idnits 2.17.1 draft-ietf-ssh-users-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-20) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. ** The abstract seems to contain references ([RFC2196]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 866: '...al, any software MAY start up a networ...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1479 has weird spacing: '...sun.com lorna...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 7, 1998) is 9327 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'SSH' is mentioned on line 844, but not defined == Missing Reference: 'SSL' is mentioned on line 240, but not defined == Unused Reference: 'GLOSSARY' is defined on line 1459, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 1983 (ref. 'GLOSSARY') ** Downref: Normative reference to an Informational RFC: RFC 2196 Summary: 13 errors (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 draft-ietf-ssh-users-09.txt Erik Guttman / Sun Microsystems 2 Site Security Handbook WG Lorna Leong / COLT Internet 3 G. Malkin / Bay Networks 4 October 7, 1998 6 Users' Security Handbook 8 Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, 12 and its working groups. Note that other groups may also distribute 13 working documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference 18 material or to cite them other than as "work in progress." 20 To learn the current status of any Internet-Draft, please check the 21 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 22 Directories on ftp.ietf.org (US East Coast), nic.nordu.net 23 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 24 Rim). 26 Abstract 28 The Users' Security Handbook is the companion to the Site Security 29 Handbook (SSH). It is intended to provide users with the information 30 they need to keep their networks and systems secure. 32 Table of Contents 34 Part One: Introduction . . . . . . . . . . . . . . . . . . . . 2 36 1. READ.ME . . . . . . . . . . . . . . . . . . . . . . . . . 2 37 2. The Wires have Ears . . . . . . . . . . . . . . . . . . . 2 39 Part Two: End-users in a centrally-administered network . . . 4 41 3. Watch Out! . . . . . . . . . . . . . . . . . . . . . . . 4 42 3.1. The Dangers of Downloading . . . . . . . . . . . . . . 4 43 3.2. Don't Get Caught in the Web . . . . . . . . . . . . . . 5 44 3.3. Email Pitfalls . . . . . . . . . . . . . . . . . . . . 5 45 3.4. Passwords . . . . . . . . . . . . . . . . . . . . . . . 6 46 3.5. Viruses and Other Illnesses . . . . . . . . . . . . . . 7 47 3.6. Modems . . . . . . . . . . . . . . . . . . . . . . . . 8 48 3.7. Don't Leave Me... . . . . . . . . . . . . . . . . . . . 8 49 3.8. File Protections . . . . . . . . . . . . . . . . . . . 9 50 3.9. Encrypt Everything . . . . . . . . . . . . . . . . . . 9 51 3.10. Shred Everything Else . . . . . . . . . . . . . . . . . 10 52 3.11. What Program is This, Anyway? . . . . . . . . . . . . . 10 53 4. Paranoia is Good . . . . . . . . . . . . . . . . . . . . 11 55 Part Three: End-users self administering a networked computer 13 57 5. Make Your Own Security Policy . . . . . . . . . . . . . . 13 58 6. Bad Things Happen . . . . . . . . . . . . . . . . . . . . 14 59 6.1. How to Prepare for the Worst in Advance . . . . . . . . 14 60 6.2. What To Do if You Suspect Trouble . . . . . . . . . . . 15 61 6.3. Email . . . . . . . . . . . . . . . . . . . . . . . . . 16 62 7. Home Alone . . . . . . . . . . . . . . . . . . . . . . . 16 63 7.1. Beware of Daemons . . . . . . . . . . . . . . . . . . . 16 64 7.2. Going Places . . . . . . . . . . . . . . . . . . . . . 18 65 7.3. Secure It! . . . . . . . . . . . . . . . . . . . . . . 18 66 8. A Final Note . . . . . . . . . . . . . . . . . . . . . . 18 68 Appendix: Glossary of Security Terms . . . . . . . . . . . . . 19 70 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 29 71 References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 72 Security Considerations . . . . . . . . . . . . . . . . . . . 29 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 29 75 Part One: Introduction 77 This document provides guidance to the end-users of computer systems 78 and networks about what they can do to keep their data and 79 communication private, and their systems and networks secure. 80 Part Two of this document concerns "corporate users" in small, medium 81 and large corporate and campus sites. Part Three of the document 82 addresses users who administer their own computers, such as home 83 users. 85 System and network administrators may wish to use this document as 86 the foundation of a site-specific users' security guide; however, 87 they should consult the Site Security Handbook first [RFC2196]. 89 A glossary of terms is included in an appendix at the end of the 90 document introducing computer network security notions to those not 91 familiar with them. 93 1. READ.ME 95 Before getting connected to the Internet or any other public network, 96 you should obtain the security policy of the site that you intend to 97 use as your access provider, and read it. A security policy is a 98 formal statement of the rules by which users who are given access to 99 a site's technology and information assets must abide. As a user, 100 you are obliged to follow the policy created by the decision makers 101 and administrators at your site. 103 A security policy exists to protect a site's hardware, software and 104 data. It explains what the security goals of the site are, what 105 users can and cannot do, what to do when problems arise and who to 106 contact, and generally informs users what the "rules of the game" 107 are. 109 2. The Wires have Ears 111 It is a lot easier to eavesdrop on communications over data networks 112 than to tap a telephone conversation. Any link between computers may 113 potentially be insecure, as can any of the computers through which 114 data flows. All information passing over networks may be 115 eavesdropped on, even if you think "No one will care about this..." 117 Information passing over a network may be read not only by the 118 intended audience but can be read by others as well. This can happen 119 to personal Email and sensitive information that is accessed via file 120 transfer or the Web. Please refer to the "Don't Get Caught in the 121 Web" and "Email Pitfalls" sections for specific information on 122 protecting your privacy. 124 As a user, your utmost concerns should, firstly, be to protect 125 yourself against misuse of your computer account(s) and secondly, to 126 protect your privacy. 128 Unless precautions are taken, every time you log in over a network, 129 to any network service, your password or confidential information may 130 be stolen. It may then be used to gain illicit access to systems you 131 have access to. In some cases the consequences are obvious: If 132 someone gains access to your bank account, you might find yourself 133 losing some cash, quickly. What is not so obvious is that services 134 which are not financial in nature may also be abused in rather costly 135 ways. You may be held responsible if your account is misused by 136 someone else! 138 Many network services involve remote log in. A user is prompted for 139 his or her account ID (ie. username) and password. If this 140 information is sent through the network without encryption, the 141 message can be intercepted and read by others. This is not really an 142 issue when you are logging in to a "dial-in" service where you make a 143 connection via telephone and log in, say to an online service 144 provider, as telephone lines are more difficult to eavesdrop on than 145 Internet communications. 147 The risk is there when you are using programs to log in over a 148 network. Many popular programs used to log in to services or to 149 transfer files (such as telnet and ftp, respectively) send your 150 username and password and then your data over the network without 151 encrypting them. 153 The precaution commonly taken against password eavesdropping by 154 larger institutions, such as corporations, is to use one-time 155 password systems. Until recently, this has been far too complicated 156 and expensive for home systems and small businesses. However, an 157 increasing number of products allow this to be done without fancy 158 hardware, using cryptographic techniques. An example of such a 159 technique is Secure Shell [SSH], which is both freely and 160 commercially available for a variety of platforms. Many products 161 (including SSH-based ones) also allow data to be encrypted before it 162 is passed over the network. 