Полезная информация



TOC
BACK
FORWARD
HOME

UNIX Unleashed, Internet Edition

- 14 -

Security Organizations

by Robin Burk

A wide range of organizations exists to help systems administrators and other computer professionals address computer and security needs. This chapter lists a number of the most useful and accessible groups.

The latter part of the chapter also lists online and printed resources that will be helpful to you in planning and executing your security procedures.

Every attempt has been made to ensure that the contact information supplied in this chapter is current as of the date of authoring; however, things may have changed by the time you read this information. You can use your favorite search engine to find these and related Web sites and online information sources to help you with specific problems or put you in touch with supporting organizations.

Government

Several United States government agencies are tasked with gathering and protecting sensitive information. The Defense and Energy Departments, in particular, have provided both the need and the funding for much of the computer security research and development that has occurred over the decades during which use of computers and networks has spread widely. More subtly, these agencies (and especially DOD) were the first to establish formal security procedures, many of which served as prototypes for what is now the best industrial practice in safeguarding computers and computer-based resources.

Several of these U.S. agencies are now tasked with providing advice, information, and consulting to corporate and non-profit organizations. The following is a list of leading agencies.

CIAC-Computer Incident Advisory Capability

CIAC is a product of the movement toward technology transfer from the government's advanced laboratories into commercial use. An activity of the Department of Energy, CIAC is an element of the Lawrence Livermore National Laboratory's Computer Security Technology Center. For decades, Lawrence Livermore Labs was a main site for nuclear weapons development, supercomputing, and security-related concerns.

Although originally formed to support the DOE and its contractors, CIAC now provides a wide range of information to industry and researchers. CIAC is a founding member of the Forum of Incident Response and Security Teams, a global organization described later in this chapter.

URL: http://ciac.llnl.gov/ciac/

E-mail: ciac@llnl.gov

Phone: 510-422-8193

Fax: 510-423-8002

Other resources offered: several e-mail discussion lists, advisories, articles, workshops, and consulting

FIRST-Forum of Incident Response and Security Teams

Over the last decade, companies and governments around the world have experienced both an explosion in the use of networked computers and a corresponding rise in computer security-related incidents. FIRST was formed in 1989 as a global coalition of government, private, and academic organizations to respond to the threat posed by malicious penetration of critical computer systems.

FIRST's Web site states that its mission goes beyond gathering and providing security information. FIRST also provides its members with tools and techniques to improve system security, and works to encourage cooperation and collaboration in addressing potential threats.

URL: http://www.first.org/

Other resources offered: FIRST does not disseminate its information and tools directly to the public, working instead through its member organizations, which include many leading network and computer companies. However, the FIRST web site does provide instructions for contacting the appropriate teams to report security breaches or problems.

NIST-National Institute of Standards and Technology

NIST has long been the clearinghouse for standards and other well-established documents regarding computers and networking. The Computer Security Division of its Information Technology Laboratory evaluates proposed standards and technologies for network and computer security. This division is especially well known for its work in authentication and encryption technologies, fundamentally and as they apply to activities such as Electronic Data Interchange, electronic commerce, and e-mail.

URL: http://www.nist.gov/itl/div893/

Other resources offered: NIST hosts the Computer Security Resource Clearinghouse, with links to a wide variety of papers, tools, evaluations, and e-mail discussion forums at: http://csrc.nist.gov/

Academic

There are several academic research centers that investigate computer security from both a theoretical and a practical point of view. These centers provide a wide range of information, tools, and services to system administrators, especially in UNIX environments. The following are several of the best known academic centers.

CERT-Computer Emergency Response Team

CERT is located at the Software Engineering Institute of Carnegie Mellon University. SEI was established by the Defense Department's Advanced Research Projects Agency (DARPA) to address a wide range of software issues; CERT's activities are a component of the SEI Survivable Systems Initiative.

CERT is best known for its security advisories, which give specific information regarding security vulnerabilities found in a wide range of operating systems, including the full range of UNIX variants. CERT also issues bulletins regarding viruses and similar attacks.

URL: http://www.cert.org/

E-mail: cert@cert.org

Phone: 412-268-7090

Fax: 412-268-6989

Other resources offered: security tutorials, archives, FAQs, and advisory alert e-mail lists

COAST-Computer Operations, Audit, and Security Technology

COAST is a multiple-project, multiple-investigator laboratory in computer security research in the Computer Science Department at Purdue University. It is intended to function with close ties to researchers and engineers in major companies and government agencies. It focuses its research on real-world needs and limitations, with a special focus on security for legacy computing systems. With its recent increase in support and student and faculty participation, COAST is now the largest dedicated, academic computer security research group in the world.

