Browse Prior Art Database

Site Security Handbook (RFC1244)

IP.com Disclosure Number: IPCOM000002060D
Original Publication Date: 1991-Jul-01
Included in the Prior Art Database: 2000-Sep-12

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J.P. Holbrook: AUTHOR [+2]

Abstract

1.1 Purpose of this Work

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 1% of the total text.

Network Working Group P. Holbrook

Request for Comments: 1244 CICNet

FYI: 8 J. Reynolds

ISI

Editors

July 1991

Site Security Handbook

Status of this Memo

This handbook is the product of the Site Security Policy Handbook

Working Group (SSPHWG), a combined effort of the Security Area and

User Services Area of the Internet Engineering Task Force (IETF).

This FYI RFC provides information for the Internet community. It

does not specify an Internet standard. Distribution of this memo is

unlimited.

Contributing Authors

The following are the authors of the Site Security Handbook. Without

their dedication, this handbook would not have been possible.

Dave Curry (Purdue University), Sean Kirkpatrick (Unisys), Tom

Longstaff (LLNL), Greg Hollingsworth (Johns Hopkins University),

Jeffrey Carpenter (University of Pittsburgh), Barbara Fraser (CERT),

Fred Ostapik (SRI NISC), Allen Sturtevant (LLNL), Dan Long (BBN), Jim

Duncan (Pennsylvania State University), and Frank Byrum (DEC).

Editors' Note

This FYI RFC is a first attempt at providing Internet users guidance

on how to deal with security issues in the Internet. As such, this

document is necessarily incomplete. There are some clear shortfalls;

for example, this document focuses mostly on resources available in

the United States. In the spirit of the Internet's "Request for

Comments" series of notes, we encourage feedback from users of this

handbook. In particular, those who utilize this document to craft

their own policies and procedures.

This handbook is meant to be a starting place for further research

and should be viewed as a useful resource, but not the final

authority. Different organizations and jurisdictions will have

different resources and rules. Talk to your local organizations,

consult an informed lawyer, or consult with local and national law

enforcement. These groups can help fill in the gaps that this

document cannot hope to cover.

Finally, we intend for this FYI RFC to grow and evolve. Please send

comments and suggestions to: ssphwg@cert.sei.cmu.edu.

Table of Contents

1. Introduction..................................................... 3

1.1 Purpose of this Work............................................ 3

1.2 Audience........................................................ 3

1.3 Definitions..................................................... 4

1.4 Related Work.................................................... 4

1.5 Scope........................................................... 4

1.6 Why Do We Need Security Policies and Procedures?................ 5

1.7 Basic Approach.............