164 Part Two: End-users in a centrally-administered network 166 The following rules of thumb provide a summary of the most important 167 pieces of advice discussed in Part Two of this document: 169 - Know who your security point-of-contact is. 170 - Keep passwords secret at all times. 171 - Use a password-locked screensaver or log out when you leave your 172 desk. 173 - Don't let simply anyone have physical access to your computer or 174 your network. 175 - Be aware what software you run and very wary of software of 176 unknown origin. Think hard before you execute downloaded 177 software. 178 - Do not panic. Consult your security point-of-contact if possible 179 before spreading alarm. 180 - Report security problems as soon as possible to your security 181 point-of-contact. 183 3. Watch out! 185 3.1. The Dangers of Downloading 187 An ever expanding wealth of free software has become available on the 188 Internet. While this exciting development is one of the most 189 attractive aspects of using public networks, you should also exercise 190 caution. Some files may be dangerous. Downloading poses the single 191 greatest risk. 193 Be careful to store all downloaded files so that you will remember 194 their (possibly dubious) origin. Do not, for example, mistake a 195 downloaded program for another program just because they have the 196 same name. This is a common tactic to fool users into activating 197 programs they believe to be familiar but could, in fact, be 198 dangerous. 200 Programs can use the network without making you aware of it. One 201 thing to keep in mind is that if a computer is connected, any program 202 has the capability of using the network, with or without informing 203 you. Say, for example: 205 You download a game program from an anonymous FTP server. This 206 appears to be a shoot-em-up game, but unbeknownst to you, it 207 transfers all your files, one by one, over the Internet to a 208 cracker's machine! 210 Many corporate environments explicitly prohibit the downloading and 211 running of software from the Internet. 213 3.2. Don't Get Caught in the Web 215 The greatest risk when web browsing is downloading files. Web 216 browsers allow any file to be retrieved from the Internet. See "The 217 Dangers of Downloading." 219 Web browsers are downloading files even when it is not entirely 220 obvious. Thus, the risk posed by downloading files may be present 221 even if you do not actively go out and retrieve files overtly. Any 222 file which you have loaded over the network should be considered 223 possibly dangerous (even files in the web browser's cache.) Do not 224 execute them by accident, as they may be malicious programs. 225 (Remember, programs are files, too. You may believe you have 226 downloaded a text file, when in fact it is a Trojan Horse program, 227 script, etc.) 229 Web browsers may download and execute programs on your behalf, either 230 automatically or after manual intervention. You may disable these 231 features. If you leave them enabled, be sure that you understand the 232 consequences. You should read the security guide which accompanies 233 your web browser as well as the security policy of your company. You 234 should be aware that downloaded programs may be risky to execute on 235 your machine. (See "What program is this, anyway?"). 237 Web pages often include forms. Be aware that, as with Email, data 238 sent from a web browser to a web server is not secure. Several 239 mechanisms have been created to prevent this, most notably Secure 240 Sockets Layer [SSL]. This facility has been built into many web 241 browsers. It encrypts data sent between the user's web 242 browser to the web server so no one along the way can read it. 244 It is possible that a web page will appear to be genuine, but is, in 245 fact, a forgery. It is easy to copy the appearance of a genuine web 246 page and possible to subvert the network protocols which contact the 247 desired web server, to misdirect a web browser to an imposter. 249 That threat may be guarded against using SSL to verify if a web page 250 is genuine. When a 'secure' page has been downloaded, the web 251 browser's 'lock' or 'key' will indicate so. It is good to double- 252 check this: View the 'certificate' associated with the web page you 253 have accessed. Each web browser has a different way to do this. The 254 certificate will list the certificate's owner and who issued it. If 255 these look trustworthy, you are probably OK. 257 3.3 Email Pitfalls 259 All the normal concerns apply to messages received via Email that you 260 could receive any other way. For example, the sender may not be who 261 he or she claims to be. If Email security software is not used, it 262 is very difficult to determine for sure who sent a message. This 263 means that Email itself is a not a suitable way to conduct many types 264 of business. It is very easy to forge an Email message to make it 265 appear to have come from anyone. 267 Another security issue you should consider when using Email is 268 privacy. Email passes through the Internet from computer to 269 computer. As the message moves between computers, and indeed as it 270 sits in a user's mailbox waiting to be read, it is potentially 271 visible to others. For this reason, it is wise to think twice before 272 sending confidential or extremely personal information via Email. 273 You should never send credit card numbers and other sensitive data 274 via unprotected Email. Please refer to "The Wires Have Ears." 276 To cope with this problem, there are privacy programs available, some 277 of which are integrated into Email packages. 279 One service many Email users like to use is Email forwarding. This 280 should be used very cautiously. Imagine the following scenario: 282 A user has an account with a private Internet Service Provider and 283 wishes to receive all her mail there. She sets it up so that her 284 Email at work is forwarded to her private address. All the mail 285 she would receive at work then moves across the Internet until it 286 reaches her private account. All along the way, the Email is 287 vulnerable to being read. A sensitive Email message sent to her 288 at work could be read by a network snoop at any of the many stops 289 along the way the Email takes. 291 Note that Email sent or received at work may not be private. Check 292 with your employer, as employers may (in some instances) legally both 293 read your mail and make use of it. The legal status of Email depends 294 on the privacy of information laws in force in each country. 296 Many mail programs allow files to be included in mail messages. The 297 files which come by mail are files like any other. Any way in which 298 a file can find its way onto a computer is possibly dangerous. If 299 the attached file is merely a text message, fine. But it may be more 300 than a text message. If the attached file is itself a program or an 301 executable script, extreme caution should be applied before running 302 it. See the section entitled "The Dangers of Downloading." 304 3.4 Passwords 306 Passwords may be easily guessed by an intruder unless precautions are 307 taken. Your password should contain a mixture of numbers, upper and 308 lower case letters, and punctuation. Avoid all real words in any 309 language, or combinations of words, license plate numbers, names and 310 so on. The best password is a made-up sequence (e.g., an acronym 311 from a phrase you won't forget), such as "2B*Rnot2B" (but don't use 312 this password!) 314 Resist the temptation to write your password down. If you do, keep 315 it with you until you remember it, then shred it! NEVER leave a 316 password taped onto a terminal or written on a whiteboard. You 317 wouldn't write your PIN code on your automated teller machine (ATM) 318 card, would you? You should have different passwords for different 319 accounts, but not so many passwords that you can't remember them. 320 You should change your passwords periodically. 322 You should also NEVER save passwords in scripts or login procedures 323 as these could be used by anyone who has access to your machine. 