REPORT DOCUMENTATION PAGE 05% $135188 Public reporting burden for this collection of information is estimated to average 1 hour per response including the time for reviewing instructions searching existing data sources gathering and maintaining the data needed and completing and reviewing this collection of information Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to Washington Headquarters Services Directorate for Information Operations and Reports 1215 Jefferson Davis Highway Suite 1204 Arlington VA 22202-4302 and to the Office of Management and Budget Paperwork Reduction Project 0704-0188 Washington DC 20503 1 AGENCY USE ONLY Leave blank 2 REPORT DATE 3 REPORT TYPE AND DATES COVERED Fall 1998 Newsletter Vol 2 No 2 4 TITLE AND SUBTITLE 5 FUNDING NUMBERS Information Assurance Technology IA Newsletter Information Assurance Technology Analysis Center 7 PERFORMING ORGANIZATION AND 8 PERFORMING ORGANIZATION REPORT NUMBER IATAC Information Assurance Technology Analysis Center 3190 Fairview Park Drive Falls Church VA 22042 9 SPONSORING I MONITORING AGENCY AND 10 SPONSORING 1' MONITORING AGENCY REPORT NUMBER Defense Technical Information Center 8725 John J Kingman Rd Suite 944 Ft Belvoir VA 22060 11 SUPPLEMENTARY NOTES 12a DISTRIBUTION I AVAILABILITY STATEMENT 12b DISTRIBUTION CODE Approved for public release - distribution is unlimited A 13 ABSTRACT Maximum 200 Words The IANewsletter is published quarterly by the Information Assurance Technology Analysis Center IATAC This issue continues the foucs on current information assurance initiatives underway within DOD academia and industry In addition an overview of the current collection of Firewall Tools is provided Also featured in the issue Protecting Our Critical Infrastructures Through Public-Private Partnership Detecting Intrusions Cooperatively Across Multiple Domains Secure Your Distributed Network What Will It Take 14 SUBJECT TERMS 15 NUMBER OF PAGES Information Security Information Assurance Information Operations 16 Intrusion Detection 16 PRICE CODE 17 SECURITY CLASSIFICATION 18 SECURITY CLASSIFICATION 19 SECURITY CLASSIFICATION 20 LIMITATION OF ABSTRACT OF REPORT OF THIS PAGE OF ABSTRACT UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED None Ire The Department of Defense's increasing dependence on a global information environment heightens its exposure and vul- nerability to a rapidly growing number of sophisticated internal and external threats Globally inter-networked and interdepen- dent information systems tend to level the playing field between allies and potential adversaries These systems offer adversaries access to potentially tow-risk high-value information infra- structure targets with the poten- tial to impact the full spectrum of operations Further- more with each advance in in- formation technology new vul- nerabilities are created that must be quickly discovered and effectively neutralized me seems lei year Air l-orce Lt Col Buzz Walsh and Maj Brad Ashley presented a series of briefings to top lead- ers that raised more thanjust a few eyebrows Selected leaders were shown how it was possible to obtain their individual social security num- bers unlisted home phone num- bers and a host of other personal information about themselves Before global networking be came commonplace the majority of the Department's critical infor- mation functions both command control and support were elec- trically separated in Component- managed telecommunications and information processing environ- ments This separate-system con- dition had the advantage of provid- ing the Department's information and information systems a level of resiliency and protection forcing an adversary to attack each inde- pendently controlled environ- ment To seriously degrade the ag- gregate capability of the Depart- ment an adversary must disrupt or corrupt a large number of criti- cal systems using highly sophisti- cated and largely unavailable technologies that were expensive milies sim cruising the it '1 and Ash- iey mem- 58 bers of the Pentagon's iff were not 5 i a Joke on a aaclers Nor trying to be clever Rather they were dramatically and effectively demonstrating the ease of access- ing and gathering personal and military data on the information highway information which in the wrong hands could translate into a vulnerability You don't need a to do this Walsh said about the ability to gather the information There's no by CAPTJ Katharine Burrcm USN UMP 0 480 in terms of both time and money in contrast the Department's reliance on commercial globally interconnected information tech- nologies has markedly heightened its vulnerability to attack Today's inter-networked information tech- nologies make it possible to affect many users systems and net- works by attacking a single con nection to a single network To at- tack a large number of systems an adversary need only find and at- tack a single exploitable connec- tion to the system These attacks can be performed through the use of a large and growing variety of available and inexpensive hacker tools Once inside a system an ad- versary can expioit it as well as the systems networked to it This glob- by Paul Stone An'ierican Forces Information Service rocket science in this capability What's amazing is the ease and speed and the minimal know-how needed The tools of the Net are designed for you to do this The concern over personal in- formation on key leaders began with a simple inquiry from one particular flag officer who said he was receiving a large number of unsolicited calls at home In acidi- tion to having the generai's unlist- ed number the callers knew specif- ically who he was Too Much About Too Much Beginning with that one in- quiry the Joint Staff set out to dis- coverJ'ust how easy it is to collect data not only on military person- Vol 2 No 2 Fall 7998 IATAC is a DOD-Sponsored Information Analysis Center Administered by the Defense Technical Information Center DTIC ems a pi e Protecting Our emit Critical ures Through Publio Private Pannetship R DPerspective w Intrusion Detection System Evaluation lA Tools Summary Firewalls Detecting intrusions 7 Cooperatively Across Multiple Domains buted Network What Will It Take tag at Secure YourDistri- chat gr Calendar What's New IATAC Product Order Form 2 The lANewsletter is pub iished quarterly by the Information Assurance Technology Analysis Center This issue contin- ues the focus on current information assurance ini- tiatives underway within DOD academia and indus- try In addition an overview of the current collection of Firewall Tools is provided WAG 8 DoD 8ponsored information Analysis Center is administratively managed by the Defense Technical information Center under the IAC Program inquiries about capabilities products and services may be addressed to Robert Thompson Director 7039025530 We welcome your input To submit your related arti- cles photos notices fea ture programs or ideas for future issues please con tact ATTN C MoNemar 8283 Greensboro Dr McLean VA 22102 Phone 703 902 3177 Fax 703 902 3425 STU lil 703 902 5869 Fax 9023991 E-maii iatac@dtic mii URL Art Production Director C MoNernar Information Processing Robert Weinhoid information Coiiection Atethia A Tucker Inquiry Services Peggy O Connor Contributing Editor Martha Eiim 2 al marriage of systems and net- works has created a shared risk an - w ronment Any risk of weakness in any portion of the Defense information Infrastructure DH is a serious threat to the operational readiness of all Components The Depart- ment is moving aggressively to en- sure the continuous availability in- tegrity