Results [SIR]. A more complete although condensed biography can be found in Who’s who in Scienceand Technologyand also in who’s Who in Amerim. * [Let’s make no bones about it: a) dinosaurs ruled the world, b) they kept their teeth sharp, c) they survived one helluva long time.Ed.1
694
Random Bits & Bytes Harold Joseph Highland, FICS Editor-in-Chief
Emeritus
would hurt US companies in the international market. Seems that technology has made the old alligator clip technique obsolete.
Security Snippets ours for the Asking: Some 27 security specialists were interviewed for their opinions concerning the evolution of distributed heterogenous computer systems. Each was asked a standard set of questions designed to highlight possible trends and problems that organizations may face in the coming years.
Y
Among those interviewed were: William A.J. Bound [Coopers & Lybrand, UK], Robert Courmey [Robert Courtney, Inc.], Harry Demaio [Deloitte & Touche], Robert Moeller [Sears Roebuck & Company], and Peter G. Neumann [SRI International]. Some of the others included: G. J. Bologna [Computer Security Digest], Michael Cangemi [EDP Auditors Journal], Charles Cresson Wood paseline Software] and Harold Joseph Highland [Computers & Security]. This almost 60-page report, “Distributed Systems: Security Prospectives,” edited by Belden Menkus, editor of EDPACS, is available free of charge horn Demax Software [l]. The Security Industry Association @Just Say No: remains strongly opposed to the FBI’s request to leave trapdoors in secured networks. FBI wants this entry to ease its job when it receives court-approved wire taps. The industry claims that the built-in vulnerability
‘11Demax Software, 999 Baker Way, Suite 500, San Mateo, CA 94404, USA. In Canada write to: 1730 St. Laurent Blvd. Suite 310, Ottawa, Canada KlG 5Ll. In the UK write to Wren House, Sutton Court Road, Sutton, Surrey SMl 4TL, UK and in Germany to Striftstrasse 31.6200 Wiesbaden, Germany.
l
@Security Data Free: Travellers with laptops can now reach the US State Department’s bulletin board [202-647-92251 to get information about security and crime problems when overseas. The Consular Affairs Bulletin Board [CABB] is maintained by the department’s Bureau of Diplomatic Security. The CABB also contains information visas and other vital data. We tested the BBS and found it menu-driven and easy to use. Although designed for U.S. citizens the BBS can be accessed by anyone. Our family is well aware of its need. Several years ago our son and his wife, on a trip to the Pacific Rim, found themselves in the middle of a revolution in one of the countries. When my son took ill at night he was taken to a make-shift field hospital where he was examined on a field stretcher covered with blood; there was no time for niceties of cleaning the examining surface between patients. l
0 Compulit, Inc, 1992. All rights reserved.
682
Privacy Protector: The recently appointed Privacy Commissioner in New Zealand,Bruce Slane, speaking before a meeting of the Credit and Finance Institute noted:“The commercial incentives to exploit personal information are as strong as the government incentives to use the information collected for one purpose to match it against information collected for another.” When was the last time you checked company databases to see that they comply with company privacy/disclosure policies and government regulations?
Can You Spare $3 000 OOO?The National Institute of Standards and Technology [NIST] wants to speed
0167-4048/92/$5.00
0 1992, Elsevier Science Publishers Ltd
Computers & Security, Vol. I I, No. 8
privacy ethic, according to an editorial in PC Week. “When it comes to personal information, we tend to take a certain level of privacy for granted. That privacy has not, in general, been guaranteed as a matter of principle, but has rather been a by-product of the cost and inconvenience of examining non-digital data. Opening and reading hand-written mail, or combing through drawers of typed documents, are tasks just as difficult today as they were several centuries ago; reviewing recordings of telephone conversations is likewise a time-consuming process. When documents and personal communications go digital, this trade-off changes dramatically.” Does your company have a written clear statement, distributed to all employees, about protection of the privacy of personal data?
