REPORT DOCUMENTATION PAGE Public reporting burden for this coilection of information is estimated to average 1 hour per response including the time for reviewing instructions searching existing data sources gathering and maintaining the data needed and completing and reviewing this collection of information Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to Washington Headquarters Services Directorate for Information Operations and Reports 1215 Jefferson Davis Highway Suite 1204 Arlington VA 22202-4302 and to the Office of Management and Budget Paperwork Reduction Project WWI-0188 Washington DC 20503 1 AGENCY USE ONLY Leave blank 2 REPORT DATE 3 REPORT TYPE AND DATES COVERED Summer 1998 Newsletter Vol 2 No 4 TITLE AND SUBTITLE 5 FUNDING NUMBERS Information Assurance Technology IA Newsletter 6 Information Assurance Technology Analysis Center 7 PERFORMING ORGANIZATION NAMEIS AND 8 PERFORMING ORGANIZATION REPORTNUMBER IATAC Information Assurance Technology Analysis Center 3190 Fairvicw Park Drive Falls Church VA 22042 9 SPONSORING I MONITORING AGENCY AND 10 SPONSORING I MONITORING AGENCY REPORT NUMBER Defense Technical Information Center DTIC-IA 8725 John J Kingman Rd Suite 944 Ft Belvoir VA 22060 11 SUPPLEMENTARY NOTES 12a DISTRIBUTION STATEMENT 12b DISTRIBUTION CODE Approved for public release distribution is unlimited A 13 ABSTRACT Maximum 200 Words The Information Assurance Technology Newsletter is published quarterly by the Information Assurance Technology Analysis Center IATAC The summer '98 issue continues the focus on current information assurance initiatives underway within the Department of Defense An overview of the IA Tools Database is provided that highlights the current collection of Vulnerability Analysis tools In addition two new sections have been added Industry Initiatives and Perspective 14 SUBJECT TERMS 15 NUMBER OF PAGES Information Security Information Assurance Information Warfare ll 16 PRICE CODE 17 SECURITY CLASSIFICATION 18 SECURITY CLASSIFICATION 19 SECURITY CLASSIFICATION 20 LIMITATION OF ABSTRACT OF REPORT OF THIS PAGE OF ABSTRACT UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED None mic scrim For the last few years United States Strategic Command has incorporated computer network attack CNA scenarios into its annual major exercise known as GLOBAL GUARDIAN The primary purpose of including CNA is to test the processes we have in place in case of a real attack against our information infrastructure During the rst couple of exercises we kept the attacks simple They were designed sole- 1y to raise the awareness of Command members Although we continue to employ scenarios to educate users we now use sophisticated on-line attacks to test the security posture of the Command's systems and key personnel The attack scenarios for our most recent exercise GLOBAL GUARDIAN were developed months prior to the actual start date of the exercise The attacks we developed focused on affecting the decision mak- ers in the Command the pur- pose of information operations We accomplished this by con- centrating our efforts on how we could realistically affect the con dentiality integrity and availability of data however one of the rules of engagement was not to modify or change any data We worked closely with our intelligence personnel to ensure our attacks were consis tent with the overall scope of the exercise To carry out the by Mr Ward Parker attacks we employed Command red team members and other organizations to act as enemy agents Our goal was to make the attacks seamless in the sense that they were all related and graduated in severi- ty The attacks ranged from attempting to penetrate the Command from the Internet to a bad insider with access to a key command and control sys- tem The attackers also war dialed our phones to tie up the phones and sent faxes to numerous fax machines throughout the Command Attackers also claimed they had the ability to shut down our sys- tems Security Tools for Network Centric Warfare The news media are replete with reports of attacks via the Internet on networks and computer systems around the world often specifically through the increasingly wide 3pread World Wide - Web Although many of these attacks take advantage of well known secu- rity aws and vulnerabilities in complex operating systems such as UNIX and Windows NT some systems continue to be infected with computer viruses which can seriously disrupt a company's business and also disrupt war ghting operations and exercises Although the exact origin of many viruses is often not known the rea son for the spread of the viruses can be easi ly explained All it takes is one individual with one corrupt disk or one corrupt program downloaded from the Internet and the virus is inside the network Once inside if the virus signatures in the network antivirus software are not up to date or virus scans are not performed when programs are opened the virus by Li Reese Zomar USN Navy Program Office can propagate undetected and uncontrolled A number of