In particular, go see the Benchmarks and testing tools published by the Center for Internet Security
http://www.cisecurity.org
They have benchmarks (essentialy Minimum Security Baselines or Current Best Practice type documents) for NT/2000, Solaris, Cisco IOS and others in progress. Each Benchmark comes with a tool for checking compliance.
I worked at CompuServe in the mid 80's
(for the guy that invented.GIF, using
a "free" algorithm found in an ACM journal
that later turned out to be patented) and
keep in touch with people over there (CompuServe/AOL) from time to time.
At one point, AOL had retained the ex-Compuserve CTO to do historical research into patentable
things that the company had done. I would lay money that CompuServe/AOL will challenge this
if it goes very far.
System and network security Violations of system or network security are prohibited, and may result in criminal and civil liability. UUNET will investigate incidents involving such violations and may involve and will cooperate with law enforcement if a criminal violation is suspected. Examples of system or network security violations include, without limitation, the following: . . . Forging of any TCP-IP packet header or any part of the header information in an email or a newsgroup posting.
This is just the latest clinton-wants-to-spend-federal-money-for-X story. He's desparatly trying to put his hand into the public till while he still can, trying to get some lasting, good thing associated with him to wipe out memories/associations of...well... what do you think of first when you of "Bill Clinton and..." ?
England passed laws called "The Navigation Acts" around 1650 restricting certian aspects of trade (i.e. you can only buy/sell certian products from/to England and you have to use English ships).....they also authorized the government to issues "letters of marque" to owners of private ships which alllowed them sieze enemy ships on the high seas, steal their cargo and sell it for a profit....the result of this "well intentioned" law (unless you happened to be French or Spanish) was the creation of widespread piracy...."but of course we stole this cargo from a French ship"...."but of course we we obtained this information by hacking the web sites of suspected drug dealers....".
"The Internet Namespace Cooperative" is trying to subvert the whole system by setting up an alternet set of root nameservers that point to the current roots, but also allow them to set up their own top level domains, e.g. ".sex", etc.
---Eludom
-------------from http://www.tinc-org.com ---- We are a group of internet users who have decided to try and put an end to the conflict of interest inherent in having the "root zone" (the list of servers of the top level domains) managed by the same organization that runs the largest registries.
What We Are Doing
We are currently providing an alternative to the root name servers. These alternative root servers point to all of the top level domains that the internic currently lists, and also contains additional top level domains that meet the guidelines we have developed. These are only pointers, the organizations responsible for the domains themselves remain in control. The service we're providing is simply a disinterested third party integrating the traditional and independent name registries.
Slashdot Mirror
Felton gave a version of this talk at the recent
;login:
USENIX Security Symposium.
A few quotes/outline:
"The freedom to tinker is the freedom to understand, discuss, repair, and modify technological devices that you own."
Major points we (techies) need to communicate
more clearly
1. Tinkering is socially important
2. Tinkering is economically efficient
3. Tinkering doesn't conflict with "Intellectual Property."
And of course "the DMCA should be repealed."
More complete summary to appear in the upcoming
security issue of
In particular, go see the Benchmarks and
testing tools published by the Center for
Internet Security
http://www.cisecurity.org
They have benchmarks (essentialy Minimum Security
Baselines or Current Best Practice type documents)
for NT/2000, Solaris, Cisco IOS and others in
progress. Each Benchmark comes with a tool
for checking compliance.
I worked at CompuServe in the mid 80's .GIF, using
(for the guy that invented
a "free" algorithm found in an ACM journal
that later turned out to be patented) and
keep in touch with people over there (CompuServe/AOL) from time to time.
At one point, AOL had retained the ex-Compuserve CTO to do historical research into patentable
things that the company had done. I would lay money that CompuServe/AOL will challenge this
if it goes very far.
I have developed a tool that will check IOS
o s-template.html
configs against the NSA rule set. If you're
interested in testing, drop me a note at
gmj AT users dot sourceforge dot net
Also, for reference, here are three good sources
of security configs for IOS:
# "NSA Router Security Configuration Guidelins", NSA, September, 2001
# http://nsa2.www.conxion.com/cisco/download.htm
#
# "Improving Security on Cisco Routers", Cisco, October 17, 2001
# http://www.cisco.com/warp/public/707/21.html
#
# "Secure IOS Template Version 2.3", Rob Thomas, October, 2001
# http://www.cymru.com/~robt/Docs/Articles/secure-i
MS presented about this at the USENIX/WinNT
research conference about two years ago.
From the UUNET AUP
http://www.us.uu.net/support/usepolicy/
System and network security
Violations of system or network security are prohibited, and may result in criminal and civil liability. UUNET will investigate incidents involving such violations and may involve and will cooperate with law enforcement if a criminal violation is suspected. Examples of system or network security violations include, without limitation, the following:
.
.
.
Forging of any TCP-IP packet header or any part of the header information in an email or a newsgroup posting.
See www.tinc-org.com. They're trying to
set up new root servers that delegate
the existing ones (.com) to the existing
servers.
---Eludom
This is just the latest clinton-wants-to-spend-federal-money-for-X story.
He's desparatly trying to put his hand into
the public till while he still can, trying
to get some lasting, good thing associated with
him to wipe out memories/associations of...well...
what do you think of first when you of
"Bill Clinton and..." ?
---Eludom
England passed laws called "The Navigation
Acts" around 1650 restricting certian aspects
of trade (i.e. you can only buy/sell certian
products from/to England and you have
to use English ships).....they also authorized
the government to issues "letters of marque"
to owners of private ships which alllowed
them sieze enemy ships on the high seas,
steal their cargo and sell it for a profit....the
result of this "well intentioned" law (unless you
happened to be French or Spanish) was the
creation of widespread piracy...."but of
course we stole this cargo from a French
ship"...."but of course we we obtained
this information by hacking the web sites
of suspected drug dealers....".
The more things change....
"The Internet Namespace Cooperative" is trying
to subvert the whole system by setting up an
alternet set of root nameservers that point to
the current roots, but also allow them to set
up their own top level domains, e.g. ".sex", etc.
---Eludom
-------------from http://www.tinc-org.com ----
We are a group of internet users who have decided to try and put an end to the conflict of interest
inherent in having the "root zone" (the list of servers of the top level domains) managed by the
same organization that runs the largest registries.
What We Are Doing
We are currently providing an alternative to the root name servers. These alternative root servers
point to all of the top level domains that the internic currently lists, and also contains additional top
level domains that meet the guidelines we have developed. These are only pointers, the
organizations responsible for the domains themselves remain in control. The service we're
providing is simply a disinterested third party integrating the traditional and independent name
registries.