Re: Air-l digest, Vol 1 #299 - 4 msgs
please unsubscribe air-l-request@aoir.org wrote:
Today's Topics:
1. widespread snmp problems (jeremy hunsinger) 2. Re: Air-l digest, Vol 1 #298 - 7 msgs (Jay Hauben) 3. Re: on gauges and other technical standards (Junghoon Kim) 4. Re: Re: Air-l digest, Vol 1 #298 - 7 msgs (jeremy hunsinger)
--__--__--
Message: 1 Date: Tue, 12 Feb 2002 15:48:33 -0500 From: jeremy hunsinger <jhuns@vt.edu> Organization: Virginia Tech To: air-l@aoir.org Subject: [Air-l] widespread snmp problems Reply-To: air-l@aoir.org
Well by now you've all seen it, big problems with simple network management protocol. What you might not have seen is how I saw it, so I'll share because I think it is interesting and should be for others. Way back in 99 SANS issued a top 10 problems document that said to turn of snmp unless absolutely necessary, this is for a wide variety of reasons, but overall it is not very well secured protocol or management system, though it is quite effective. So earlier today, I get an e-mail from SANS saying:
1:30 PM EST 12 February, 2002
In a few minutes wire services and other news sources will begin breaking a story about widespread vulnerabilities in SNMP (Simple Network Management Protocol). Exploits of the vulnerability cause systems to fail or to be taken over. The vulnerability can be found in more than a hundred manufacturers' systems and is very widespread - millions of routers and other systems are involved.
As one of the SANS alumni, your leadership is needed in making sure that all systems for which you have any responsibility are protected. To do that, first ensure that SNMP is turned off. If you absolutely must run SNMP, get the patch from your hardware or software vendor. They are all working on patches right now. It also makes sense for you to filter traffic destined for SNMP ports (assuming the system doing the filtering is patched).
To block SNMP access, block traffic to ports 161 and 162 for tcp and udp. In addition, if you are using Cisco, block udp for port 1993.
The problems were caused by programming errors that have been in the SNMP implementations for a long time, but only recently discovered.
CERT/CC is taking the lead on the process of getting the vendors to get their patches out. Additional information is posted at http://www.cert.org/advisories/CA-2002-03.html ____
Low and behold, I check yahoo at 3:30pm and there it is, posted at 2:53, an hour and 23 minutes reponse between effective announcement ot security professionals and public. Now granted that is not alot of time, but for highly efficient organizations, it probably was sufficient.
After the sans announcement came out, i checked our(cddc/aoir) systems just to be sure. at 2:40 i received the cert announcement, which is a broad announcement which generated the media most likely.
what amazes me is the increasing systematization of information security and the professionalization that goes along with it, how does having an 1 hour period before announcement help sustain the appearance of professionalism, or the top 10 list, I haven't made that argument yet, but I'd be interested in opinions.
-- jeremy hunsinger http://www.cddc.vt.edu/jeremy cddc/political science http://www.cddc.vt.edu 526 major williams hall 0130 http://www.dromocracy.com virginia tech -under construction blacksburg, va 24061 540-231-7614
--__--__--
Message: 2 Date: Tue, 12 Feb 2002 21:54:23 -0500 (EST) From: Jay Hauben <jrh29@columbia.edu> To: air-l@aoir.org Cc: jrh29@columbia.edu Subject: [Air-l] Re: Air-l digest, Vol 1 #298 - 7 msgs Reply-To: air-l@aoir.org
Hi,
Just to be complete, Educause lists 154 Corporate members (see http://www.educause.edu/memdir/memdir.html). So the fate of the .edu domain is not only in the hands of the education community. It has been my observation over the years that in particular the publishing industry has exerted a strong influence in Educause.
Does anyone know what other organizations were considered for this privilege of overseeing the distribution of .edu domains?
Jay
--__--__--
Message: 3 Date: Wed, 13 Feb 2002 07:38:50 -0500 Subject: Re: [Air-l] on gauges and other technical standards From: Junghoon Kim <junghkim@indiana.edu> To: air-l@aoir.org Reply-To: air-l@aoir.org
Allan,
Here is some information on technical standards setting.