up its Trust Technology Assessment Program [TTAP]. NIST is strapped for funds and according to Dr. Stuart W. Katzke, “It’s expensive and the question is where do we put our resources. We need to know who wants it. How important is it, and is it important enough to get people to do it.” It is estimated that the testing program would take four to five years to establish and would cost about $3000000.00 Readers may remember that the National Computer Security Center [NCSC] had been doing this testing but the government decided to assign the job to NIST but failed to provide the money. NIST was to create security ratings for systems now rated in the C2 through Bl range by NSA. NCSC would handle ratings for B2 and higher. l
Many security product producers want faster and cheaper evaluations of their still unclassified products. Many of them feel that the US is far behind the European conununity in this respect. Some industry groups are considering setting up their own test facilities. Meanwhile NCSC director, Patrick Gallagher, noted that they will not abandon the low-end evaluations at least until TTAP is operational. Can’t help wondering what all the Executive and Congressional departments genuflecting really accomplished; in fact, was it really necessary? l
l
Disaster Management: Most organizations have contingency plans to maintain computer operations in case of a disaster. Have your stand-alone PC users and LAN managers been instructed what to do in event of an immediate evacuation of the office during working hours? One security director with whom we spoke recently learned the hard way Fire alarms went off and most employees followed the prescribed evacuation plan. But no instructions had been included about closing data files or turning the machines off. Several employees did turn their microcomputers off but they failed to terminate the programs being run. Preliminary estimate of losses showed the loss of about 15% of data files with an average need of two workdays to restore the missing data and check the integrity of the files. New Privacy Ethic: Digital disclosure needs a new
Downsizing Continues: When we wrote about the trend in industry to move from mainframe to miniand microcomputers, we received several letters from readers objecting to our ‘scare’ tactics. They insisted that mainframes would always remain the mainstay of major companies. Well we now have a plethora of workshops and seminars on this topic in the US we have a report about Sadia, the $200 000 OOOO-a-year food giant in Sao Paulo, Brazil. A year ago they converted their Cobol systems running on mainframes to LAN- and Unix-based systems. According to Chris Turnball of Sterling Software [Ottawa, Canada] their mainframe machine rooms are 70% empty and their savings on mainframe gear they returned is more than their investment in new systems. Seems like a good reason to plan now, if you haven’t done so, for new computer security policies to meet such possibilities.
Access Control /Menu Security Program PC SAM [2] is a highly effective, easy to use access control and menu program. It is designed to work on all IBM and compatible microcomputers and provide comprehensive administration and maintenance of the system -- user and resource access. The program offers
I4 Manager Corporate Security, Security and Risk Management Department, Databank Systems Limited, Wellington, New Zealand, PO Box 3647. Telephone: +64 4 473-5979 Fa +64 4 474 5063.
683
H. J. Highland/Random Bits & Bytes
the security administrator numerous worthwhile tures and includes several useful user utilities.
fea-
Despite some discrepancies between the older manual which we received and the revised program we used, PC SAM was easy and straightforward to install on our systems operating under version 5.0 of Compaq DOS. We encountered some difficulties using QEMM on our Compaq 386 system and a video problem on our Compaq 286 with an older RBG monitor. Both problems were quickly resolved with the excellent technical support received from Databank Systems by electronic mail. The revised manual provides added data to help users smooth the installation of the program. Actually PC SAM provides the user with a number of features that are valuable not only in a banking environment but it any business organization. There are two phases in the installation process. The first is installing the program on the system with administrator-selected options and controls. The second is the setting up of individual resource management.
Program Installation Although a default configuration file exists, we strongly recommend that the administrator reviews the options which appear on the first screen and selects only those which are suitable to the specific site requirements. There are three sets of option data: features, environment and password. Features: The first of these options provides administrator control over different security requirements for the system. The first options group [all of which are automatically invoked under the default configuration but can be easily changed by the security administrator] include: [a]
password expiry: when invoked it forces a user to change his/her password ifit is older than the date set in password expiry in the environment configuration.
I?1
suspension: when this is set, a user will be suspended if he/she has more than the number of logon attempts noted in the environment confguration.
[cl
684
time out: when invoked, the user is required to
re-enter his/her password after a time out delay, It must be noted that this occurs only within PC SAM and not within applications programs.
VI
embargo: if this is not set, the user may change his/her password at any time. If it is invoked the user may not change his/her password for the period designated in the environment configuration.
[el
hide user ID: when not selected the user ID is echoed on the screen; otherwise it is echoed as a series of ****.
VI
logfile: when invoked, the program logs all events as they occur on the system. [An illustration of a log file is shown later.]
The second part of the feature option includes control over virus scanning. Control can be set to invoke any anti-virus program the user wishes to run at every boot, once a day or never. The final option under features is the configuration the super user’s password. There are three choices: [al
for
none: this option is selected only ifthe super user is denied access to the system.
[b]
fixed password: the system uses the super user’s password that is entered in the options password and remains unchanged unless it is altered by the super user.
[cl
variable password: a special program module generates the super user’s password. Because of our interest and research in password selection and generation we found that the program created passwords which would be nearly impossible for anyone to use; they were too scrambled and difficult to remember. They could not be pronounced which would make them easier to remember; for example ZNEZEUYA [INEZ BUY A] or REDHUTWA [FLED HUT WA], passwords obtained from a more sophisticated generator.
Environment: This second set of options includes some seven variable features and four entries for program control. The default settings are shown in the illustration, Fig I.
