-----BEGIN PGP SIGNED MESSAGE----- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team _____ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 95-21 Release date: 5 June 1995, 9:30 AM EDT Subject: ASSIST Information Resources. To facilitate the timely distribution of security-relevant information to DoD sites worldwide, ASSIST provides an electronic bulletin board system (BBS) and an anonymous File Transfer Protocol (FTP) system for use by DoD-affiliated personnel. This ASSIST bulletin provides information about connecting to the ASSIST BBS and FTP systems. These services are available to all DoD and DoD interest users. Please call the ASSIST Response Center (ARC) at 1-800-357-4231, when encountering any difficulty accessing the BBS or FTP server and the security analysts on duty will work with you to resolve the problem. In response to a significant increase in the number of users and activity on the BBS system, ASSIST has procured a new enhanced BBS system that is now operational. The ASSIST BBS now provides multi-line capability and support for modem speeds up to 28.8. The database of accounts from the old system was transferred to the new system on 24 May 95, so all users of the previous system with accounts as of that date have valid accounts on the new system. The upgraded system also provides conference areas for exchange of messages and information on specific topics. The phone number listed below for the BBS is new as of 5 June 95. The phone numbers for the old system will be operational for approximately one week after activation of the new system, but accounts will no longer be transferred to the new system. ASSIST plans to further enhance the system by adding telnet access via the MILNET after the appropriate security architecture is operational. The ASSIST BBS is a dial-up system that can be reached via modem at 703-607-4710, DSN 327. The BBS is an open system, and users will be prompted through set up of an account during the initial call to the system. The vast majority of the files are available for unrestricted viewing and download by any user of the BBS. The IBM Antivirus (IBMAV) file area is restricted to access by users who have been verified as being DoD affiliated personnel. The verification process is required to fulfill terms of the licensing agreement with IBM for use of the IBMAV software. ASSIST verifies DoD affiliation by performing a call back to a DSN phone number provided by the person making the request, receiving an e-mail from a .mil address, or through some other arrangement. Once verified, access is granted to the IBMAV file area by an ASSIST BBS system administrator. Users who have questions or problems while on the BBS should go to the "Message Menu" and leave a message for "sysop". To login to the ASSIST BBS you will need: * Personal Computer (PC). * Modem (baud rates up to 28.8 are supported). * Communications software such as Procomm, Procomm+, Smartcom II or III, Crosstalk, etc. * Communication software settings should be: - Data bits: 8 - Stop bits: 1 - Parity: None - Duplex: Full - Terminal emulation: ANSI, VT series or IBM PC are the most common. * File download/upload protocols supported include xmodem, zmodem, ymodem, and ASCII. After you connect to the BBS the first time, the software will prompt you for the necessary input to set up an account. The following is a list of the BBS file areas and a description of content. A detailed listing of file names and descriptions can be viewed by selecting "F" while in the "Main Menu" to switch to the "File Menu", then selecting "L" to list files. File area 1 - ASSIST Bulletins 1991. ASSIST Bulletins issued in 1991. File area 2 - ASSIST Bulletins 1992. ASSIST Bulletins issued in 1992. File area 3 - ASSIST Bulletins 1993. ASSIST Bulletins issued in 1993. File area 4 - ASSIST Bulletins 1994. ASSIST Bulletins issued in 1994. File area 5 - ASSIST Bulletins 1995. ASSIST Bulletins issued in 1995. File area 6 through 9 - Reserved for future ASSIST Bulletins. File area 10 - DOS Security Tools. Security tools for various hardware/software platforms. File area 11 - UNIX Security Tools. Security tools for various hardware/software platforms. File area 12 - Network Security Tools. Security tools for various hardware/software platforms. File area 13 - Miscellaneous Security Tools. Security tools for various hardware/software platforms. File area 14 - General Security Information. Information files related to security on various hardware/software platforms, networks, and other topics. File area 15 - DISSPatch Newsletters. DISSPatch Newsletters. File area 16 - Publications, Policies, Regulations. This file area contains security related publications, regulations, policies, standards, and