authentication con den- tiality and non-repudiation of its information and the protection of its infrastructure Recent assess- ments exercises and real-life events clearly demonstrate that Defense-wide improvements in In- formation Assurance IA are an absolute and continuous opera tional necessity We can no longer be satisfied with reactive or after- the-fact solutions As the Depart- ment modernizes its information infrastructure it must continuous- ly invest in the research develop ment and timely integration of products procedures and training necessary to sustain its to de fend and protect the infrastructure Providing for the protection of the DII is among the Department's highest priorities and is one of its most formidable challenges The Department's IA objective is to provide for the availability in tegrity authentication con den- tiality non-repudiation and rapid restoration of DII mission essential elements Critical to achieving this oty'ective is the implementation of a Department-wide planning and integration framework To that end on January 30 the Deputy Sec- retary of Defense Dr John J Hamre approved the creation of the Defense-wide Information As- surance Program DIAP The rec- ommendations of the program are the result of several years of effort by the IA community including The October 9 1996 Program Decision Memorandum II PDM ll directing that an assessment be conducted by the Department-wide Information Assurance Task Force and - The August-September 1997 IA Integrated Process Team IA continued from cover IPT effort directed by a Secretary of Defense memoran- dum of August 12 1997 The recommendations reflect the Department's understanding that IA is an operational readiness issue and that its dependence on inter-networked systems and ser- vices creates a shared risk environ real-time picture of all IA pro- grams It will enable the Depart- ment to accurately develop vali- date and prioritize iA require- ments determine the return on its IA investments and objective ly assess its protection efforts The DIAP achieved initial oper- ational capability in June 1998 with ment necessi- tating an un- re cl level of coordi- nation and unity across the a rt t The IAP will provide the common man- agement frame- work and cen tral oversight necessary to en- Adviser sure the protec- tion and reliability ofthe DII White planning and integration witi be centralized execution of individual Components' programs wilt re- main the responsibility of the Com- ponents A culture that recognizes and values IA must also be built among all Department Compo- ngure 1 the assignment of the Staff Director and other key positions It is in the process of achieving full opera- tional capability as staffing for the various positions becomes avail- able Organizationally the re- ports to the Information Assurance nents Accordingly the IAP wi ii Stat Dirac-liar continuously compare De- partment's IA programs and i 3 against its oper- ational and business infor- mation require- ments De- - i cl - Wadimr s en - Human Resources Dmeiopmmt - Operatiomi Patio - Security Mnmgen - Operation-1 Mon - Acq sitinn and Prod Detehxpmem Research and Termologvt Huh Gutdmce JM Comdmtim 3n P'kmm Isa - Management I Lyit infirm 3g uortiirmlinrr cosmetics tionai fu imrtiou readiness stan- dards and threats to the DI The DIAP will also infuse IA through- out its operations as a fundamen- tal element of readiness and train- ing Operational readiness stan- dards will be used to assess the ad- equacy of the protection afforded to the Department's data infor- mation systems and networks and to the entire DII This effort will provide a comprehensive and Figure 2 Directorate of the Office of the As sistant Secretary of Defense for Figure 1 The DIAP is divided into two teams the Func- tionai Evaiuation and Integration Team FEIT and the Program De- velopment and Integration Team PDIT see Figure 2 Between Vol 2 No 2 Fall 7998 Through Pubiin As our society speeds into the Information Age we are growing increas- ingly dependent on a complex web of information sys- tems to manage our lives We use computers the Internet and other information technologies to con- duct business man- age finances engage in personal communications and process vast amounts of data This dependence on informa- tion systems also extends to our Na- tion's critical infrastructures These infrastructures telecommu- nications energy banking and fi- nance transportation and govern- ment operations among others are the foundation of our economy national security and way of life virtually every citizen depends on them everyday Technological ad vances have made these infrastruc- tures highly automated and inter- dependent increasing their effi- ciency and improving the quality of their services Yet technological advances have also introduced vulnerabilities into these infrastructures and more people now have the tools to ex- ploit them For example the per vasiveness and easy accessibility of the Internet means that anyone possessing the right tools and tech- nical skills can penetrate an organi- zation's information and control systems to steal data or inflict dam- age Culprits who might commit such acts include disgruntled em- ployees recreational hackers crim- inal groups terrorist organizations foreign inteiligence services or even hostile nations The National Infrastructure Pro tection Center NIPC was estab- lished in February 1998 to address infrastructure threats and vulnera bilities Our mission is to detect deter assess warn of respond to and investigate unlawful acts both physical and cyber that threaten Vol 2 No 2 Fall 1998 73 - ivate Partnership our critical infrastructures Located at FBI Head- quarters in Washing- ton DC the NIPC is an interagency publioprivate body that brings together investi- gators computer scien- tists and other experts from gov- ernment and private industry The NIPC focuses on pre- venting attacks learning about them before they occur and tak- ing steps to prevent or disrupt them This effort requires collect- ing and analyzing information from all available sources includ- ing law enforcement intelligence services open sources and the private sector and disseminating our analyses to all relevant orga- nizations If an attack occurs the NIPC is the Federal Government's focal point for crisis response and investigation The NIPC is built on a founda- tion of partnership When fully staffed the NIPC wiil include rep- resentatives from the Federal Gov- ernment including the FBI De- partment of Defense the Intelli- gence Community and others from the owners and operators of critical infrastructures to provide expertise and to facilitate coordina- tion in the event of a crisis and from state and local law enforce- ment to build liaison relationships with emergency first responders The NIPC also will establish elec- tronic connectivity to relevant or- ganizations in government and in- dustry that have or require infor- mation about infrastructure threats and vulnerabilities The NI success depends on information sharing We are devel- oping two-way channels of comm munication to facilitate informa- tion flow regarding threats vulner- abilities and incidents between government and industry The Federal Government has access to by Kenneth M Geicfe National Infrastructure Protection Center FBI intelligence and law enforcement information that is unavailable to private organizations Simultane- ously the NIPC wants to learn about the threats and vulnerabili- ties experienced by these organiza- tions Sharing this important infor- mation will help us to