Computers & Security, Vol. I I, No. 8
^ __^^ PC SAM Version 2.1 Installation LZIIJt( Uninstall Options 12fO811992 14:17:32 Install ....... ........................... ................................. ..................................................................................................................................................................... .. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .................................................................................................. ................................................................................................................................................................ .... PC”..~~...~~~~~~~~~~~...~~~~~~~~~~~~ illii!lIiiiilIiiIiii~~~~~~~~~~~~~~~~ 11111111,11,111111,1,,,,,,,,,,,,,~~~~~~~~~ ....:i;;;i;;;;;;i;;;;;;;;;;;i;;;;;;;;;;;; iiiiiiiiiIiiiiiiiiiiii!lii!i!iiil c [.] .......... .............. ................~........ ..1.~..~..... ....... .................................... ::::::::::::::::::::::::::::::::: ................................. :::::::::::::::::::::::::::::::::::: ,1,,,1111,11111111111111111111111 11111,111111111111111111111111111 ................................. .................................... ::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::: Compulit, Inc. Company Name .. ..1..111111111..~1...,., ....... ,.1..1..111.11111111,,~..,,..,,,,,, , ..................................................................... ..................................................................... ..................................................................... ................................. 1111,111111111111111llllllllll ................................. ::::::::::::::::::::::::::::::::: ................................. ................................. 5 0 Password Expiry........(Day s l-99) 1,,,11.,111,1,1,1,1111111111(1111 ................................. !!!!!!!!!!!!I!!!!!!!!!!!!!!!!! ................................. .................................... ................................. .................................... 4 No. Login Attempts.....(l-9) ............................ .............. ..1...1............... .... . .................................... ::::::::::::::::::::::::::::::::: ................................. :::::::::::::::::::::::::::::::::::: Password Embargo.......(Day s l-9) 5 ,,,,,,,,,, 1,,,1111,11~11111111111 ................................. Time Out Delay.........(Minute s l-99) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ................................. ................................. :::::::::::::::::::::::::::::: 60 ................ ..1..........~.. , !!!!!!!!!!!!!!!!!!!!!!!!!:!!!: ................................. .................................... ................................. 10 Screen Save Delay......(Minute s l-99) ..,...........................~, , ... ..1.......1.................. ., ................................. ................................. :::::::::::::::::::::::::::::: .................................... Log File Retention.....(Month s 1-12) 4 1111,1111‘11111111111111111111 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .................................... ................................. ................................. :::::::::::::::::::::::::::::::::::: 160 ,,a,,,1 I,,,.,.,.,.,........1..... DOS Environment Size...(Byte s 160-9999) .... ..............................~. ::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::: ..................................................................... ~11111~11111111111.11111111((111( 1,,11111.111111,11111111111111 ..................................................................... .................................... ::::::::::::::::::::::::::::::::: ......1.......................... System Timer Command Line ..... ..~.....1..........~.~.....~ ... .................................... ::::::::::::::::::::::::::::::::: ................................. Command Line for Virus Checker :::::::::::::::::::::::::::::::::::: 1.111.11~111,111‘1111(1(11111( .................................... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ................................. ................................. :::::::::::::::::::::::::::::::::::: Path for Command Processor C:\COMMAND.COM .. .............................. ..1....1....................... ................................. .................................... ::::::::::::::::::::::::::::::::: Path for PC-SAM :::::::::::::::::::::::::::::::::::: C:\PCSAM\ 11.11~,11~11~11,~11.1(1(11((1(11((1( !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ................................. :::::::::::::::::::::::::::::::::::: ..................................................................... 11,11,1111111111.1.1,,.,,...~~~‘. 1111111111.1,111111.,.~.~,~,~~,,~,,~ ................................. ................................. :::::::::::::::::::::::::::::::::::: ................................. .................................... Cancel , ,,,,,,,,,, .... . .... . ............. ~.................1.,.,......,,..,~. ::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::: ..................................................................... 1111111,11111,11,,11.,,,,.,,.‘~~~ l**llll‘**tll‘l*l**l*~*~**‘***,~**‘, ................................. :::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::: .................................... .............................. ...... ::!:!!:::!!::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: .................................... ............................................................................................................................................................................................................................... ............... :::::::::::::::::::::::::::::,::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 488216 ALT-X Exit FigureI The seven environment options are clearly defined and can be changed easily. Because of the numerous device drivers and extended PATH statement used on our systems, we use the following statement in our AUTOEXEC.BAT file: SET COMSPEC=C:\COMMAND.COM /E: 1024
/P
Therefore we changed the DOS Environment Size option to 1024 in setting up the environment configuration. This lead to problems in running PC SAM because the program handles COMPSEC. When we removed the COMPSEC line from the AUTOEXEC.BAT file, operations proceeded without diffiCulty.
not to use this option and left the line blank during our tests of the program. [c]
path for command processor and pathfor PC Sum must be entered.
[d]
password: This final installation option is used to enter the super user’s name and password. The administrator will also be prompted to enter a key that is used to encrypt the hard disk. This key is an 8-byte hexadecimal number, using any valid hexadecimal character in the range of’O’to ‘FFFF FFFF FFFF FFFE’
Note: It is essential to save the three sets of options, a choice available under the options’ menu. They can be updated at any time by the super user.