guidelines. File area 17 - CHIPS. CHIPS - Navy computer security newsletters. File area 18 - Rainbow Series The National Computer Security Center Rainbow Series. File area 19 - IBM Anti-Virus (area restricted to DoD only) IBM Anti-Virus software and documentation. File area 20 - Training and Conferences. Information on INFOSEC related training and conferences. File area 21 - NIST Computer Systems Lab (CSL) bulletins. CSL Bulletins. File area 22 - File uploads. File area for uploads to ASSIST, accessible by BBS admin personnel only. All files are reviewed by ASSIST before being made available to BBS users. ASSIST has an anonymous FTP system that is available to every DoD system registered with the Defense Data Network (DDN) Network Information Center (NIC), or local Domain Name Service (DNS). The FTP file system is identical to that of the BBS with a few minor exceptions. Messages cannot be left for ASSIST using FTP, but messages can be sent via Milnet e-mail to assist@assist.mil. Milnet users can access the system by FTPing to Milnet address assist.mil (IP 199.211.123.11), and entering anonymous as the user ID and their e-mail address as the password. If the user sees the message "Connection refused by remote host", assist.mil did not resolve the incoming address as a .mil. If the user sees the message "Connection timed out", assist.mil could not determine whether or not the incoming address was a .mil in the allotted time. assist.mil will first attempt to resolve the incoming FTP address with the NIC, and failing there will then try DNS. If a search has to be performed on DNS, slow networks or failure to immediately locate the address can result in a timeout of the connection before the address is resolved. The best way to avoid FTP connection problems is to register DoD systems with the NIC. For NIC registration information, call 800-365-DNIC, 703-802-4535, e-mail to nic@nic.ddn.mil, or contact the DDN Project Management Office for your DoD element. For those who are unable to register systems in a timely manner, access to the FTP server can be granted if the IP (numeric) address of the system attempting to connect is provided to ASSIST. To access the ASSIST anonymous FTP system: * ftp to 199.211.123.11 from a NIC or DNS-registered system with Milnet connectivity. * A successful connection will display the following on your terminal: ftp assist Connected to assist. 220 assist FTP server (Version wu-2.1c(6) Tue Mar 22 15:06:15 EST 1994) ready. Name (assist:): * Then type: anonymous * System will then display: 331 Guest login ok, send your complete e-mail address as password. Password: * Then type: The anonymous FTP resource is a Unix system. Type: ls -l to list the files in a directory, and cd to change from the current directory to another directory called directory-name. To download a file, type: get to download a file identified as file-name. The default file type is ASCII. If you are downloading a binary file (i.e. an executable or encrypted), change to binary mode first by typing: binary To change back to ASCII, type: ascii After a successful login, a directory listing (ls -l) will show the following: d--x--s--x 2 root 512 Dec 17 1993 bin drwxr-sr-x 2 root 512 Nov 30 1993 dev d--x--s--x 2 root 512 Dec 17 1993 etc drwxrwx-wx 2 root 512 May 16 13:09 incoming drwxr-s--x 3 root 512 May 10 21:19 outgoing drwxrwsr-x 14 root 512 May 3 08:13 pub d--x--s--x 3 root 512 Nov 30 1993 usr drwxr-sr-x 2 root 512 Sep 28 1994 www Next, change directory to pub (cd pub) where a directory listing (ls -l) will show the following. NOTE: Each directory has an INDEX file that contains file names and descriptions for that directory. drwxr-sr-x 6 root 2560 Jun 15 20:46 ASSIST.bulletins drwxr-sr-x 2 root 512 Jan 7 1994 CHIPS drwxr-sr-x 2 root 512 Jun 29 07:56 CSL drwxr-sr-x 2 root 512 Jan 7 1994 DISSPATCH drwxr-sr-x 2 root 1024 Jun 16 18:19 IBMAV - -rw-r--r-- 1 root 694 Jun 29 09:08 INDEX drwxr-sr-x 2 root 512 Jun 29 09:34 MLS drwxr-sr-x 2 root 2048 Jun 29 12:48 general.info drwxr-sr-x 3 root 512 Mar 31 12:04 patches drwxr-sr-x 2 root 1536 Jun 29 14:51 pubs.policy.regs drwxr-sr-x 2 root 1024 Jan 7 1994 rainbow.series drwxr-sr-x 2 root 512 Mar 14 10:10 security.products drwxr-sr-x 5 root 1024 Jul 5 14:54 tools The contents of the directories listed above are as follows: Directory /pub/ASSIST.bulletins/ASSIST91 ASSIST Bulletins issued in 1991. Directory /pub/ASSIST.bulletins/ASSIST92 ASSIST Bulletins issued in 1992. Directory /pub/ASSIST.bulletins/ASSIST93 ASSIST Bulletins issued in 1993. Directory /pub/ASSIST.bulletins/ASSIST94 ASSIST Bulletins issued in 1994. Directory /pub/ASSIST.bulletins/ASSIST95 ASSIST Bulletins issued in 1995. Directory /pub/CHIPS CHIPS Navy computer