define the threat environment with greater accuracy thereby enabling us to prevent or disrupt potential attacks One current initiative is Infra Gard a pilot project sponsored by the FBI's Cleveiand Field Office to foster information sharing among private industry the FBI and other government agencies A secure lnternebbased system infraGard has an alert network that members can use to report computer intru- sions to the FBI Reports are sent by electronic mail mail in two forms a detailed de- scription which the FBI uses for analysis and if required investiga- tive purposes and a sanitized vic- tim-produced version for distribu- tion to other lnfraGard members Approximately 56 organizations are now involved in the InfraGard project and we are exploring op- tions for expanding it into a nation al system Protecting our critical infrastruc- tures in the Infon'nation Age will require creative solutions and new ways of thinking Establishing the NFC and developing a productive partnership between government and industry are important steps in this direction Much work remains to be done but we took forward to working with our partners as we confront the challenges ahead Arnhem Zelda is Chief of the PETS Coii iptim 1mrsu gtzitibrts and Operations Sat-tion 1705 i v aziriizial lii zeisz ructim - Hermite Center WIPCI 2 ii hide infli- and Hit Eminent Ctxif il 'l'nlt lfl genre and was ii'zsmimw'iiai in limiting and arshim'irig the tiassfige of the li'iriirirv nic ljis pionagc Ar 01 2996 he his Bechtforfs Begin from the Unit rusty of Sam Fiancisrt and his ii i tisreris Joggec ham Nett' York Web Security nel but the military in general They used persona computers at home used no privileged informa- tion - not even a phone book - and did not use any on-line ser- vices that perform investigative searches for a fee In less than five minutes on the Net Ashley starting with only the general's name was able to extract his complete address unlisted phone number and using a map search engine build a map and dri- ving directions to his house Using the same techniques and Internet search engines they visit- ed various military and military-re- lated web sites to see how much and the types of data they could gather What they discovered was too much about too much and seemingiy too little concern about the free fiow of information versus what the public needs to know For example one web site for a European-based installation pro- vided more than enough informa- tion for a potential adversary to learn about its mission and to pos- sibly craft an attack indeed the web site contained an aerial pho- tograph of the buildings in which the communication and equipment were housed By pointing and clicking on any of the buildings a web surfer would learn the name of the communi- cations system housed in the building and its purpose MADE EASY Taking their quest for easily ac- cessible information one step fur- ther the Joint Staff decided to see how much information could be collectedjust by typing a military system acronym into an Internet search engine While not everyone would be familiar with defense-res lated acronyms many of them are now batted around the airwaves on talk shows and on the Internet in mi Iitary-related chat rooms They soon discovered how easy it was to obtain information on al most any topic with one web site hyper-linking them to another on the same topic continued from cover What the Joint Staff was doing when they collected their informa- tion is commonly cal led data min- ing surfing the Net to collect bits of information on individuals spe- cific topics or organizations and then trying to piece together a com- plete picture Individuals do it or- ganizations do it and some compa nies do it for profit While the information they dis- covered presented legitimate con- cerns it wasn't all negative The Army's Ft Belvoir Va home page was cited as one example of a web site which served the needs of both the military and the public It had the sort of information families or interested members of the public need and should get So what does all this mean Is creating individual and insti- tutional security problems In the rush to make information available to the internal audience is too much being made available to the public and those who might want to in ict harm The Joint Staff doesn't pretend to have all the answers to these questions but is encouraging users to think about these issues whenever they put information on Things NUT in WI an a DGBWEBITE untiasx'iliai ensmmaiarmatan Dali animal pruprlemrj mrmatnn - m lltf llaliun ' It batsman minim data I arnhiim u a mhrmatnn plums a mummies 3 Wlae ilieti tr Emulate unlit 3 minim Ill system militia the Internet and they believe that in some cases is it s own worst enemy Need To Know vs Right Too Know Michael J White DoD's assis- tant director for security counter- measures agrees with the Joint Staff analysis Moreover as a secu- rity expert he is concerned DOD does indeed exceed what needs to be on the Intemet For fear of not telling our story well enough we have told too much he said Personally I think there's too much out you need to stop and ask the question Does this next paragraph really need to be there or can I extract enough or abstract enough so that the intent is there without the specificity And that is hard to do because we are pressed every day 80 sometimes expedi- ency gets ahead of pausing for a minute and thinking through the process Does the data really need to be there Is it going to hurt me tomorrow morning DoD's policy on releasing infor- mation to the public as spelled out by Defense Secretary William Cohen in April 1997 requires to make available timely and accu- rate information so that the public Congress and the news media may assess and understand the facts about national security and de- fense strategy The same state- ment requires that information be withheld only when disclosure would adversely affect national se- curity or threaten the men and women of the Armed Forces On the one hand Ashley said we have fast cheap and easy glob- ai communication and coordina- tion On the other hand we find ourselves protecting official infor- mation and essential elements of information against point-and-click aggregation Clearly this balancing act is a function of risk manage- ment Full openness and full pro- tection are equally bad answers We have a serious education training and awareness issue that needs to be add ressed Vol 2 No 2 -- Fall 7998 The Joint Staff repeatedly re- turns to the issue of point-and- click aggregation as a problem that is often overlooked when military personnel and organizations place data on the Internet What they're referring to is the ability to collect bits of information from several dif- ferent web sites to compile a more complete picture of an individual issue or organization with very lit- tle effort The biggest mistake people make is they don't understand how easy it is to aggregate information Waish said The lesson from this is that even though what is posted on the Net is perfectly innocent in and by itself when combined with other existing information a larger and more complete picture might be put to gether that was neither intended nor desired A more obvious problem yet still one not always considered when posting information on the Internet is that the in web site addresses stands for world wide web information posted may be intended only for an inter nal audience - perhaps even a very small and very specific group of people But on the Net it's available to the world This security experts agree is