idnits 2.17.1 draft-ietf-ssh-users-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-27) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing document type: Expected "INTERNET-DRAFT" in the upper left hand corner of the first page ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 2 longer pages, the longest (page 3) being 59 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. ** The abstract seems to contain references ([RFC2196]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 869: '...al, any software MAY start up a networ...' Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 1471 has weird spacing: '...sun.com lorna...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 7, 1998) is 9334 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'SSH' is mentioned on line 160, but not defined == Missing Reference: 'SSL' is mentioned on line 241, but not defined == Unused Reference: 'GLOSSARY' is defined on line 1451, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 1983 (ref. 'GLOSSARY') ** Downref: Normative reference to an Informational RFC: RFC 2196 Summary: 13 errors (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 draft-ietf-ssh-users-10.txt Erik Guttman / Sun Microsystems 2 Site Security Handbook WG Lorna Leong / COLT Internet 3 G. Malkin / Bay Networks 4 October 7, 1998 6 Users' Security Handbook 8 Status of this Memo 10 This document is an Internet-Draft. Internet-Drafts are working 11 documents of the Internet Engineering Task Force (IETF), its areas, 12 and its working groups. Note that other groups may also distribute 13 working documents as Internet-Drafts. 15 Internet-Drafts are draft documents valid for a maximum of six months 16 and may be updated, replaced, or obsoleted by other documents at any 17 time. It is inappropriate to use Internet-Drafts as reference 18 material or to cite them other than as "work in progress." 20 To learn the current status of any Internet-Draft, please check the 21 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 22 Directories on ftp.ietf.org (US East Coast), nic.nordu.net 23 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 24 Rim). 26 Abstract 28 The Users' Security Handbook is the companion to the Site Security 29 Handbook (SSH). It is intended to provide users with the information 30 they need to help keep their networks and systems secure. 32 Table of Contents 34 Part One: Introduction . . . . . . . . . . . . . . . . . . . . 2 36 1. READ.ME . . . . . . . . . . . . . . . . . . . . . . . . . 2 37 2. The Wires have Ears . . . . . . . . . . . . . . . . . . . 2 39 Part Two: End-users in a centrally-administered network . . . 4 41 3. Watch Out! . . . . . . . . . . . . . . . . . . . . . . . 4 42 3.1. The Dangers of Downloading . . . . . . . . . . . . . . 4 43 3.2. Don't Get Caught in the Web . . . . . . . . . . . . . . 5 44 3.3. Email Pitfalls . . . . . . . . . . . . . . . . . . . . 5 45 3.4. Passwords . . . . . . . . . . . . . . . . . . . . . . . 6 46 3.5. Viruses and Other Illnesses . . . . . . . . . . . . . . 7 47 3.6. Modems . . . . . . . . . . . . . . . . . . . . . . . . 8 48 3.7. Don't Leave Me... . . . . . . . . . . . . . . . . . . . 8 49 3.8. File Protections . . . . . . . . . . . . . . . . . . . 9 50 3.9. Encrypt Everything . . . . . . . . . . . . . . . . . . 9 51 3.10. Shred Everything Else . . . . . . . . . . . . . . . . . 10 52 3.11. What Program is This, Anyway? . . . . . . . . . . . . . 10 53 4. Paranoia is Good . . . . . . . . . . . . . . . . . . . . 11 55 Part Three: End-users self administering a networked computer 13 57 5. Make Your Own Security Policy . . . . . . . . . . . . . . 13 58 6. Bad Things Happen . . . . . . . . . . . . . . . . . . . . 14 59 6.1. How to Prepare for the Worst in Advance . . . . . . . . 14 60 6.2. What To Do if You Suspect Trouble . . . . . . . . . . . 15 61 6.3. Email . . . . . . . . . . . . . . . . . . . . . . . . . 16 62 7. Home Alone . . . . . . . . . . . . . . . . . . . . . . . 16 63 7.1. Beware of Daemons . . . . . . . . . . . . . . . . . . . 16 64 7.2. Going Places . . . . . . . . . . . . . . . . . . . . . 18 65 7.3. Secure It! . . . . . . . . . . . . . . . . . . . . . . 18 66 8. A Final Note . . . . . . . . . . . . . . . . . . . . . . 18 68 Appendix: Glossary of Security Terms . . . . . . . . . . . . . 19 70 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 29 71 References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 72 Security Considerations . . . . . . . . . . . . . . . . . . . 29 73 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 29 75 Part One: Introduction 77 This document provides guidance to the end-users of computer systems 78 and networks about what they can do to keep their data and 79 communication private, and their systems and networks secure. 80 Part Two of this document concerns "corporate users" in small, medium 81 and large corporate and campus sites. Part Three of the document 82 addresses users who administer their own computers, such as home 83 users. 85 System and network administrators may wish to use this document as 86 the foundation of a site-specific users' security guide; however, 87 they should consult the Site Security Handbook first [RFC2196]. 