Legal Aspects of Ice-Pick Testing

Get BibTex-formatted data

Author

Dr. Bruce C. Gabrielson

Entry type

techreport

Abstract

The Ice-Pick package is a window driven program that provides a multi-layered approach to network testing. The automated tool is used to identify frquently exploited security problems present on well known UNIX based operating systems. Information provided by testing is used to determine what protective mechanisms need to be implemented by network administrators. The paper deals with two issues of primary concern, the user's legal basis for performing vulnerabliity identification testing, and the consequences of unauthorized use or release of the software itself. It is essential for self protection that the tester understands what he or she can legally do with a tool such as Ice-Pick. The issue of trust can also effect users. Trusting each user to protect Ice-Pick against unauthorized release is essential for absolute control of the technology involoved. The structure of this document allows traceablility from top level law through applicable Navy regulation. The most important points are the understanding of what monitoring involves, and knowing what the Ice-Pick test tool can be used for. The use of other pentration type testing tools, such as SATAN, will not be discussed, nor will the regulatory requirements of non-Navy organizations. However, the discussion can be applied to using similar test tools in other organizations.

Address

Alexandria, VA

Institution

Naval Research Laboratory

Key alpha

Gabrielson

Publication Date

0000-00-00

Keywords

Ice-Pick, network testing, SATAN

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Gabrielson,
	title = "Legal Aspects of Ice-Pick Testing",
	author = "Dr. Bruce C. Gabrielson",
	address = "Alexandria, VA",
	institution = "Naval Research Laboratory",
	abstract = "The Ice-Pick package is a window driven program that provides a multi-layered approach
to network testing. The automated tool is used to identify frquently exploited security
problems present on well known UNIX based operating systems. Information provided by
testing is used to determine what protective mechanisms need to be implemented by network
administrators.
The paper deals with two issues of primary concern, the user's legal basis for performing
vulnerabliity identification testing, and the consequences of unauthorized use or
release of the software itself. It is essential for self protection that the tester
understands what he or she can legally do with a tool such as Ice-Pick. The issue of trust
can also effect users. Trusting each user to protect Ice-Pick against unauthorized release
is essential for absolute control of the technology involoved.
The structure of this document allows traceablility from top level law through applicable
Navy regulation. The most important points are the understanding of what monitoring
involves, and knowing what the Ice-Pick test tool can be used for. The use of other
pentration type testing tools, such as SATAN, will not be discussed, nor will the
regulatory requirements of non-Navy organizations. However, the discussion can be applied
to using similar test tools in other organizations.",
	keywords = "Ice-Pick, network testing, SATAN",
}