The four entries for program control include:
[al
[bl
system timer command line: this information is needed when installing PC SAM on XTs to set time and date. For ATs with batteries to control time and date this entry is lefi blank. command line for virus checker: the path for the virus program must be entered here. We decided
Phase Two of Installation The second phase of installation is required using the full install option on the main screen of the program. During this phase both the AUTOEXEC.BAT and CONFIGSYS files on the system are altered by PC SAM. The rest of the process is straightforward and should present no difficulties.
685
H. J. Highland/Random Bits & Bytes
Using PC SAM Once the system is rebooted, a logon screen appears [see Fig 21. During this process a user attempt will fail if there is an invalid user ID, invalid password or if the user has been suspended. The logon denied message does not indicate the reason for the denial, an effective security feature.
Figure2.
Before the program installs boot protection, the inability to access drive C by anyone booting the system with a floppy disk in drive A, a disaster recovery disk must be prepared. This step is critical so that the security administrator or a deputy would be able to boot from drive A in case of emergency. The boot PC SAM. Without impossible
protection [encryption] is an essential part of All vital areas of the hard disk are encrypted. the disaster recovery disk it would be to access drive C. .
Once these steps have been completed, PC SAM takes over control of the system upon a reboot.
After the system has been accessed, the user screen [see Fig 31 is displayed. The object-oriented window environment has three major components: the menu bar at the top, the main menu and the command line at the bottom. The six options in the top bar menu include such items as: log off, lock system, exit to DOS, edit facilities, maintenance including use of mouse and colour preferences, several utilities and control of the size of the window. Among the utilities, for example, are: l
an ASCII table
l
calculator
l
calendar
l
editor
l
security
PC SAM Version
Figure 3
686
2.1
Computers & Security, Vol. I I, No. 8
System =[=I =[.I
Edit
Alarm
PC SAM Version 2.1 Maintenance Utilities Windows User Maintenance Add a New User
User Id
larkin
User Info
audit department
25/08/1992
14:05:02 [$I=
Access to PC SAM functions System [ ] Edit Autoexec.bat [ ] Edit Config.sys [ ] Edit Pcstop.bat [ ] DOS Access
Last Edit
= Aug 25, 1992
Alarm [X] Display
Maintenance [ ] Menus [ ] Users [X] Colors [X] Mouse [X] Preferences
Utilities [X] Text Editor [ 1 Decrypt [X] Encrypt [ ] Secure Delete
1:23pm
Fl Help 1 Add new users information and menu bar access User=HARRIS Licensed to Harold Joseph Highland
130800
Fig. 4
The last of these utilities provides for encryption, decryption and secure deletion of a file. A fast proprietary algorithm as well as DES is available for the user. The secure deletion utility overwrites a file three times, first with OS,then with 1s and finally with random characters. It may not be up to US DOD standards but is highly effective in almost all business environments. Which of the many options available to a specific user is determined when the administrator adds a new user. Four basic option areas are controllable as shown in Fig 4. An ‘x’ in the appropriate box indicates the specific access for the user. Particularly use&l is the ALARM [Access Logging and Report Management] utility. A sample of the detailed report [generated primarily for this product review] is shown in Fig 5. Note that at 2:47pm there is a failed logon, an invalid user ID. Although normally it would not be possible to identify an illegal attempt to access
the system, the “LAS” indicates an aborted attempt by Larkin.
A Final Note PC SAM is available under licence agreement. It is one of the best comprehensive access control packages we have tested and we were impressed by the options and flexibility offered by the program. This program was tested without using some of the security packages we have in place on the two systems. We have a high-speed Public Key/DES encryption communications board on one system and found that it could not be used concurrently with PC SAM. We have Lattice’s Secret Disle on the other system and found that we could not access the ‘secret disks’ when using PC SAM. But that is a problem which can be resolved by abandoning other security programs in favour of PC SAM since it offered a high level of overall security
687
H. J. Highland/Random Bits & Bytes
Edit Alarm System -181 Date/Time 2:43pm 251 S/1992 2:44pm 251 a/1992 2:44pm 251 a/1992 251 S/1992 2:44pm 2:45pm 251 a/1992 251 S/1992 2:45pm 251 S/1992 2:45pm 2:46pm 251 S/1992 2:46pm 251 a/I992 2:47pm 251 S/1992 2:47pm 251 S/1992 2:47pm 251 S/I992 2:47pm 251 S/I992 251 S/1992 2:47pm 2:4apm 251 B/1992 2:4apm 251 S/1992 2:4apm 251 S/1992 2:49pm 251 S/1992 Fl Help Licensed
PC SAM Version 2.1 25/08/1992 14:50:44 Maintenance Utilities Windows Audit log Userid Operation * JOSEPH Menu maintenance JOSEPH Logged off Failed: Logon (User HARRIS invalid HARRIS Logged on HARRIS Execute 'Encryption' Execute 'Communications' HARRIS Logged off HARRIS JOSEPH Logged on JOSEPH Execute 'Polution' JOSEPH Logged off REBECCA Logged on Execute 'StatProgram' REBECCA REBECCA Logged off Failed: Logon (Invalid user LAS LARKIN Logged on Execute 'Publisher' LARKIN . LARKIN Logged off . HARRIS Logged on
F3,ESC Close ALT-P Print to Harold Joseph Highland
ALT-F To File User=HARRIS
I28728
Figure5
Problems and Solutions -
Q: and A:
Over the years we have received letters, telephone calls, fax and electronic mail from readers about security and security-related problems they face. We would like to extend that service to all readers who have heretofore not availed themselves of our assistance. [l]
Postal address: Dr. Harold Joseph Highland, Compulit, Inc, 562 Croydon Road, Elmont, NY 11003-2814,
[2] Electronic mail: [email protected] [which is interconnected with Internet] [email protected] [an Internet address which is used as a backup; this mail is read less frequently]. [3] Telex:
[+l] 650.406.5012
USA or
[which is routed through MCI mail].
