Computer Security: Virus Highlights Need for Improved Internet Management : Report to the Chairman, Subcommittee on Telecommunications and Finance, Committee on Energy and Commerce, House of Representatives

Front Cover
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Selected pages

Common terms and phrases

Popular passages

Page 31 - States; (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period...
Page 10 - Policy (OSTP) report estimated federal funding to be approximately $50 million. A national information technology consortium official estimated that university investments in local and regional networks are in the hundreds of millions of dollars; state investments are estimated in the millions and rapidly...
Page 15 - October 14, 1988, request of the Chairman, Subcommittee on Telecommunications and Finance, House Committee on Energy and Commerce...
Page 8 - ... computers attached to any Internet network can reach any other user and has potential access to such resources as supercomputers and data bases. This chapter presents an overview of the Internet — how it evolved, how it is used and managed, and what plans there are for its further development — as well as a description of the events surrounding the Internet virus. Internet Evolves From an Experimental Network The Internet began as an experimental, prototype network called Arpanet, established...
Page 31 - financial record" means information derived from any record held by a financial institution pertaining to a customer's relationship with the financial institution; (6) the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter; and (7) the term "department of the United States...
Page 11 - These computers are controlled by systems managers who may perform a variety of security-related functions, including establishing access controls to computers through passwords or other means; configuration management, enabling them to control the versions of the software being used and how changes to that software are made; software maintenance to ensure that software holes (flaws) are repaired; and security checks to detect and protect against unauthorized use of computers. Operational Management...
Page 31 - ... damage" means any impairment to the integrity or availability of data, a program, a system, or information, that (A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals; (B) modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals; (C) causes physical injury to any person; or (D) threatens public health or safety; and (9) the term "government entity...
Page 28 - For this reason, we believe that a security focal point should be established to fill a void in the Internet's management structure and provide the focused oversight, policy-making, and coordination necessary at this point in the Internet's development. For example, we believe that concerns regarding the need for a policy on fixes for software holes would be better addressed by a security focal point representing the interests of half a million Internet users than by the ad hoc actions of host sites...
Page 17 - Caa9ecl no l"tmg damage; its primary impact was lost ' '• processing time on infected computers and lost staff time in putting the computers back on line. The virus did not destroy or alter files, intercept private mail, reveal data or passwords, or corrupt data bases. No official estimates have been made of how many computers the virus infected, in part because no one organization is responsible for obtaining such information. According to press accounts, about 6,000 computers were infected. This...
Page 46 - MSPA ta sponsoring formal methods projects for the development of high-quality assurance software systems. These techniques will be applied to operating systems. The formal methods techniques involve using mathematically precise specifications statements for critical program properties, such as safety and security. Using these specifications, it may be possible to ensure, by using a chain of mathematical proofs, that a program will operate as intended, and not in any other way. According to a DARPA...

Bibliographic information