tactical systems on board naval vessels were originally designed to operate in a closed environment how ever with the end-to end world wide network connectivity that comes with network centric warfare the environment is no longer closed Many of the best known and most common attacks that occur on the Internet are those that target information integrity by cor- rupting or destroying it usually by using agents such as viruses Another common class of attack commonly called denial of service attacks seeks to deny Vol 2 No 1 Summer 1998 IATAC is a DoD-Sponsored Information Analysis Center Administered by the Defense Technical information Center Perspective ARL Primes Army iA Capability Industry initiatives Is Your Network Under Attack lA Tools 6 Summary Vulnerability Analysis 3 4 DIA IW Course 5 8 IATAC chat 9 Calendar 1 0 What's New Product Order Form The lANewsietter is pub lished quarterly by the Information Assurance Technology Analysis Center IATAC The Summer 98 issue continues the focus on current information assurance initiatives under- way within the Department of Defense An overview of the IA Tools Database is provided that highlights the current collection of Vulner- ability Anaiysis Tools in addition two new sections have been added Industry initiatives and Perspective Writing for IANewsletter We welcome your input and comments on rotated arti- cles photos notices fea- ture programs or ideas for future issues it you re inter- ested in writing for the IA Newsletter contact Christina Wright at the address below Accessing 8283 Greensboro Drive Allen Bldg 663 McLean VA 22102 703 902 31 77 703 902-3425 703-902-5869 STUmlil Fax 902-3991 E_ma_it iatac@dtic mil intelinka intelink rome ic gov iatac Director and Editor Robert Thompson Collection Analysis Alethia Tucker Art Production Manager Christina Wright Webmaster Steve Gunther 2 I 5 continued from cover use of the system using tech niques such as message ood- ing Still other attacks such as Internet Protocol IP address spoo ng focus on allowing the attacker to masquerade as a valid user who can then plant bogus information or deny access It is well known that opening a hostile Webpage with imbedded code oper ating in the background that may be malicious can lead the innocent user into a scenario where he she may be unknow- ingly infecting a ship's warfight ing networks and computer sys- tems with potentially dangerous software agents As the Navy embraces the concept of network centric war- fare security is being empha- sized and implemented as an integral part of the network infrastructure Using secure protocols turning off unused services and designing applica- tions that periodically incorpo- rate operating system patches has recently become standard practice The Navy Information Systems Security Program Of ce at the Space and Naval Warfare Systems Command SPAWAR has developed a Network Information Assurance Team NIAT that has been inte- grated into an existing Battle Group Systems Integration Test BGSIT process Using a variety of commercially available secu- rity tools the NIAT examines the afloat security posture of the various integrated shipboard networks and provides ships with the means to combat threats to their information sys- tems The rst phase of a typical NIAT visit includes a meeting with the ship s systems adminis trators and a tour of the comput- er spaces both classi ed and unclassi ed During the meet- ing the team explains that its primary job is security but that it is also willing to provide net work technical and also admin- istrative support where needed The second phase is a net- work scan and mapping using tools such as Strobe Ballista and SATAN These tools provide a network overview and probe for known vulnerabilities More and more security tools are available to today's network administra- tors and the NIAT team is always willing to try any com mercially available tools that are user friendly and not overly complex The NIAT has begun providing copies of the security tools with training to ship- board personnel who are responsible for operating and maintaining networks Phase 3 concentrates on net- work policy including le struc- ture system security policy and password policy The NIAT cur- rently uses the Kane Security Analyzer to scan le structure and system security policy The main tools used to test password policy are Pass Crack and LOpht- crack The final phase of the visit is a recommendation and educa- tion phase During this period the team provides its security recommendations reviews find ings of the scans discusses best known practices outlines indus try solutions and holds classes on topics such as Windows NT administration Transmission Control Protocol Internet Proto- col Domain Naming System DNS and router access control lists The most recent versions of antiviral software are always provided One of the most important bene ts of the NIAT is that the team provides feedback to system developers integrators and implementers helping to ensure that future