an enormous change from the time when foreign intelligence gather- ing was extremely labor intensive and could only be done effectively on US soil If l'm a bad guy I can sit back in the security of my homeland and spend years looking for a vul- nerability before I decide to take a risk and commit resources Ashley said I'm at absolutely no risk by doing that I can pick out the most lucrative targets before hand and may even ust bookmark those tar- gets for future use We won't know something has been compromised until it's too late White agrees with the Joint Staff's concern You can sit in Ger- many and have access to the Unit- ed States_j ust as easily as you can in Australia or the People's Republic of China or Chile White said It doesn't matter where you are You Vol 2 No 2 Fall 7993 can go back and forth and in be- tween and lose your identity on the net instantaneously Those who seek to use the system feel com- fortable they won't be discovered FOUO Means FOUO In addition to these issues secu- rity experts see another recurring and disturbing problem In the rush to take advantage of the Net's timeliness and distribution capabil- ities military personnel are forget- ting about or ignoring the For Of - cial Use Only policies which previ- ously made the information more di icuit to obtain Yet anyone using the Internet doesn't have to ven- ture far into the array of military web sites to come across one which states For Official Use Only If the information is For Of cial Use Only security experts said web site developers managers and commanders must ask themselves whether the information should be there in the first place While officials are most con- cerned about the information being placed on military web sites they had similar warnings about individual or family web sites The Joint Staff recommends the same precautions should apply at home especially as per- sonnel move into high ranking key leadership positions A ISSUE At a time when the flow of in- formation is beyond anyone's capa- bility to either digest it or control its direction it's not likely the prob lems brought forward recently by the Joint Staff will be solved any time soon The first step security experts said is awareness the prob- lems exist Commanders have to understand not Just the informa- tion capabilities of the world wide web but the information vulnera- bil ities as well The second step Walsh pointed out is for commanders to become actively involved in the issue of what's being put on the Internet Current DOD policies require that local commander public affairs and security reviews prior to re- lease of data on web pages But the flow of information is so great these reviews may not be occur- ring and few are looking at the ag gregation problem think it would be very appro- priate for a public affairs officer to be the commander's lead represen- tative Walsh said But it's a com- mander's issue and it should go down command lines This is cer- tainly an operational security issue Just like operational security is everybody's business this ultimate ly is everyone's responsibility White concurred and recom- mends installations create securi- ty-integrated product teams which would be tasked to develop and im- plementguideiines for creating and monitoring web sites on the instal- lation think having a group come together before the web site de- velopment process begins will re- move an awful lot of pain in the iong run White said We need to step back one step and think be- fore we begin any effort because once it's done you can't undo it That makes it very hard in a digi tal environment Although it's not possible to re- trieve what's already on the world- wide web nor predict how it will in- fluence future security issues Walsh Ashley and White believe it's not too late to make a differ- ence With a little more forethought and a lot more planning it will be possible to better protect the next generation of warfighters both on and off the battlefield they said September 25 1998 Via ZDcii'ei'iseLink firm the Anzarirran Inibrme zfion Service Articles Jim'nioa zdezrbio i czsion at ails rad mi I Detection The Information Systems Tech- nology Group of MIT Lincoln Lab- oratory under Defense Advanced Research Projects Agency nforma tion Technology Office ITO and Air Force Research Labo ratory sponsorship is collecting and distributing the first standard corpus for evaluating computer network intrusion detec- tion systems Aiong with we are also coordi- nating the first formal repeatable and statistically significant evalua- tion of intrusion detection systems This evaluation will measure prob- ability of detection and probability of false alarm for each system under test This evaluation will contribute significantly to the intrusion de- tection research field by providing direction for research efforts by objectively calibrating current technology The evaluation is de- signed to be simple to focus on core technology issues and to en- courage wide participation We have tried to eliminate security and privacy concerns and we are providing data types that are used commonly by the majority of in- trusion detection systems Technical Obgective The evaluation objectively mea- sures intrusion detection systems' ability to detect attacks on comput- er systems and networks The eval- uation focuses on UNIX worksta- tions and the goal is to determine whether any of the following attack events occurred or were attempted during a given network session - Denial of service - Unauthorized access from a remote machine - Unauthorized access to local superuser privileges by a local unprivileged user - Surveillance and probing and - Anomalous user behavior Network sessions used for scor- ing the evaluation are complete connections which corre- spond to interactions using many services including telnet HTTP SMTP FTP finger rlogin and oth- ers Because the evaluation is based on the context of normal computer use on a military base the frequen- cy and character of the network sessions generated for each of these services reflect their actual usage at Air Force bases worldwide The 172 16- writ-dun ux J f hy was 55 mm by Dr Marc A Zi ssman 9 Dr Richard Lippmann Lincoln Laboratory MIT Simulation mal background traffic sessions the current evaluation will allow us to measure both detection and false alarm rates Simultaneously Data and Guideiines Before the evaluation begins seven weeks of training data will be made available to the participants any 3 Addresses m1 Imam but Figure 1 The Lincoln simulation network is user to generate traffic or the DARE-M 1998 itt'n uarinn The network has an Lz'r Jsidw which a Ell ld an 'bursz dc which retyresents the interwar the net wrnii t contains corn mtr-rs is cape'ilrifr ofpmducing traf c from 131'er sands of 51772111 le on'imiters and himrlreds ef slmulafed users evaluation is designed to foster re- search progress with the following four goals 1 Explore promising new ideas in intrusion detection 2 Develop advanced technology incorporating these ideas 3 Measure the performance of this technology and 4 Compare the performance of various newly developed and existing systems in a systematic careful way Previous evaluations of intru- sion detection systems have tended to focus exclusively on the proba- bi I ity of detection without regard to probability of false alarm By em- bedding attack sessions within nor- These data will be used to con g- ure intrusion detection systems and train free parameters General- ly the types of training data pro- vided will be those that are used by most current commercial and re- search