security newletters. Directory /pub/CSL NIST Computer Systems Labs (CSL) Bulletins. Directory /pub/DISSPATCH DISSPatch newsletters. Directory /pub/IBMAV IBM Anti-Virus software and documentation. Directory /pub/MLS Information from the Center for Information Systems Security (CISS) Multi-Level Security Directorate. Directory /pub/general.info Information files related to security on various hardware/software platforms, networks, and other topics. Directory /pub/patches System security patches and related documentation. Directory /pub/pubs.policy.regs Security related publications, regulations, policies, standards, and guidelines. Directory /pub/rainbow.series The National Computer Security Center Rainbow Series. Directory /pub/security.products Information from the CISS Security Products Directorate. Directory /pub/tools Security tools for various hardware/software platforms. Included are subdirectories for Digital Encrytion Standard (DES) software, The Security Profile Inspector (SPI) for UNIX (in encrypted form, DES key available from ASSIST), and the Security Products Database Read Only Catalog (SPD/ROC). <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ASSIST is an element of the Defense Information Systems Agency (DISA), Center for Information Systems Security (CISS), that provides service to the entire DoD community. Constituents of the DoD with questions about ASSIST or computer security security issues, can contact ASSIST using one of the methods listed below. Non-DoD organizations/institutions, contact the Forum of Incident Response and Security Teams (FIRST) (FIRST) representative. To obtain a list of FIRST member organizations and their constituencies send an email to docserver@first.org with an empty "subject" line and a message body containing the line "send first-contacts". ASSIST Information Resources: To be included in the distribution list for the ASSIST bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.mil. Back issues of ASSIST bulletins, and other security related information, are available from the ASSIST BBS at 703-607-4710 DSN 327-4710, and through anonymous FTP from assist.mil (IP address 199.211.123.11). Note: assist.mil will only accept anonymous FTP connections from Milnet addresses that are registered with the NIC or DNS. If your system is not registered, you must provide your MILNET IP address to ASSIST before access can be provided. ASSIST Contact Information: PHONE: 800-357-4231 (or 703-756-7974 DSN 289), duty hours are 06:00 to 22:30 EDT (GMT -4) Monday through Friday. During off duty hours, weekends and holidays, ASSIST can be reached via pager at 800-791- 4857. The page will be answered within 30 minutes, however if a quicker response is required, prefix the phone number with "999". ELECTRONIC MAIL: Send to assist@assist.mil. ASSIST BBS: Leave a message for the "sysop". ASSIST uses Pretty Good Privacy (PGP) 2.6.2 as the digital signature mechanism for bulletins. PGP 2.6.2 incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is available via anonymous FTP from net-dist.mit.edu (IP 18.72.0.3) in the file /pub/PGP/rsalicen.txt. In accordance with the terms of that license, PGP 2.6.2 may be used for non-commercial purposes only. Instructions for downloading the PGP 2.6.2 software can also be obtained from net-dist.mit.edu in the pub/PGP/README file. PGP 2.6.2 and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. The PGP signature information will be attached to the end of ASSIST bulletins. Reference herein to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by ASSIST. The views and opinions of authors expressed herein shall not be used for advertising or product endorsement purposes. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi4uZ40AAAEEAM1uraimCNeh5PtzX7KoGxC2u8uMTdl8V5sujk3MHbWvCuOM W0FqDy5s9iwfQLZWzJ7cbM6L0mNOj8eJGoz7TqGKZDDRFlKAwg0x8joleZLC2gXw FVdF/g6Mdv7ok7heoa+Y//YMeADnsSrmzqLCnhFbKYffww3EbdH6sbnW3Io9AAUR tB9BU1NJU1QgVGVhbSA8YXNzaXN0QGFzc2lzdC5taWw+iQCVAwUQL1xx7tH6sbnW 3Io9AQEBYwP9FvIJbnKjtMLUj8ghd6hophSx8WZnfQsOmZX/BbX8vKz1a5BkBn4q ANvW+uKGdUlE8LLMEm1PD59Cihcb3OoWDOU8zIOIErvry4eqa+LzEXV8nnBdes+A a1MCMGSz+K3OaP78lQ7JCGoY9TXTWIelfAdBVBG4VQcSQRn8tjRdG2e0KEFTU0lT VCBUZWFtIDxhc3Npc3RAYXNzaXN0Lmltcy5kaXNhLm1pbD6JAJUCBRAuLnHoh0Y9 0jC+b6kBAU0TA/4yXSL7K6tcfVm9ACnP4crCoutFM2w10e7YKxD850ajhWrh6rI9 O+sjU5WObqiPJ7sZHdEw/KARzPSijH/5h8HlyYa6ClksWxYuymzCsUYYJctdjcGr uakfXgYQ1TkkyUfNrN5G90NuRK/vTRe7bkmyGNYjN9Njac1Q18WVF59Chg== =d5rP - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBL9MF9tH6sbnW3Io9AQGflwQAqvV18z3wv3gvTVaX0BLJyCiUK3Jdsk/N Idge9hIz30mjIl/BWKCs/nEvYgKRaK8kuot3DoYz0dT6cPa59xxbd0VM6hLTQShp SHgoLGxGNF+2u1rheGBZjC1LY87dokDrDaqSx3eHywm4sLsI72xEjtmdqVWF7YTw /7Zeh+FYMdk= =5qaH -----END PGP SIGNATURE-----