UNIX Unleashed, Internet Edition
- 14 -
Security Organizations
by Robin Burk
A wide range of organizations exists to help systems administrators and other
computer professionals address computer and security needs. This chapter lists a
number of the most useful and accessible groups.
The latter part of the chapter also lists online and printed resources that will
be helpful to you in planning and executing your security procedures.
Every attempt has been made to ensure that the contact information supplied in
this chapter is current as of the date of authoring; however, things may have changed
by the time you read this information. You can use your favorite search engine to
find these and related Web sites and online information sources to help you with
specific problems or put you in touch with supporting organizations.
Government
Several United States government agencies are tasked with gathering and protecting
sensitive information. The Defense and Energy Departments, in particular, have provided
both the need and the funding for much of the computer security research and development
that has occurred over the decades during which use of computers and networks has
spread widely. More subtly, these agencies (and especially DOD) were the first to
establish formal security procedures, many of which served as prototypes for what
is now the best industrial practice in safeguarding computers and computer-based
resources.
Several of these U.S. agencies are now tasked with providing advice, information,
and consulting to corporate and non-profit organizations. The following is a list
of leading agencies.
CIAC-Computer Incident Advisory Capability
CIAC is a product of the movement toward technology transfer from the government's
advanced laboratories into commercial use. An activity of the Department of Energy,
CIAC is an element of the Lawrence Livermore National Laboratory's Computer Security
Technology Center. For decades, Lawrence Livermore Labs was a main site for nuclear
weapons development, supercomputing, and security-related concerns.
Although originally formed to support the DOE and its contractors, CIAC now provides
a wide range of information to industry and researchers. CIAC is a founding member
of the Forum of Incident Response and Security Teams, a global organization described
later in this chapter.
URL: http://ciac.llnl.gov/ciac/
E-mail: ciac@llnl.gov
Phone: 510-422-8193
Fax: 510-423-8002
Other resources offered: several e-mail discussion lists, advisories, articles,
workshops, and consulting
FIRST-Forum of Incident Response and Security Teams
Over the last decade, companies and governments around the world have experienced
both an explosion in the use of networked computers and a corresponding rise in computer
security-related incidents. FIRST was formed in 1989 as a global coalition of government,
private, and academic organizations to respond to the threat posed by malicious penetration
of critical computer systems.
FIRST's Web site states that its mission goes beyond gathering and providing security
information. FIRST also provides its members with tools and techniques to improve
system security, and works to encourage cooperation and collaboration in addressing
potential threats.
URL: http://www.first.org/
Other resources offered: FIRST does not disseminate its information and tools
directly to the public, working instead through its member organizations, which include
many leading network and computer companies. However, the FIRST web site does provide
instructions for contacting the appropriate teams to report security breaches or
problems.
NIST-National Institute of Standards and Technology
NIST has long been the clearinghouse for standards and other well-established
documents regarding computers and networking. The Computer Security Division of its
Information Technology Laboratory evaluates proposed standards and technologies for
network and computer security. This division is especially well known for its work
in authentication and encryption technologies, fundamentally and as they apply to
activities such as Electronic Data Interchange, electronic commerce, and e-mail.
URL: http://www.nist.gov/itl/div893/
Other resources offered: NIST hosts the Computer Security Resource Clearinghouse,
with links to a wide variety of papers, tools, evaluations, and e-mail discussion
forums at: http://csrc.nist.gov/
Academic
There are several academic research centers that investigate computer security
from both a theoretical and a practical point of view. These centers provide a wide
range of information, tools, and services to system administrators, especially in
UNIX environments. The following are several of the best known academic centers.
CERT-Computer Emergency Response Team
CERT is located at the Software Engineering Institute of Carnegie Mellon University.
SEI was established by the Defense Department's Advanced Research Projects Agency
(DARPA) to address a wide range of software issues; CERT's activities are a component
of the SEI Survivable Systems Initiative.
CERT is best known for its security advisories, which give specific information
regarding security vulnerabilities found in a wide range of operating systems, including
the full range of UNIX variants. CERT also issues bulletins regarding viruses and
similar attacks.
