From: Pete Hammes (12/20/93)
To: assist-bulletin@assist.ims.disa, 

Mail*Link¨ SMTP               ASSIST 93-35
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-CLEAR
Content-Domain: RFC822
Originator-Certificate: MIICozCCAgwCAREwDQYJKoZIhvcNAQECBQAwgYYxC
 zAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c3Rlb
 XMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c3Rlb
 XMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczAeFw05MzEyMDkxO
 DU5MTZaFw05NTEyMDkxODU5MTZaMIGxMQswCQYDVQQGEwJVUzErMCkGA1UEChMiR
 GVmZW5zZSBJbmZvcm1hdGlvbiBTeXN0ZW1zIEFnZW5jeTEwMC4GA1UECxMnQ2Vud
 GVyIGZvciBJbmZvcm1hdGlvbiBTeXN0ZW1zIFNlY3VyaXR5MRgwFgYDVQQLEw9Db
 3VudGVybWVhc3VyZXMxEzARBgNVBAsTCk9wZXJhdGlvbnMxFDASBgNVBAMTC1Bld
 GUgSGFtbWVzMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDFFJkcaDOuS+6Ai2vmT
 bwY6JRbhdzPsl6X60hnXruOw2WvrAhc8BTFB+id75m3M55i+Th6MxWH20QHyQq5u
 yVghOu/s37OxIrj7irNPjtUdPv8b2m4hNGEW53QH6GmXkxLmgLzOhookpoYPC+uw
 2MzibDnleVI50d2m//XsWs7hwIBAzANBgkqhkiG9w0BAQIFAAOBgQDHH6CmBoyWU
 zPlqVnEWYKIBsifqdTJzkKfnoST7NDRIakUP49FP86Cyy1+2AKpUCWaxjq+wGHCH
 RCNFCCrOwdC9z8XwJal/c69ml6eLRhOoX77ANndpU9E5+eHxP+6Ute6lc63K7+Lz
 5xOULjmgaMmKDkTXveVcQO6R2CTY37vcA==
Issuer-Certificate: MIICNTCCAZ4CARswDQYJKoZIhvcNAQECBQAwRDELMAkGA
 1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a
 W9uIFN5c3RlbXMgUENBMB4XDTkzMTExMDIxMjIxNloXDTk0MDIxODIxMjIxNlowg
 YYxCzAJBgNVBAYTAlVTMSswKQYDVQQKEyJEZWZlbnNlIEluZm9ybWF0aW9uIFN5c
 3RlbXMgQWdlbmN5MTAwLgYDVQQLEydDZW50ZXIgZm9yIEluZm9ybWF0aW9uIFN5c
 3RlbXMgU2VjdXJpdHkxGDAWBgNVBAsTD0NvdW50ZXJtZWFzdXJlczCBmjAKBgRVC
 AEBAgIEAAOBiwAwgYcCgYEA19l6BN7iTGYEU61qJETIjBh3iAeHzoL8sZ5KwFRZD
 S/a1KnYlD1zJHR/KeQCOBWW2HzX43TFLCNGU7UD9i6m8AymLe5IJf/bGh0Rne7Jd
 Q1GAOLw7/J4hE57IMbGETZpzeU1D9IYxiERRNio/oa422lUlS9JZHLA5jaPNcUrX
 P8CAQMwDQYJKoZIhvcNAQECBQADgYEAtk4EYPgH0//H896t95E+4m8zWRxwyAULr
 a5wWThZ1TNjwdDQ3HbYC2IhXUA2N2Vzic5SWBFI6BRmEjWQrrgUNi4a26zZc6jiS
 3OebUYo75t1kkzyRaEf0o3DPnkvo0FQziUJaFpu6Z1/+ZoGu4UURwr/jaA+g1oZC
 6kDyRnygWc=
Issuer-Certificate: MIIB8jCCAVsCAQEwDQYJKoZIhvcNAQECBQAwRDELMAkGA
 1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZm9ybWF0a
 W9uIFN5c3RlbXMgUENBMB4XDTkzMDUyODE3MTEyN1oXDTk1MDUyODE3MTEyN1owR
 DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1EMSgwJgYDVQQKEx9UcnVzdGVkIEluZ
 m9ybWF0aW9uIFN5c3RlbXMgUENBMIGaMAoGBFUIAQECAgQAA4GLADCBhwKBgQDbL
 xaRlS3u54yyRgVDI5dcE9nlasL8fJqOGlyo7xH2FZnr3kUfsFj7OGiYsr6UbvqwK
 nyfMIRUrXDUa64leGmft3SK27psDUHOynRSCc40d/HrDf810U5tnTamBKUIMqivK
 4GoL0tMRA1eX6hALAvLLgK1HbnwZAo6GqQGW8CIJQIBAzANBgkqhkiG9w0BAQIFA
 AOBgQDBp5aC6oV6IuFi8JCctq57bew604HHNllgjjp7zdXafq6jctRg2g91k/yFW
 h19bJC/tNrb0WVwuZOs5L/FToPMNIIHzaW/YSROBmyhTDYaKHZGj0P1+iNjMbHt9
 dm1QEHGIfKgBwFidItnOa74DfkXdijlPRnr/+E2Ib6PM+hEfQ==
MIC-Info: RSA-MD5,RSA,oYEr/QAEej7xkIKviazYDYRo/M7nX1boTNsLaA2xA3J
 wDz5UUaoOlCFpdDJwMQj1vqSt6VfHeLhnbRgjqetMRWiyhpg7a/2NhH92CUQcLfT
 DhUPAJqVfXDwaeLo1cvzg1T14+HFjHeR/vjmQnV+Mp6Ujq77ua1BpQaXSFC0bFdk
 =

