greg@nprdc.arpa (Greg Reynolds) (09/13/88)
I am looking for general information on network security. Please send any references to literature(authors, article names, etc.) via e-mail. Also, I am interested in finding out if there are any existing newsgroup(s) that address this topic. Thanks in advance. Greg Reynolds greg@nprdc.arpa !ucsd!nprdc!greg
marcel@hpindda.HP.COM (Marcel Burlet) (09/14/88)
Please post a summary to the net. I sure could use the information as well.
marcel
**************************************************************************
* Marcel Burlet | {ucbvax,hplabs}!hpda!hpindlm!marcel [UUCP] *
* Information Net. Div(IND) | marcel%hpda@hplabs.HP.COM [INTERNET] *
* Hewlett-Packard Co. | (408) 447-2503 [AT&T] *
* 19420 Homestead Road,43LN | 1-447-2503 [HP-TELNET] *
* Cupertino, CA 95014 USA | "What If..." [HP-TELEPATHY] *
**************************************************************************kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) (11/30/88)
I have been thinking about the role of the internet in the recent virus/worm attack. I have come (as have others, I am not claiming originality here) to these conclusions: The network was instrumentally involved in the worm/virus propagation. The network was instrumental in the fight against the virus, for the exchange of mail and code. Networks are secure when they operate properly. In order to have secure networks, we need network routing information exchange and network management protocols that are authenticated, robust, and secure against spoofing and malicious disruption. The ospfigp protocol is the best place to start to build robust, secure internetwork routing exchange protocols before we get bitten by a network bug. We need some *serious* authentication capability in SNMP. Discussion? Is ospfigp secure enough now? What about real authentication in SNMP? What have I left out (eg, arp cache security)? I leave security on a broadcast medium like Ethernet as a separate discussion topic (eg, snooping for passwords). Kent England, Boston University
romkey@asylum.sf.ca.us (John Romkey) (11/30/88)
In article <26314@bu-cs.BU.EDU> kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes: > Networks are secure when they operate properly. I'm going to pick a nit. You're automagically defining what "operate properly" means here. I don't think it's a truism that a network that operates properly is secure. You might quite happily build a small network that's not connected to any other networks that has no security and be quite happy with it - it's operating properly without security and there's no need for security (actually, here isolation is a form of security). A network that is conformant with current TCP/IP specifications is not necessarily secure but does operate properly. -- - john romkey romkey@asylum.uucp romkey@xx.lcs.mit.edu romkey@asylum.sf.ca.us Find the cost of freedom, buried in the ground Mother Earth will swallow you, lay your body down.
kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) (12/01/88)
In article <1009@asylum.sf.ca.us> romkey@asylum.UUCP (John Romkey) writes: >In article <26314@bu-cs.BU.EDU> kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes: >> Networks are secure when they operate properly. > >I'm going to pick a nit. > >You're automagically defining what "operate properly" means here. I >don't think it's a truism that a network that operates properly is >secure... > >A network that is conformant with current TCP/IP specifications is not >necessarily secure but does operate properly. >-- That's no nit, that's a whole difference of opinion. Or, we have a difference of semantics at the very least. I really do mean to say that the "network" is secure when it routes packets properly. Of course, the network applications, like telnet, ftp, smtp are not secure at all simply because the network routes packets properly. I mean that if the network is routing properly, that further efforts to secure the applications running on the network should focus above the transport level. Some people would argue that networks ought to implement access control filters as a means of securing applications that use the network. I think this is ineffective and misguided. Some people think that networks ought to be shut down when applications come under attack, like what is happening with the ftpd bug on milnet right now and what happened this November with the virus attack. I think that this is inappropriate. Our networks have security risks right now. We need to address these routing and network management issues. But when it comes to addressing password cracking and handling ongoing attacks, we should be focusing on areas other than transport and routing. Perhaps we agree after all? Certainly my one line statement needed some amplification.