releases of the war ghting application soft- ware have the security problems xed Over the past 5 months the NIAT has provided systems sup- port to the USS LINCOLN CVN- 72 and USS EISENHOWER CVN-69 Battle Groups BG and the USS ESSEX LHD-Z USS WASP and USS SAIPAN Amphibious Readiness Groups ARG Additionally the team has pro- vided valuable training antivirus and con guration sup port in the network security arena to units and commands located at various shore sites Because of the high quality of assistance the number of requests for shipboard and ashore NIAT assistance is growing Captain Dan Galik Program Manager for Navy Information Security INFOS- EC notes that with the rapid advances being made in infor- mation technology it is very dif- ficult to provide our sailors and other Navy personnel with the required technical training to keep pace with these technical advances particularly in the area of network security Our sailors need hands-on expert technical help and that's one of the key bene ts that NIAT is providing In its relatively short existence the NIAT program has been recognized throughout the fleet for security excellence formal Zomar has a in r ltif tlsp ltft i and a 13 5 in Metltemattcs from tutti crafty of Colorado lite received his AILS in Electrics Enginer-v ing t mn t Rotisserie-tor Polytecfmic Institute LT Zomar reported aboard SIWIVAR in August of 1997 after serving in the 5-3 Viking community He may be reached at 619 52-l Y3-10 or viz-3 entail arrmarrti tspa war no try in Vol 2 No 1 Summer 1998 - n AssumecemQapahili The Army Research Lab ARL seeks ways to reduce the risks associated with future digitized land warfare by executing funda- mental research and analysis leading to development of new information assurance IA tech- nology ARL pursues this objec- tive by analyzing the Army War ghter Experiments AWE a series of coordinated events that will determine the right blend of technology for the rst digitized division and corps by gaining practical experience in computer incident response and by execut- ing its research programs that help to develop the operational concepts of the Army After Next AAN the overarching vision for the future Army Achieving AAN vision places unprecedented reliance on infor- mation and the technology that supports its processing and distri- bution The Army's concern for IA stems from its understanding of the potential consequences of failed or corrupted access to information ultimately the loss of lives ARL has been involved with the development of information technology since the earliest days of modern comput- ing machines ARL's predecessor laboratories pioneered digital computing creating ENIAC one of the rst functional digital com- puters ARL currently operates the DoD's Major Shared Resource Center MSRC for classi ed information as well as the Army's High-Performance Com- puting Research Center This experience and resources unique- ly qualify ARL to conduct basic and applied IA research at the forefront of the era of digitized warfare an era that places new value on information and its assured distribution The AWE series reveals signi cant challenges for battle eld information assurance In collab oration with the Army Digiti- Vol 2 No 1 Summer 1998 zation Office ADO ARL pro- vides analysis to identify and characterize vulnerabilities in command and control C2 sys- tems for the First Digitized Division Corps The fundamental technical capability that distinguishes the is the Tactical Internet TI The TI is a complex adaptation of the protocols used on the public Internet shared across new fami- lies of automated battle eld infor- mation processing systems ARL i ve i and military interest in the public Internet MILNET These poten- tial problems can be examined using a coordinated approach that produces dual-use solutions One of ARL's unique capabilities lies in having an analytic element within its organization focused on the survivability of the TI as described above and another operating to protect ARL's own computer net- work operations ARL has gained practical knowledge in MILNET by LTC Paul Waiczak Army Research Laboratory incident detection and response through its computer security incident response lab operated by the Computer Security Incident Response Team CSIRT Led by Angelo Bencivenga the CSIRI oversees 6 000 nodes that comprise common commercial hardware and software compo- nents located at several sites in the continental United States Through its monitoring intrusion detection and analytic activities CSIRT pumps fresh data into ARL's corporate repository and ltered network traf c data which is made available to directed research projects The CSIRT has been recognized for success in developing organiza- tional procedure and in re ning off the-shelf assurance tools extending their functionality and performance while reducing the number of false alarms Analyses of both the digital tac- tical network and the MILNET provide a well-grounded basis for ARL's IA research program