[4] Fax: [+l] 516.488.6868 [B ecause we use a Fax board in our microcomputer this requires telephoning our office to notify us about pending transmission so we can activate the Fax board. This can be done only during office hours -_ 14:30 to 21:30 Zulu.]
Q: Our company wilI enter the world of telecommunications by joining Internet later this year. I have been given the job of preparing materials for our staff to use the network. The manuals are far from adequate since I have no previous networking experience. I did get some help from a local college; they sent me a copy of their user manual. I need more! Is there anything that will give me a background overnight?
A: Two quick references you might find of value. The first is the October 1992 issue of IEEE Spectrum and the other is a recently published book, The Whole Internet.
The October issue of IEEE Spectrum13] has a series of well-written and informative articles on e-mail in a section, “E-mail: Pervasive and Persuasive” by Telka S.
Computers & Security, Vol. I I, No, 8
is rather
bland
as compared
with
other
forms
of communications
-- no body
language,
voice
inflection
letterheads.
Here. are
or fancy
some symbols used by e-mail writers to enliven their copy. To read the symbols rotate this illustration 90-degrees clockwise. :-
)
Amusing
or joking
comment
or flirting
comment
;-I
Sarcastic
:-(
Frown
: - ( (
Wince or flinch reaction
- one is upset
>:-<
Very angry comment
:-D
A laugh
:-@
A scream Confused
%-I :-x .
reaction
or comment
Won’t say a word
Symbols
used
by authors
article and those we’ve
of IEEE
Spectrum
found in our e-mail.
Perry and John A. Adam, senior and senior associate editors, respectively. This section includes: E-mail at work Playing on the net Forces for social change To probe further The Whole Internet: User’s Guide & Catalog [4] by Ed Krol is a valuable reference addition to any company or individual’s library. Although written primarily to explain Internet, there are many useful sections for anyone
13]lEEE Spectrum, 345 East 47th Street, New York, NY 10017, USA. Telephone: 212-705-7555 or l-800-678-4333 [41This 376-page soft-covered book is available for $24.95 f&n O’Reilly & Associates, Inc. 103 Morris Street, Suite A,Sebastopol, CA 95472 USA. Overseas it is available corn Addison-Wesley but in Japan horn Toppan Company Ltd in Tokyo..
interested in obtaining the benefits of being on a network or exploring what is available on other networks. File Transfer Protocol [FTP] is clearly explained and easy to understand. The step-by-step instructions are easily followed with an explanation of common file types and modes.The appendix on international network connectivity is a handy guide to understanding country extensions used in e-mail addresses. There are several worthwhile chapters that take the mystery out of many aspects of networking. The one on electronic mail covers such topics as carbon copies,blind carbon copies, mail forwarding, sending binary data as ASCII and setting up mailing lists. The chapter on finding someone on a net is well written and exceedingly handy when you try to reach someone whose e-mail address is not known to you. The resources available over Internet can satisfy any network gourmet with data about scientific areas -astronomy, chemistry, biology, computing; CERT security advisories; refer8th edition of the Concise Oxford ence books dictionary, CIA World Fact book; resource directories. For the adventurous there is information about science fiction literature, Chinese classical literature, and even a guide for home brewers.
Communications Line Noise Q: Last month my department was moved to another building in our company complex. Almost everybody has been plagued by a high level of ‘garbage’ during telecommunications. Furthermore, the number of illegal sign-ons to the company network has increased to an annoying level. Also the department has wasted time because it is often necessary to duplicate transmission of documents. There has been no equipment changes and the problem did not exist in our former facilities. My job is microcomputer supervisor and I have not been able to obtain cooperation from our main computer centre. Is there any simple solution to the problem? A: We do not have sufficient technical information about your specific situation, but over the years we have found problems such as yours. Some of the older modems create external noise. Even though you have the same hardware, the units might be arranged differently. Ifyou are not already doing so,you might try using
689
H. J. Highland/Random Bits & Bytes
a shielded RS232 cable to connect a modem to the microcomputer and see if there is noise reduction. Another test you can make is changing the baud transmission rate used by the modem. Higher rate modems are more intolerant of line noises than those operating at lower baud rates. If the noise is greatly reduced or eliminated at the lower baud rate, you might solve the problem by obtaining high-speed modems. We have found that a 9600 modem working at 4800 baud is less sensitive to line noise than a 4800 unit. True this may be a costly solution but detecting and eliminating other causes of line noise may be much more expensive. Line noise can be caused by either of the following.