325 Be certain that you are really logging into your system. Just 326 because a login prompt appears and asks you for your password does 327 not mean you should enter it. Avoid unusual login prompts and 328 immediately report them to your security point-of-contact. If you 329 notice anything strange upon logging in, change your password. 331 Unless precautions have been taken to encrypt your password when it 332 is sent over the network, you should, if possible, use "one-time 333 passwords" whenever you log in to a system over a network. (Some 334 applications take care of that for you.) See "The Wires Have Ears" 335 for more information on the risks associated with logging in over a 336 network. 338 3.5 Viruses and Other Illnesses 340 Viruses are essentially unwanted pieces of software that find their 341 way onto a computer. What the virus may do once it has entered its 342 host, depends on several factors: What has the virus been programmed 343 to do? What part of the computer system has the virus attacked? 345 Some viruses are 'time bombs' which activate only when given a 346 particular condition, such as reaching a certain date. Others remain 347 latent in the system until a particular afflicted program is 348 activated. There are still others which are continually active, 349 exploiting every opportunity to do mischief. A subtle virus may 350 simply modify a system's configuration, then hide. 352 Be cautious about what software you install on your system. Use 353 software from "trusted sources", if possible. Check your site policy 354 before installing any software: Some sites only allow administrators 355 to install software to avoid security and system maintenance 356 problems. 358 Centrally-administered sites have their own policy and tools for 359 dealing with the threat of viruses. Consult your site policy or find 360 out from your systems administrator what the correct procedures are 361 to stay virus free. 363 You should report it if a virus detection tool indicates that your 364 system has a problem. You should notify your site's systems 365 administrators as well as the person you believe passed the virus to 366 you. It is important to remain calm. Virus scares may cause more 367 delay and confusion than an actual virus outbreak. Before announcing 368 the virus widely, make sure you verify its presence using a virus 369 detection tool, if possible, with the assistance of technically- 370 competent personnel. 372 Trojan Horse programs and worms are often categorized with viruses. 373 Trojan Horse programs are dealt with in the "What Program is This, 374 Anyway?" section. F the purposes of this section, worms should be 375 considered a type of virus. 377 3.6 Modems 379 You should be careful when attaching anything to your computer, and 380 especially any equipment which allows data to flow. You should get 381 permission before you connect anything to your computer in a 382 centrally-administered computing environment. 384 Modems present a special security risk. Many networks are protected 385 by a set of precautions designed to prevent a frontal assault from 386 public networks. If your computer is attached to such a network, you 387 must exercise care when also using a modem. It is quite possible to 388 use the modem to connect to a remote network while *still* being 389 connected to the 'secure' net. Your computer can now act as a hole 390 in your network's defenses. Unauthorized users may be able to get 391 onto your organization's network through your computer! 393 Be sure you know what you are doing if you leave a modem on and set 394 up your computer to allow remote computers to dial in. Be sure you 395 use all available security features correctly. Many modems answer 396 calls by default. You should turn auto-answer off unless you are 397 prepared to have your computer respond to callers. Some 'remote 398 access' software requires this. Be sure to turn on all the security 399 features of your 'remote access' software before allowing your 400 computer to be accessed by phone. 402 Note that having an unlisted number will not protect you from someone 403 breaking into your computer via a phone line. It is very easy to 404 probe many phone lines to detect modems and then launch attacks. 406 3.7 Don't Leave Me... 408 Do not leave a terminal or computer logged in and walk away. Use 409 password-locked screensavers whenever possible. These can be set up 410 so that they activate after the computer has been idle for a while. 412 Sinister as it may seem, someone coming around to erase your work is 413 not uncommon. If you remained logged in, anyone can come by and 414 perform mischief for which you may be held accountable. For example, 415 imagine the troubles you could be in for if nasty Email were sent to 416 the president of your company in your name, or your account were used 417 to transfer illegal pornography. 419 Anyone who can gain physical access to your computer can almost 420 certainly break into it. Therefore, be cautions regarding who you 421 allow 422 access to your machine. If physically securing your machine is not 423 possible, it is wise to encrypt your data files kept on your local 424 hard disk. If possible, it is also wise to lock the door to one's 425 office where the computer is stored. 427 3.8 File Protections 429 Data files and directories on shared systems or networked file 430 systems require care and maintenance. There are two categories of 431 such systems: 433 - Files to share 435 Shared files may be visible to everyone or to a restricted group 436 of other users. Each system has a different way of specifying 437 this. Learn how to control sharing permissions of files and 438 implement such control without fail. 440 - Protected files 442 These include files which only you should have access to, but 443 which are available to anyone with system administrator 444 privileges. An example of this are files associated with the 445 delivery of Email. You don't want other users to read your Email, 446 so make sure such files have all the necessary file permissions 447 set accordingly. 449 3.9 Encrypt Everything 451 Additionally, there are files that are private. You may have files 452 which you do not wish anyone else to have access to. In this case, 453 it is prudent to encrypt the file. This way, even if your network is 454 broken into or the systems administrator turns into Mr. Hyde, your 455 confidential information will not be available. Encryption is also 456 very important if you share a computer. For example, a home computer 457 may be shared by roomates who are friends but prefer to keep their 458 Email and financial information private. Encryption allows for 459 shared yet private usage. 461 Before you encrypt files you should check your site's security 462 policy. Some employers and countries expressly forbid or restrict 463 the storing and/or transferring of encrypted files. 465 Be careful with the passwords or keys you use to encrypt files. 466 Locking them away safely not only helps to keep them from prying eyes 467 but it will help you keep them secure too; for if you lose them, you 468 will lose your ability to decrypt your data as well! It may be wise 469 to save more than one copy. This may even be required, if your 470 company has a key escrow policy, for example. This protects against 471 the possibility that the only person knowing a pass phrase may leave 472 the company or be struck by lightning. 474 Whilst encryption programs are readily available, it should be noted 475 that the quality can vary widely. PGP (which stands for "Pretty Good 476 Privacy") for example, offers a strong encryption capability. Many 477 common software applications include the capability to encrypt data. 478 The encryption facilities in these are typically very weak. 480 You should not be intimidated by encryption software. Easy-to-use 481 software is being made available. 483 3.10 Shred Everything Else 485 You would be surprised what gets thrown away into the waste-paper 486 basket: notes from meetings, old schedules, internal phone lists, 487 computer program listings, correspondence with customers and even 488 market analyses. All of these would be very valuable to competitors, 489 recruiters and even an overzealous (hungry?) journalist looking for a 490 scoop. The threat of dumpster diving is real - take it seriously! 491 Shred all potentially useful documents before discarding them. 493 You should also be aware that deleting a file does not erase it in 494 many cases. The only way to be sure that an old hard disk does not 495 contain valuable data may be to reformat it. 497 3.11 What Program is This, Anyway? 