intrusion detection systems network packet traffic host audit files and file system dumps These data will be labeled individu- ally as either normal or attack anomalous Later a set of test data will be made available Evaluation participants will run their systems blindly over the test data and will submit the system hypotheses for scoring Both the training and the testing data wiEI be extracted from a simu- Vol 2 No 2 Fall 1998 lation network of about a dozen workstations see Figure 1 on op- posite page With kernel modifica- tions made available by and other custom software these few workstations can emulate thousands of worksta- tions with hundreds of users Both normal use and attack sessions will be present Distributions of normal session types and normal session content will be similar to that on military bases Attack sessions will contain old recent and new at- tacks Most network sessions are run automatically while a small number of sessions are generated by live users Seven weeks of net- work traffic are available for train- ing and another two weeks will be used for evaluation In all the eval- uation corpus will contain millions of network connections There are two parts to the in- trusion detection evaluation The first part is an off-line evaluation Network traffic and audit logs col- lected on a simulation network will serve as input to intrusion de- tection systems under test These systems will process data in batch mode trying to nd the attack ses- sions in the midst of normal activ- ity The second part of the evalua- tion is conducted in realtime Sys- tems will be delivered to them these two teams accomplish the overall mission tasks and func- tions of the DIAP and are staffed by a combination of Service Joint Staff OSD and Defense Agency personnel The FEIT consists of eight functional areas including Readiness Assessment Human Re- sources Development Operational Policy and Doctrine Implementa- tion Security Management Opera- tional Monitoring Architectural Standards and System Transforma- tion Acquisition and Product De velopment and Research and Technology These team members are the DIAP's principal evaluators for each functional area and will continuously evaluate Component lA programs to ensure the Defense- wide application of these functions Vol 2 No 2 Fa 7998 and inserted into their network testbed Again the Job of the detection system is to find the attack sessions in the midst of normal background activ- ity Some systems may be tested in off-line mode some in real-time mode and some in both modes Schedule Data for this first evaluation will be made available during the fall of 1998 The evaluation itself will occur in October and November A follow-up meeting for evaluation participants and other interested parties will be held in December to discuss research findings All sites that find the task and the evaluation of interest are invit- ed to participate For more information or to re- quest copies of the training corpus contact Dr Marc A Zissman or Dr Richard P Lippmann Lincoln Laboratory Massachusetts institute of Technol- ogy Information Systems Technology Group 244 Wood Street Lexington MA 02420-9185 Voice 781 981 7625 Fax 781 981 0186 En ail continued from page 2 is consistent integrated efficient and programatically supported The PDIT will provide for the over- sight coordination and integration of the Department s IA resource programs The sum total of these activities will ensure the Depart- ment's 1A operational capabilities to protect detect and respond are appropriately met The transformation of IA from a largely technical issue to an opera- tional imperative is critical to suc- cess of the Department's iA strate gy The DIAP constitutes a signifi- cant management organizational and cultural change within the De- partment It will ensure that the Department's IA programs extend beyond traditional Service and Agency perspectives to meet the For specific information on the real-time evaluation contact Terrence Terry G Champion Air Force Research Laboratory Electromagnetics Technology Divi- sion INFOSEC Technology Office Building 1124 Hanscom AFB MA 01731-5000 Voice 781 377 2068 Fax 781 377 2563 Email Marc A Zissman the 8 5 in science from 51777 in 1541 and the 8 8 S M and 77-1 9 de nes in arg wririg ail him MW in 7986 1 986 and 1 9 80 Hr is pleat-72575 ass Pfiddi of'tha Information Systems 'Iliid zndl ng Group at A if irrigate his fixust- ls on digit spttit h iiIUtil SS li'ig and C Olfiiplilt f net-- won t maturity He may be testified at 314773111 7 ztnei'ta'i a 8 8 in 0796111531 hm lit Justin m1 of li itnidyn in 1970 an a 1 77 1 17 in ei arlnii af Vigil iterz'rigfimi i li fzassat hustm instill Ha 1978 1913 v sailor sleiff lmn itkar in he frilbm ial idn Group at Langston when his n tsaarri'z Emmet on 5pm art the applicasz of and it praiiblm is in rnrnixlvicer titration Ha Imiv b6 mrditr at growing challenges of a dynamic global information environment Through this process the Depart- ment will be able to leverage infor- mation and information technoio gy to enhance the efficiency of its business activities and the impact of its military operations CAPT Burton her 84 5 in National Strategv from the Malaria Coleen and her MA in iidg iltlagamenr 71 iformaiion 85 stems from Gauge i i 'ishirigmn Slit is cur-- mntiy as the Staff 4551 1mr2t2'a Ii c igrrtin z in the Infommtinn 1 7ii'actomia of the Office of'tht Assistant of Dt'al'cnsc for Jonirrimd Termini Chitliniinlmrim'i and The IATAC Information Assurance Tools Database hosts information on intrustion detec - tion vulnerabii - ity analysis rewalis and antivirus appli - cations A brief summary of FIREWALL TOOLS is pro- vided on these two pages For more informa - tion see the IATAC Product Order form on page 15 TITLE COMPANY AltaVista Digital Internet Firewall 98 Solutions IBM Inc Border Novell Inc Manager BorderWare BorderWare Firewall Technologies Inc Server Brimstone SOS Corporation Freestone Checkpoint Check Point Firewall-I clPro FW Radguard ConSeal Signal 9 Solutions PC Firewall CyberGuard CyberGuard for NT Corporation CyberGuard CyberGuard for UnixWare Corporation Elron Firewall Elron Software Inc eNetwork for IBM Inc Windows NT Firebox 100 WatchGuard Firebox ll Technologies Inc Firewall for Secure Computing Windows NT Gauntlet Trusted Information Systems GemGuard Gemini Computers GNAT Box Global Technology Guardian NetGuard Ltd Guardlt Computer Associates He@tSeekerPro Fortress Technologies J River Inc Interceptor Technologlc Inc KEYWORDS Firewall Application-Level Gateway VPN Firewall Application Gateway Packet Filtering Firewall Packet Filtering Circuit-Level Gateways Application-Level Gateways Proxies NAT VPN Firewall Tri-Level Packet Filtering Circuit-Level Gateways and Application Proxies NAT VPN Firewall Hybrid Firewall Stateful Inspection Proxies NAT VPN Firewall Multi-Layer Probing MLP NAT VPN Firewall Packet Filtering NAT VPN Firewall Hybrid NAT Firewall Hybrid NAT Firewall Stateful Inspection NAT VPN Firewall Hybrid NAT VPN Firewall Stateful Packet Filtering Transparent Proxies NAT VPN Firewall Application Gateway Proxies Firewall Application Gateway VPN Firewall Trusted Packet Filtering VPN Firewall Stateful Packet Inspection Application Techniques NAT Firewall Stateful Inspection NAT VPN Firewall Hybrid NAT Firewall Packet Filtering Firewall Packet Filtering Firewall Application Proxies VPN URL digitalcom 7 I Vol 2 No 2 Fall 7998 FIW TITLE COMPANY InterLock WorldCom Service Advanced Networks IOS Firewall Cisco Systems Feature Set Lucent Lucent Managed Firewall Technologies Inc LuciGate Lucidata