information Warfare Course The Introduction to Inform- ation Operations course taught at the Defense Intelligence Agency DIA offers intelligence profes- sionals a current picture of what is happening in the Department of Defense in Information Operations IO A ticket to this course is a must for the well- rounded well-educated informa- tion specialist in Mr Douglas Dearth who teaches and facilitates the class at the Joint Military Intelligence Training Center draws a very diverse cross-section of civilian government and military personnel into the classroom which offers the attendees a chance to network with their peers in other government organizations The real missing piece of information that the attendee gains from attending this course is the intelligence slant of 10 today and especially GLOBAL GUARDIAN provided us the oppor- tunity to test our newly-developed Information Operations Conditions more com monly known as INFOCONs Our INFO-CONS serve as a noti cation mecha- nism to warn the Com-mand of possible increasing threats to our information infrastructure Once the attack was identi ed we wanted to assess how fast the Command could respond by changing the INFOCON As the exercise progressed INFOCON levels changed several times giv- ing us the opportunity to assess the effectiveness of the INFO- CON concept We were extremely pleased with how rapidly the Command raised INF OCON levels Proper procedures and training allowed a chance to talk with some of our allies in a special brie ng and open exchange session This course helps the student think from the current global perspec- tive This course provides a nonat tributional forum where brie n- gs and discussions are held at various levels of classi cation Students are required to have a Top Secret level clearance to attend which allows for speci c and timely information to be pre- sented candid discussions observations and an open exchange of ideas from the diverse audience Students have time during the week to re ect on what they are being taught and plan how to apply that infor- mation to aid their own organiza- tions This course along with the Information Operations Warfare and Strategy course offered by NDU is needed for continued from cover the Command to quick- ly raise the INFOCON levels to the appropri- ate level of threat The Command is now in the process of dis- seminating the CON system to our task forces for implementation We were also impressed with the response of our front-line defenders our system adminis- trators who were extremely vig ilant in monitoring computer audit logs and other anomalies that might signify an ongoing attack Our computer emer- gency response team was also instrumental in identifying the attacks reporting them up the chain of command and making recommendations to limit the damage of the attack Senior level leadership was also very supportive of our activities x by Ms Joan Pittman 1 the whole overview of Information Operations A great amount of valuable printed material from some of the briefers supplements the contin- ual ow of seminar like briefings that the students attend Supplemental reading is recom- mended and additional materials are generously provided This enlightening 5-day course is offered only threetimes a year and is generally open to Infowarriors at the GS ll and above civilian level and cap tains through colonels military level The course usually accom modates a group of about 35 for each class offering Mr Dearth is the point of con- tact If you want to attend call 202 231-3290 428-3290 or email dhdearth@aol com If accepted you may be placed on a waiting list but this course is worth waiting for understanding that timely accurate information is vital to accomplishing the mission GLOBAL GUARDIAN has provided us with a venue for measuring the effectiveness of the Command s information assurance posture during times of heightened danger allowing us to emphasize the threat of computer network attack to the war ghter We plan to increase the level of CNA in future GLOBAL GUARDIAN exercises to imitate as closely as possible the technical capabilities of a hostile source li hro Pmtker Vol 2 No 1 Summer 1998 k Your data is vulnerable but how vulnerable What is the risk to your data from internal or external attacks You need to think like the enemy to truly understand the security issues associated with your data Your network is extremely complexw data exists on the wire and on every node In a system with vulnerabilities prying eyes can capture data easily Under- standing the vulnerabilities within your network is the first step to securing your data AXENT Technologies Inc recently introduced a new secu- rity tool to help address these issues This tool NetRecon is a third generation vulnerability scanner It uses a technology called UltraScan to nd vulnera- bilities in an entire network Unlike all other scanners that locate vulnerabilities on each system in isolation NetRecon uses vulnerabilities from one or more systems to find additional vulnerabilities