499 Programs have become much more complex in recent years. They are 500 often extensible in ways which may be dangerous. These extensions 501 make applications more flexible, powerful and customizable. They 502 also open the end-user up to all sorts of risks. 504 - A program may have "plug-in" modules. You should not trust the 505 plug-ins simply because you are used to trusting the programs they 506 plug into. For example: Some web pages suggest that the user 507 download a plug-in to view or use some portion of the web page's 508 content. Consider: What is this plug-in? Who wrote it? Is it 509 safe to include it in your web browser? 511 - Some files are "compound documents." This means that instead of 512 using one single program, it will be necessary to run several 513 programs in order to view or edit a document. Again, be careful 514 of downloading application components. Just because they 515 integrate with products which are well-known does not mean that 516 they can be trusted. Say you receive an Email message which can 517 only be read if you download a special component. This component 518 could be a nasty program which wipes out your hard drive! 520 - Some programs are downloaded automatically when accessing web 521 pages. While there are some safeguards to make sure that these 522 programs may be used safely, there have been security flaws 523 discovered in the past. For this reason, some centrally- 524 administered sites require that certain web browser capabilities 525 be turned off. 527 4. Paranoia is Good 529 Many people do not realise it, but social engineering is a tool which 530 many intruders use to gain access to computer systems. The general 531 impression that people have of computer break-ins is that they are 532 the result of technical flaws in computer systems which the intruders 533 have exploited. People also tend to think that break-ins are purely 534 technical. However, the truth is that social engineering plays a big 535 part in helping an attacker slip through security barriers. This 536 often proves to be an easy stepping-stone onto the protected system 537 if the attacker has no authorized access to the system at all. 539 Social engineering may be defined, in this context, as the act of 540 gaining the trust of legitimate computer users to the point where 541 they reveal system secrets or help someone, unintentionally, to gain 542 unauthorized access to their system(s). Using social engineering, an 543 attacker may gain valuable information and/or assistance that could 544 help break through security barriers with ease. Skillful social 545 engineers can appear to be genuine but are really full of deceit. 547 Most of the time, attackers using social enginering work via 548 telephone. This not only provides a shield for the attacker by 549 protecting his or her identity, it also makes the job easier because 550 the attacker can claim to be a particular someone with more chances 551 of getting away with it. 553 There are several types of social engineering. Here are a few 554 examples of the more commonly-used ones: 556 - An attacker may pretend to be a legitimate end-user who is new to 557 the system or is simply not very good with computers. This 558 attacker may approach systems administrators and other end-users 559 for help. This "user" may have lost his password, or simply can't 560 get logged into the system and needs to access the system 561 urgently. Attackers have also been known to identify themselves 562 as some VIP in the company, screaming at administrators to get 563 what they want. In such cases, the administrator (or it could be 564 an end-user) may feel threatened by the caller's authority and 565 give in to the demands. 567 - Attackers who operate via telephone calls may never even have seen 568 the screen display on your system before. In such cases, the 569 trick attackers use is to make details vague, and get the user to 570 reveal more information on the system. The attacker may sound 571 really lost so as to make the user feel that he is helping a 572 damsel in distress. Often, this makes people go out their way to 573 help. The user may then reveal secrets when he is off-guard. 575 - An attacker may also take advantage of system problems that have 576 come to his attention. Offering help to a user is an effective 577 way to gain the user's trust. A user who is frustrated with 578 problems he is facing will be more than happy when someone comes 579 to offer some help. The attacker may come disguised as the 580 systems administrator or maintenance technician. This attacker 581 will often gain valuable information because the user thinks that 582 it is alright to reveal secrets to technicians. Site visits may 583 pose a greater risk to the attacker as he may not be able to make 584 an easy and quick get-away, but the risk may bring fruitful 585 returns if the attacker is allowed direct access to the system by 586 the naive user. 588 - Sometimes attackers can gain access into a system without prior 589 knowledge of any system secret nor terminal access. In the same 590 way that one should not carry someone else's bags through Customs, 591 no user should key in commands on someone's behalf. Beware of 592 attackers who use users as their own remotely-controlled fingers 593 to type commands on the user's keyboard that the user does not 594 understand, commands which may harm the system. These attackers 595 will exploit system software bugs and loopholes even without 596 direct access to the system. The commands keyed in by the end- 597 user may bring harm to the system, open his own account up for 598 access to the attacker or create a hole to allow the attacker 599 entry (at some later time) into the system. If you are not sure 600 of the commands you have been asked to key in, do not simply 601 follow instructions. You never know what and where these could 602 lead to... 604 To guard against becoming a victim of social engineering, one 605 important thing to remember is that passwords are secret. A password 606 for your personal account should be known ONLY to you. The systems 607 administrators who need to do something to your account will not 608 require your password. As administrators, the privileges they have 609 will allow them to carry out work on your account without the need 610 for you to reveal your password. An administrator should not have to 611 ask you for your password. 613 Most maintenance work will require special privileges which end-users 614 are not given. Users should guard the use of their accounts, and 615 keep them for their own use. Accounts should not be shared, not even 616 temporarily with a maintenance staff or administrator. Systems 617 administrators will have their own accounts to work with and will not 618 need to access a system via an end-user's account. 620 Systems maintenance technicians who come on site should be 621 accompanied by the local site administrator (who should be known to 622 you). If the site administrator is not familiar to you, or if the 623 technician comes alone, it is wise to give a call to your known site 624 administrator to check if the technician should be there. Yet, many 625 people will not do this because it makes them look paranoid and it is 626 embarrassing to show that they have no, or little trust in these 627 visitors. 629 Unless you are very sure that the person you are speaking to is who 630 he or she claims to be, no secret information should ever be revealed 631 to such people. Sometimes, attackers may even be good enough to make 632 themselves sound like someone whose voice you know over the phone. 633 It is always good to double check the identity of the person. If you 634 are unable to do so, the wisest thing to do is not to reveal any 635 secrets. If you are a systems administrator, there should be 636 security procedures for assignment and reassignment of passwords to 637 users, and you should follow such procedures. If you are an end- 638 user, there should not be any need for you to have to reveal system 639 secrets to anyone else. Some companies assign a common account to 640 multiple users. If you happen to be in such a group, make sure you 641 know everyone in that group so you can tell if someone who claims to 642 be in the group is genuine. 