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
       Automated Systems Security Incident Support Team
                                              _____
           ___   ___  _____   ___  _____     |     /
    /\    /   \ /   \   |    /   \   |       |    / Integritas
   /  \   \___  \___    |    \___    |       |   <      et
  /____\      \     \   |        \   |       |    \ Celeritas
 /      \ \___/ \___/ __|__  \___/   |       |_____
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
                        Bulletin  93-35
 
        Release date: 20 December 93, 4:45 PM EST

Subject: Release of Security Profile Inspector (SPI) Version 3.0.

SPI is an automated security tool for Unix and VMS operating systems
designed to assist system managers and computer security personnel in
providing and maintaining computer systems security.  The program
could also be a useful tool for designated approval authorities,
accreditors, and other DoD personnel involved in computer system
accreditations/certifications.  SPI inspects various aspects of a
computer system and generates reports on items that may create
security problems for the system.  The program was developed by
Lawrence Livermore National Labs under contract to the U.S. Department
of Energy.  ASSIST provides funding support to the project, and is the
authorized distribution agent for SPI 3.0 within the DoD.

SPI 3.0 provides 6 major inspection utilities:
a. Quick System Profile (QSP)
b. Access Control Test (ACT)
c. Password Security Inspector (PSI)
d. Binary Inspector Tool (BIT)
e. Change Detector Tool (CDT)
f. Configuration Query Language (CQL)
"a" through "d" above are vulnerability detection tools, "e" is an
intrusion (change) detection tool, and "f" is a flexible system for
making varied security inquiries or requests for system data.  All of
SPI's security functions, and some administrative functions are
accessible through a menu-driven user interface that was developed
with ease of use as a priority.  SPI/Unix has been tested on standard
System V, Berkeley Unix, Sunos 4.X, and Solaris 2.X operating
systems.  An extensive configuration script is also included which
will try to configure SPI to as many different version of Unix as
possible.

SPI 3.0 represents a significant revision in the program
architecture, and several new or enhanced features.  The new product
structure contains several "OS extraction libraries" that map
operating system data into elements of a SPI unified security model.
Unix and VMS libraries have been written which allow the security
inspection codes to operate in varied environments.  CQL is employed
as a major new security inspector, and serves as an inspector in it's
own right as well as being an intelligent server of information to
other inspector functions.  The CDT replaces the "file inode" and
"file data change detector" routines contained in previous versions
of SPI, and the consolidation has improved efficiency and reduced
false positives.

The development and increased availablility of automated tools that
probe systems for weaknesses, and information about how to exploit
system weaknesses have added significant new threats to network
environments.  Programs like the Internet Security Scanner (ISS), and
Security Analysis Tool for Auditing Networks (SATAN), will make it
easier for persons with limited expertise to exploit system
vulnerabilities.  ASSIST strongly urges DoD security and system
administration personnel to implement SPI where ever possible, make
every effort to learn about their systems vulnerabilities, and prepare
for an increased volume of network attacks in the near future.

