|Reporting period: May - September, 1997||October 1997|
FedCIRC has accomplished much in its first year. The FedCIRC web site has been accessed over a quarter of a million times, nine workshops have been held, and FedCIRC has assisted in nearly two hundred and fifty incidents. While FedCIRC has achieved some success and acclaim, its future is cloudy because of financial concerns.
During its short existence, the energies and resources of the FedCIRC team (NIST, FedCIRC-East (CERT/CC), and FedCIRC-West (CIAC)) have focused on informing potential clientele about the program and on obtaining funding for continued fiscal health. While these two activities are inarguably intertwined, they remain separate and time-consuming tasks. The two-fold problem of educating the consumer and soliciting sponsorship is costly and it side-steps the real FedCIRC emphasis of providing incident handling for the civilian federal government. The initial GITS funding of $2.76M will have been spent on building the FedCIRC infrastructure (i.e., operationalizing a virtual coast-to-coast incident response team) and on initializing an awareness campaign. A long term approach with a consistent funding source is essential to providing incident handling across civilian federal agencies.
The past twelve months have been a learning experience for the FedCIRC collaboration. Several key lessons were learned:
The proposal was delivered to the GITS Champion for Computer Security and FedCIRC awaits a response. It is hoped that a steady income stream can be obtained to ensure the survival of FedCIRC.
Over the summer, FedCIRC presented a trio of security seminars aimed at increasing information security awareness in the federal community. The seminars stressed the importance of employing best practices to protect federal information resources. The three classes -- "Web Security and Current Trends","Connecting to the Internet Securely", and "Information Security for Managers" -- were well received and were deemed a great success.
The first seminar, presented in July, was "Web Security and Current Trends." The seminar was taught by Jeff Carpenter and Shawn Hernan, both of FedCIRC-East. The tag-team approach that the presenters used was very effective in presenting technical information in an easy to understand format. The seminar began with an overview of the Internet, including their views of the evolution and future of the Internet. The history of incident handling and the trends in incidents were described. Ironically, many of the intrusion profiles used years ago are still in use today. Carpenter discussed the attacks that FedCIRC is seeing (such as root compromises, mail bombs, IP spoofing, SYN attacks, and ping floods).
The second half of the session was devoted to Web security issues. Hernan explained that the key to using it securely is understanding and defending against the risks of placing information on the Web. He told attendees that the network configuration of a web site is critical, however, he pointed out that no single tool is a silver bullet. He encouraged security managers to use sound practices and procedures in conjunction with appropriate technology.
In August, FedCIRC-West’s team of Phillip Cox and John Fisher led the second seminar, "Connecting to the Internet Securely." The session began with Cox describing the Internet threats currently being observed by FedCIRC. The threats now being faced have increased in stealth, in complexity, and in automation. Cox provided stealth examples such as backdoor login, trojan shared libraries, and the dynamic modification of the Unix kernel.
The third seminar of the series was presented in September and consisted of a half day session, "Information Security for Managers." Taught by Kathy Fithen (FedCIRC-East) and Sandy Sparks (FedCIRC-West), they repeated the half day session in the afternoon to give an opportunity for a wider audience of managers to attend the seminar. Each session informed high level managers of the importance of security, emphasizing the growing threat and impact of it on information resources. The roles of policy, procedures, and incident detection and response were explained in detail. The session ended with the presenters stressing the importance of security training for all system users, administrators, and managers.
The overwhelming success of these three seminars encourages FedCIRC to continue to present high quality, inexpensive, one day seminars geared to the federal community. FedCIRC plans to hold a winter series of training sessions beginning in February 1998. Be sure to peruse the FedCIRC website
for seminar announcements and other FedCIRC information.
The workshop is being conducted as a series of presentations on the first day and parallel training tracks on the second day. The three parallel training tracks are specifically designed to address participants’ differing backgrounds. Two tracks covering intrusion detection for systems and network administrators will be presented: one track will focus on Unix and networking and the other track will address Windows NT and viruses. The third training track describes secure communications and explains how to establish an incident response capability.
The diverse program and small conference atmosphere will provide plenty of opportunity for audiences and speakers to mingle and share their experiences. FedCIRC invites you to attend and to increase the benefits of this Workshop by your participation.
The Workshop brochure and registration information are available on the FedCIRC web site or it can be obtained through e-mail or surface mail.
Visit the FedCIRC web site at:
Send e-mail to:
or phone the FedCIRC Information Line at:
Additionally, in an effort to highlight FedCIRC activities and services, FedCIRC joined the scores of computer security vendors and service providers who exhibited their wares at the vendor exposition sponsored by the Armed Forces Communications and Electronics Association (AFCEA) and held in conjunction with NISSC. The exposition provided an opportunity to share information and approaches to problem-solving with a broad audience of security specialists. Team members distributed information and held one-on-one discussions with visitors to the FedCIRC booth.
The FedCIRC website is:
The FedCIRC information E-mail address is:
The FedCIRC hotline for incident handling support is 412/268-6321;
for support via E-mail: firstname.lastname@example.org.
*Registered in U.S. Patent and Trademark Office. The CERT Coordination Center is part of the Software Engineering Institute. The Software Engineering Institute is sponsored by the U.S. Department of Defense.