644 Part Three: End-users self administering a networked computer 646 The home user or the user who administers his own network has many of 647 the same concerns as a centrally-administered user. The following is 648 a summary of additional advice given in Part Three: 650 - Read manuals to learn how to turn on security features, then turn 651 them on. 652 - Consider how private your data and Email need to be. Have you 653 invested in privacy software and learned how to use it yet? 654 - Prepare for the worst in advance. 655 - Keep yourself informed about what the newest threats are. 657 5. Make Your Own Security Policy 659 You should decide ahead of time what risks are acceptable and then 660 stick to this decision. It is also wise to review your decision at 661 regular intervals and whenever the need to do so arises. It may be 662 wise to simply avoid downloading any software from the network which 663 comes from an unknown source to a computer storing business records, 664 other valuable data and data which is potentially damaging if the 665 information was lost or stolen. 667 If the system has a mixed purpose, say recreation, correspondence 668 and some home accounting, perhaps you will hazard some downloading of 669 software. You unavoidably take some risk of acquiring stuff 670 which is not exactly what it seems to be. 671 It may be worthwhile installing privacy software on a computer if it 672 is shared by multiple users. That way, a friend of a roommate won't 673 have access to your private data, and so on. 675 6. Bad Things Happen 677 If you notice that your files have been modified or ascertain somehow 678 that your account has been used without your consent, you should 679 inform your security point-of-contact immediately. When you do 680 not know who your security point-of-contact is, try calling 681 your Internet service provider's help desk as a first step. 683 6.1 How to Prepare for the Worst in Advance 685 - Read all user documentation carefully. Make sure that it is clear 686 when services are being run on your computer. If network services 687 are activated, make sure they are properly configured (set all 688 permissions so as to prevent anonymous or guest logins, and so 689 on). Increasingly, many programs have networking capabilities 690 built in to them. Learn how to properly configure and safely use 691 these features. 693 - Back up user data. This is always important. Backups are 694 normally thought of as a way of ensuring you will not lose your 695 work if a hard disk fails or if you make a mistake and delete a 696 file. Backing up is also critical to insure that data cannot be 697 lost due to a computer security incident. One of the most vicious 698 and unfortunately common threats posed by computer viruses and 699 Trojan Horse programs is erasing a computer's hard disk. 701 - Obtain virus checking software or security auditing tools. Learn 702 how to use them and install them before connecting to a public 703 network. Many security tools require that they be run on a 704 "clean" system, so that comparisons can be made between the 705 present and pristene states. Thus, it is necessary for some work 706 to be done ahead of time. 708 - Upgrade networking software regularly. As new versions of 709 programs come out, it is prudent to upgrade. Security 710 vulnerabilities will likely have been fixed. The longer you wait 711 to do this, the greater the risk that security vulnerabilities of 712 the products will be become known and be exploited by some network 713 assailant. Keep up to date! 715 - Find out who to contact if you suspect trouble. Does your 716 Internet Service Provider have a security contact or Help Desk? 717 Investigate this before trouble happens so you won't lose time 718 trying to figure it out should trouble occur. Keep the contact 719 information both online and offline for easy retrieval. 721 There are 3 ways to avoid problems with viruses: 723 1. Don't be promiscuous 725 If at all possible, be cautious about what software you install on 726 your system. If you are unaware of or unsure of the origin of a 727 program, it is wise not to run it. Obtain software from trusted 728 sources. Do not execute programs or reboot using old diskettes 729 unless you have reformatted them, especially if the old diskettes 730 have been used to bring software home from a trade show, and other 731 potentially security-vulnerable places. 733 Nearly all risk of getting infected by viruses can be eliminated 734 if you are extremely cautious about what files are stored on your 735 computer. See "The Dangers of Downloading" for more details. 737 2. Scan regularly. 739 Give your system a regular check-up. There are excellent 740 virus-checking and security audit tools for most computer 741 platforms available today. Use them, and if possible, set them to 742 run automatically and regularly. Also, install updates of these 743 tools regularly and keep yourself informed with new virus threats. 745 3. Notice the unusual. 747 It's not true that a difference you cannot detect is no difference 748 at all, but it is a good rule of thumb. You should get used to 749 the way your system works. If there is an unexplainable change 750 (for instance, files you believe should exist are gone, or strange 751 new files are appearing and disk space is 'vanishing'), you should 752 check for the presense of viruses. 754 You should take some time to be familiar with computer virus 755 detection tools available for your type of computer. You should use 756 an up-to-date tool (i.e. not older than three months). It is very 757 important to test your computer if you have been using freeware, 758 other peoples' used floppy disks to transfer files, and so on. 760 6.2 What To Do if You Suspect Trouble 762 If you suspect that your home computer has a virus, that a malicious 763 program has been run, or that a system has been broken into, the 764 wisest course of action is to first disconnect the system from all 765 networks. If available, virus detection or system auditing software 766 should be used. 768 Checking vital system files for corruption, tampering or malicious 769 replacement is very tedious work to do by hand. Fortunately there 770 are many virus detection programs available for PCs and Macintosh 771 computers. There are security auditing programs available for UNIX- 772 based computers. If software is downloaded from the network, it is 773 wise to run virus detection or auditing tools regularly. 775 If it becomes clear that a home system has been attacked, it is time 776 to clean up. Ideally, a system should be rebuilt from scratch. 777 This means erasing everything on the hard disk. Next, install the 778 operating system and then all additional software the system needs. 779 It is best to install the operating system and additional software 780 from the original distribution diskettes or CD-roms, rather than from 781 backup storage. The reason for this is that a system may have been 782 broken into some time ago, so the backed up system or program files 783 may already include some altered files or viruses. Restoring a 784 system from scratch is tedious but worthwhile. Do not forget to re- 785 install all security related fixes you had installed before the 786 security incident. Obtain these from a verified, unsuspicious 787 source. 789 6.3 Email 791 Remember to be careful with saved mail. Copies of sent or received 792 mail (or indeed any file at all) placed in storage provided by an 793 Internet service provider may be vulnerable. The risk is that 794 someone might break into the account and read the old mail. Keep 795 your mail files, indeed any sensitive files, on your home machine. 797 7. Home Alone 799 A home system can be broken into over the Internet if a home user is 800 unwary. The files on the home system can be stolen, altered or 801 destroyed. The system itself, if compromised, could be accessed 802 again some time in the future. This section describes issues and 803 makes recommendations relevant to a home user of the Internet. 805 7.1 Beware of Daemons 807 A home system which uses PPP to connect directly to the Internet is 808 increasingly common. These systems are at the greatest risk if they 809 run certain kinds of programs called "services." If you run a 810 service, you are in effect making your computer available to others 811 across the network. Some services include: 813 - File servers (an NFS server, a PC with 'file sharing' turned on) 814 - An FTP server 815 - A Web server 817 There are, in general, two types of programs which operate on the 818 Internet: Clients (like web browsers and Email programs) and Servers 819 (like web servers and mail servers). 