CC011054@WVNVAXA.WVNET.EDU (Roman Olynyk - Information Services) (06/07/89)
I've recently completed a virus response procedure for our site, a
statewide educational telecomputing network. This procedure
establishes an emergency action plan that we hope would reduce the
impact of a computer virus at WVNET.
One of the sections in our procedure deals with notifying authorities.
A couple of the following items took a little digging to get, and I
think that having these on hand for reference would be useful. Every
moment spent deciding what to do during an outbreak of a virus may
give the virus another chance to spread.
* VALERT-L list - if the virus is spreading outside of WVNET's
network through BITNET or the Internet, a member of the Virus
Response Team will post a warning to VALERT-L@LehiIBM1. This
list is dedicated to posting emergency warnings of detected
viruses.
* BITNIC - the BITNET Information Center in Washington, DC,
should be notified in the event of a virus which affects the
BITNET network. Telephone number 202-872-4200. Contact
persons as of June 7, 1989 are Michael Hrybyk, James Conklin
(director), and Amanda Spiegel.
* SRI-NIC - the SRI International Network Information Center is
the central information site for the Internet. Telephone
number 800-235-3155, available around the clock. There is no
designated contact person for SRI-NIC.
Besides the above three items, we also want to inform our management
team, primary contacts at the campuses of our member schools, and
(particularly where a serious incident is suspected to have originated
from within WVNET's environment) legal counsel.
[Ed. Another Internet contact point is the Computer Emergency Response
Team at Carnegie Mellon's Software Engineering Institute.]neil@uunet.UU.NET (Neil Gorsuch) (06/11/89)
In article <0001.8906072021.AA00932@ubu.CC.Lehigh.EDU> VIRUS-L@IBM1.CC.Lehigh.EDU writes: >I've recently completed a virus response procedure for our site, a >statewide educational telecomputing network. This procedure >establishes an emergency action plan that we hope would reduce the >impact of a computer virus at WVNET. The security mailing list has a procedure for emergency notification of viruses and other problems. I have appended membership directions. Neil Gorsuch neil@cpd.com uunet!zardoz!neil - ---------------------------------------------------------------------- UNIX SECURITY MAILING LIST The unix security mailing list exists for these reasons: 1. To notify system administrators and other appropriate people of serious security dangers BEFORE they become common knowledge. 2. Provide security enhancement information. Most unix security mailing list material has been explanations of, and fixes for, specific security "holes". I DO NOT believe in security through obscurity, but I certainly don't spread "cracking" methods to the world at large as soon as they become known. The unix security list is, in my opinion, an excellent compromise between the two ideas. It is not intended for the discussion of theoretical security techniques or "Should we thank Mr. Morris?" types of subjects, there is no need for secrecy regarding such matters, and appropriate usenet news groups already exist that serve those purposes. It is, however, appropriate to post security checkup programs and scripts, and specific security enhancement methods to this list in addition to the proper news groups. I assume that the readers of this list took a special effort to join, and would appreciate appropriate material being sent via email so that they don't have to sort through many news groups to "catch" everything. zardoz is located in Southern California, has 45 uucp links including uunet, and is in the process of becoming part of the Internet. Reliable delivery is available to any bang path or internet address. Each mailing list destination can choose to receive either automatically "reflected" postings of all received material, or moderated digests that are sent out about once a week. There is a seperate posting address for emergencies that reflects the received material to the entire mailing list without any intervention on my part. I typically require that destinations have an interest in unix site security, or are involved in adding security enhancement software to unix, but I am flexible. To apply for membership, send email from one of the following or send email requesting that I contact one of the following (please arrange the former, it saves me time): 1. For uucp sites with a uucp map entry, the listed email contact, map entry writer, or root. 2. For internet sites, the NIC "WHOIS" listed site contact, or root. Please include the following: 1. The uucp map entry and map name to find it in, or the WHOIS response from the NIC and the request handle. 2. The actual email destination you want material sent to. It can be a person or alias, but must be on the same machine that you use as a reference, or in a sub-domain of said machine. 3. Whether you want immediate reflected postings, or the weekly moderated digests. 4. The email address and voice phone number of the administrative contact if different from the above. 5. The organization name, address, and voice phone number if not listed already. Please don't do any of the following: 1. send email from root on machine_17.basement.podunk_U.edu and expect that to be sufficient for membership. With workstations being so prevalent, and being so EASY to "crack", root doesn't mean much these days. 2. send email from root on the uucp map entry listed site toy-of-son and expect that to be sufficient. If you would prefer material sent to a home machine, verify your credentials through one of the previously mentioned methods. 3. send mail from a network that I don't have any way to verify, such as bitnet or others. I can verify uucp and internet sites. Send me some way to verify your credentials if you can't use an appropriate listed uucp or internet site. 4. send me mail saying I can verify your identity and credentials by telephoning a long distance number. I will continue to donate the extra computer capacity required for sending and archiving this list, and I will continue to spend the money on the extra uucp/internet communication costs that this list requires, but I draw the line at spending money on voice long distance phone calls. 5. send me an application request that involves a lot of time and special procedures for verification. Please try to make my processing of your application an easy matter.
neil@uunet.UU.NET (Neil Gorsuch) (06/30/89)
In article <0006.8906121206.AA02017@ubu.CC.Lehigh.EDU> I wrote: >The security mailing list has a procedure for emergency >notification of viruses and other problems. I have appended >membership directions. Oops, the posting was truncated somehow. Here is the rest: - ----------------------------------------------------------- All email regarding this list should be sent to: security-request@cpd.com (INTERNET sites) uunet!zardoz!security-request (UUCP sites) Please be patient, I answer all requests, but I receive hundreds of letters a week. If you don't receive an answer after a reasonable amount of time (2 or 3 weeks), send another request, in case the previous one was eaten by an email monster 8<). Neil Gorsuch (AKA security-request)