# 95-07 Contents Internet Security Journal Quality Control Check Add-on SATAN Module Practical Firewall Applications Does Batman Have a Copy? SOCKS in Action 1. The quality of material in the "Internet Security Journal" continues to remain high. In the last update I mentioned that a special introduction rate for US subscribers was attractive: namely, $100.00 for 18 months. The administrative data for a subscription: (a) Telephone: 202-775-4947; or (b) Internet: nso@delphi.com. 2. The June 1995 edition of ";login:", the USENIX Association newsletter, has a brief article by Shawn Instenes on his experiences in running SATAN. He includes an additional module to report SMTP server version numbers. The author has also made the module available for ftp on qiclab.scn.rain.com in the path /pub/security/checkers/smtp.satan. Although the ftp host is register- ed (204.188.34.97), it was unreachable from my location on June 5, 1995. 3. The May 1995 edition of "Open Computing" has three brief articles on how different commercial firms have applied firewall technology to their business. The firms (Pacific Bell, Time-Warner Inc., and Mercury Center Inc.) have chosen different implementation strategies. The articles provide a different perspective from those of the academic or of the firewall vendor. 4. O'Reilly Associates has a new book entitled "Computer Crime: A Crimefighter's Handbook". The publication should be available for shipment in June/July 1995. The ISBN number is 1-56592-086-4; the cost is $24.95. One may place an order at 800-889-8969. 5. The May/June 1995 edition of "Sys Admin" has an article by Matt Ganis on "Implementing SOCKS". SOCKS, developed by David and Michelle Kolbas and now maintained by Ying-Da Lee, allows an administrator to provide "secure" connectivity through a firewall host. This becomes an essential concern as users request (demand?) applications such as ftp, telnet, gopher, archie, and WWW. [Disclaimer: Information Systems Security Updates represent the opinions and views of the author, not his employer. Recipients are free to quote all/parts of the ISSU with credit/blame to the author.]