that on the surface perform a legitimate function but which also or instead compromise confidential information such as passwords or provide special easy access paths for unauthorized persons); or programs that perform unauthorized functions in organizational environments (e.g., eavesdropping on cleartext network communications, interfering with network or system operations, copying displayed information to files or e-mail messages).

One of the most effective countermeasures is employee education. Most users are motivated by sound ethical principles but may not realize that when they bring a new program onto their machine from a friend or Internet site, the program may be contaminated with a virus or Trojan horse. Other ways of managing organizational software content include controlling the loading of unauthorized software by disabling floppy and CD-ROM drives on individual workstations; forcing workstations to obtain applications they run from organizational servers whose content is closely controlled; running software census programs that record versions, configurations, and cryptographic checksums of software loaded on distributed machines (e.g., using the program tripwire); scanning machines on the organizational network for unauthorized active service ports (e.g., using the SATAN script collection15); and prohibiting or logging all file transfers from outside the organization (e.g., through the file transfer protocol or WWW protocols). In general, it is dangerous to offer network services that are not needed and that do not perform an identified valuable function for organizational operations. Whenever a new service is enabled-for example, a new network service or some of the newer distributed software technologies such as Java and other component-based systems-testing should be extremely thorough and careful, and conducted in networking environments that are well monitored and isolated from the overall organization until confidence in proper function is established. New component-based software tools may both facilitate the more effective organizational management of distributed software and introduce new ways to bypass system administrator security controls. Adopt-

15  

SATAN stands for Security Administrator Tool for Analyzing Networks and is a testing and reporting tool that collects a variety of information about networked hosts by examining network services. It can report data, investigate potential security problems (with a simple rule-based system), and provide pointers to patches or workarounds. In addition to reporting vulnerabilities, SATAN gathers general network information (network topology, network services run, types of hardware and software being used on the network). SATAN has an exploratory mode that allows it to probe hosts that have not been explicitly specified; thus making it a potential tool for attackers. For more information see ftp://info.cert.org/pub/cert_advisories/CA-95%3A06.satan.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement