Guidelines for the Secure Operation of the Internet (RFC1281)
Original Publication Date: 1991-Nov-01
Included in the Prior Art Database: 2019-Feb-11
Internet Society Requests For Comment (RFCs)
R. Pethia: AUTHOR [+2]
The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet. This memo provides information for the Internet community. It does not specify an Internet standard.
Network Working Group R. Pethia Request for Comments: 1281 Software Engineering Institute S. Crocker Trusted Information Systems, Inc. B. Fraser Software Engineering Institute November 1991
Guidelines for the Secure Operation of the Internet
Status of this Memo
This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited.
The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet. During its history, the Internet has grown significantly and is now quite diverse. Its participants include government institutions and agencies, academic and research institutions, commercial network and electronic mail carriers, non-profit research centers and an increasing array of industrial organizations who are primarily users of the technology. Despite this dramatic growth, the system is still operated on a purely collaborative basis. Each participating network takes responsibility for its own operation. Service providers, private network operators, users and vendors all cooperate to keep the system functioning.
It is important to recognize that the voluntary nature of the Internet system is both its strength and, perhaps, its most fragile aspect. Rules of operation, like the rules of etiquette, are voluntary and, largely, unenforceable, except where they happen to coincide with national laws, violation of which can lead to prosecution. A common set of rules for the successful and increasingly secure operation of the Internet can, at best, be voluntary, since the laws of various countries are not uniform regarding data networking. Indeed, the guidelines outlined below also can be only voluntary. However, since joining the Internet is optional, it is also fair to argue that any Internet rules of behavior are part of the bargain for joining and that failure to observe them, apart from any legal infrastructure available, are grounds for sanctions.
Pethia, Crocker, & Fraser [Page 1]
RFC 1281 Guidelines for the Secure Operation November 1991
These guidelines address the entire Internet community, consisting of users, hosts, local, regional, domestic and international backbone networks, and vendors who supply operating systems, routers, network management tools, workstations and other network components.
Security is understood to include protection of the privacy of information, protection of information against unauthorized modification, protection of systems against denial of service, and protection of systems against unauthorized access.
These guidelines encompass six main points. These points are repeated and elaborated in the next section. In addition, a bibliography of computer and network related references has been provided at the end of this document for use by the reader.
(1) Users are individually responsible for understanding and respecting the security policies of the systems (comput...