URL: http://www.cs.purdue.edu/coast/coast.html

E-mail: coast-request@cs.purdue.edu

Other resources offered: newsletter, e-mail discussion list, extensive archive of papers, information, and tools

UNIX-Related

Several associations have been formed around the UNIX platforms. Given the widespread use of UNIX in networks and, increasingly, in business, these groups inevitably address security issues on a regular basis.

UniForum

A vendor-independent association that encourages the adoption of open systems based on industry standards.

URL: http://www.uniforum.org/

Phone: 800-255-5620

Other resources offered: conferences, training, and e-mail discussion lists.

USENIX

USENIX is the leading UNIX-related technical association, providing a wide range of activities, publications, and symposia. USENIX represents the UNIX community in various standards definition efforts.

URL: http://www.usenix.org

E-mail: office@usenix.org

Phone: 510-528-8649

Other resources offered: The System Administrators' Guild (SAGE) offers a wealth of information and resources for UNIX administrators.

Professional and Technical

Finally, a number of professional and technical organizations provide their members with information and training regarding computer security. Membership in these organizations is typically held both by individual professionals and by companies.

ACM-Association for Computing Machinery

A leading forum for computer research and publications for 50 years, ACM sponsors activities including its Special Interest Group for Security, Audit, and Control (SIGSAC). The ACM and its SIGS have local and student chapters that meet regularly.

URL: http://www.acm.org/

ASIS-American Society for Industrial Security

ASIS is a professional association for those who manage security and loss prevention. Its headquarters are located in Arlington, Virginia near the Pentagon. ASIS provides a variety of professional development services, including a security certification, and distributes security-related information to its members. Members may also purchase books, videos, software, and other security-related items from the association's online store.

URL: http://www.asisonline.org

Phone: 703-522-5800

CPSR-Computer Professionals for Social Responsibility

CPSR is a public interest alliance concerned with the impacts of computer technology on society. Their intent is to provide the public and policy makers with objective assessments regarding the power, promise, and limitations of computer technology. CPSR's Web site, hosted by Sunnyside Computing, Inc., provides policy statements on a wide variety of computer topics, including both security and privacy issues. Members are encouraged to participate in local chapters and to effect social activism on computer-related issues.

URL: http://www.cpsr.org/

Phone: 415-322-3778

Fax: 415-322-4748

Other resources offered: several e-mail discussion lists and archives of CPSR papers and policy statements

CSI-Computer Security Institute

CSI offers courses and technical conferences aimed at training information security professionals. The courses are fairly non-technical, concentrating on steps to take rather than theory or detailed technical information.

URL: http://www.gocsi.com/csi/

Phone: 415-905-2626

HTCIA-High Tech Crime Investigation Association

HTCIA's members are primarily law enforcement officers or computer crime investigators, along with senior professionals from industry and academia.

URL: http://htcia.org/

Other resources provided: technical training seminars, links to information regarding legislation, court cases, and law enforcement guidelines for the investigation of computer-related crimes

IEEE-Institute of Electrical and Electronics Engineers

The oldest and largest technical professional society, IEEE has a wide range of journals and activities that are relevant to computing and security.

URL: http://www.ieee.org/

Phone: 800-678-IEEE

ISACA-Information Systems Audit and Control Association

This association provides a wide range of suggested standards and procedures, information, and conferences to IT professionals.

URL: http://www.isaca.org/

Phone: 847-253-1545

Other resources offered: e-mail discussion list, book store, membership directory, and professional certification

ISSA-Information Systems Security Association

Another international association of IT professionals. Membership includes many senior MIS managers and technologists.

URL: http://www.uhsa.uh.edu/issa/

Phone: 847-657-6746

Fax: 847-657-6819

(ISC)2-International Information Systems Security Certification Consortium

(ISC)2 was formed by several data processing associations, government agencies, and other organizations to provide a common certification program for IT security professionals.

URL: http://www.isc2.org/

E-mail: info@isc2.org

Phone: 508-842-0452

Fax: 508-842-6461

Online Sources of Information

Many computer-related publications, journals, and online groups regularly discuss security issues. There isn't room here to list all of the general computer-related resources, including security newsletters and books, that might be helpful. We have included a number of the best online sources for UNIX-related security information.

E-mail Discussion Lists

The USENET includes a number of e-mail discussion lists dedicated to Unix and security issues. The quality of information can vary greatly from list to list and from time to time, but in general these can be really useful.