romkey@asylum.sf.ca.us (John Romkey) (12/04/88)
In article <26342@bu-cs.BU.EDU> kwe@buit13.bu.edu (Kent England) writes: >Some people >think that networks ought to be shut down when applications come under >attack, like what is happening with the ftpd bug on milnet right now >and what happened this November with the virus attack. I think that >this is inappropriate. Yes, actually, having a worm or virus that spreads through mail is particularly insidious, because even if the system managers don't overreact to the point of just unplugging their computers, they will turn off their external mailers and mail is a key way of distributing fixs against the attack. > Perhaps we agree after all? Certainly my one line statement >needed some amplification. I'm not sure if we agree or not or if it matters, really (actually, I'm pretty sure that we don't and it doesn't). You're right, the phrase "secure network" is certainly brimming over with possible meanings. My clarified opinion is: I don't think that a network necessarily has to be "secure" - its basic routing functions or its applications immune to attack - to be thought of as operating properly. Probably lots of different people have lots of different ideas on what a "operating properly" means with regard to a network - I'm sure you'll hear a wide range of transfer rates and reliablities (I don't think that qualifies as a word, oh well...) and other variables. But it's a semantic quibble; it was clear from your original message that you consider a "security" to be a requirement for proper operation. I just want to make it clear that not everyone does. -- - john romkey romkey@asylum.uucp romkey@xx.lcs.mit.edu romkey@asylum.sf.ca.us Find the cost of freedom, buried in the ground Mother Earth will swallow you, lay your body down.
childers@avsd.UUCP (Richard Childers) (12/05/88)
In article <26314@bu-cs.BU.EDU> kwe@bu-cs.BU.EDU (kwe@bu-it.bu.edu (Kent W. England)) writes: > In order to have secure networks, we need network routing >information exchange and network management protocols that are >authenticated, robust, and secure against spoofing and malicious >disruption. And dedicated storage for detailed traffic logs ... > We need some *serious* authentication capability in SNMP. I hope it's not mandatory ... it adds overhead that's not always needed. > Kent England, Boston University -- richard -- * Black holes are out of sight * * * * ..{amdahl|decwrl|octopus|pyramid|ucbvax}!avsd.UUCP!childers@tycho * * AMPEX Corporation - Audio-Visual Systems Division, R & D *
hwb@MERIT.EDU (Hans-Werner Braun) (12/05/88)
Kent: Someone once pointed out to me that the standards communities have a different model of routing which is much more secure. The equivalent would be to run routing in parallel to IP, rather than on top of it. -- Hans-Werner
hal@GATEWAY.MITRE.ORG (Hal Feinstein) (12/20/88)
avsd.childers@tycho reports >>We need some *serious* authentication capability in SNMP. > I hope its not mandatory ... it adds overhead that's > not always needed. I'm not sure I'm buying this just yet. Sure, big authentication subsystems with trusted identity servers are overhead, but simpler schemes, not as completely secure will do wonders against 99% of the hacks your guarding against. As much as I hate them, passwords are a start in this direction. If you can keep people from fooling around with some form of key variable inside the gateway, switch, or what-have you, then pairwise keying works fine. There is a whole spectrum of authentication measures available, depending on your requirements. Overhead? -try some of the fast algorithms. You don't need software DES or 3,000 bit public keys for most (but not all) commercial stuff.
vincent@zubenelgenubi.uucp (02/03/89)
I am working on a network security project and am looking for pointers to papers, books .... etc or your own comments and views. More specifically, I'm looking at security measures at both hardware and network layer level. Thanks. Vincent.
mleonard@secola.Columbia.NCR.COM (Michael Leonard) (02/03/89)
In article <9424@pasteur.Berkeley.EDU> vincent@zubenelgenubi.uucp () writes: >I am working on a network security project and am looking for pointers >to papers, books .... etc or your own comments and views. >More specifically, I'm looking at >security measures at both hardware and network layer level. > >Thanks. >Vincent. The April 1987 issue of IEEE Network Magazine has a number of articles on network security. The references in those articles will lead you to many more. mike
prinz@gmdzi.UUCP (Wolfgang Prinz) (02/07/89)
From article <9424@pasteur.Berkeley.EDU>, by vincent@zubenelgenubi.uucp: > I am working on a network security project and am looking for pointers > to papers, books .... etc or your own comments and views. > More specifically, I'm looking at > security measures at both hardware and network layer level. > > Thanks. > Vincent. You might find some interesting articels in: Computer and Network Security, M.D. Abrams and H.J. Podell IEEE Computer Society Press regards Wolfgang