Network Working Group Philip J. Nesser II draft-ietf-ssh-overview-00.txt Nesser & Nesser Consulting Internet Draft December 1996 Overview of the Site Security Handbook Working Group Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress". Please check the I-D abstract listing contained in each Internet Draft directory to learn the current status of this or any other Internet Draft. Abstract The Site Security Handbook(SSH) Working Group(WG) of the Internet Engineering Task Force (IETF) has been working since 1994 to produce a pair of documents designed to educate the Internet community in the area of security. The first document is a complete reworking of RFC 1244, and is targeted at system and network administrators, as well as decision makers (middle management). The second document is targeted at end users of computer and network systems, including individuals using a modem and computer at home. 1.0 Introduction The original Site Security Handbook (RFC 1244) was published in mid 1991 as an aid for system and network administrator who wished to improve the security of their networks and systems. With the rapid growth, expansion, and changing nature of the Internet, the need to update RFC 1244 to include the latest changes in security technology was clear. Additionaly, the need for a document to describe security concepts to end users who are typically unaware of the security implications of their actions was needed. The first of these documents is approximately sixty pages in length, plus appendices, while the second document is approximately twenty pages in length. This document is designed as an executive summary of those much longer documents. 2.0 The Site Security Handbook The SSH is divided into 10 sections. Each of the sections are briefly described below. 2.1 Introduction This section describes the scope, purpose, audience, and definitions of the document. It additionaly discusses the basic approaches used throughout the handbook, as well as a discussion of risk assessment. 2.2 Security Policies This section gives a complete discussion of security policies, including the defintion and purpose of security policies, as well as who should be involved in the creation of the policy and why one is neccessary. An excellent discussion of the trade-offs and goals that make up a good policy is given. 2.3 Architecture This section discusses the need to define a security architecture to contain the policies discussed in section two. Different architecture philosophies are compared. An in-depth discussion of network and service configuration is done covering all major aspects of the security architecture, including the infrastructure (networks, routers, network management, etc.), and a detailed coverage of all major network services (DNS, NIS, Email, WWW, FTP, TFTP, NFS, WAIS, GOPHER, etc.). A significant portion of this section is a discussion of firewalls, firewall technology, and implementation concerns. 2.4 Security Services and Procedures This section is a general description of security topics which are relevant and should be addressed and understood when designing security policies. Specific topics covered include: authentication, one-time passwords, kerberos, chosing and protecting secret tokens and pins, password assurance, confidentiality, integrity, authorization, access (including physical access, network access, and modem lines), auditing, and backup security. Each of the proceding topics are covered in significant depth. 2.5 Security Incident Handling The section supplies guidance to be applied before, during and after a security incident. Specifically, a framework and set of guidelines is provided to assist sites in defining policies to handle security incidents. Topics addressed include who to notify, how to determine who is in charge of handling the incident, law enforcement agencies, defining incident handling teams, informing other breached sites, dealing with the press, idenitification of incidents, collecting evidence, containg the intrusion, eradication of the intrusion, and follow-up after the incident. 2.6 Ongoing Activities This section lists a number of on going activities which have been found useful to keep current on current security information. 2.7 Tools and Locations This section provides a brief overview of publically availble security technology on the Internet. Information on the location of these tools is also provided. 2.8 Mailing Lists and Other Resouces An anotated list of mailing lists, usenet groups, and world wide web pages are presented which contain relevant information. 2.9 Reference A complete list of the references presented in the document. 2.10 Annotated Bibliography A large list of annotated bibliographic references are provided covering a large body of computer securty related topics. 3.0 User Security Handbook The User Security Handbook (USH) is divided into eight sections which are desribed below. 3.1 Who Cares? This section descibes the audience for this document and covers basic terms which are used throughtout. 3.2 The ?? Commandments This section under construction. 3.3 READ.ME This section descibes the documents which are critical for the use to read and why they should be read. 3.4 Just Do It A number of core items are covered that users need to be aware of. These include issue involving passwords, viruses, modems, abandoned terminals, file protections, and encryption. 3.5 Paranoia is Good This section covers the concepts of "social engineering," that is the technique whereby an intruder tries to convince an internal user to give some key information or access. 3.6 The Wires Have Ears This section tries to educate users about how easy it is for the intruder to listen to all network traffic that is not encrypted. 3.7 Incident Handling This section described the steps a user might take if they suspect that their account or machines may have been compromised, as well as how to respond to the incident. 3.8 Home Alone This section is specifically written for the home user who is connected to the Internet via a modem. Specific information provided and topics covered include: how to pick and Internet Service Provider (ISP), email, bulletin board systems (bbs), the world wide web (www), dangers of downloading files, remote logins, and daemons. 4.0 Security Considerations This document is an overview of the two documents created by the SSH working group of the IETF. These two documents deal exclusively with security issues. 5.0 Authors' Addresses Philip J. Nesser II Nesser & Nesser Consulting 13501 100th Ave NE, Suite 5202 Kirkland, WA 98034 USA Phone: (206)481-4303 Email: pjnesser@martigny.ai.mit.edu