[1]
Older fake telephone lines: It is possible that the telephone lines within your building are an older type which have a tendency to be noisy. Do you still have the same telephone exchange? If you have a different one, it might be caused by older lines somewhere along the route between your microcomputers and the central telephone company exchange.
First, you can try to reduce the noise by using a built-in utility contained in most microcomputer telecommunications programs. If this helps, then make certain that all microcomputers are configured to use that utility Second, to try to narrow down your problem you might try disconnecting during a noisy transmission and redialing the number. If the noise persists, the cause may be older lines. [2]
Electrical interjrence: This is another cause of line noise. You can do some of the checking but it may be necessary to obtain the assistance of the building maintenance department.
Noise is sometimes induced by having the telephone lines and/or telephone junction boxes situated next to or near electric power lines. In one case we found the telephone line junction box located next to an elevator motor in the basement. In another we found that the builder used a conduit for all cables during construction so that power and telephone lines were side by side. Does your building contain any production facilities? If the electrical lines used by your computers are also used by industrial equipment, you probably will have line
690
noise. We found one facility that had the company printing plant next to the data centre and shared the electrical lines. In another we found several photocopy machines sharing the computer lines. Mentioning your company complex reminded us of a computer centre in its own building but across a single driveway there were aluminum arc-welding machines. Their arcing, when in use, induced noise and damaged magnetic tapes stored in a case on the wall facing the driveway.
Data Integrity [?] The US Federal District Court’s computer in Connecticut declaredall Hartford citizens dead for the past three years - only the people did not know it, nor did the court. The computer is used to obtain a list of prospective grand jurors and not one Hartford resident, a part of that pool, had been selected. The chiefclerk ofthe US court in an attempt to discover why no one in that city has been considered for grand jury duty discovered, according to an Associated Press release, a “computer error.” According to the report the city name had been placed in the wrong column forcing the ‘d’ in Hardord into another column. The ‘d’ in that other field is used to describe the status of the individual juror. In its search, the computer program found the character ‘D,’ which was used in the court computer records to note that the juror was dead. Because of this every time a prospective grand juror list was created, the program skipped any legal Hartford resident since questionnaires are not sent to dead people. This program error was found after three years when there was a challenge to the racial composition of the grand jury that indicted a defendant in a $7 100 000.00 robbery at Wells Fargo back in 1983. We are aware that a good programmer should attempt to conserve file space by limiting the length offields, but
NTIS Volumes of Interest The National Technical Information Service (NTIS) is a self-supporting agency of the US Department of
Computers & Security, Vol. I I, No. 8
Commerce. It provides access to the results of both US and foreign government-sponsored research and development and engineering activities. For copies of any of the publications we consider of interest to computer security directors and personnel, you can communicate with:
experimental results indicated there was no significant difference between the CIC system using an inking stylus and the Sign/On systems and that both systems had Type 1 error rates of less than 3% and Type 11 error rates of less than 1%. The results also indicated that the operating conditions test did not favour either system.
U.S. Department of Commerce National Technical Information 5285 Port Royal Road Springfield, VA 22161 USA Orders: +l 703 487-4650 Telex: 89-9405 or 64617 Fax: +1 703 321-8547
User Authentication: A State-of-the-Art Service
Review of US and European Security Evaluation Criteria C.R.Dinkel,National Inst.ofStandardsandTechnology, Gaithersburg MD, Computer Security Div., March 1992,29pp., PB92-172022WCC. Several US and European documents describing criteria for specifying and evaluating the trust of computer products and systems have been written. The report reviews five of these documents and discusses the approach each one uses to provide criteria for speci@ing and evaluating the trust of computer products and systems. Signature Verification for Access Control S.C. Geshan, Naval Postgraduate School, Monterey CA, September 1991,55pp.,AD-A245 334/8/WCC. Access control to sensitive information is a vital concern for Department of Defense agencies. Current methods employed to control access are vulnerable to unauthorized users and frequently inadequate. The use of biometric access control devices, such as signature verification systems, may represent a solution to the access control problem. This thesis looked at two dynamic signature verification systems and compared their performance in general as well as under the different operating conditions of lined and unlined paper and morning and afiernoon use. The two signature verification systems were the CIC system and the Sign/On system. Additionally, the thesis compared the CIC system under both sets of operating conditions using an inking stylus pen and a non-inking stylus pen. The
Review
J.A. Coley, Naval Postgraduate School, Monterey September l991,124pp., AD-A245 612/7/WCC.