ASSIST will make SPI 3.0 Available to DoD personnel responsible
for security and/or administration on any DoD owned computer system.
The program will also be made available to DoD contractors who submit
a letter of request for SPI 3.0 from the DoD element that is the
sponsor of their activity.  Requests for SPI 3.0 can be submitted to
ASSIST using any of the contact points listed in the final paragraph
of this message.  The program will be available on tape, floppy disk,
and via Milnet ftp.  Note: ftp transfers will only be done with SPI
in DES encrypted format to Milnet sites that have obtained the DES
key from ASSIST.  ASSIST will also be maintaining a mailing list of
SPI-user Milnet email addresses that will be used to distribute and
collect information about SPI 3.0.  Anyone who wants to be included
in this mailing list should send a request via milnet to
dod-spi-request@assist.Ims.Disa.Mil.

ASSIST is an element of the Defense Information Systems Agency
(DISA), Center for Information Systems Security (CISS), that provides
service to the entire DoD community.  If you have any questions
about ASSIST or computer security issues, contact ASSIST using one of
the methods listed below.  If you would like to be included in the
distribution list for these bulletins, send your Milnet (Internet)
e-mail address to assist-request@assist.ims.disa.mil.  Back issues
of ASSIST bulletins are available on the ASSIST bbs (see below),
and through anonymous ftp from assist.ims.disa.mil.

ASSIST contact information: 
PHONE: 703-756-7974, DSN 289, duty hours are 06:30 to 17:00 Monday
  through Friday.  During off duty hours, weekends, and holidays,
  ASSIST can be reached via pager at 800-SKY-PAGE (800-759-7243) PIN
  2133937.  Your page will be answered within 30 minutes, however if 
  a quicker response is required, prefix your phone number with "999"
  and ASSIST will return your call within 5 minutes.
ELECTRONIC MAIL: assist@assist.ims.disa.mil.
ASSIST BBS: 703-756-7993/4, DSN 289, leave a message for the "sysop".

Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key
  encryption tool, to digitally sign all bulletins that are
  distributed through e-mail.  The section of seemingly random
  characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and "BEGIN
  ASSIST BULLETIN" contains machine-readable digital signature
  information generated by PEM, not corrupted data.  PEM software for
  UNIX systems is available from Trusted Information Systems (TIS) at
  no cost, and can be obtained via anonymous FTP from ftp.tis.com
  (IP 192.94.214.100).  Note: The TIS software is just one of several
  implementations of PEM currently available and additional versions
  are likely to be offered from other sources in the near future.


-----END PRIVACY-ENHANCED MESSAGE-----

------------------ RFC822 Header Follows ------------------
Received: by smtpqm.llnl.gov with SMTP;20 Dec 1993 13:51:56 -0800
Return-path: pch@assist.ims.disa.MIL
Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id
 <01H6PDWJNH3K96VTFN@icdc.llnl.gov>; Mon, 20 Dec 1993 13:51:04 PST
Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id
 <01H6PDVXDME896VTFM@icdc.llnl.gov>; Mon, 20 Dec 1993 13:50:40 PST
Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA05422; Mon,
 20 Dec 93 13:51:31 PST
Received: from cheetah.llnl.gov by pierce.llnl.gov
 (4.1/LLNL-1.18/llnl.gov-05.92) id AA05393; Mon, 20 Dec 93 13:51:21 PST
Received: from pierce.llnl.gov (pierce.llnl.gov [128.115.18.253]) by
 cheetah.llnl.gov (8.6.4/8.6.4) with SMTP id NAA22073 for
 <ciac@cheetah.llnl.gov>; Mon, 20 Dec 1993 13:50:05 -0800
Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA05369; Mon,
 20 Dec 93 13:51:08 PST
Received: from assist.ims.disa.mil by pierce.llnl.gov
 (4.1/LLNL-1.18/llnl.gov-05.92) id AA05330; Mon, 20 Dec 93 13:50:23 PST
Received: from shilo.ims.disa.mil by assist.ims.disa.mil (4.1/2.4) id AA05567;
 Mon, 20 Dec 93 16:45:32 EST
Received: by shilo.ims.disa.mil (4.1/2.4) id AA04521; Mon,
 20 Dec 93 16:44:53 EST
Date: 20 Dec 1993 16:44:15 -0500
From: Pete Hammes <pch@assist.ims.disa.MIL>
Subject: ASSIST 93-35
Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV
To: assist-bulletin@assist.ims.disa.MIL
Resent-message-id: <01H6PDWJQ5JM96VTFN@icdc.llnl.gov>
Message-id: <9312202144.AA04521@shilo.ims.disa.mil>
X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov
X-VMS-To: IN%"assist-bulletin@assist.ims.disa.MIL"
Content-transfer-encoding: 7BIT


======================================================================