Browse Prior Art Database

Network Security For Trade Shows (RFC2179)

IP.com Disclosure Number: IPCOM000002737D
Original Publication Date: 1997-Jul-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 8 page(s) / 19K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

A. Gwinn: AUTHOR

Abstract

This document is designed to assist vendors and other participants in trade shows, such as Networld+Interop, in designing effective protection against network and system attacks by unauthorized individuals. Generally, it has been observed that many system administrators and trade show coordinators tend to overlook the importance of system security at trade shows. In fact, systems at trade shows are at least as prone to attack as office-based platforms. Trade show systems should be treated as seriously as an office computer. A breach of security of a trade show system can render -- and has rendered -- an exhibitor's demonstrations inoperable -- sometimes for the entire event!

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 14% of the total text.

Network Working Group A. Gwinn

Request for Comments: 2179 Networld+Interop NOC Team

Category: Informational July 1997

Network Security For Trade Shows

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

This document is designed to assist vendors and other participants in

trade shows, such as Networld+Interop, in designing effective

protection against network and system attacks by unauthorized

individuals. Generally, it has been observed that many system

administrators and trade show coordinators tend to overlook the

importance of system security at trade shows. In fact, systems at

trade shows are at least as prone to attack as office-based

platforms. Trade show systems should be treated as seriously as an

office computer. A breach of security of a trade show system can

render -- and has rendered -- an exhibitor's demonstrations

inoperable -- sometimes for the entire event!

This document is not intended to replace the multitudes of

comprehensive books on the subject of Internet security. Rather, its

purpose is to provide a checklist-style collection of frequently

overlooked, simple ways to minimize the chance of a costly attack.

We encourage exhibitors to pay special attention to this document and

share it with all associated representatives.

Physical Security

Before addressing technical security issues, one of the most

frequently underrated and overlooked security breaches is the simple

low-tech attack. The common victim is the one who leaves a console

logged in, perhaps as root, and leaves the system. Other times, an

anonymous "helpful soul" might ask for a password in order to assist

the user in "identifying a problem." This type of method allows an

intruder, especially one logged in as "root", access to system files.

Tips:

* Educate sales and support staff regarding system logins, especially

"root" or other privileged accounts.

* Identify individuals who are not using exhibit systems for their

intended purpose, especially non-booth personnel.

* Request identification from anyone wishing to access systems

for maintenance purposes unless their identities are known.

System Security

This section discusses technical security procedures for workstations

on the vendor network. Although specifics tend to be for Unix

systems, general procedures apply to all platforms.

Pas...