on the rest of the systems With this technology NetRecon can prove that your network is only as secure as the weakest system in the network Working as a Tiger Team NetRecon starts by scanning in parallel for vulnerabilities on all systems As data from the sys- tems are retrieved other scans are initiated by coupling the data retrieved and using that as input to the systems found A Tiger Team takes the informa- tion gathered couples it and uses the resulting data to attack all systems discovered As shown in the figure below NetRecon nds login vulnerabil- ities on one system password files on a second system and File Transfer Protocol FTP services from yet another Those vulnerabilities are duly noted and then NetRecon scans at the next level Using UltraScan NetRecon couples these three separate vulnerabili- ties builds a new set of objec- tives and attacks all systems discovered With this technolo- gy NetRecon can nd vulnera- bilities on systems previously thought to be highly secure UltraScan builds and rebuilds the attack objectives every time data from multiple systems can analytically be coupled for future attacks NetRecon provides immedi- by Steve Jackson AXENT Technologies inc Vol 2 No 1 Summer 1998 ate feedback to the user inter- face on vulnerabilities found Within seconds of starting a scan results are displayed graphically as Well as in text for mat for immediate viewing and manipulation Hypertext Mark- up Language HTML page entries are built for each vulner- ability found with hot links to locations providing solutions for those vulnerabilities These solutions provide a point and click method to correct the vul- nerabilities within the network Unlike other scanners that oper- ate only on the Internet Protocol IP NetRecon scans multiple protocols IP IPX SPX and Windows Networking NetRecon makes it possible to determine nodes names crack- ing passwords find services such as telnet login http N18 and smtp running on UNIX NT and other platforms exploit and attack those services and get through the barriers currently in place This process informs management of the potential threats and provides solutions to those threats NetRecon not only provides UltraScan results across multiple protocols in an easy-to read HTML report but those results are displayed immediately for quick feedback when running NetRecon NetRecon offers secu- rity solutions to secure your data and to assist your organization by providing a better under- standing of how a hacker could break through security barriers currently in place For more information con- tact AXENT Technologies Inc at or on-line at Stove Jackson I ti rl t VIl til his in i izm iputcr Science from Brigham University in 1982 He the Omn iCtIaFCl Efli f i pl iSf Security ili mager as-v1 13 mtiuci' Manager for AXENT Tedmologies Int The Information Assurance Tools Database hosts information on intrustion detec tion vulnerabil- ity analysis firewalls and antivirus appiia tions A brief summary of Vulnerabilility Analysis Tools is provided on these two pages For more informa- tion see the IATAC Product Order Form on page it Title Attributes Ballista comprehensive vulnerability analysis Checqusers simple vulnerability analysis Chkacct simple vulnerability analysis CONNECT simple vulnerability analysis COPS comprehensive Computer vulnerability analysis Oracle and Password System CPM Check simple vulnerability Promiscuous analysis Mode Crack password cracker DOC simple vulnerability Domain analysis Obscenity Control DumpAcl simple vulnerability analysis ESPRIT risk analysis Expert System for Progressive Risk Identi cation Techniques ICE-PICK comprehensive vulnerability analysis simple vulnerability analysis Internet comprehensive Scanner vulnerability analysis KSA misuse detection Kane system monitoring Security comprehensive Analyst vulnerability analysis password cracker Netective simple vulnerability analysis NetRecon comprehensive vulnerability analysis Description Network security auditing tool used to discover weaknesses in networked environments Identi es users logged onto the current machine from insecure servers Designed to check the settings and security of the current user's account This lbin sh shell script scans a range of Internet Protocol IP addresses for machines that offer the Trivial File Transfer Protocol TFTP service COPS is a security toolkit that examines a system for a number of known weaknesses and alerts the system administrator to them CPM checks whether any network interface on a host is in promiscuous mode Password-cracking program with a con guration language that allows the user to program thetypes of guesses attempted I DOC diagnoses misconfigured domains by sending queries to the appropriate domain name system DNS nameservers and performing simple analysis on the responses DumpAcl dumps the permissions and audit settings for the Windows NT les system registry user group information and printers in a concise readable listbox format so the user can identify readily apparent