8LGM (Eight Little Green Men)

Posts detailed information regarding UNIX bugs and hacker attacks.

URL: http://www.8lgm.org/

BEST OF SECURITY

Provides security administrators with a single source of computer security information, including product issues, advisories, conference and class announcements, and links to other information.

An excellent source of information for those exploring security issues for the first time and for the experienced pros, as well.

Subscribe to: best-of-security-request@suburbia.net

Message: subscribe best-of-security

BUGTRAQ

Discusses UNIX security holes and how they can be exploited or fixed.

Subscribe to: bugtraq@crimelab.com

Message: subscribe bugtraq

Archive: http://web.eecs.nwu.edu/~jmyers/bugtraq/archives.html

FIREWALLS

Useful information about choosing, installing, and administering firewalls.

URL: ftp://ftp.greatcircle.com/pub/firewalls/archives/welcome.html

FAQ: ftp://ftp.greatcircle.com/pub/firewalls/archives/

HP Security Bulletin

Distributes information and patches for security problems in HP-UX systems.

Subscribe to: support@support.mayfield.hp.com

Message: subscribe security-info

URL: http://support.mayfield.hp.com/news/html/news.html

INTRUSION DETECTION SYSTEMS

Information regarding the development of intrusion detection schemes.

Subscribe to: majordomo@ouw.edu.au

Message: subscribe ids

Archive: (Contact the list for the current archive location.)

Sun Security Alert

Distributes security alerts about the Sun operating system.

Subscribe to: security-alert@sun.com

Message: subscribe cws your-e-mail-address

VIRUS-L and VALERT-L

These lists are related to the comp.virus newsgroup. VALERT-L is for urgent virus warnings only (no discussion allowed); VIRUS-L is a moderated forum for discussing viruses.

Subscribe to: listserv@lehigh.edu

Message: sub virus-l your-name

sub valert-l your-name

Archive: ftp://cert.org/pub/virus-l

FAQ: listserv@lehigh.edu

WWW-SECURITY

Dedicated to an open discussion of security within the World Wide Web, with a focus on emerging standards.

Subscribe to: www-security-request@nsmx.rutgers.edu

Message: sub www-security

Newsgroups

Usenet newsgroups are bulletin boards devoted to specific topics. There are currently over 20,000 newsgroups formed on a wide range of issues.

Following is a list of a few newsgroups that are especially relevant to UNIX security issues. If you are new to Usenet, please note that all newsgroups must be organized around a specified topic, but that actual discussion can vary greatly as to value and topic.

alt.security alt.security.index
alt.security.pgp comp.bugs.2bsd
comp.bugs.4bsd comp.bugs.4bsd.ucb-fixes
comp.bugs.misc comp.bugs.sys5
comp.dcom.sys.cisco comp.dcom.sys.wellfleet
comp.lang.java.security comp.os.386bsd.bugs
comp.os.netware.security comp.protocols.iso
comp.protocols.kerberos comp.risks
comp.security.announce comp.security.misc
comp.security.pgp comp.security.unix
comp.sys.next.bugs comp.sys.sgi.bugs
comp.unix.internals comp.unix.osf.misc
comp.virus misc.security
sci.crypt

Where the Hackers Hang Out

Security administrators differ in their attitude to using hacker publications and online sites. Most are uncomfortable taking steps, such as subscribing to a discussion list, that might seem to imply approval of hacker activities.

At the same time, hackers themselves are your best source of information regarding new UNIX vulnerabilities, hacking tools, and other threats to your system. With that in mind, this section lists a few of the more informative sources of information by and about hackers.

Computer Underground Digest

Discusses the computer underground.

URL: http://sun/soci.niu.edu/~cudigest/

PHRACK

Dedicated to phone and computer hacking.

Subscribe to: phrack@well.com

Message: subscribe phrack

URL: http://www.fc.net/phrack.html

Summary

As we've seen, UNIX systems are vulnerable to a number of security risks ranging from inappropriate access to hijacking of system resources and even sabotage.

Fortunately, an equally wide range of information, tools and services is available to administrators who want to defend their systems against misuse. Of these, perhaps the most useful is current information on attacks and defenses. With the increased use of UNIX for corporate computing and network servers, commercial security products are also increasingly powerful and sophisticated.

Security begins with a good set of policies, backed by procedures and the tools with which to implement them. Effective security must balance cost against benefit and usually requires the cooperation and support of the user community and of management. Identifying and responding to system security risks is increasingly one of the system administrator's main responsibilities.

TOCBACKFORWARDHOME


©Copyright, Macmillan Computer Publishing. All rights reserved.