NetGate Small Works Inc NetScreen- IOO NetScreen-to NetScreen Technologies Norman Norman Data Firewall Defense PIX Cisco Systems Livermore Software Laboratories PrivateWire Cylink Corporation PyroWalI Radguard Raptor for NT Axent Technologies Raptor for Axent Solaris Technologies Secure Access Ascend SecurlT Firewall for Solaris Milkyway Networks SecurIT Firewall Milkyway Networks for Windows NT SecureWare Bull HN Information Systems Sidewinder Secure Computing SmartWaII V-ONE Corporation Solstice Sun Microsystems Firewall-1 Sonic Systems Inc StoneBeat Stonesoft Corporation Teiaxian Shield Network Firewall Server Engineering WinGate Deerfield Com- munications Inc Vol 2 No 2 Fair 7998 KEYWORDS Firewall Application-Level Proxy Firewall Packet Filtering NAT VPN Firewall Packet Filtering Firewall Packet Filtering NAT Firewall Packet Filtering and Routing Package VPN Firewall Dynamic Filter NAT Firewall Dual-homed Gateway Application Proxies NAT Firewall Hybrid NAT Firewall Proxies NAT VPN Firewall Dynamic Packet Filtering VPN Firewall Multi-Layer Probing MLP NAT VPN Firewall Hybrid Application-level proxies Packet Filtering NAT VPN Firewall Hybrid Application-level proxies Packet Filtering NAT VPN Firewall Hybrid VPN Firewall Application and Circuit Level Gateway Proxy Servers Firewall Application and Circuit Level Gateway Proxy Servers Firewall Hybrid NAT VPN Firewall Application Gateway Proxies VPN Firewall Packet Filtering Proxies NAT VPN Firewall Stateful Inspection VPN Firewall Stateful Inspection NAT Firewall High Availability Firewall Hybrid NAT VPN Firewall Proxy server URL I - Detecthganamtively Across Multiple Domains In the national defense arena most pay little attention to the isolated cases of computer intrusions reported almost weekly in the news If became aware of a pattern of attacks di- rected at a variety of networks and domains however this infor- mation might well warrant height- ened attention Our research ef forts at the University of Idaho are directed in part at developing a prototype to supply multiple- domain information Commercial intrusion detec- tion systems protect only a single network or a collection of net- works in a single domain such as pentagonmil or lajes af mil These limitations make it difficult even to detect a sweep or scan at- tack against multiple government and military installa- tions in a single geo- graphic area espe- cially if they repre sent different de- partments like the Department of De- fense and the De partment of Energy or different services such as the Army Air Force and Navy A seemingly insignificant intrusion at one location would acquire much greater importance if col- laboration among the installations revealed a coordinated set of at- tacks Therefore some form of data sharing is needed to detect systemic attacks against the na- tion's critical information infra- structure that involve multiple hosts and domains To help address these con- cerns we have developed a proto- type called HMMR Hierarchical Management of Misuse Reports or Hummer The prototype and its source code are available at mer When HMMR is fully de ployed every host has a Hummer running on it and all the hosts in a domain are probably but not necessarily arranged in some hi- erarchical fashion Each domain has a top-level manager and those managers may agree to form peer groups with top-level managers from other domains Peer groups can also be formed among coop- erating systems at other levels In the hierarchical model manager and subordinate systems do not have to be in the same domain The Hummers can collect data such as log files usage reports commercial tools and freeware security tools and scanners from several locations on their host ma- chine and put the acquired data into a common format However these capabilities require that ad- ditional coding to extract data from the source and then refer- mat it properly for the Hummer to use and distribute depending on the filters created by that host's system administrator or high-level managers administrators The re- formatted information is distrib- uted either through the hierarchy or to all the other peers in the peer group The filter is simply a screen that determines which se- curity-relevant information is to be shared with other hosts and networks The filters can be gen- erated quickly through one of the user interfaces Each Hummer has a World Wide Web-based interface for rela- tively easy configuration and management operations The Audit Tool Manager lets the user pick which tools to use at any time It also offers preconfigured suites of tools for Possible Intru- sion and Ongoing Intrusion alert levels These resources allow the operator to turn on all policy-defined tools and respond by Donald 1 Tobin Jr University of Idaho to a situation with only a few clicks of the mouse button Once a top-level manager has created a particular configuration he can push the configuration including the filters to be used out to all the other Hummers under him in the hierarchy in a few minutes The following scenario illus- trates the Hummer's use A De- partment of Energy DOE re- search laboratory located near an Army installation an Air Force in- stallation and a major govern- ment contractor has formed a peer group with the other facili- ties using HMIVIR so the organiza- tions may share security-related information Normally the data collection logging and auditing tools run in the background at the DOE lab to avoid negative im- pact on the user com- munity only a small subset of Hummer tools are routinely turned on One day however an alert sys tem administrator sees Hummer-gener- ated information being passed to her system from the Army installation and the gov- ernment contractor in turn indi- cating they have been subjected to port scans Expecting her net- work to be the next likely target the system administrator turns on additional logging immediately confident that with a few key strokes the more information she has the better her chances of in- hibiting the intruder Hummer represents only one of many areas in our ongoing re- search The most important area we believe is developing a formal trust integrity and cooperation TIC model among hosts across multiple domains We recognize that data or even data requests from a peer may be unreliable in- accurate or deliberately falsified yet there remains a need to use available global information to ac- Vol 2 No 2 Fall 7998 Today's enterprises rely on the World Wide Web to deliver timely information to a broad base of users branch offices partners and customers As more information content and applications become readily available via the Internet and via intranets and extranets you must look closely at the secu- rity requirements of your organiza- tion's servers systems and net- works and ensure that you protect these critical assets Intranets extranets and the ln- ternet are changing our worid They distribute information and services to people no matter where they are But most network security systems were never de- signed for distributed environ- ments As a result they cannot de- liver the scalability and manage- ment control needed to support growth and sti ll remain secure Web site databases and other ap- plication systems are compro- mised almost every day some- times inadvertently sometimes with malicious intent and some- times for the so-called fun of breaking in No system is ab- solutely impervious to attack from both internal and external individ- uals and groups but you can take steps to protect your systems and Vol 2 No 2 Fall 7998 you can implement policies