idnits 2.17.1 draft-ietf-ssh-overview-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-24) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 210 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There is 1 instance of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 1996) is 9992 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 8 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Philip J. Nesser II 2 draft-ietf-ssh-overview-00.txt Nesser & Nesser Consulting 3 Internet Draft December 1996 5 Overview of the Site Security Handbook Working Group 7 Status of this Memo 9 This document is an Internet Draft. Internet Drafts are working 10 documents of the Internet Engineering Task Force (IETF), its Areas, 11 and its Working Groups. Note that other groups may also distribute 12 working documents as Internet Drafts. 14 Internet Drafts are draft documents valid for a maximum of six 15 months. Internet Drafts may be updated, replaced, or obsoleted by 16 Internet Drafts are draft documents valid for a maximum of six 17 months. Internet Drafts may be updated, replaced, or obsoleted by 18 other documents at any time. It is not appropriate to use Internet 19 Drafts as reference material or to cite them other than as a "working 20 draft" or "work in progress". 22 Please check the I-D abstract listing contained in each Internet 23 Draft directory to learn the current status of this or any other 24 Internet Draft. 26 Abstract 28 The Site Security Handbook(SSH) Working Group(WG) of the Internet 29 Engineering Task Force (IETF) has been working since 1994 to produce 30 a pair of documents designed to educate the Internet community in 31 the area of security. The first document is a complete reworking of 32 RFC 1244, and is targeted at system and network administrators, as 33 well as decision makers (middle management). The second document 34 is targeted at end users of computer and network systems, including 35 individuals using a modem and computer at home. 37 1.0 Introduction 39 The original Site Security Handbook (RFC 1244) was published in mid 40 1991 as an aid for system and network administrator who wished to 41 improve the security of their networks and systems. With the rapid 42 growth, expansion, and changing nature of the Internet, the need to 43 update RFC 1244 to include the latest changes in security technology 44 was clear. 46 Additionaly, the need for a document to describe security concepts 47 to end users who are typically unaware of the security implications 48 of their actions was needed. 50 The first of these documents is approximately sixty pages in length, 51 plus appendices, while the second document is approximately twenty 52 pages in length. This document is designed as an executive summary 53 of those much longer documents. 55 2.0 The Site Security Handbook 57 The SSH is divided into 10 sections. Each of the sections are 58 briefly described below. 60 2.1 Introduction 62 This section describes the scope, purpose, audience, and definitions 63 of the document. It additionaly discusses the basic approaches used 64 throughout the handbook, as well as a discussion of risk assessment. 66 2.2 Security Policies 68 This section gives a complete discussion of security policies, 69 including the defintion and purpose of security policies, as well as 70 who should be involved in the creation of the policy and why one is 71 neccessary. An excellent discussion of the trade-offs and goals 72 that make up a good policy is given. 74 2.3 Architecture 76 This section discusses the need to define a security architecture to 77 contain the policies discussed in section two. Different 78 architecture philosophies are compared. An in-depth discussion of 79 network and service configuration is done covering all major aspects 80 of the security architecture, including the infrastructure (networks, 81 routers, network management, etc.), and a detailed coverage of all 82 major network services (DNS, NIS, Email, WWW, FTP, TFTP, NFS, WAIS, 83 GOPHER, etc.). A significant portion of this section is a 84 discussion of firewalls, firewall technology, and implementation 85 concerns. 87 2.4 Security Services and Procedures 89 This section is a general description of security topics which are 90 relevant and should be addressed and understood when designing 91 security policies. Specific topics covered include: 92 authentication, one-time passwords, kerberos, chosing and protecting 93 secret tokens and pins, password assurance, confidentiality, 94 integrity, authorization, access (including physical access, network 95 access, and modem lines), auditing, and backup security. Each of 96 the proceding topics are covered in significant depth. 98 2.5 Security Incident Handling 100 The section supplies guidance to be applied before, during and after 101 a security incident. Specifically, a framework and set of 102 guidelines is provided to assist sites in defining policies to 103 handle security incidents. Topics addressed include who to notify, 104 how to determine who is in charge of handling the incident, law 105 enforcement agencies, defining incident handling teams, informing 106 other breached sites, dealing with the press, idenitification of 107 incidents, collecting evidence, containg the intrusion, eradication 108 of the intrusion, and follow-up after the incident. 110 2.6 Ongoing Activities 112 This section lists a number of on going activities which have been 113 found useful to keep current on current security information. 115 2.7 Tools and Locations 117 This section provides a brief overview of publically availble 118 security technology on the Internet. Information on the location of 119 these tools is also provided. 121 2.8 Mailing Lists and Other Resouces 123 An anotated list of mailing lists, usenet groups, and world wide web 124 pages are presented which contain relevant information. 126 2.9 Reference 128 A complete list of the references presented in the document. 130 2.10 Annotated Bibliography 132 A large list of annotated bibliographic references are provided 133 covering a large body of computer securty related topics. 135 3.0 User Security Handbook 137 The User Security Handbook (USH) is divided into eight sections 138 which are desribed below. 140 3.1 Who Cares? 142 This section descibes the audience for this document and covers 143 basic terms which are used throughtout. 145 3.2 The ?? Commandments 147 This section under construction. 149 3.3 READ.ME 151 This section descibes the documents which are critical for the use 152 to read and why they should be read. 154 3.4 Just Do It 156 A number of core items are covered that users need to be aware of. 157 These include issue involving passwords, viruses, modems, abandoned 158 terminals, file protections, and encryption. 160 3.5 Paranoia is Good 162 This section covers the concepts of "social engineering," that is 163 the technique whereby an intruder tries to convince an internal 164 user to give some key information or access. 166 3.6 The Wires Have Ears 168 This section tries to educate users about how easy it is for the 169 intruder to listen to all network traffic that is not encrypted. 171 3.7 Incident Handling 173 This section described the steps a user might take if they suspect 174 that their account or machines may have been compromised, as well as 175 how to respond to the incident. 177 3.8 Home Alone 179 This section is specifically written for the home user who is 180 connected to the Internet via a modem. Specific information 181 provided and topics covered include: how to pick and Internet 182 Service Provider (ISP), email, bulletin board systems (bbs), the 183 world wide web (www), dangers of downloading files, remote logins, 184 and daemons. 186 4.0 Security Considerations 188 This document is an overview of the two documents created by the 189 SSH working group of the IETF. These two documents deal 190 exclusively with security issues. 192 5.0 Authors' Addresses 194 Philip J. Nesser II 195 Nesser & Nesser Consulting 196 13501 100th Ave NE, Suite 5202 197 Kirkland, WA 98034 198 USA 200 Phone: (206)481-4303 201 Email: pjnesser@martigny.ai.mit.edu