89 A glossary of terms is included in an appendix at the end of this 90 document, introducing computer network security notions to those not 91 familiar with them. 93 1. READ.ME 95 Before getting connected to the Internet or any other public network, 96 you should obtain the security policy of the site that you intend to 97 use as your access provider, and read it. A security policy is a 98 formal statement of the rules by which users who are given access to 99 a site's technology and information assets must abide. As a user, 100 you are obliged to follow the policy created by the decision makers 101 and administrators at your site. 103 A security policy exists to protect a site's hardware, software and 104 data. It explains what the security goals of the site are, what 105 users can and cannot do, what to do and who to contact when problems 106 arise, and generally informs users what the "rules of the game" are. 108 2. The Wires have Ears 110 It is a lot easier to eavesdrop on communications over data networks 111 than to tap a telephone conversation. Any link between computers may 112 potentially be insecure, as can any of the computers through which 113 data flows. All information passing over networks may be 114 eavesdropped on, even if you think "No one will care about this..." 116 Information passing over a network may be read not only by the 117 intended audience but can be read by others as well. This can happen 118 to personal Email and sensitive information that is accessed via file 119 transfer or the Web. Please refer to the "Don't Get Caught in the 120 Web" and "Email Pitfalls" sections for specific information on 121 protecting your privacy. 123 As a user, your utmost concerns should, firstly, be to protect 124 yourself against misuse of your computer account(s) and secondly, to 125 protect your privacy. 127 Unless precautions are taken, every time you log in over a network, 128 to any network service, your password or confidential information may 129 be stolen. It may then be used to gain illicit access to systems you 130 have access to. In some cases, the consequences are obvious: If 131 someone gains access to your bank account, you might find yourself 132 losing some cash, quickly. What is not so obvious is that services 133 which are not financial in nature may also be abused in rather costly 134 ways. You may be held responsible if your account is misused by 135 someone else! 137 Many network services involve remote log in. A user is prompted for 138 his or her account ID (ie. user name) and password. If this 139 information is sent through the network without encryption, the 140 message can be intercepted and read by others. This is not really an 141 issue when you are logging in to a "dial-in" service where you make a 142 connection via telephone and log in, say to an online service 143 provider, as telephone lines are more difficult to eavesdrop on than 144 Internet communications. 146 The risk is there when you are using programs to log in over a 147 network. Many popular programs used to log in to services or to 148 transfer files (such as telnet and ftp, respectively) send your 149 user name and password and then your data over the network without 150 encrypting them. 152 The precaution commonly taken against password eavesdropping by 153 larger institutions, such as corporations, is to use one-time 154 password systems. 156 Until recently, it has been far too complicated and expensive for 157 home systems and small businesses to employ secure log in systems. 158 However, an increasing number of products enable this to be done 159 without fancy hardware, using cryptographic techniques. An example 160 of such a technique is Secure Shell [SSH], which is both freely and 161 commercially available for a variety of platforms. Many products 162 (including SSH-based ones) also allow data to be encrypted before it 163 is passed over the network. 165 Part Two: End-users in a centrally-administered network 167 The following rules of thumb provide a summary of the most important 168 pieces of advice discussed in Part Two of this document: 170 - Know who your security point-of-contact is. 171 - Keep passwords secret at all times. 172 - Use a password-locked screensaver or log out when you leave your 173 desk. 174 - Don't let simply anyone have physical access to your computer or 175 your network. 176 - Be aware what software you run and very wary of software of 177 unknown origin. Think hard before you execute downloaded 178 software. 179 - Do not panic. Consult your security point-of-contact, if 180 possible, before spreading alarm. 181 - Report security problems as soon as possible to your security 182 point-of-contact. 184 3. Watch Out! 186 3.1. The Dangers of Downloading 188 An ever expanding wealth of free software has become available on the 189 Internet. While this exciting development is one of the most 190 attractive aspects of using public networks, you should also exercise 191 caution. Some files may be dangerous. Downloading poses the single 192 greatest risk. 194 Be careful to store all downloaded files so that you will remember 195 their (possibly dubious) origin. Do not, for example, mistake a 196 downloaded program for another program just because they have the 197 same name. This is a common tactic to fool users into activating 198 programs they believe to be familiar but could, in fact, be 199 dangerous. 201 Programs can use the network without making you aware of it. One 202 thing to keep in mind is that if a computer is connected, any program 203 has the capability of using the network, with or without informing 204 you. Say, for example: 206 You download a game program from an anonymous FTP server. This 207 appears to be a shoot-em-up game, but unbeknownst to you, it 208 transfers all your files, one by one, over the Internet to a 209 cracker's machine! 211 Many corporate environments explicitly prohibit the downloading and 212 running of software from the Internet. 214 3.2. Don't Get Caught in the Web 216 The greatest risk when web browsing is downloading files. Web 217 browsers allow any file to be retrieved from the Internet. See "The 218 Dangers of Downloading". 