There were two IEEE Conference on STANDARDIZATION and INNOVATION in INFORMATION TECHNOLOGY (SIIT). You may access conference websites and get some articles on technical standards setting in IT sector.
The first conference website: http://www-i4.informatik.rwth-aachen.de/~jakobs/siit99/Final.html
The second conference website: http://www.siit2001.org/
=
Also here are three books I recommend.
1. Shaping Standardization: A study of standards processes and standard policies in the field of telematic services, by Tineke Egyedi, Ph.D. Thesis, 1996, Delft Technical University: this is also published as book-format, you may get this one by using inter-library loan. I used it before.
It analyzes standards setting process by using the social construction technology (SCOT) theory. I like this book very mainly because it provides a clear 'analytical' framework.
If you wanna read other articles by her, here is her website: http://www.tbm.tudelft.nl/webstaf/tinekee/
2. Standards Policy for Information Infrastructure, Edited by Brian Kahin and Janet Abbate, MIT 1995
covers extensive IT standards setting issues
3. Inventing the Internet, by Janet Abbate, MIT 1999 (Chapter on TCP/IP Vs. OSI is especially interesting)
Good luch for your thesis,
Best, Junghoon Kim
========================================= Associate instructor and Doctoral student Department of Telecommunications Indiana University, bloomington USA & Ph. D candidate Faculty of Policy Studies Chuo University, Tokyo Japan ============================
-------------------
Hello all,
After reading the recent discussion on railroad gauges deriving from ancient standards, I am curious if anyone is doing work looking into technical standards. I'm writing my undergrad honors thesis on technical Internet standards, and the need for public interest involvement in the standardization process, viewing this as a subset of the "technical is political" or "code is law" body of work. Although my thesis is predominantly policy-oriented, I'd really like some theory to work with, aside from market failures and civic governance. Chasing citations back and forth has not turned up a whole lot in this area. If anyone has any suggestions for literature that delves into examining the larger impacts of specific technical design decisions, from any perspective (sociology, psychology, policy, etc) I would really appreciate it.
Thanks for your help, /allan
... et surtout||Allan Friedman n'oubliez pas||Center for Social and Policy Studies de tomber||Swarthmore College amoureux||allan@friedmans.org http://www.sccs.swarthmore.edu/~allan
"For the umpteenth time that evening, he wished computer code responded to threats of physical violence..."
_______________________________________________ Air-l mailing list Air-l@aoir.org http://www.aoir.org/mailman/listinfo/air-l
--__--__--
Message: 4 Date: Wed, 13 Feb 2002 09:14:51 -0500 From: jeremy hunsinger <jhuns@vt.edu> Organization: Virginia Tech To: air-l@aoir.org Subject: Re: [Air-l] Re: Air-l digest, Vol 1 #298 - 7 msgs Reply-To: air-l@aoir.org
As I recall, no, educause lobbied to get it, there was some debate late in the game about whether it should be given to something like Verisign, but it did not get far, the story is somewhat documented in various places. Jay Hauben wrote:
Hi,
Just to be complete, Educause lists 154 Corporate members (see http://www.educause.edu/memdir/memdir.html). So the fate of the .edu domain is not only in the hands of the education community. It has been my observation over the years that in particular the publishing industry has exerted a strong influence in Educause.
Does anyone know what other organizations were considered for this privilege of overseeing the distribution of .edu domains?
Jay
_______________________________________________ Air-l mailing list Air-l@aoir.org http://www.aoir.org/mailman/listinfo/air-l
-- jeremy hunsinger http://www.cddc.vt.edu/jeremy cddc/political science http://www.cddc.vt.edu 526 major williams hall 0130 http://www.dromocracy.com virginia tech -under construction blacksburg, va 24061 540-231-7614
--__--__--
_______________________________________________ Air-l mailing list Air-l@aoir.org http://www.aoir.org/mailman/listinfo/air-l
End of Air-l Digest
participants (1)
-
Catriona Moore