Internet
Click on the red underlined text to get to the source
... on how to address security issues within the Internet community. It
builds on the foundation provided in RFC 1244(-> 2196fyi8) and is the collective
...
... procedures for sites that have systems on the Internet (however, the
information provided should also be useful to sites not yet connected
to the Internet). This guide lists issues and factors that a site
must consider when setting their own policies. It makes a number of
recommendations and provides discussions ...
... terminal servers, PCs
or other devices that have access to the Internet. A site may be an
end user of Internet services or a service provider ...
... or other devices that have access to the Internet. A site may be an
end user of Internet services or a service provider such as a mid-
level network ...
... level network. However, most of the focus of this guide is on those
end users of Internet services. We assume that the site has the
ability to set policies and procedures for itself with the
concurrence and support from those who actually own the resources. It
...
...
The "Internet" is a collection of thousands of networks linked by a
common set of technical protocols which make it possible for users of
...
... Security Handbook Working Group is working on a User's Guide
to Internet Security. It will provide practical guidance to end users
to help them protect their information and the resources they use.
...
... policies can be consistent with the overall site security
architecture. For example, having a strong policy with regard to
Internet access and having weak restrictions on modem usage is
inconsistent with an overall philosophy of strong security ...
...
For sites connected to the Internet, the rampant media magnification
of Internet related security ...
... For sites connected to the Internet, the rampant media magnification
of Internet related security incidents can overshadow a (potentially)
more serious internal security problem ...
... security problem. Likewise, companies who have
never been connected to the Internet may have strong, well defined,
internal policies but fail to adequately address an external
...
... traffic between LAN's internal to the site, but a "deny all" policy
can be adopted between the site and the Internet.
...
... There is a large variety of services which may be provided, both
internally and on the Internet at large. Managing security is, in
many ways, managing access to services ...
...
Services tend to rush like waves over the Internet. Over the years
many sites have established anonymous FTP servers, gopher ...
... services that
are established with a skeptical attitude to determine if they are
actually needed or just the current fad sweeping the Internet.
...
... protect the internal server from external access. However, a WWW
server, which provides a home page intended for viewing by users
anywhere on the Internet, requires built-in protection. That is, the
service/protocol/server must provide whatever security ...
... Network Information
Service (NIS) and NIS+ are not used on the global Internet, but are
subject to the same risks as a DNS server ...
... security holes. If a Web server is available to the Internet
community, it is especially important that confidential information
not be co-located on the same host ...
... One of the most widely deployed and publicized security measures in
use on the Internet is a "firewall." Firewalls have been given the
...
... firewall." Firewalls have been given the
reputation of a general panacea for many, if not all, of the Internet
security issues. They are not. Firewalls ...
... network and the another network (e.g., the
Internet, or another piece of the site's network).
...
... company's internal network, for example, and another part,
the global Internet, for example. The unique feature about this wall
is that there needs to be ways for some traffic with particular
...
... tell the difference between the "put" command and the "get" command;
an organization may wish to allow users to "get" files from the
Internet, but not be able to "put" internal files on a remote server.
By contrast, a filtering router ...
... valid user might need to
regularly access the "home" site while on travel to trade shows and
conferences, etc. Access to the Internet is often available but may
be through an untrusted machine or network. A correctly configured
...
... networks, and these local networks are further
connected together and to the Internet. Users are logging in from
all over the globe; their reusable passwords are often transmitted
...
... and system administrators, administrative contacts for other sites on
the Internet, and various investigative organizations. Getting to
know these contacts before incidents occurs will help to make your
incident handling process more efficient.
...
... dedicated to computer security incidents in the United States. Such
press coverage is bound to extend to other countries as the Internet
continues to grow and expand internationally. Readers from countries
where such media attention has not yet occurred, can learn from the
...
... Good Internet Citizenship ...
... liabilities if you choose to leave your site open, knowing that an
intruder is using your site as a launching pad to reach out to other
sites. Being a good Internet citizen means that you should try to
alert other sites that may have been impacted by the intruder. These
...
... This chapter provides a brief list of publicly available security
technology which can be downloaded from the Internet. Many of the
items described below will undoubtedly be surpassed or made obsolete
before this document is published.
...
... It is important to note that many sites, including CERT and COAST are
mirrored throughout the Internet. Be careful to use a "well known"
mirror site to retrieve software, and to use verification tools ...
... security. However, these are some "jump-
points" from which the reader can begin. All of these references are
for the "INTERNET" constituency. More specific (vendor and
geographical) resources can be found through these references.
...
... Appelman, Heller, Ehrman, White, and McAuliffe, "The Law and The Internet", USENIX 1995 Technical Conference on UNIX and Advanced Computing, New Orleans, LA, January 16-20, 1995. ...
... J. Brock, "November 1988 Internet Computer Virus and the Vulnerability of National Telecommunications ...
... B. Chapman and E. Zwicky, "Building Internet Firewalls", O'Reilly and Associates, Sebastopol, CA, 1995. ...
... B. Cheswick, "The Design of a Secure Internet Gateway", Proceedings of the Summer Usenix Conference, Anaheim, CA, June 1990. ...
... W. Cheswick and S. Bellovin, "Firewalls and Internet Security: Repelling the Wily Hacker", Addison-Wesley, Reading, MA, 1994. ...
... M. Eichin, and J. Rochlis, "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", Massachusetts Institute of Technology, February 1989. ...
... Accounting Office, "Computer Security - Virus Highlights Need for Improved Internet Management", United States General Accounting Office, Washington, DC ...
... S. Garfinkel and E. Spafford, "Practical UNIX and Internet Security", O'Reilly & Associates, Sebastopol, CA, 1996. ...
... G. Howard, "Introduction to Internet Security: From Basics to Beyond", Prima Publishing, Rocklin, CA, 1995. ...
... L. Hughes Jr., "Actually Useful Internet Security Techniques", New Riders Publishing, Indianapolis, IN, 1995. ...
... Internet Activities Board, "Ethics and the Internet", RFC 1087, IAB, January 1989. Also appears in the Communications of the ACM, Vol. 32, No. 6, Pg. 710, June 1989. ...
... S. Kent, "E-Mail Privacy for the Internet: New Software and Strict Registration Procedures will be Implemented this Year", Business Communications Review, Vol. 20, No. 1, Pg. 55, 1 January 1990. ...
... W. Lu and M. Sundareshan, "Secure Communication in Internet Environments: A Hierarchical Key Management Scheme for End-to-End Encryption", IEEE ...
... M. Ranum, "An Internet Firewall", Proceedings of World Conference on Systems Management and Security ...
... M. Ranum and F. Avolio, "A Toolkit and Methods for Internet Firewalls", Trustest Information Systems, 1994. ...
... The Helminthiasis of the Internet, RFC 1135, USC/Information Sciences Institute, Marina del Rey, CA, December 1989. ...
... E. Spafford, "The Internet Worm Program: An Analysis", Computer Communication Review, Vol. 19, No. 1, ACM SIGCOM, January 1989. Also issued as Purdue
CS Technical Report CSD-TR-823, 28 November 1988. ...
... G. Spafford, "An Analysis of the Internet Worm", Proceedings of the European Software Engineering Conference 1989, Warwick England, September 1989. Proceedings published
by Springer- Verlag as: Lecture Notes in Computer Science #387. Also issued as Purdue Technical Report #CSD-TR-933. ...