821 Most software which runs on home systems is of the client variety; 822 but, increasingly, server software is available on traditionally 823 client platforms (e.g., PCs). Server software which runs in the 824 background is referred to as a "daemon" (pronounced dee-mon). Many 825 Internet server software programs that run as daemons have names that 826 end in `d', like "inetd" (Internet Daemon) and "talkd" (Talk Daemon). 827 When set to run, these programs wait for clients to request some 828 particular service from across the network. 830 There are four very important things to keep in mind as far as the 831 security implications of running services on a home computer are 832 concerned. First and most important, 834 - If a server is not properly configured, it is very vulnerable to 835 being attacked over a network. It is vital, if you run services, 836 to be familiar with the proper configuration. This is often not 837 easy, and may require training or technical expertise. 839 - All software has flaws, and flaws exploited deviously can be used 840 to breach computer security. If you run a server on your home 841 machine you have to stay aware. This requires work: You have to 842 stay in touch with the supplier of the software to get security 843 updates. It is highly recommended that you keep up with security 844 issues through on-line security forums. See [SSH] for a list of 845 references. 847 If security flaws in your server software are discovered, you will 848 need to either stop using the software or apply "patches" or 849 "fixes" which eliminate the vulnerability. The supplier of the 850 software, if it is a decent company or freeware author, will 851 supply information and updates to correct security flaws. These 852 "patches" or "fixes" must be installed as soon as possible. 854 - As a rule of thumb, the older the software, the greater the chance 855 that it has known vulnerabilities. This is not to say you should 856 simply trust brand new software either! Often it takes time to 857 discover even obvious security flaws in servers. 859 - Some servers start up without any warning. There have been web 860 browsers and telnet clients in common use which automatically 861 start FTP servers if not explicitly configured to not do so. If 862 these servers are not themselves properly configured, the entire 863 file system of the home computer can become available to anyone on 864 the Internet. 866 In general, any software MAY start up a network daemon. The way to 867 be safe here is to know the products you are using. Read the manual, 868 and if any questions arise, call the company or mail the author of 869 free software to find out if you are actually running a service by 870 using the product. 872 A home user running a remote login service on his home machine faces 873 very serious risks. This service allows the home user to log in to 874 his home machine from other computers on the Internet and can be 875 quite convenient. But the danger is that someone will secretly 876 observe the logging in and then be able to masquerade as the user 877 whenever they choose to do so in the future. See "The Wires Have 878 Ears" which suggests precautions to take for remote log in. 880 If possible, activate all "logging" options in your server software 881 which relate to security. You need to review these logs regularly in 882 order to gain any benefit from this logging. You should also be 883 aware that logs often grow very quickly in size, so you need to be 884 careful they don't fill up your hard disk! 886 7.2 Going Places 888 Remote logins allow a user privileged access onto physically remote 889 systems from the comfort of his own home. 891 More and more companies are offering their employees the ability to 892 work from home with access to their computer accounts through dial-up 893 connections. As the convenience of Internet connectivity has led to 894 lowered costs and wide-spread availability, companies may allow 895 remote login to their systems via the Internet. Customers of 896 companies with Internet access may also be provided with remote login 897 accounts. These companies include Internet service providers, and 898 even banks. Users should be very careful when making remote logins. 900 As discussed in "The Wires have Ears" section, Internet connections 901 can be eavesdropped on. If you intend to use a remote login service, 902 check that the connection can be done securely, and make sure that 903 you use the secure technologies/features. 905 Connections may be secured using technologies like one-time 906 passwords, secure shell (SSH) and Secure Sockets Layer (SSL). One- 907 time passwords make a sniffed password useless to the intruder, while 908 secure shell encrypts data sent over the connection. Please refer to 909 "Don't Get Caught in the Web" for a discussion on SSL. Secure 910 services such as these have to be made available on the systems to 911 which you log in remotely. 913 7.3 Secure It! 915 Administering your own home computer means you get to choose what 916 software is run on it. Encryption software provides protection for 917 data. If you keep business records and other sensitive data on your 918 computer, encryption will help to keep it safe. For example, if you 919 ran a network service from your home computer and missed setting 920 restrictions on a private directory, a remote user (authorised or 921 not) may gain access to files in this private directory. If the 922 files are encrypted, the user will not be able to read them. But as 923 with all forms of encryption running on any system, the keys and 924 passwords should first be kept safe! 926 8. A Final Note 928 This document has provided the reader with an introduction and as 929 much concise detail as possible. Present security issues go out of 930 date quickly, and although effort has been made to keep discussions 931 general, examples given may not be relevant in the future as the 932 Internet and computer industry continue to grow. 934 Just as home-owners are now taking increased cautions at the expense 935 of convenience, to secure their homes in the changing world we live 936 in, computer network users should not ignore security. It may be 937 inconvenient, but it is always better to be safe than sorry. 939 Appendix: Glossary of Security Terms 941 Acceptable Use Policy (AUP) 943 A set of rules and guidelines that specify in more or less detail 944 the expectations in regard to appropriate use of systems or 945 networks. 947 Account 949 See (Computer) Account 951 ActiveX 953 Microsoft's system that allows webpages to run (active) application 954 code from a websource on the client system, bypassing various 955 controls. 957 Anonymous and Guest Log In 959 Services may be made available without any kind of authentication. 960 This is commonly done, for instance, with the FTP protocol to 961 allow anonymous access. Other systems provide a special account 962 named "guest" to provide access, typically restricting the 963 privileges of this account. 965 Auditing Tool 967 Tools to analyze computer systems or networks in regard to their 968 security status or in relation to the set of services provided by 969 them. COPS (Computer Oracle Password and Security analyzer) and 970 SATAN (Security Administrator's Tool for Analyzing Networks) are 971 famous examples of such tools. 973 Authentication 975 Authentication refers to mechanisms which are used to verify the 976 identity of a user. The process of authentication typically 977 requires a name and a password to be supplied by the user as proof 978 of his identity. 980 Centrally-Administered Network 982 A network of systems which is the responsibility of a single group 983 of administrators who are not distributed but work centrally to 984 take care of the network. 986 Certificate 988 A certificate is used to verify digital signatures. Say, an Email 989 message contains a digital signature which says "I am from Bob". 990 To verify this, Bob's key will have to be used to check it. 991 Without getting Bob's key, recipients may, instead, rely on 992 certificates (which certify that the key actually belongs to Bob) 993 to verify the source of the message. 