From: Chris McDonald (4/14/93) To: securitylist:;@WSMR-SIMTEL20.AR, CC: krvw@agarne.ims.disa.MIL Mail*Link¨ SMTP Information Systems Securit # 93-13 1. SRI International, under Navy contract N00039-92-C-0015, has issued two interesting documents on what is called the Next Generation Intrusion Detection Expert System (NIDES). Those of you familiar with SRI's IDES will recall that I have been intrigued by anomaly and intrusion detection systems for some time. The earlier SRI work has laid the foundation for NIDES. Once again Teresa Lunt is one of the major researchers. The documents are: a. Next Generation Intrusion Detection Expert System (NIDES), March 8, 1993, Document # A016. b. System Design Document: Next-Generation Intrusion Detection Expert System (NIDES), March 9, 1993, Document # A007,A008,A009,A011,A012,A014. I received my copies directly from SRI because of previous correspondence with Ms. Lunt. If you were interested in the material, you might send her an electronic message or call SRI at (415) 326-6200. In my opinion the first document is the most readable for a non-techkie such as myself. It also does some interesting, if not potentially controversial, analysis of other statistical algorithms used in two other intrusion detection tools, Wisdom and Sense and Haystack. 2. On the same subject of automated tools I received a letter from Tony Bartoletti, DOE Computer Security Technology Center, announcing the distribu- tion of SPI/UNIX, version 2.1. I had downloaded a previous version and done only a preliminary overview of the program. There are certain restrictions on distribution, so should you be really interested send me a message. I have two Internet addresses for contacting the Center. 3. I finally distributed PT 59 (IBM Antivirus/DOS) and PT 61 (VDS PRO). If you were interested in freeware integrity checkers to use as some type of comparison with VDS PRO, there are at least three in the simtel20 MS-DOS repository available through anonymous ftp. All three are in the path pd1: . The specific files are chksum.zip, filetest.zip and delouse1. zip. Interestingly these programs are freeware. 4. Lassen Software Inc.'s Trusted Access (reference PT 54) is now on a GSA Schedule, contract number GS00K93AGS6184. 5. Patricia Hoffman's VSUM has been updated as of March 23, 1993. The hypertext program is available from her BBS and several Internet sites. There is a cost involved per copy. I have suspended a synopsis of her work each month because it was becoming a frustrating task. Her list of "common viruses" remains unchanged at 72. This number continues to be exceedingly above any other comparable survey or index schema. While I have sent in my check for the ICSA Index, I have unfortunately not received it. It is my intention to post an initial analysis of David Stang's work. 6. David Stang has an excellent article "Virus Dangers to Netware Lans: Fact Versus Fiction" in the Jan/Feb 1993 edition of "Netware". You will probably be surprised by his analysis. If anything, you might want to consider how knowledgeable the administrators are who manage your respective Netware Lans. 7. VIRX 2.7 is now available from DataWatch (reference PT 41). The program is now distributed with an expiration date of 15 days. The freeware aspect of previous versions is now history for all categories of users outside the 15 day period. We did receive written authorization to carry the program on simtel20 in the path pd1:virx27.zip. The executables have been renamed to agree with the commercial version, Virex-PC (reference PT 23). 8. Our Army Communities Service received a request from the Children's Wish Foundation. A Craig Shergold has a terminal illness. He would like to make it into the Guiness Book of Records as the recipient of the most business cards. You may send your card and hopefully the cards of others to the following address: Craig Shergold c/o Children's Wish Foundation 3200 Perimeter Center East Atlanta, GA 30346 ------- ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;14 Apr 1993 14:28:37 -0800 Return-path: CMCDONALD@WSMR-SIMTEL20.ARMY.MIL Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GX0604RTWW9ZLDWK@icdc.llnl.gov>; Wed, 14 Apr 1993 14:17:40 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01GX03RVEJ8G9ZLDUG@icdc.llnl.gov>; Wed, 14 Apr 1993 13:14:35 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA29933; Wed, 14 Apr 93 13:15:45 PDT Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA29919; Wed, 14 Apr 93 13:15:37 PDT Date: 14 Apr 1993 14:02:53 -0700 (MDT) From: Chris McDonald Subject: Information Systems Security Update, # 93-13 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: securitylist:;@WSMR-SIMTEL20.ARMY.MIL Cc: krvw@agarne.ims.disa.MIL Resent-message-id: <01GX0605EVEA9ZLDWK@icdc.llnl.gov> Message-id: <12869130081.23.CMCDONALD@WSMR-SIMTEL20.ARMY.MIL> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"securitylist:;@WSMR-SIMTEL20.ARMY.MIL" X-VMS-Cc: IN%"krvw@agarne.ims.disa.MIL" Content-transfer-encoding: 7BIT ======================================================================