- Email: [email protected]
AOLGOLD virus worries users
December
1995
technology diverting incoming files to a mail box where they can be scanned for unidentifiable attachments or viruses. Messages containing an undesirable attribute are ‘quarantined’, allowing virus protection tools to be used. Integralis has also announced the addition of dynamic address allocation to its Internet Translation Gateway. This will enable network administrators to change PC networks without the need to reconfigure workstation addresses or routers. The product allows unregistered companies to gain Internet access without the need to create new addresses for every PC. Integralis has added dynamic address allocation to improve internal functionality on TCP/IP-based networks, The product also offers static and dynamic mapping which allows large private networks to share pools of public addresses from a dynamic pool. As this is based on a configurable time-out period, organizations need only cater for the number of uses needing concurrent access through the gateway. For further information, confacf: Catherine Jamieson on +44 7734 306060.
A firewall for ATM In the United States, Network Systems Corp. is focusing on the need for ATM-based security solutionsThe company, reports LAN Times, claims to be developing a firewall that filters and authenticates ATM cells without slowing down high-speed traffic passing through the firewall. When IP-based networks migrate to ATM using capabilities such as Classical IP and LAN Emulation, traditional IP packet-filtering firewall technologies will be rendered useless. The
01995
Elsevier Science Ltd
Network Security
company’s forthcoming ATM firewall - a hardware and software combination -will provide cell authentication for ATM cells on networks that are running both native ATM and LAN Emulation. The approach may also be assailed by experts critical of packet-filtering technologies, although NSC says application level filtering will be added as well. Packet-filtering firewalls on IP networks examine header information on packets to authenticate their origins, but most security experts say that these firewalls can be fooled by hackers and that applications-based filters are also needed. The ATM Firewall will be a hardware device based on a Sun Microsystems Inc. SPARC processor that sits outside the network router and acts as a control valve for all incoming traffic. The hardware will be managed with NetStalker, a security management application developed for NSC by Haystack Labs Inc. The hardware should have the capability to filter IP information when the packets are put into ATM cells using LAN Emulation or Classical IF! It will filter such information as IP fragments, IP source, IP destination, protocol type, source port, SNAP header and ATM Virtual Circuit Identifier and Virtual Path Identifier. Cells do not match the security policy are dropped. Cells that pass the security policy will pass through the firewall at full-line speed.
Unix network security OpenVision Technologies Inc. is updating its systems management product line with an eye toward securing heterogeneous environments reports LAN Times. OpenV*SecureMax is an
auditing tool that helps detect security breaches across Unix, OpenVMS and now Microsoft Windows NT networks. The product lets administrators simultaneously audit NT, Unix and OpenVMS systems from any of the three server platforms. While not a real-time intrusion detection tool, the software is designed to scan servers for suspicious activity, such as changes in user-account configurations, access privileges, passwords etc.
AOLGOLD virus worries users Erin English A new ‘Trojan horse’ virus capable of wiping out all of the files on a network has users of America’s most popular online service provider in a panic. The virus, which can be distributed as an attached file to any E-mail message, has been spotted first on America Online called ‘AOLGOLD’, and ‘install.exe’. However, it is capable of being distributed on other online services and the Internet as well. America Online could not comment on how many of its users, or Internet users in general have been affected. The virus was called to the attention of America Online officials by a member, and subsequently the company issued a letter to its four million members with advice on how to avoid the effects of the nasty virus. At the same time, AOL officials along with federal officials are trying to track down the source. The Trojan Horse virus cannot be transmitted by simply reading E-mail, the file can only
5
December I995
Network Security
be activated once it is installed into the computer. Once the virus is activated though, it restarts the computer, renaming the program that controls the computer monitor. A subsequent rebooting prompts a deleting of all the tiles on the computer’s hard drive in alphabetical and numerical order. “It’s a Trojan Horse.. , in order for it to do harm, people would have to download the file”, assured Kathy Johnson, spokesperson for America Online. According to Christian Byrnes, analyst with research firm the META Group, the ALGOLD virus is “a cheap prank.. , not something that a virus writer would be proud of. m However, it can still effectively wipe out a user’s hard drive. Tracking down the person who has created the file will be extremely difficult, Byrnes said, unless it was sent an AOL member. Even if that is the case, the user could, after his membership has been terminated come back with a new identity. Users must be wary of any unsolicited E-mail which comes their way. “This a destructive prank and its impossible to stop”, Byrnes said. “It’s like sexually transmitted diseases, you can’t wipe them out; everyone needs to take responsibility for their own actions.”