and procedures to reduce significantly the threat of unauthorized access One approach to achieving these goals is use of the Lucent Man- aged Firewall now available in version 3 0 Originally engineered by Bell Labs to protect Lucent Technolo gies' networks the Firewall is de- signed to be intrinsically secure It physically separates the security and management functions to im- prove each function's security and performance Lucent Technologies The Lucent network security appliance called the Brick is a bridge-level device that runs Infer- no operating system software a compact real-time operating sys- tem The firewall code is embed- ded in the inferno operating sys- tem kernel The Brick eliminates common points of vulnerability including user logins ies hard drive and monitor The resulting rewall is hard to break and easy to maintain The Security Management Server software handles adminis- trative functions Available for Windows and Sun Soiaris op- PafirmiI a iccom ngd 7 system by Robert Duchate ier Lucent Technologies erating systems the Security Man- agement Server features an easy to use graphical user interface GUI As a result network administrators do not have to be versed in operat- ing systems or network configura- tion to manage the system The Brick uses native tion and authentication features to communicate securely with the Security Management Server The administrator works with the Security Management Server using ed sessions via ind us- try-standard Secure Sockets Layer SSL and Design Engineering Services DES links all of which are built in Included with the Lucent Managed Fire- wails is a free X509 digital certifi- cate from VeriSign Additionally the Lucent Man- aged Firewall is extremely scalable and easy to deploy Most firewalls establish security rules geographh cally or physically instead Lucent uses security zones to establish rules logically One Brick can sup- port multiple security policies or zones and each security zone can be set up to have its own dis- tinct set of rules with report logs and alarms customized for that zone Multiple zones can be man- aged centrally from one Security Management Server This ap- proach makes it easy for you to en- force multiple security policies across multiple Bricks regardless of where your firewalls are located The Lucent Managed Firewall can easily scale up to meet your needs no matter how large they become As the network grows you simply add Bricks to the Secu rity Management System Because the firewall appliance is imple- mented as a bridge not a router you can add new firewall appli- continued on page 12 11 IA Sc ienti tic 81 -Iechnical -I nfa rmation Collection of scientific and tech- nical information STI is essential to Information Analysis Center IAC operations The Information Assurance Technology Analysis Center IATAC collection of Infor- mation Assurance IA STI focuses on technologies that support the de sign development testing evalua- tion operations and maintenance of Department of Defense military systems and infrastructure STI products and services serve to advance the knowledge base and productivity of the research development test and evaluation community IATAC taps many sources to col- lect IA STI It relies on direct inter- face with vendors supporting the IA community as a primary source of information Nondisclosure agree ments with corporations yield infor- mation on emerging research and development Release of STI obtained through nondisclosure is controlled as delineated in the agreement Technical symposia and conferences also provide infor- mation and seeks conference pro- ceedings and technical papers often become part of the STI Collection IATAC also interfaces with DOD and other Federal Government agencies also facilitate receipt of new scien- tific and technical information Technical Area Tasks also produce's STI and helps to build the IA collec- tion Finally open source gathering techniques augment collection ac- tivities The IATAC collection offers matierials on a number of IA STI topics including those listed below Information in the IA STI collec- tion is available to registered De- fense Technical Information Center DTIC users Secondary distribu- Command Central pulars 84 Intelligence Brill Fly Compularlilelwark Masks Gil-A 3 3'3 Flrallalls 53 Hackers 3 lnlarmalian by Robert Thompson Director tion instructions must be strictly fol- lowed to ensure compliance with copyright restrictions To become a registered DTIC user applicants must complete DD Form 1540 avail- able from whs osd mi For more information on the IA STI Collection contact IATAC at 703 902 3177 or via email at iatac@dtic mil t3 lnlurmaiitin Warfare 3 Infrastructure Assuranta 5333 3 Intrusian Maliaitius Carla Daimler 3 RejTeaming t3 t3 Virua' lnti Virua #3 Year 2min tall secure Your Natwork continued from pagell ances at any time without recon- figuring the router network With the release of the Lucent Managed Firewall v3 0 you can also manage software down- loads remotely saving time and maintenance expense The Lucent Managed Firewall can operate in a gateway perime- ter setting to protect an enterprise network from the Internet or from partner extranet networks It can separate public Web servers from sensitive intranet servers It can also separate different intranet segments Its scalability and flexi- bility can handle virtually any type of appliction as well as any size and type of infrastructure Your network applications and systems are only as secure as the weakest point of entry To secure your network you must design the system to provide distributed security centralized management and scalability You must also ad- here to strict policies and train users effectively Implementing these steps and deploying ad- vanced firewall technology will provide a secure system to support a broad range of applications while minimizing the threat from unwelcome guests These compo- nents build the strong foundation required to ensure maximum se- curity while they also deliver the flexibility needed to grow your en- terprise For more information contact Lucent Technologies at 888 552 2544 or on-line at cent com security E 'iber l' Ductiarelliar received an MES in 21136 Applied from Irzsliz tite an MS in Y rsl2 riroio3gy Manageii'it'rrt mm Institute of Ho 1'5 rZ'rJr'n-zrnir l ut ml Ma ar iaged Firewall Salas Channel vlariager for the US Gi n arnmam Heparinrent of Dci ft l'lef and Radars Agrai rcles Vol 2 No 2 Fall 7998 NOV 25th Annual Computer Security Conference 8 Exhibition Sponsored by Computer Security Institute CST Chicago IL call 415 905 2378 The Defense Technical info rnation Center D110 Annual Users Meet'ng and Training Confer ence DoubleTree Hotel National Airport Arlington VA call Ms Julia Foscue 703 757 8235 jfoscue@dtic mil 13th Annuai Mid-Atlantic lnteuigence Symposium Sponsored by AF CEA Central Maryland Chapter Johns Hopkins Applied Physical Lab APL Laurel MD call Dawn Metzer 410 584 6580 4-5 AFCEA West '99 Sponsored by AFCEA and the U S Naval Institute San Diego CA call the AFCEA Programs Office 703 531 5125 6125 JAMI 19-21 Southeast Conference and 1 Exposition 2 4 1 Sponsored by the AFCEA Tampa St Petersburg Chapter 1 Tampa FL 3 call J Spargo 81 Associates 703 631 6200 DTIC's Annual Users Meeting 81 Training Conference This year DTIC is hosting its 25th Annual Users Meeting and Training Conference The conference will be held at the DoubleTree Hotel National Air port 300 Army Navy Drive Arlington VA from 2-5 November 1998 The agenda is packed full of excit ing and relevant topics as well as an exhibit room overflowing with vendors