Guidelines for the Secure Operation of the Internet (RFC1281)
Original Publication Date: 1991-Nov-01
Included in the Prior Art Database: 2000-Sep-12
Internet Society Requests For Comment (RFCs)
R. Pethia: AUTHOR [+3]
These guidelines address the entire Internet community, consisting of users, hosts, local, regional, domestic and international backbone networks, and vendors who supply operating systems, routers, network management tools, workstations and other network components.
Network Working Group R. Pethia
Request for Comments: 1281 Software Engineering Institute
Trusted Information Systems, Inc.
Software Engineering Institute
Guidelines for the Secure Operation of the Internet
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard. Distribution of this memo is
The purpose of this document is to provide a set of guidelines to aid
in the secure operation of the Internet. During its history, the
Internet has grown significantly and is now quite diverse. Its
participants include government institutions and agencies, academic
and research institutions, commercial network and electronic mail
carriers, non-profit research centers and an increasing array of
industrial organizations who are primarily users of the technology.
Despite this dramatic growth, the system is still operated on a
purely collaborative basis. Each participating network takes
responsibility for its own operation. Service providers, private
network operators, users and vendors all cooperate to keep the system
It is important to recognize that the voluntary nature of the
Internet system is both its strength and, perhaps, its most fragile
aspect. Rules of operation, like the rules of etiquette, are
voluntary and, largely, unenforceable, except where they happen to
coincide with national laws, violation of which can lead to
prosecution. A common set of rules for the successful and
increasingly secure operation of the Internet can, at best, be
voluntary, since the laws of various countries are not uniform
regarding data networking. Indeed, the guidelines outlined below
also can be only voluntary. However, since joining the Internet is
optional, it is also fair to argue that any Internet rules of
behavior are part of the bargain for joining and that failure to
observe them, apart from any legal infrastructure available, are
grounds for sanctions.
These guidelines address the entire Internet community, consisting of
users, hosts, local, regional, domestic and international backbone
networks, and vendors who supply operating systems, routers, network
management tools, workstations and other network components.
Security is understood to include protection of the privacy of
information, protection of information against unauthorized
modification, protection of systems against denial of service, and
protection of systems against unauthorized access.
These guidelines encompass six main points. These points are