security vulnerabilities Risk analysis and risk management tool that provides a detailed analysis of an information system in terms of assets threats to assets vulnerabil- ities and countermeasure recommendations Automated security tool used to evaluate the vulnerabilities of network- based systems that use Scans remote hosts for active Transmission Control Protocol TCP services Performs scheduled and selective probes of network communication services operating systems key applications and routers in search of common vulnerabilities that open the network to attack I KSA assesses the security status of a Novell and Windows NT network and generates reports in six areas password strength access control user account restrictions system monitoring data integrity and data confidentiality Comprehensive password cracker for Windows NT system and local area network LAN manager passwords Identifies security vulnerabilities at both the operating system level and the network level Netective validates the system using MD5 checksums and other security checks on system les operating system patches file permissions and system passwords Runs on a Windows NT workstation and probes networks and network resources NetRecon's UltraScan technique allows it to immediately dis play vulnerabilities as they're detected quickly perform deeper probes Vol 2 No 1 Summer 1998 Title Attributes NetSonar comprehensive vulnerability analysis NSS comprehensive Network vulnerability analysis Security Scanner Nfsbug simple vulnerability analysis Omniguardl comprehensive ESM vulnerability analysis Perl Cops comprehensive vulnerability analysis PINGWARE comprehensive vulnerability analysis RiskWatch v7 1 risk analysis SATAN comprehensive Security vulnerability analysis Analysis Tool for Auditing Networks Secure Sun simple vulnerability analysis Snoopy Tools comprehensive vulnerability analysis comprehensive vulnerability analysis Strobe vulnerability anlaysis System comprehensive Security vulnerability analysis Scanner Tiger comprehensive vulnerability analysis ToneLoc war dialers Trident risk analysis Information Protection Toolbox VISART risk analysis Value of Information Structured Analysis Risk Tool Xscan simple vulnerability analysis Vol 2 No 1 Summer 1998 Description Using NetSonar from a central console the user can assess the security state of an enterprise's entire network track historical vulnerability trends and create reports of potential security risks Scan individual remote hosts and entire subnets of hosts for various simple network security problems The majority of the tests can be performed by any nonprivileged user on a typical UNIX machine Nfsbug checks for a variety of configuration errors in NFS mountd and portmapper daemons Platform-independent security management tool that enables the user to manage and evaluate diverse systems according to unique customizable security policies Security toolkit that examines a system for a number of known weaknesses alerts system administrator to them PINGWARE systematically scans and tests all the systems on a based network from a single workstation Conducts automated risk analysis and vulnerability assessments of information systems including data centers application programs 7 facilities networks and field offices SATAN scans systems connected to the network noting the existence of well-known often-exploited vulnerabilities This program checks for 14 common con guration security vulnerabilities A suite of programs that determine what network services are running under and attempt to exploit bugs in those services Supports multihost system security inspections managed from a designated command host These inspections include access control testing system file authentication file system change detection pass word testing and common system vulnerability checks Network security tool that locates and describes all listening top ports on a remote host or on many hosts Assesses operating system con guration le permissions and ownership network devices account setups program authenticity and common user-related security issues such as guessable passwords Used to check for security problems on a UNIX system it scans system con guration les le systems and user con guration les for possible security problems and reports them Scans a block of telephone numbers for active dial-up services Trident's Toolbox is a set of three complementary tools that assist in protecting critical information assets Under development This tool allows the user to analyze systems their vulnerabilities and possible threats and quantify what types of counter- measures are justifiable in terms of cost This utility scans a host or a range of hosts for unprotected displays ne Supportsfor User-Inquities IATAC offers the DOD a quick response capability for IA techni- cal inquir ies User inquiries vary in nature from I'd like to receive a copy of the Vulnerability Analysis Report to more complex requests such as how do you develop secure code for web pages