IP security standards battle it out
Microsystems with its Simple Key Management for Internet Protocols (SKIP), and another group of cryptography experts with their Photuris IP technology. A third contender, the National Security Agency has entered the picture as well. It was originally thought that one single standard would be chosen at an IETF working group meeting; now it looks as though that is not the case. Paul Lamberg, co-chair of the Internet Protocol Security Working Group within the IETE said it is likely that no one specification will prevail as ‘standard’, that both SKIP and Photuris will gain acceptance in the industry, and will be treated as viable solutions. ‘I suspect that there will be multiple specifications created within the Internet community., . both SKIP and Photuris will get published, and both will have a following. The group as a whole is creating both of these specifications”, Lamberg said. “SKIP is subtly different from Photuris, but the working group consensus is supposedly with Photuris.. , even though it is a tiny bit behind SKIP in terms of the specification writing.“ Lamberg said that the IETF working group has come to a consensus that Photuris is “what we want to put forward first”, because it has several attributes in its cryptographic exchange that are important - anti-clogging, as well as other security mechanisms that SKIP does not have.
Erin English Several groups vying for support from the Internet Engineering Task Force for Internet Protocol-based security specifications are now counting the days until a final vote takes place (8 December). The two main contenders are Sun
6
Photuris’ anti-clogging defence device guards against the possibility of a user sending ‘bogus datagrams’ to sabotage a system. If for example someone were to send data that cannot be authenticated by a user, Photuris can easily discard it
without further processing. SKIP currently exists in the company’s Sunscreen firewall offering, and is also being included in Solaris, PC-NFS and Netra Internet servers. The company is also said to be working with telcos who are interested in licensing SKIP for use in firewall, router and TCP/IP stacks. Photuris and SKIP address key management as one of the most important features in an IP security solution; without it, network or security administrators would be presented with the daunting task of manually configuring keys for communications between individuals said John Pescatore, a security analyst with research firm International Data Corp. ‘if I send a message to 22 people and it’s encrypted at the IP level, it would need not only my public key on one end, but it would need 22 public keys. There’s this whole key management problem that SKIP and Photuris are trying to solve”, Pescatore said. In addition to specs presented for Photuris and SKIP Lamberg said that yet another group will be looking for support from the IETF; the National Security Agency is beefing up its IP specification. The NSA work is the most robust in terms of meeting a broad set of requirements, Lamberg said, because the group wants to be sure that public key exchange specs also can carry classified, private key exchange that would be used by the US government. ‘This is not really a battle between SKIP and Photuris, it’s a battle between three specifications” Lamberg said. “NSA needs to be presented as an (unveiling) emerging set of work to define strong security mechanisms for the Internet.”
01995 Elsevier Science Ltd
1995
technology diverting incoming files to a mail box where they can be scanned for unidentifiable attachments or viruses. Messages containing an undesirable attribute are ‘quarantined’, allowing virus protection tools to be used. Integralis has also announced the addition of dynamic address allocation to its Internet Translation Gateway. This will enable network administrators to change PC networks without the need to reconfigure workstation addresses or routers. The product allows unregistered companies to gain Internet access without the need to create new addresses for every PC. Integralis has added dynamic address allocation to improve internal functionality on TCP/IP-based networks, The product also offers static and dynamic mapping which allows large private networks to share pools of public addresses from a dynamic pool. As this is based on a configurable time-out period, organizations need only cater for the number of uses needing concurrent access through the gateway. For further information, confacf: Catherine Jamieson on +44 7734 306060.
A firewall for ATM In the United States, Network Systems Corp. is focusing on the need for ATM-based security solutionsThe company, reports LAN Times, claims to be developing a firewall that filters and authenticates ATM cells without slowing down high-speed traffic passing through the firewall. When IP-based networks migrate to ATM using capabilities such as Classical IP and LAN Emulation, traditional IP packet-filtering firewall technologies will be rendered useless. The
01995
Elsevier Science Ltd
Network Security
company’s forthcoming ATM firewall - a hardware and software combination -will provide cell authentication for ATM cells on networks that are running both native ATM and LAN Emulation. The approach may also be assailed by experts critical of packet-filtering technologies, although NSC says application level filtering will be added as well. Packet-filtering firewalls on IP networks examine header information on packets to authenticate their origins, but most security experts say that these firewalls can be fooled by hackers and that applications-based filters are also needed. The ATM Firewall will be a hardware device based on a Sun Microsystems Inc. SPARC processor that sits outside the network router and acts as a control valve for all incoming traffic. The hardware will be managed with NetStalker, a security management application developed for NSC by Haystack Labs Inc. The hardware should have the capability to filter IP information when the packets are put into ATM cells using LAN Emulation or Classical IF! It will filter such information as IP fragments, IP source, IP destination, protocol type, source port, SNAP header and ATM Virtual Circuit Identifier and Virtual Path Identifier. Cells do not match the security policy are dropped. Cells that pass the security policy will pass through the firewall at full-line speed.
