Network Computingwww.networkcomputing.com

· Attack System: The hardware consisted of a SPARCstation 20 CPU with 3.5-inch disk drive, CD drive, 2-GB hard drive and Sun Microsystems XL 8-mm tape drive. The software consisted of SunSoft Solaris 2.5.1 operating system.

· Target System: The hardware consisted of a SPARCstation 20 CPU with 3.5-inch disk drive, CD drive and 2-GB hard drive. The software consisted of SunSoft Solaris 2.5.1 operating system.

· Test Attack and Analyses Software Programs (available on the Internet acces s):

Security Administrator Tool for Analyzing Networks (SAT AN 1.1.1). A testing and reporting tool that collects a variety of information about networked hosts. SATAN was developed for security administrators to assist them in identifying vulnerabilities in their systems that would require patching. This tool is also commonly used by hackers to identify and then attack the vulnerabilities of networked systems. The tool can be found and downloaded from numerous sites on the Internet.

Computer Oracle and Password System (COPS 1.04): COPS is a publicly available collection of programs that attempts to identify security problems in a Unix system. COPS does not attempt to correct any discrepancies it finds; it simply produces a report of its findings.

Internet Security Scanner (ISS.C 1.3): A software program that checks a range of IP addresses on a network to determine which systems are on the network.

Tripwire: A software program that checks files and directory integrity; it is a utility that compares a designated set of files and directories to information s tored in a previously generated database. Any differences are flagged and logged, including added or deleted entries. When run against files on a regular basis, Tripwire helps you spot changes in critical system files and immediately take appropriate damage control measures. Tripwire is also available on Internet.

FBRUTE: An Internet-available software program that can decrypt encrypted passwords.

Finger: A Unix protocol that can be used to obtain information about users logged on to a system. It also provides information that can be used by attackers, such as when the account was last used and from which location the user last connected.