995 Clean System 997 A computer which has been freshly installed with its operating 998 system and software obtainied from trusted software distribution 999 media. As more software and configuration are added to a 1000 computer, it becomes increasingly difficult to determine if the 1001 computer is 'clean' or has been compromised by viruses, trojan 1002 horse or misconfiguration which reduces the security of the 1003 system. 1005 Client 1007 Depending on the point of view, a client might be a computer 1008 system which an end-user uses to access services hosted on 1009 another computer system called a server. 'Client' may also refer 1010 to a program or a part of a system that is used by an end-user to 1011 access services provided by another program (for example, a web 1012 browser is a client that accesses pages provided by a Web Server). 1014 Compound Documents 1016 A 'document' is a file containing (a set of) data. Files may 1017 consist of multiple parts: a plain document, an encrypted 1018 document, a digitally-signed documents or a compressed document. 1019 Multi-part files are known as compound documents and may require a 1020 variety of programs to be used in order to interpret and 1021 manipulate it. These programs may be used without the user's 1022 knowledge. 1024 (Computer) Account 1026 This term describes the authorization to access a specific 1027 computer system or network. Each end-user has to use an account, 1028 which consists most probably of a combination of user name and 1029 password or another means of proving that the end-user is the 1030 person the account is assigned to. 1032 Configuring Network Services 1034 The part of an administrator's task that is related to specifying 1035 the conditions and details of network services that govern the 1036 service provision. In regard to a Web server, this includes which 1037 Web pages are available to whom and what kind of information is 1038 logged to review the use of the Web server. 1040 Cookies 1042 Cookies register information about a visit to a web site, for 1043 future use by the server. A server may receive information of 1044 cookies of other sites as well which create concern in terms of 1045 breach of privacy. 1047 Cracker 1049 These term is used to describe attackers, intruders or other bad 1050 guys that do not play by the rules and try to circumvent security 1051 mechanisms and/or attack individuals and organisations. 1053 Daemons (inetd, talkd, etc.) 1055 These are processes that run on computer systems to provide 1056 services to other computer systems or processes. Typically, 1057 daemons are considered "servers". 1059 Decrypting 1061 The process of reversing the encryption of a file or message to 1062 recover the original data in order to use or read it. 1064 Default Account 1066 Some systems and server software come with preconfigured accounts. 1067 These accounts may be set up with a predefined (username and) 1068 password to allow anyone access and aare often put there to make 1069 it convenient for users to login initially. Default accounts 1070 should be turned off or have their predefined passwords changed, 1071 to reduce the risk of abuse to the system. 1073 Dial-in Service 1075 A way of providing access to computer systems or networks via a 1076 telecommunications network. A computer uses a modem to make a 1077 telephone call to a another modem, which in turn provides 'network 1078 access service'. See also: PPP. 1080 Digital Signature 1082 A digital signature is created by a mathematical computer program. 1083 It is not a hand-written signature nor a computer-produced picture 1084 of one. The signature is like a wax seal that requires a special 1085 stamp to produce it, and is attached to an Email message or file. 1086 The origin of the message or file may then be verified by the 1087 digital signature (using special tools). 1089 Downloaded Software 1091 Software packages retrieved from the Internet (using, for example, 1092 the FTP protocol). 1094 Downloading 1096 The act of retrieving files from a server on the network. 1098 Email Bombs 1100 A denial-of-service attack caused by too many Email being received 1101 by a server to the stage where the server runs out of resources. 1103 Email Packages 1105 To communicate via electronic mail, an end-user usually makes use 1106 of an Email client that provides the user-interface to create, 1107 send, retrieve and read Email. Various different Email packages 1108 provide the same set of basic functions but have different 1109 user-interfaces and perhaps, special/extra functions. Some Email 1110 packages provide encryption and digital signature capabilities. 1112 Email Security Software 1114 Software like PGP provides security functionalities like 1115 encryption (and decryption) to enable the end-user to protect 1116 messages and documents prior to sending them over a possibly 1117 insecure network. 1119 Encrypting / Encryption 1121 This is a mathematical process of scambling data for privacy 1122 protection. 1124 Encryption Software 1126 The software that actually provides the needed functionality for 1127 end users to encrypt messages and files. PGP is one example. 1129 End-User 1131 An (human) individual that makes use of computer systems and 1132 networks. 1134 Files (programs, data, text and so on) 1136 Files include user data, but also programs, the computer operating 1137 system and the system's configuration data. 1139 File Server 1141 A computer system that provides a way of sharing and working on 1142 files stored on the system among users with access to these files 1143 over a network. 1145 File Transfer 1147 The process of transfering files between two computer systems 1148 over a network, using a protocol such as FTP or HTTP. 1150 Fixes, Patches and installing them 1152 Vendors, in response to the discovery of security vulnerabilities, 1153 provide sets of files that have to be installed on computer 1154 systems. These files 'fix' or 'patch' the computer system or 1155 programs and remove the security vulnerability. 1157 FTP (File Transfer Protocol) 1159 A protocol that allows for the transfer of files between an FTP 1160 client and FTP server. 1162 Group of Users 1164 Security software often allow permissions to be set for groups 1165 (of users) as opposed to individuals. 1167 Help Desk 1169 A support entity that can be called upon to get help with a 1170 computer or communication problem. 1172 Internet 1174 A collection of interconnected networks that use a common set of 1175 protocols called the TCP/IP stack to enable communication between 1176 the connected computer systems. 1178 Key Escrow 1180 Keys are used to encrypt and decrypt files. key escrow is used to 1181 store keys for use by third parties to access the data in 1182 encrypted files. 1184 Keys Used to Encrypt and Decrypt Files 1186 To make use of encryption, an end-user has to provide some secret, 1187 in the form of some data, usually called a key. 1189 Log In, Logging into a System 1191 This is an action performed by an end-user, when he authenticates 1192 himself to a computer system. 1194 Log In Prompt 1196 The chracters that are displayed when logging into a system to ask 1197 for user name and password. 1199 Logged In 1201 If an end-user has successfully proven to have legitimate access 1202 to a system, he is considered to be logged in. 1204 Logging 1206 Systems and server software often provide the ability to keep 1207 track of events. Events may be configured to be written out to a 1208 file known as a log. The log file can be read later and allows 1209 for system failures and security breaches to be identified. 1211 Masquerade (see Remote Log In) 1213 Anyone who pretends to be someone they are not in order to obtain 1214 access to a computer account is said to be in 'masquerade'. This 1215 may be accomplished by providing a false user name, or stealing 1216 someone else's password and logging in as him. 1218 Network File System (NFS, file sharing with PCs, etc.) 1220 NFS is an application and protocol suite that provides a way of 1221 sharing files between clients and servers. There are other 1222 protocols which provide file access over networks. These provide 1223 similar functionality, but do not interoperate with each other. 