-
Sub:     Information Systems Security Update, # 97-01
-
# 97-01


     CSI 1997 Survey
     Evaluations of Anti-viral Programs
     Packet-Filter Configuration Tool
     Virus Writer v. Virus Researcher
     Warfighters Be Concerned
     Apology with Virus Alerts of the Day


1.  The Computer Security Institute (CSI) in conjunction with the
Computer Crime Squad of the Federal Bureau of Investigation (FBI)
has initiated its 1997 Computer Crime and Security Survey.  The
1996 survey, which many quoted throughout the information systems
security professional world as well as in the public media,
attempted to highlight threats to organizations and to the national
information infrastructure.  There are 37 questions on the current
survey.  I received a copy as a member of CSI, and contacted
Richard Power at CSI to inquire whether someone could volunteer to
answer a questionnaire.  Mr. Power indicated no at this time since
there are some control factors guiding the current distribution. 
One can only hope that those who receive a survey to complete will
do so, particularly since the 1996 survey had less than a 10%
response rate.

2.  The January 1997 edition of "Virus Bulletin" provides its
semi-annual comparative review of 21 different anti-viral products
for MS-DOS.  It is rather important to read about the test
procedures and the establishment of virus test sets used in the
evaluations.  Those commentators and vendors who simply quote the
test results without the background data omit some critical
details.  The reviewers continue to express strong opinions on
individual products and on the overall results.   

3.  An interesting paper, perhaps lost in the shuffle, appeared in
the Summer 1996 edition of "Computing Systems".  The paper, "A Tool
for Building Firewall-Router Configurations" by Christopher J.
Calabrese, describes a tool that generates a configuration in a
"router's native configuration language from a high-level
description of the firewall that is embedded in KORNSHELL".  The
author had, as of the date of the paper, ported the tool to
UnixWare 2.x and Solaris 2.x systems.  The router-config software,
to include documentation and example scripts, is available from the
author and from the Freebird Archive (www.freebird.org).

4.  The January 1997 edition of "Communications of the ACM"
contains an article "Computer Virus--Antivirus Coevolution" by
Carey Nachenberg.  While Nachenberg is a principal software
engineer at the Symantec Antivirus Research Center, this is not a
corporate publicity plug for Norton AntiVirus.  It is rather an
overview of the cat-and-mouse game which virus writers and
antivirus researchers play.

5.  A recent GAO report, which escaped most media attention, might 
present some interesting discussion for those who concern
themselves with information warfare.  The report, " Performance
Measures Needed to Ensure DISN Program Success" (GAO/AIMD-97-9, Nov
96), concludes that DoD has "yet to establish the basic cost and
performance baseline information critical to laying the groundwork
for assessing DISN's success".  DISN, the Defense Information
Systems Network, is the Defense Information Systems Agency (DISA)
strategy to acquire and to implement transmission and switching
services across the continental United States, the Pacific, and
Europe.  These long-haul services will interconnect Defense's
base-level and deployed communications networks.  While DoD
concurred with the GAO recommendation to "establish the objective
measures needed to gauge DISN's success, it stated that DISN was an
"incremental effort" and that it would ensure "that information
technology investments are supported by sound analysis and are
linked to warfighter requirements--either by reducing cost or
improving operational capabilities."

6.  A recent message of mine questioning the need for "virus of the
day alerts" generated a lot of response mail.  The message was
intentionally "sarcastic", but unfortunately my literary license
apparently offended some.  For this I apologize.  May I note
without any sarcastic comment that, according to Dr. Solomon's
Virus Calendar for 1997, here are only a few of the viruses which
will activate today, 23 Jan 97:  Nov17.900a, Major, Manzon, Anti-
EXE, Natas.4744, Tentacle, and Ripper.


[Disclaimer:  Information Systems Security Updates represent the
opinions and views of the author (mcdonalc@wsmr.army.mil), not his
employer.  Recipients are free to quote all/parts of the ISSU with
credit/blame to the author.]