URL: http://www.cert.org/
E-mail: cert@cert.org
Phone: 412-268-7090
Fax: 412-268-6989
Other resources offered: security tutorials, archives, FAQs, and advisory alert
e-mail lists
COAST-Computer Operations, Audit, and Security Technology
COAST is a multiple-project, multiple-investigator laboratory in computer security
research in the Computer Science Department at Purdue University. It is intended
to function with close ties to researchers and engineers in major companies and government
agencies. It focuses its research on real-world needs and limitations, with a special
focus on security for legacy computing systems. With its recent increase in support
and student and faculty participation, COAST is now the largest dedicated, academic
computer security research group in the world.
URL: http://www.cs.purdue.edu/coast/coast.html
E-mail: coast-request@cs.purdue.edu
Other resources offered: newsletter, e-mail discussion list, extensive archive
of papers, information, and tools
UNIX-Related
Several associations have been formed around the UNIX platforms. Given the widespread
use of UNIX in networks and, increasingly, in business, these groups inevitably address
security issues on a regular basis.
UniForum
A vendor-independent association that encourages the adoption of open systems
based on industry standards.
URL: http://www.uniforum.org/
Phone: 800-255-5620
Other resources offered: conferences, training, and e-mail discussion lists.
USENIX
USENIX is the leading UNIX-related technical association, providing a wide range
of activities, publications, and symposia. USENIX represents the UNIX community in
various standards definition efforts.
URL: http://www.usenix.org
E-mail: office@usenix.org
Phone: 510-528-8649
Other resources offered: The System Administrators' Guild (SAGE) offers a wealth
of information and resources for UNIX administrators.
Professional and Technical
Finally, a number of professional and technical organizations provide their members
with information and training regarding computer security. Membership in these organizations
is typically held both by individual professionals and by companies.
ACM-Association for Computing Machinery
A leading forum for computer research and publications for 50 years, ACM sponsors
activities including its Special Interest Group for Security, Audit, and Control
(SIGSAC). The ACM and its SIGS have local and student chapters that meet regularly.
URL: http://www.acm.org/
ASIS-American Society for Industrial Security
ASIS is a professional association for those who manage security and loss prevention.
Its headquarters are located in Arlington, Virginia near the Pentagon. ASIS provides
a variety of professional development services, including a security certification,
and distributes security-related information to its members. Members may also purchase
books, videos, software, and other security-related items from the association's
online store.
URL: http://www.asisonline.org
Phone: 703-522-5800
CPSR-Computer Professionals for Social Responsibility
CPSR is a public interest alliance concerned with the impacts of computer technology
on society. Their intent is to provide the public and policy makers with objective
assessments regarding the power, promise, and limitations of computer technology.
CPSR's Web site, hosted by Sunnyside Computing, Inc., provides policy statements
on a wide variety of computer topics, including both security and privacy issues.
Members are encouraged to participate in local chapters and to effect social activism
on computer-related issues.
URL: http://www.cpsr.org/
Phone: 415-322-3778
Fax: 415-322-4748
Other resources offered: several e-mail discussion lists and archives of CPSR
papers and policy statements
CSI-Computer Security Institute
CSI offers courses and technical conferences aimed at training information security
professionals. The courses are fairly non-technical, concentrating on steps to take
rather than theory or detailed technical information.
URL: http://www.gocsi.com/csi/
Phone: 415-905-2626
HTCIA-High Tech Crime Investigation Association
HTCIA's members are primarily law enforcement officers or computer crime investigators,
along with senior professionals from industry and academia.
URL: http://htcia.org/
Other resources provided: technical training seminars, links to information regarding
legislation, court cases, and law enforcement guidelines for the investigation of
computer-related crimes
IEEE-Institute of Electrical and Electronics Engineers
The oldest and largest technical professional society, IEEE has a wide range of
journals and activities that are relevant to computing and security.
URL: http://www.ieee.org/
Phone: 800-678-IEEE
ISACA-Information Systems Audit and Control Association
This association provides a wide range of suggested standards and procedures,
information, and conferences to IT professionals.
URL: http://www.isaca.org/
Phone: 847-253-1545
Other resources offered: e-mail discussion list, book store, membership directory,
and professional certification
ISSA-Information Systems Security Association
Another international association of IT professionals. Membership includes many
senior MIS managers and technologists.
URL: http://www.uhsa.uh.edu/issa/
Phone: 847-657-6746
Fax: 847-657-6819
(ISC)2-International Information Systems
Security Certification Consortium
(ISC)2 was formed by several data processing associations, government
agencies, and other organizations to provide a common certification program for IT
security professionals.