1225 Networking Features of Software 1227 Some software has features which make use of the network to 1228 retrieve or share data. It may not be obvious that software has 1229 networking features. 1231 Network Services 1233 Services which are not provided on the local computer system the 1234 end-user is working on but on a server located in the network. 1236 One-Time Passwords (OTP) 1238 Instead of using the same password over and over again, a 1239 different password is used on each subsequent log in. 1241 Passphrase 1243 A passphrase is a long password. It is often composed of several 1244 words and symbols to make it harder to guess. 1246 Password-Locked Screensaver 1248 A screen saver obscures the normal display of a monitor. A 1249 password-locked screensaver can only be deactivated if the end- 1250 user's password is supplied. This prevents a logged-in system 1251 from being abused and hides the work currently being done from 1252 passers-by. 1254 Patch 1256 See "Fixes, Patches and installing them" 1258 Permissions 1260 Another word for the access controls that are used to control the 1261 access to files and other resources. 1263 PGP (Pretty Good Privacy) 1265 PGP is an application package that provides tools to encrypt and 1266 digitally sign files on computer systems. It is especially useful 1267 to encrypt and/or sign files and messages before sending them via 1268 Email. 1270 Plug-in Modules 1272 Software components that integrate into other software (such as 1273 web browsers) to provide additional features. 1275 Point-of-Contact, Security 1277 In case of security breaches or problems, many organisations 1278 provide a designated point-of-contact which can alert others and 1279 take the appropriate actions. 1281 PPP (Point to Point Protocol) 1283 PPP is the mechanism which most end-users establish between 1284 their PC and their Internet service provider, that effectively 1285 provides the PC with a "host" status (level with other servers 1286 on the network), enabling them to make 1287 further Internet connections 1288 (eg. Email, chat etc) 1290 Privacy Programs 1292 Another term for encryption software that highlights the use of 1293 this software to protect the confidentiality and therefore privacy 1294 of the end-users that make use of it. 1296 Remote Access Software 1298 This software allows a computer to use a modem to connect to 1299 another system. It also allows a computer to 'listen' for calls 1300 on a modem (this computer provides 'remote access service'.) 1301 Remote access software may provide access to a single computer or 1302 to a network. 1304 Remote Log In 1306 If an end-user uses a network to log in to a system, this act is 1307 known as remote log in. 1309 Security Features 1311 These are features which provide protection or enable end-users 1312 and administrators to assess the security of a system, for 1313 example, by auditing it. 1315 Security Policy 1317 A security policy is written by organisations to address security 1318 issues, in the form of "do's" and "don'ts". These guidelines and 1319 rules are for users with respect to physical secruity, data 1320 security, information security and content (eg. rules stating that 1321 sites with sexual content should not be visited, and that 1322 copyrights should be honoured when downloading software, etc). 1324 Server 1326 A server is a computer system, or a set of processes on a 1327 computer system providing services to clients across a network. 1329 Shared Account 1331 A common account is one which is shared by a group of users as 1332 opposed to a normal account which is available to only one user. 1333 If the account is misused, it is very difficult or impossible to 1334 know which of users was responsible. 1336 Sharing Permissions 1338 Many computer systems allow users to share files over a network. 1339 These systems invariably provide a mechanism for users to use to 1340 control who has permission to read or overwrite these files. 1342 Site 1344 Depending on the context in which this term is used, it might 1345 apply to computer systems that are grouped together by 1346 geographical location, organizational jurisdiction, or network 1347 addresses. A Site typically refers to a network under a common 1348 administration. 1350 SSH (Secure Shell) 1352 SSH provides a protocol between a client and server, allowing for 1353 encrypted remote connectivity. 1355 SSL (Secure Sockets Layer) 1357 This protocol provides security services to otherwise insecure 1358 protocols which operate over a network. SSL is typically used by 1359 web browsers to encrypt data sent to and downloaded from a server. 1361 Systems Administrator 1363 The individual who maintains the system and has system 1364 administrator privileges. In order to avoid errors and mistakes 1365 done by this individual while not acting as an administrator, 1366 he/she should limit the time he/she acts as an administrator 1367 (as known to the system) to a minimum. 1369 System Administrator Privileges 1371 System administrators have more rights (greater permissions) as 1372 their work involve the maintenance of system files. 1374 System Files 1376 The set of files on a system that do not belong to end-users, 1377 which govern the functionality of the system. System files 1378 have a great impact on the security of the system. 1380 Telnet 1382 A protocol that enables remote log in to other computer systems 1383 over the network. 1385 Terminal 1387 A dumb device that is connected to a computer system in order to 1388 provide (text-based) access to it for users and administrators. 1390 Terms of Service (TOS) 1392 See "Acceptable Use Policy (AUP)". 1394 Threats 1396 The potential that an existing vulnerability can be exploited to 1397 compromise the security of systems or networks. Even if a 1398 vulnerability is not known, it represents a threat by this 1399 definition. 1401 Trojan Horse 1403 A program which carries within itself a means to allow the creator 1404 of the program access to the system using it. 1406 Virus 1408 A program which replicates itself on computer systems by 1409 incorporating itself (secretly and maliciously) into other 1410 programs. A virus can be transferred onto a computer system 1411 in a variety of ways. 1413 Virus Detection Tool 1415 Software that detects and possibly removes computer viruses, 1416 alerting the user appropriately. 1418 Vulnerability 1420 A vulnerability is the existence of a weakness, design, or 1421 implementation error that can lead to an unexpected, undesirable 1422 event compromising the security of the system, network, 1423 application, or protocol involved. 1425 Web Browser Cache 1427 This is the part of the file system that is used to store web 1428 pages and related files. It can be utilized to reload recently 1429 accessed files from the cache instead of loading it every time 1430 from the network. 1432 Web Browser Capabilities 1434 The set of functionalities on a web browser for use by the end- 1435 user. This includes the set of plug-ins available. 1437 Web Server 1439 A server program that provides access to web pages. Some web 1440 servers provide access to other services, such as databases, and 1441 directories. 1443 Worm 1445 A computer program which replicates itself and is self- 1446 propogating. Worms, as opposed to viruses, are meant to spawn in 1447 network environments. 1449 Acknowledgments 1451 The User Security Handbook was a collaborative effort of the Site 1452 Security Handbook Working Group of the IETF. There were also others 1453 who made significant contributions --- Simson Garfinkle and Eric 1454 Luiijf provided very helpful feedback on this document. The Glossary 1455 contribution by Klaus-Peter Kossakowski is much appreciated. 1457 References 1459 [GLOSSARY] Malkin, G, ed, "Internet User's Glossary", RFC 1983 (FYI 1460 18), August, 1996. 1462 [RFC2196] Fraser, Barbara, ed, "Site Security Handbook," RFC 2196 1463 (FYI 8), September, 1997. 1465 Security Considerations 1467 This document discusses what computer users can do to improve 1468 security on their systems. 1470 Authors' Addresses 1472 Erik Guttman Lorna Leong Gary Malkin 1473 Sun Microsystems COLT Internet Bay Networks 1474 Bahnstr. 2 250 City Road 8 Federal Street 1475 74915 Waibstadt City Forum, London Billerca, MA 01821 1476 Germany England USA 1478 Phone: +49 7263 911701 +44 171 390 3900 +1 508 916 4237 1479 Email: erik.guttman@sun.com lorna@colt.net gmalkin@baynetworks.com