CA,
Access control of computing systems is considered a key issue among Information Systems managers. There are different methods available to computing systems to ensure a proper authentication of a user. Authentication mechanisms can use simple user-generated passwords to complicated combinations of passwords and physical characteristics ofthe user (i.e.,voice recognition device, retina scanner, signature recognition device, etc.). This thesis looks at the various authentication mechanisms available to a security manager. It describes how different authentication mechanisms operate and the advantages and disadvantages associated with each mechanism. It also reports on several commercially available software products that support the user authentication process. Finally, a discussion of password use in the military environment and the unique requirements of the Department of Defense. Security Considerations in Distributed Systems D.R. Rhead, Naval Postgraduate School, Monterey CA, September l991,102pp., AD-A246 807/2/WCC. This thesis investigates computer security considerations in distributed systems. In particular, it concentrates on assisting managers to gain an appreciation for what distributed systems are and what are the inherent security issues in these systems. A survey of the literature on computer security was conducted to identify those issues unique to distributed systems, Although many controls are discussed, management must design and support a comprehensive security plan tailored to their unique organization. SPAN: A Decision Plan Analysis
Support System for Security
S.H.Ramsey,NavaI Postgraduate School,Monterey September 1991,79pp.,AD-A245 016/1/WCC.
CA,
691
H. J. Highland/Random Bits & Bytes
Computer-based information systems provide countless opportunities to improve an organization’s functioning and enhance its products or services. They also expose organizations to significant risks as they become increasingly dependent on information resources. To minimize the risks to an organization’s information systems, an Information System (IS) security plan must be formulated. A Decision Support System (DSS) can provide managers with consistent and concise guidance for the development and analysis of an IS security plan. SPAN, a Decision Support System for Security Plan Analysis has been developed to provide IS managers with information necessary to make informed IS security plan decisions. This thesis will address how SPAN can be applied for security plan analysis resulting in better and more informed security plan decisions. Sample Statements of Work for Federal Computer Security Services: For Use in-House or Contracting Out D.M. Gilbert and N. Lynch, National Inst. of Standards and Technology, Gaithersburg MD, December 1991, 97pp.. PB92-148261/WCC. Each federal organization is fully responsible for its computer security program whether the security program is performed by in-house staff or contracted out. Time constraints, budget constraints, availability or expertise of staff, and the potential knowledge to be gained by the organization from an experienced contractor are among the reasons a federal organization may wish to get external assistance for some of these complex, labour intensive activities. An interagency working group of federal and private sector security specialists developed the document. The document presents the ideas and experiences of those involved with computer security, It supports the operational field with a set of Statements of Works (SOWS) describing significant computer security activities. While not a substitute for good computer security management, organization staff and government contractors can use these SOWS as a basis for a common understanding of each described activity. The sample SOWS can foster easier access to more consistent, high-quality computer security services. The descriptions apply to contracting for services or obtaining them from within the organization.
American Computer COMPSEC-11
Security
Industries,
Inc,
B.A. Maguschak, C. Reese and R.L. Williamson, National Computer Security Center, Fort George G. Meade MD, 10 June 1991, 52pp., AD-A247 210/8/WCC. The National Computer Security Center (NCSC) examined the security protection mechanisms provided by American Computer Security Industries, Incorporated’s COMPSEC-11 USA American Version, release B3.1. COMPSEC-11 is a subsystem, not a complete trusted computer system. Therefore, it was evaluated against the Computer Security Subsystem Interpretation (CSSI). Specifically, the applicable requirements for this evaluation included Identification Authentication (I and A), Discretionary Access Control (DAC), audit and object reuse. The evaluation team determined that the highest class at which COMPSEC-11 satisfies the I and A, DAC, audit and object reuse requirements of the CSSI is class D. This report documents the findings of the evaluation. Securing Applications in Personal Computers: The Relay Race Approach J.M. Wright, Naval Postgraduate School, Monterey CA, September l991,107pp., AD-A246 94O/l/WCC. This thesis reviews the increasing need for security in a personal computer (PC) environment and proposes a new approach for securing PC applications at the application layer. The Relay Race Approach extends two standard approaches: data encryption and password access control at the main program level, to the subprogram level by the use of a special parameter, the Baton. The applicability of this approach is demonstrated in an original Basic application and an existing Dbase IV application, representing both third generation language (3GL) and fourth generation language (4GL) environments. The Approach can add to overall network security in the PC LAN environment as well. The Approach is successful and proposed enhancements can strengthen the Approach. Software and the Virus Threat: Providing Authenticity in Distribution G.M. LaVenture, Naval Postgraduate School, Monterey CA, March 1991,82pp., AD-A246 083/O/WCC.