URL: http://www.isc2.org/
E-mail: info@isc2.org
Phone: 508-842-0452
Fax: 508-842-6461
Online Sources of Information
Many computer-related publications, journals, and online groups regularly discuss
security issues. There isn't room here to list all of the general computer-related
resources, including security newsletters and books, that might be helpful. We have
included a number of the best online sources for UNIX-related security information.
E-mail Discussion Lists
The USENET includes a number of e-mail discussion lists dedicated to Unix and
security issues. The quality of information can vary greatly from list to list and
from time to time, but in general these can be really useful.
8LGM (Eight Little Green Men)
Posts detailed information regarding UNIX bugs and hacker attacks.
URL: http://www.8lgm.org/
BEST OF SECURITY
Provides security administrators with a single source of computer security information,
including product issues, advisories, conference and class announcements, and links
to other information.
An excellent source of information for those exploring security issues for the
first time and for the experienced pros, as well.
Subscribe to: best-of-security-request@suburbia.net
Message: subscribe best-of-security
BUGTRAQ
Discusses UNIX security holes and how they can be exploited or fixed.
Subscribe to: bugtraq@crimelab.com
Message: subscribe bugtraq
Archive: http://web.eecs.nwu.edu/~jmyers/bugtraq/archives.html
FIREWALLS
Useful information about choosing, installing, and administering firewalls.
URL: ftp://ftp.greatcircle.com/pub/firewalls/archives/welcome.html
FAQ: ftp://ftp.greatcircle.com/pub/firewalls/archives/
HP Security Bulletin
Distributes information and patches for security problems in HP-UX systems.
Subscribe to: support@support.mayfield.hp.com
Message: subscribe security-info
URL: http://support.mayfield.hp.com/news/html/news.html
INTRUSION DETECTION SYSTEMS
Information regarding the development of intrusion detection schemes.
Subscribe to: majordomo@ouw.edu.au
Message: subscribe ids
Archive: (Contact the list for the current archive location.)
Sun Security Alert
Distributes security alerts about the Sun operating system.
Subscribe to: security-alert@sun.com
Message: subscribe cws your-e-mail-address
VIRUS-L and VALERT-L
These lists are related to the comp.virus
newsgroup. VALERT-L is for urgent virus warnings only (no discussion allowed); VIRUS-L
is a moderated forum for discussing viruses.
Subscribe to: listserv@lehigh.edu
Message: sub virus-l your-name
sub valert-l your-name
Archive: ftp://cert.org/pub/virus-l
FAQ: listserv@lehigh.edu
WWW-SECURITY
Dedicated to an open discussion of security within the World Wide Web, with a
focus on emerging standards.
Subscribe to: www-security-request@nsmx.rutgers.edu
Message: sub www-security
Newsgroups
Usenet newsgroups are bulletin boards devoted to specific topics. There are currently
over 20,000 newsgroups formed on a wide range of issues.
Following is a list of a few newsgroups that are especially relevant to UNIX security
issues. If you are new to Usenet, please note that all newsgroups must be organized
around a specified topic, but that actual discussion can vary greatly as to value
and topic.
Where the Hackers Hang Out
Security administrators differ in their attitude to using hacker publications
and online sites. Most are uncomfortable taking steps, such as subscribing to a discussion
list, that might seem to imply approval of hacker activities.
At the same time, hackers themselves are your best source of information regarding
new UNIX vulnerabilities, hacking tools, and other threats to your system. With that
in mind, this section lists a few of the more informative sources of information
by and about hackers.
Computer Underground Digest
Discusses the computer underground.
URL: http://sun/soci.niu.edu/~cudigest/
PHRACK
Dedicated to phone and computer hacking.
Subscribe to: phrack@well.com
Message: subscribe phrack
URL: http://www.fc.net/phrack.html
Summary
As we've seen, UNIX systems are vulnerable to a number of security risks ranging
from inappropriate access to hijacking of system resources and even sabotage.
Fortunately, an equally wide range of information, tools and services is available
to administrators who want to defend their systems against misuse. Of these, perhaps
the most useful is current information on attacks and defenses. With the increased
use of UNIX for corporate computing and network servers, commercial security products
are also increasingly powerful and sophisticated.
Security begins with a good set of policies, backed by procedures and the tools
with which to implement them. Effective security must balance cost against benefit
and usually requires the cooperation and support of the user community and of management.
Identifying and responding to system security risks is increasingly one of the system
administrator's main responsibilities.
   
©Copyright,
Macmillan Computer Publishing. All rights reserved.
| 