Inquiries are received via the IATAC home page e-mail telephone verbally at meetings and or tasking from the IAC Program Management Of ce IAC PMO For IATAC to process the inquiry the requestor must be a registered DTIC user ref http l ml Inquiries fall into 4 cate- gories Basic requests for informa- tion requiring 8 technical hours Another basic component is up- to-date knowledge of research conducted in academia other government agencies and com- mercial activities especially DARPA the other service basic research labs and ARL's collabo- rating partners ARL strives to leverage progress made else where and eliminate duplication of effort by identifying common areas of interest and opportuni- ties for collaboration Its objec- tive is to identify IA research needs bearing on land warfare or the institutional Army that are not being met through external programs These land warfare digitization challenges are gener- ally related to assured informa- tion services for highly mobile ground combat in theaters of operation that are likely to be composed of coalition forces ARL's approach to IA orients the lab's traditional areas of expertise to address relevant IA problems This approach directs ARL's scienti c capabilities information technology human or less to complete Funded through existing IATAC opera- tions Extended requests for infor mation requiring 8 24 technical hours to complete Funded on a cost recovery basis Search Summary consists of but not limited to a literature search and printout of relevant abstracts to include reviewing the abstracts and identifying the most pertinent information and requiring 24 40 technical hours to complete Review Analysis addi- tional to extended and search summary efforts support con sists of direct consultation with staff and or consulting subject matter experts a brief paper syn thesizing the results of the tech- continued from page 3 factors and electromagnetic effects to IA needs that are de ned not only by the technical environment but equally by operational doctrine and future warfighting concepts The prob- lem domain consists of chal- lenges that impede ful llment of the Army's near-term to 2010 digitization objectives as well as those for the AAN End- users testers and evaluators ARL industry consultants and developers of future doctrine and force structure identify these challenges which ARL assimi- lates as input to its program of IA research Major ARL thrusts bear- ing on IA problems include 9 Developing advanced tactical telecommunications protocols Applying intelligent software agents to assure information systems 4 Researching human factors to understand how Army organi- zations value consume and protect information 6 Investigating survivable sys- tems principles to create new by Mr Robert P Thompson Director WAC M nical review complete copies of references and the requisite materials for access to databases if necessary and requiring 40 80 technical hours to complete Inquiries exceeding 80 hours of support are accomplished through a technical area task Results of technical inquiries are provided back to the requestor and are entered into the IATAC IA scienti c and tech- nical information STI collec- tion which functions as a pri- mary resource for the processing of future technical inquiries The collection coupled with the broad range of technical expert- ise available allows IATAC to quickly respond to both routine and high priority technical inquiries high level architectures and elevate the practice of hard- ware and software engineer' ing Analysis supporting the AWE coupled with CSIRT experience gives ARL insight into tactical and sustaining-base IA issues fac ing the digitized land force of the future This insight produces an approach tempered both in prac- tice and theory that focuses ARL's scienti c expertise on IA problems To assist in solving these problems ARL is building an IA knowledge base that will lead to improvements in Army IA capability reducing the risks to land operations while con- tributing to progress in national information infrastructure pro- tection Elf li' ilcaak ngran'z ivl gsmager for Information Assurance Reseanrh at the Amy Reseanz'l'z Lab He a mam-- her of the Anny Acquisition Corps and is a certified computing professional COP Vol 2 No 1 Summer 1998 We Leveraging Intelligent and Emerging Technology to Support Zist Century Leaders i Fort McNair Washington Dc Sponsored by the National Defense University and The Army CIO Strategic Advanced Computer Center WebSec 98 The Conference on Web Internet and Intranet Security San Francisco CA call 508 879 7999 WebSec 98 offers up-to-date solutions for ensuring informa- tion integrity privacy and securi- ty on the Net The conference expo will be August 18 and 19 IUJO 17m21 infowarCon 98 The 8th Annuai Conference on Information Assurance and Information Operations for the Enterprise and the infrastructure Produced by Winn Schwartau and MS Training Institute Washington DC call 509 879 7999 Email mis@misti com This conference