692
Computers & Security, Vol. I I, No. 8
Computer viruses have threatened the integrity and reliability of computer systems since 1983. Literally hundreds of viruses exist for the IBM compatible computer alone. These viruses can cause corruption or loss ofprogram and data files, incidental damage to hardware, and degradation or loss of system performance. This paper examines the nature of the virus threat by discussing virus types, methods and rates of propagation, relative frequencies of occurrence, and genealogy. Possible methods for virus detection and identification, followed by disinfections, are outlined. Minimum capabilities and testing criteria for these products are also detailed. Methods for controlling and limiting infection and damage are discussed. These are considered minimum acceptable safeguards to be implemented by an organization. Lastly, sot&are authentication means are examined which, when used in conjunction with the minimum safeguards, would eliminate the possibility of viral infection. Computer the Navy
Virus Security in the Department
of
M.J. Salters, Naval Postgraduate School, Monterey CA, March 1992,63 pp., AD-A247 476/5/WCC. This thesis discusses the growing threat of computer viruses and their impact on Automated Information Systems. In particular, it attempts to show a need to establish sound security programs that properly address computer viruses. A major area of the thesis focuses on current guidance by the Department ofDefense and the Department of the Navy and provides recommendation for a Navy organization to effectively combat the security threat fi-om computer viruses. Sicherheitsarchitektur &et Verteilte Systeme (Security Architecture for Distributed Systems) M. Kaeding, Technische Univ. Berlin (Germany), Fachgebiet Raumfahrt, 1991, 184 pp., text in German, N92-20170/6/WCC. A Subject, Object and Function (SOF) model is developed for the modeling and technical integration of the access control mechanism in a distributed system. A system is defined for the description ofthe access control ratings ofa user, e.g., a subject.The access control system is composed ofthree system duties which are controlled by a security manager, and work with logic object marking. The three duties also control the access f&c-
tion realization of an object and the transport of an object within the distributed systems. The field of communication security is covered by known coding processes. Is Hypertext a Solution ADP Security Program Problems
to Implementing an in DON. Issues and
R.A. VanMeter, Naval Postgraduate School, Monterey CA, September 1991,14lpp., AD-A245 868/5/WCC. The goal of this thesis is to provide an overview of hypertext to determine its feasibility for resolving some of the problems currently facing newly assigned and inexperienced ADP security officers. The proclivity within DOD for using documents in virtually every facet of work suggests that hypertext has a promising future in the DOD. To implement an ADP security program in the Navy, the information presented in the DON AID Security Guidelines should be carefully selected and filtered to derive a tool that provides an effective and circumstance-shaped source of information, guidance and reference. From a design standpoint, it is important to integrate hypertext technology with other computer based tools - such as expert systems and simulation models - to fully exploit the potential of this new technology.
Professor Harold Joseph Highland, FICS is a dinosaur* who was graduated from the university and commissioned as a Second Lieutenant in 1938. He is Managing Director of Compulit, Inc [Elmont, NY, USA] and heads its Microcomputer Security Laboratory. He retired more than a decade ago with the academic rank of Distinguished Professor from the State University of New York. He is the founding editor of Computers & Security. As Editor-in-Chief Emeritus, he writes his “Random Biti GBytes” column that appears regularly in the journal. Furthermore he serves on the editorial board ofseven professional magazines in the United States and overseas, and writes special features periodically. He is the author of 26 books and numerous professional and technical papers. In addition to his writing and speeches Dr. Highland conducts workshops in computer security, especially in the areas of microcomputer security and cryptography Also he currently is: l
Chairman of IFIP/WGll.8 on information and training, an international committee industry, government and universities,
security education of members horn
693
H. J. Highland/Random Bits & Bytes
*President
of the Virus
non-profit l
Security
an international
Chairman of the ACM International Plan Task Force.
@Associate
of the Information
Security
Queensland University of Technology l
Institute,
organization,
Public
Information
Officer
Research
Centre
of
[Brisbane, Australia], and
of IFIP/TCll
[the International
Federation for Information Processing’s Technical Committee on information security
1 I]
Professor Highland is also counsel to the Computer Security Technical Committee of the Chinese Computer Federation [Beijing, PRC] and to other government agencies in the US and overseas. Active in a number of professional associations, Dr. Highland has been a Fellow of the Irish Computer Society [ICS] since 1985. He is also a member ofthe New York Academy of Sciences [NYAS], the Association for Computer Management [ACM], the IEEE’s Computer Society [IEEEKS], Information Systems Security Association [ISSA], American Association for the Advancement of Science [AAAS], Computer Professionals for Social Responsibility [CPRS], and the Society for Irreproducible Results [SIR]. A more complete although condensed biography can be found in Who’s who in Scienceand Technologyand also in who’s Who in Amerim. * [Let’s make no bones about it: a) dinosaurs ruled the world, b) they kept their teeth sharp, c) they survived one helluva long time.Ed.1
694