Unix network security OpenVision Technologies Inc. is updating its systems management product line with an eye toward securing heterogeneous environments reports LAN Times. OpenV*SecureMax is an
auditing tool that helps detect security breaches across Unix, OpenVMS and now Microsoft Windows NT networks. The product lets administrators simultaneously audit NT, Unix and OpenVMS systems from any of the three server platforms. While not a real-time intrusion detection tool, the software is designed to scan servers for suspicious activity, such as changes in user-account configurations, access privileges, passwords etc.
AOLGOLD virus worries users Erin English A new ‘Trojan horse’ virus capable of wiping out all of the files on a network has users of America’s most popular online service provider in a panic. The virus, which can be distributed as an attached file to any E-mail message, has been spotted first on America Online called ‘AOLGOLD’, and ‘install.exe’. However, it is capable of being distributed on other online services and the Internet as well. America Online could not comment on how many of its users, or Internet users in general have been affected. The virus was called to the attention of America Online officials by a member, and subsequently the company issued a letter to its four million members with advice on how to avoid the effects of the nasty virus. At the same time, AOL officials along with federal officials are trying to track down the source. The Trojan Horse virus cannot be transmitted by simply reading E-mail, the file can only
5
December I995
Network Security
be activated once it is installed into the computer. Once the virus is activated though, it restarts the computer, renaming the program that controls the computer monitor. A subsequent rebooting prompts a deleting of all the tiles on the computer’s hard drive in alphabetical and numerical order. “It’s a Trojan Horse.. , in order for it to do harm, people would have to download the file”, assured Kathy Johnson, spokesperson for America Online. According to Christian Byrnes, analyst with research firm the META Group, the ALGOLD virus is “a cheap prank.. , not something that a virus writer would be proud of. m However, it can still effectively wipe out a user’s hard drive. Tracking down the person who has created the file will be extremely difficult, Byrnes said, unless it was sent an AOL member. Even if that is the case, the user could, after his membership has been terminated come back with a new identity. Users must be wary of any unsolicited E-mail which comes their way. “This a destructive prank and its impossible to stop”, Byrnes said. “It’s like sexually transmitted diseases, you can’t wipe them out; everyone needs to take responsibility for their own actions.”
IP security standards battle it out
Microsystems with its Simple Key Management for Internet Protocols (SKIP), and another group of cryptography experts with their Photuris IP technology. A third contender, the National Security Agency has entered the picture as well. It was originally thought that one single standard would be chosen at an IETF working group meeting; now it looks as though that is not the case. Paul Lamberg, co-chair of the Internet Protocol Security Working Group within the IETE said it is likely that no one specification will prevail as ‘standard’, that both SKIP and Photuris will gain acceptance in the industry, and will be treated as viable solutions. ‘I suspect that there will be multiple specifications created within the Internet community., . both SKIP and Photuris will get published, and both will have a following. The group as a whole is creating both of these specifications”, Lamberg said. “SKIP is subtly different from Photuris, but the working group consensus is supposedly with Photuris.. , even though it is a tiny bit behind SKIP in terms of the specification writing.“ Lamberg said that the IETF working group has come to a consensus that Photuris is “what we want to put forward first”, because it has several attributes in its cryptographic exchange that are important - anti-clogging, as well as other security mechanisms that SKIP does not have.
Erin English Several groups vying for support from the Internet Engineering Task Force for Internet Protocol-based security specifications are now counting the days until a final vote takes place (8 December). The two main contenders are Sun
6
Photuris’ anti-clogging defence device guards against the possibility of a user sending ‘bogus datagrams’ to sabotage a system. If for example someone were to send data that cannot be authenticated by a user, Photuris can easily discard it
without further processing. SKIP currently exists in the company’s Sunscreen firewall offering, and is also being included in Solaris, PC-NFS and Netra Internet servers. The company is also said to be working with telcos who are interested in licensing SKIP for use in firewall, router and TCP/IP stacks. Photuris and SKIP address key management as one of the most important features in an IP security solution; without it, network or security administrators would be presented with the daunting task of manually configuring keys for communications between individuals said John Pescatore, a security analyst with research firm International Data Corp. ‘if I send a message to 22 people and it’s encrypted at the IP level, it would need not only my public key on one end, but it would need 22 public keys. There’s this whole key management problem that SKIP and Photuris are trying to solve”, Pescatore said. In addition to specs presented for Photuris and SKIP Lamberg said that yet another group will be looking for support from the IETF; the National Security Agency is beefing up its IP specification. The NSA work is the most robust in terms of meeting a broad set of requirements, Lamberg said, because the group wants to be sure that public key exchange specs also can carry classified, private key exchange that would be used by the US government. ‘This is not really a battle between SKIP and Photuris, it’s a battle between three specifications” Lamberg said. “NSA needs to be presented as an (unveiling) emerging set of work to define strong security mechanisms for the Internet.”
01995 Elsevier Science Ltd