Browse Prior Art Database

Site Security Handbook (RFC2196)

IP.com Disclosure Number: IPCOM000002754D
Original Publication Date: 1997-Sep-01
Included in the Prior Art Database: 2019-Feb-15

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Fraser: AUTHOR

Related Documents

10.17487/RFC2196: DOI

Abstract

This handbook is a guide to developing computer security policies and procedures for sites that have systems on the Internet. The purpose of this handbook is to provide practical guidance to administrators trying to secure their information and services. The subjects covered include policy content and formation, a broad range of technical system and network security topics, and security incident response. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group B. Fraser Request for Comments: 2196 Editor FYI: 8 SEI/CMU Obsoletes: 1244 September 1997 Category: Informational

Site Security Handbook

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Abstract

This handbook is a guide to developing computer security policies and procedures for sites that have systems on the Internet. The purpose of this handbook is to provide practical guidance to administrators trying to secure their information and services. The subjects covered include policy content and formation, a broad range of technical system and network security topics, and security incident response.

Table of Contents

1. Introduction.................................................... 2 1.1 Purpose of this Work............................................ 3 1.2 Audience........................................................ 3 1.3 Definitions..................................................... 3 1.4 Related Work.................................................... 4 1.5 Basic Approach.................................................. 4 1.6 Risk Assessment................................................. 5 2. Security Policies............................................... 6 2.1 What is a Security Policy and Why Have One?..................... 6 2.2 What Makes a Good Security Policy?.............................. 9 2.3 Keeping the Policy Flexible..................................... 11 3. Architecture.................................................... 11 3.1 Objectives...................................................... 11 3.2 Network and Service Configuration............................... 14 3.3 Firewalls....................................................... 20 4. Security Services and Procedures................................ 24 4.1 Authentication.................................................. 24 4.2 Confidentiality................................................. 28 4.3 Integrity....................................................... 28

Fraser, Ed. Informational [Page 1]

RFC 2196 Site Security Handbook September 1997

4.4 Authorization................................................... 29 4.5 Access.......................................................... 30 4.6 Auditing........................................................ 34 4.7 Securing Backups................................................ 37 5. Security Incident Handling...................................... 37 5.1 Preparing and Planning for Incident Handling.................... 39 5.2 Notification and Points of Contact.............................. 42 5.3 Identifying an Incident......................................... 50 5.4 Handling an Incident............................................ 52 5.5 Aftermath of an Incident........................................ 58 5.6 Responsibilities................................................ 59 6...

Processing...
Loading...