from every aspect of In- formation Technology IT Maintaining the Information Edge is the theme for the conference and the sessions are geared to this topic DTIC 98 will address the information sources and changing tech nologies that impact those who are involved in Defense Research and Acquisi- tion We are particularly pleased to announce this year's keynote speakers Lieutenant General David J Kelley Director Defense Information Systems Agency Mr Carol Cini Associate Director US Gov- ernment Printing Of ce and Mr Richard Luce Di- rector Los Alamos Research Library Mr Louis Pur- nell the luncheon speaker will be relating his ex- ploits during World War ll as a Tuskeegee Airman The Conference offers four days of varied train- ing sessions that enable DTIC users to collaborate on the latest IT topics Presentations wili address the most current issues effecting the research develop- ment and acquisition communities Not only will these speakers acquaint you with the latest policy and operational developments but they will also provide you with practical details on valuable and di- verse domestic and foreign information resources security issues the Worid Wide Web virtual libraries video streaming and the storage and dissemination of electronic documents Maintaining the Information Edge presents excit- ing new challenges DTIC '98 promises to provide the tools to expand your horizons to meet these chal- lenges For more information please contact Ms Julia Foscue the DTIC 98 Conference Coordinator at 703 767 8236 or via e-mai or ac- cess the DTIC homepage at curately assess the local security posture Therefore a formal model must include multiple lev- els of cooperation and trust and must provide concise definitions of cooperation and trust in this context Other considerations to be addressed are whether the co- operation levels should be statical- ly or dynamically assigned and how quickly or gracefully they should be adjusted in response to the most current data The model must also take into account the various costs of cooperation in- cluding data collection transmis- Vol 2 No 2 Fall 7998 continued from page sion and sanitization and the ex- posure risk of the local network While most of the structure has been coded by undergradu- ates Jamie Marconi Jesse Mc- Connell Dean Polla and Joel Marlow so far we hope our work on Project HMMR and our future research will encourage other researchers to explore new ideas for addressing the risks facing the critical informa- tion infrastructure We have shown that cooperative intru- sion detection can be achieved and we believe it must be achieved to help ensure nation- al security in the future Dong ild Ibtu'n 175a intricate student at the of Idaho and a research e'issisra-em at the Center Secure and Software 77219 primarv 12 35 are in intrusion defeat lion noun-'17 and11 11E71 niali0n warmly He is 22 retired Air ange officer and has in7l kti i7 with a tam- y of rent-7 mum caiiwz satellite and l'm'ssile mam-- ing systems He earned his 514 3 in hummer Science from Boston Lii iivezsiry and his 7-3 8 In ori i he exes Mlm egemL REWA I 3w roomy 1 NE i this rim 5 ibrM n-M-Mama MIAMI-2 Inn-M Hf-4r half The Information Assurance IA Tools Report on Firewall tools is now available to regis- tered DTIC users This report provides an index of firewall products contained in the IA Tools database It summarizes pertinent information provid- ing users with a brief descrip- tion of available tools and con- tact information As a living document this report will be updated periodically as addi- tional information is entered into the database Currently the IA tools data- base contains 46 rewall tools that are available in the com- mercial marketplace or through GSA contracts The IA Tools Reports Vulnerability Analysis Intrusion Detection This IA Tools reports summarize pertinent information providing users with a brief description of avai table tools and contact informa- tion As living documents these reports will be updated periodically as additional information is entered into the databases Currently the Vulnerability Analysis IA Tools database contains descriptions of 35 tools that can be used to support vulnerability and risk assessment Research for the Intrusion Detection IA Tools report identified 43 intrusion detection tools currently employed and avail- able Modeling Simulation Technical Report This report describes the mod- els simulations and tools being used or developed by selected orga- nizations that are chartered with the IA mission The definitions pre- scribed by DMSO for model and simulation were used to determine what entities should be included in this IA modets simulations and tools report Pm firewail products provide a range of solutions to meet various fire- wall requirements These solu- tions can provide protection of in- ternal networks and provide se- cure Internet and remote access connections The database was built by gathering open-source data analyzing that data coordi nating with the respective firewall developer and then formatting the data into the final report The information includes a basic de- scription security services and mechanisms availability contact and reseller distributors for each firewail product included For in- structions on obtaining a copy of this report refer to the IATAC Product Order Form Malicious Code Detection State-ijThe-Art Report This SOAR addresses malicious software detection Included is a taxonomy for malicious software to provide the audience with a better understanding of commercial mali- cious software An overview of the current state-of-the art commercial products and initiatives as wet as future trends is presented The same is then done for current state- of-the art in regards to Lastly the report presents observations and assertions to support the DOD as it grapples with this problem entering the 21 st century Vol 2 No 2 Fall 7998 IMPORTANT NOTE All IA TAC Products are distributed through the Defense Technical Information Center DTIC if you are NOT a registered user you must do so PRIOR to ordering any IATAC products To register with DTIC go to 6 r 7 Milli Ofc Symbol Name Organization Address Phone E-mail Fax Organization CI YES CI NO If NO complete LEMETED DISTRIBUTION section below LIMITED DISTRIBUTION QTY PRICE EA EXTD PRICE In order for NON-DOD organizations to obtain LIMITED DISTRIBUTION products a formal written request must be sent to IAC Program Of ce ATTN Sherry Davis 8725 John Kingman Road Suite 0944 Ft Belvoir VA 22060 6218 Contract No For contractors to obtain reports request must support a program be veri ed with COTR COTR Phone Modeling Simulation Technical Report N0 Cost CI IA Tools Report - Firewalls No Cost IA Tools Report Intrusion Detection No Cost CI IA Tools Report Vulnerability Analysis No Cost Malicious Code Detection SOAR TOP SECRET CI SECRET N0 Cost Security POC Security Phone UNLIMITED DISTRIBUTION QTY PRICE EA EXTD PRICE Newsletters Limited number of back issues available CI Vol 1 No 1 El Vol 1 No 2 Vol 1 No 3 No Cost CI Vol 2 No 1 Vol 2 No 2 ORDER TOTAL Please list the Government that the product s will be used to support Once completed Fax to IATAC at 703 902 3425 Vol 2 No 2 Fall 7998 Fm Anu'rlaus IxLErIaus Ann 0mm U S Distribution Only Copy this page complete the form and fax to IATAC at 703 902 3425 CI Change 3 Add CI Delete Name Title Company Org Address City State Zip Phone Fax DSN E-mail Organization check one LII USA CI USN USAF El USMC CI OSD Cl Contractor El Other Information Assurance Technology Analysis Center 8283 Greensboro Drive Allen 663 McLean VA 22102-3838