 |
Welcome to the SEWP Security Center web site!
This site is being maintained for archival purposes only.
There will not be any maintenance or updates after 10/01/2006.
The SEWP (Scientific and Engineering Workstation
Procurement) Security Center is concerned with the four primary topics of information security: authentication /authorization,
confidentiality, integrity, and availability—with a primary focus of interoperability. The SEWP Security Center works to promulgate
interoperability through research in leading edge technologies, by working with standards organizations, and through trial and
technical reference implementations. The Security Center also does work involving practical security tools in the areas of
vulnerability assessment, intrusion detection and system auditing. The SEWP Security Center is an active member of the
Open Group and a charter member of the
Center for Internet Security.
While the Security Center maintains a very
busy schedule, the staff is always on the lookout for opportunities to collaborate with industry and, in particular, other Federal
Agencies. If you have a project that may be a good fit, please contact us.
SEWP Security Center paper on:
Content Filtering
|
|
|
As vendors and network
administrators increase their focus on security, information attacks are diversifying away from a
reliance on traditional vulnerability vectors. Currently, a patched machine behind a well-configured
firewall can repel a significant portion of the malicious traffic being sprayed across the internet.
As a result, there has been an increase in focus on vulnerabilities that penetrate through most firewalls
- browser-based vulnerabilities. Whether malware is introduced inadvertently by an employee installing a
game that includes spyware, or whether the hosted website, itself, has the capacity to compromise the
hosts that visit the site, browser-based vulnerabilities are quickly becoming a prominent threat in
network security arena. Content-filtering software and hardware has been marketed to protect against
these and similar threats. We explore the problems that content filters hope to address, the methods
by which they can address the problems, and mention a few selected content filtering products.
Available
(pdf or doc)
|
|
SEWP Security Center paper on:
Bitlocker
|
|
|
Bitlocker is
a new and well-publicized feature of Windows Vista intended to protect data on machines
in the case that they are physically compromised. Bitlocker encrypts an entire Windows
volume and prevents access through a secure startup feature bound to either an existing
Trusted Platform Module (TPM) or to a removable USB key. Bitlocker has some limited effects
on performance and data corruption. Further, it affects typical "imaging" software in a way
that may cause difficulties for larger operations. It has also been advertised as a more
efficient way to perform data destruction, a claim which we investigate. Currently shipping
PCs, especially from Dell, do not allow analysts to test the TPM features due to insufficient
support in BIOS, but the basic functionality can be tested with USB keys, and no major problems
have been identified.
Available
(pdf or doc)
|
|
SEWP Security Center paper on:
Hardening SSH
|
|
|
In an attempt to examine
methods to reduce remote access breaches via SSH, the Security Center has compiled some recommendations
on strengthening UNIX-based systems that use the SSH service. The document focuses mainly on hardened
SSH configuration and strong password enforcement and provides specific examples of changes that can
be made. With several simple changes to the default SSHd configuration and the use of TCP wrappers,
systems can be made more secure against dictionary attacks and administrator-level account breaches.
Because the Security Center has observed most breaches to be attacks against weak passwords, tools for
setting and enforcing strong password policies on FreeBSD and Linux are discussed. Finally,
implementation issues such as user acceptance, wide-scale configuration deployment, and auditing
are commented on.
Available
(pdf or doc)
|
|
SEWP Security Center paper on:
Sender ID
|
|
|
Recently, Microsoft has taken steps to promote Sender ID as part of its solution
to the problems of spam and phishing. Microsoft is adding Sender ID support in its
next Service Pack for Exchange 2003, and it is utilizing Sender ID with its Hotmail
service. Sender ID works by verifying the sender's purported domain against permitted
IP addresses designated in a text file in DNS. Although the solution is helpful in
conjunction with other anti-spam tools, it is not a silver bullet to the spam problem.
Sender ID is susceptible the same vulnerabilities as DNS because it is built upon DNS.
Moreover, it may also result in a high number of false positives resulting in the rejection
of valid email because of the way it determines the sender's domain name. This paper
provides an overview of how Sender ID works, provides an installation guide for use in
a Linux environment, evaluates the performance of Sender ID, and explains several
shortcomings of the technology.
Available
(pdf or doc)
|
|
SEWPSC Information on Personal Identity Verification:
FIPS 201 FAQ
|
|
|
The SEWPSC has
endeavored to simplify the description of the requirements mandated in FIPS 201 by creating a FAQ.
This document
provides answers to commonly asked questions about Federal Information Processing Standard
(FIPS) 201, which requires federal agencies to implement uniform identity management systems
for physical and logical access to federal facilities and systems. FIPS 201 requires a uniform
identity proofing process, as well as the use of an interoperable smart card. In FIPS 201,
NIST refers to its Special Publication 800 series to provide additional guidance. We have
provided summaries of and links to those documents. Additionally, this document provides
information about the privacy requirements for FIPS 201 and an overview of the Privacy Act
of 1974.
The FIPS 201 FAQ is available
(pdf or doc)
|
|
SEWPSC Security Symposium on:
Identity Management
|
|
On
Tuesday, June 1st, 2004, the SEWP Security Center held a Symposium
on Identity Management. The keynote speakers for the symposium were
Whitfield Diffie and Kevin Mitnick. Technical presentations were
supplied by speakers from Boeing, Lockheed Martin, Liberty Alliance,
NIST, OASIS, The Open Group, and Microsoft. We would like to thank
each of the presenters for helping to make the day a success. We
were highly encouraged by the positive response through comments
and through the evaluation scores.
The
presentations and other information about the symposium are available
here.
|
|
-
Next Generation Secure Computing Base (NGSCB)
NGSCB was
an effort, led by Microsoft, to make major changes to PC architecture in order to increase
overall system security. The security capabilities of NGSCB were quite impressive. This
paper
discusses some of the features that NGSCB would have afforded and provides an architectural
overview. We also attempt to point out vulnerabilities that NGSCB did not address.
Here is a presentation
(ppt or
pdf) from SANS 2004 in Orlando. The presentation provides the architectural description
as in the paper (above) and includes some updated information (presentation details are available
by downloading the ppt and viewing the notes pages).
A limited set of NGSCB
features is still slated to be included in the next version of the Windows operating system.
-
IPSec Packet Filtering
The standard policy definition interface for IPSEC packet filtering in Windows 2000
can be somewhat limiting in describing complex network relationships. Hence, this
project -- Windows 2000 IPSEC Packet Filter Policy Editor (IPSECPF). This policy
editor runs as an MMC snapin. The native Windows 2000 IPSEC implementation allows for simple
packet filtering. IPSECPF allows for grouping of machines and filter rules within a
standard firewall type of GUI. Grouping is necessary to make more sophisticated rule sets and
is a step towards MAC/RBAC for IPSEC. Read more about IPSECPF under
Projects.
|
|