zeros in on mili- tary operations infrastructure protection and the growing threat of high-tech terrorism and espionage in today s information- dependent world SEP 9 10 Achieving Information Dominance Assurance Sponsored by AFCEA Fort Monmouth Chapter Long Branch NJ call Diane Carnes 732 758 9009 SEP 22 24 Vol 2 No 1 Summer 1998 OCT JCT OCT 18 21 OCT 20 22 DCT 28 29 Information Systems Security Exposition ISSE Exposition sponsored by AFCEA International Conference sponsored by the National Institute of Standards and Technology and National Computer Security Center City VA call J Spargo Associates Inc 703 631 6200 Command Control Communications and Intetligence Systems Technoiogy Sponsored by the AFCEA Southern Arizona Chapter Fort Huachuca AZ call Bill Reich 520 378 2045 Milcom 98 Unciassified and Secret Sessions Sponsored by the Institute of Electrical and Electronics Engineers Communications Society Raytheon Company and AFCEA international Bedford MA call Dr Fred Unkauf 508 490 1126 infotech 98 Conference and Exposition Sponsored by the AFCEA Dayton Wright Chapter Dayton OH call J Spargo Associates Inc 703 631 6250 Fall Intelligence Symposium Top Secret K Sponsored by AFCEA International Washington DC call AFCEA Intelligence Department 703 631 6250 lA Tools Report Vulnerability Analysis The latest IATAC Information provides an index of vulnerabil Assurance IA Tools report ity analysis tool descriptions Vulnerability Analysis is now contained in the IATAC IATools available This report Database one of knowledge bases It summa rizes pertinent information providing users with a brief description of available tools and contact information As I a living document this 4 report will be updated peri odically as additional information is entered into the database Currently the IA Tools database contains descriptions of 35 tools 7 that can be used to sup- port vulnerability and risk assessment The information type and level of detail provided Neumduci among tools varies greatly Although some can identify only a minimal set of vulnera- bilities others can perform a greater degree of analysis and provide detailed recommended countermeasures The database includes commercial products individually developed tools governmenbowned tools and research tools The database was built by gathering as much open-source data analyzing that data and summarizing informa- tion regarding the basic descrip- tion requirements availability and contact information for each vulnerability analysis tool collected For instructions on obtaining this report refer to IATAC Product Order Form Report on the Implications of Intrusion Detection Technology Research and Development Originator National Security Telecommunications Advisory Committee NSTAC Network Group Intrusion Detection Subgroup December 1997 Conference Proceedings The Tenth Annual Software Technology Conference Knowledge Sharing Global Information Networks Originator Utah State UniVersity April 1923 1998 White Paper The Clinton Administration s Policy on Critical Insertion Evasion and Denial of Service Iuding Network Intrusion Detection Originator Thomas H Ptacek and Timothy N Newsham Secure Networks Inc January 1998 Infrastructure Protection Presidential Decision Directive 63 Originator THE WHITE HOUSE May 22 1998 White Paper - Intrusion Detection Methodologies Source Robert A Clyde AXENT Technologies Inc Vol 2 No 1 Summer 1998 f eta easiest 1 IMPORTANT NOTE All Products are distributed through the Defense Technical Information Center If you are NOT a registered DTIC user you must do so PRIOR to ordering any IATAC 7 products To register with go to Name Organization Ofc Symbol Address Phone E-mail Fax Organization CI YES NO If NO complete LIMITED DISTRIBUTION section below LIMITED DISTRIBUTION QTY PRECE EA EXTD PRICE In order for organizations to obtain LIMITED DISTRIBUTION products a formal written request must be sent to IAC Program Office ATTN Sherry Davis 8725 John Kingman Road Suite 0944 Ft Belvoir VA 22060-6218 Contract No For contractors to obtain reports request must support a program be verified with COTR COTR Phone Modeling Simulation Technical Report No Cost IA Tools Report Intrusion Detection No Cost IA Tools Report Vulnerability Analysis No Cost CI Malicious Code Detection SOAR CI TOP SECRET SECRET No Cost Security POC Security Phone UNLIMITED DISTRIBUTION QTY PRICE EA EXTD PRICE CI Newsletters Limited number of back issues available Vol 1 No 1 Vol 1 No 2 E3 Vol 1 No 3 No Cost CI Vol 2 No 1 ORDER TOTAL Please list the Government that the product s will be used to support Once completed Fax to IATAC at 103 902 3425 Vol 2 No 1 Summer 1998 Fm Anunavs mamas Am O-uwcas U S Distribution Only Copy this page complete the form and fax to IATAC at 703-902-3425 3 Change Add Ci Delete Name Title Company Org Address City State Zip Phone Fax DSN E maii Organization check one Cl USA El USN El USAF El USMC OSD Contractor Information Assurance Technology Analysis Center 8283 Greensboro Drive Allen 663 McLean VA 22102-3838