- Email: [email protected]
Network Security Supplement
Volume
10
Number
2
ISSN 0142-0496
DECEMBER 1987
COMPUTERRK!L!A SECURITY BULLETIN Editor:
Editorial
ROBIN
ARNFIELD
Associate
Editor:
FRED LAFFERTY Director
of Corporate
Cargill
Security
BIS Applied
Data
William
Di’rector.
Coopers
& Lybrand,
A. J. Bound,
Robert
Ltd
CDP,
President,
Advanced
Fitzgerald,
Jerry
Fitzgerald
&Associates,
M. Greguras.
London
Alistair
Hind,
REED
Alkemi
Ltd
Sunninghill.
David James UK
Adrian
Special Technical MARTIN
Advisor:
SAMOCIUK
Director,
Network
Security
Management
Donn Michael Philip
Attorney,
British
Jackson, Kelman,
Data
R. D. Norman, B. Parker, I. Sobol, Weights,
Security and
Senior
and
Philip
Information
Management
Redwood
City,
Davis&West,
Los Angeles
Inc. Woodbridge,
Virginia
California
Palo Alto,
California
London
UK in Microelectronics
Pty, Ltd. New
Manager,
Crime,
London
DIgItal
South
and
Wales,
Equipment
Computing,
London
Australia
Co Ltd
Lecturer
Consultant,
Arthur
Management
President,
Expert
UK
for Computer
Department,
Specialist, Legal
Vonaldy
UK Security
Author
Stone,
Investigation
Director,
T. Lindsay, Martin,
Fenwick,
Telecom
Barrister
Dr. Les Lawrence,
ALAN
Center
P. Campbell,
Dr. Keith
Systems
Racal-Guard&a,
National
David
DR. KEN WONG
an Charge,
Director,
Fred Consultants:
Henry J. Beker, Director
Jay J. BloomBecker.
Dr. Jerry
Inc. Minneapolis
Editorial
Advisors:
Professor
MIS
D. Little
Systems
Training
Weights&Associates
Ltd. London
Consultant,
Institute,
Stanford
Framingham,
Management
Research
Institute,
Menlo
Park,
California
Massachusetts
Consulting,
New
York
Ltd
CONTENTS
Network Security Supplement Compsec report The implications of the SPANet hack Technical evaluation of SecretDisk Australian company develops Computer Safeguard
1 1 3 7
Washington case highlights call for new US computer crime law The OZ Card is dead! Long live the OZ Card! US firms risking computer disaster, say accountants
11 13 15
10
NETWORK SECURITY SUPPLEMENT
This issue of Computer Fraud Special Supplement by Dr Ken Wong Network Security.
COMPSEC
Compsec '87, the Fourth National Computer Security Conference, held at the Anugraha Centre near Windsor on 27-29 October, offered delegates a wide range of topics to choose from. These included seminars on secure operating systems, auditing Big security and compliance in the City, trusted system Bang, security, small systems security and data security standards.
REPORT
& Security Bulletin contains a of BIS Applied Systems Ltd on
Speaking on data security standards, Dr Wyn Price of the UK's National Physical Laboratory said no-one seriously suggested that the useful lifetime of the DES (Data Encryption Standard) was over, following the decision by the International Standards Organization (ISO) Council to abandon work on DES as a potential However, he felt preparation must be made international standard. for the time when it is judged no longer safe for use in protecting transactions of significant value or sensitivity. It is well known that the financial institutions make very Apparently, IS0 was afraid substantial use of the DES algorithm.
0 1987 Elsevier
Science Publishers
B.V.. Amsterdam.l87/$0.99
+ 2.20
system, or transmitted by any form or by any means. electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.]
No part of this publication
may be reproduced,
stored
in a retrieval
10
Number
2
ISSN 0142-0496
DECEMBER 1987
COMPUTERRK!L!A SECURITY BULLETIN Editor:
Editorial
ROBIN
ARNFIELD
Associate
Editor:
FRED LAFFERTY Director
of Corporate
Cargill
Security
BIS Applied
Data
William
Di’rector.
Coopers
& Lybrand,
A. J. Bound,
Robert
Ltd
CDP,
President,
Advanced
Fitzgerald,
Jerry
Fitzgerald
&Associates,
M. Greguras.
London
Alistair
Hind,
REED
Alkemi
Ltd
Sunninghill.
David James UK
Adrian
Special Technical MARTIN
Advisor:
SAMOCIUK
Director,
Network
Security
Management
Donn Michael Philip
Attorney,
British
Jackson, Kelman,
Data
R. D. Norman, B. Parker, I. Sobol, Weights,
Security and
Senior
and
Philip
Information
Management
Redwood
City,
Davis&West,
Los Angeles
Inc. Woodbridge,
Virginia
California
Palo Alto,
California
London
UK in Microelectronics
Pty, Ltd. New
Manager,
Crime,
London
DIgItal
South
and
Wales,
Equipment
Computing,
London
Australia
Co Ltd
Lecturer
Consultant,
Arthur
Management
President,
Expert
UK
for Computer
Department,
Specialist, Legal
Vonaldy
UK Security
Author
Stone,
Investigation
Director,
T. Lindsay, Martin,
Fenwick,
Telecom
Barrister
Dr. Les Lawrence,
ALAN
Center
P. Campbell,
Dr. Keith
Systems
Racal-Guard&a,
National
David
DR. KEN WONG
an Charge,
Director,
Fred Consultants:
Henry J. Beker, Director
Jay J. BloomBecker.
Dr. Jerry
Inc. Minneapolis
Editorial
Advisors:
Professor
MIS
D. Little
Systems
Training
Weights&Associates
Ltd. London
Consultant,
Institute,
Stanford
Framingham,
Management
Research
Institute,
Menlo
Park,
California
Massachusetts
Consulting,
New
York
Ltd
CONTENTS
Network Security Supplement Compsec report The implications of the SPANet hack Technical evaluation of SecretDisk Australian company develops Computer Safeguard
1 1 3 7
Washington case highlights call for new US computer crime law The OZ Card is dead! Long live the OZ Card! US firms risking computer disaster, say accountants
11 13 15
10
NETWORK SECURITY SUPPLEMENT
This issue of Computer Fraud Special Supplement by Dr Ken Wong Network Security.
COMPSEC
Compsec '87, the Fourth National Computer Security Conference, held at the Anugraha Centre near Windsor on 27-29 October, offered delegates a wide range of topics to choose from. These included seminars on secure operating systems, auditing Big security and compliance in the City, trusted system Bang, security, small systems security and data security standards.
REPORT
& Security Bulletin contains a of BIS Applied Systems Ltd on
Speaking on data security standards, Dr Wyn Price of the UK's National Physical Laboratory said no-one seriously suggested that the useful lifetime of the DES (Data Encryption Standard) was over, following the decision by the International Standards Organization (ISO) Council to abandon work on DES as a potential However, he felt preparation must be made international standard. for the time when it is judged no longer safe for use in protecting transactions of significant value or sensitivity. It is well known that the financial institutions make very Apparently, IS0 was afraid substantial use of the DES algorithm.
0 1987 Elsevier
Science Publishers
B.V.. Amsterdam.l87/$0.99
+ 2.20
system, or transmitted by any form or by any means. electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.]
No part of this publication
may be reproduced,
stored
in a retrieval