220 Web browsers are downloading files even when it is not entirely 221 obvious. Thus, the risk posed by downloading files may be present 222 even if you do not actively go out and retrieve files overtly. Any 223 file which you have loaded over the network should be considered 224 possibly dangerous (even files in the web browser's cache). Do not 225 execute them by accident, as they may be malicious programs. 226 (Remember, programs are files, too. You may believe you have 227 downloaded a text file, when in fact it is a Trojan Horse program, 228 script, etc.) 230 Web browsers may download and execute programs on your behalf, either 231 automatically or after manual intervention. You may disable these 232 features. If you leave them enabled, be sure that you understand the 233 consequences. You should read the security guide which accompanies 234 your web browser as well as the security policy of your company. You 235 should be aware that downloaded programs may be risky to execute on 236 your machine. See "What program is this, anyway?". 238 Web pages often include forms. Be aware that, as with Email, data 239 sent from a web browser to a web server is not secure. Several 240 mechanisms have been created to prevent this, most notably Secure 241 Sockets Layer [SSL]. This facility has been built into many web 242 browsers. It encrypts data sent between the user's web browser and 243 the web server so no one along the way can read it. 245 It is possible that a web page will appear to be genuine, but is, in 246 fact, a forgery. It is easy to copy the appearance of a genuine web 247 page and possible to subvert the network protocols which contact the 248 desired web server, to misdirect a web browser to an imposter. 250 That threat may be guarded against using SSL to verify if a web page 251 is genuine. When a 'secure' page has been downloaded, the web 252 browser's 'lock' or 'key' will indicate so. It is good to double- 253 check this: View the 'certificate' associated with the web page you 254 have accessed. Each web browser has a different way to do this. The 255 certificate will list the certificate's owner and who issued it. If 256 these look trustworthy, you are probably OK. 258 3.3 Email Pitfalls 260 All the normal concerns apply to messages received via Email that you 261 could receive any other way. For example, the sender may not be who 262 he or she claims to be. If Email security software is not used, it 263 is very difficult to determine for sure who sent a message. This 264 means that Email itself is a not a suitable way to conduct many types 265 of business. It is very easy to forge an Email message to make it 266 appear to have come from anyone. 268 Another security issue you should consider when using Email is 269 privacy. Email passes through the Internet from computer to 270 computer. As the message moves between computers, and indeed as it 271 sits in a user's mailbox waiting to be read, it is potentially 272 visible to others. For this reason, it is wise to think twice before 273 sending confidential or extremely personal information via Email. 274 You should never send credit card numbers and other sensitive data 275 via unprotected Email. Please refer to "The Wires Have Ears". 277 To cope with this problem, there are privacy programs available, some 278 of which are integrated into Email packages. 280 One service many Email users like to use is Email forwarding. This 281 should be used very cautiously. Imagine the following scenario: 283 A user has an account with a private Internet Service Provider and 284 wishes to receive all her Email there. She sets it up so that her 285 Email at work is forwarded to her private address. All the Email 286 she would receive at work then moves across the Internet until it 287 reaches her private account. All along the way, the Email is 288 vulnerable to being read. A sensitive Email message sent to her 289 at work could be read by a network snoop at any of the many stops 290 along the way the Email takes. 292 Note that Email sent or received at work may not be private. Check 293 with your employer, as employers may (in some instances) legally both 294 read your Email and make use of it. The legal status of Email 295 depends on the privacy of information laws in force in each country. 297 Many mail programs allow files to be included in Email messages. The 298 files which come by Email are files like any other. Any way in which 299 a file can find its way onto a computer is possibly dangerous. If 300 the attached file is merely a text message, fine. But it may be more 301 than a text message. If the attached file is itself a program or an 302 executable script, extreme caution should be applied before running 303 it. See the section entitled "The Dangers of Downloading". 305 3.4 Passwords 307 Passwords may be easily guessed by an intruder unless precautions are 308 taken. Your password should contain a mixture of numbers, upper and 309 lower case letters, and punctuation. Avoid all real words in any 310 language, or combinations of words, license plate numbers, names and 311 so on. The best password is a made-up sequence (e.g., an acronym 312 from a phrase you won't forget), such as "2B*Rnot2B" (but don't use 313 this password!). 315 Resist the temptation to write your password down. If you do, keep 316 it with you until you remember it, then shred it! NEVER leave a 317 password taped onto a terminal or written on a whiteboard. You 318 wouldn't write your PIN code on your automated teller machine (ATM) 319 card, would you? You should have different passwords for different 320 accounts, but not so many passwords that you can't remember them. 321 You should change your passwords periodically. 323 You should also NEVER save passwords in scripts or login procedures 324 as these could be used by anyone who has access to your machine. 326 Be certain that you are really logging into your system. Just 327 because a login prompt appears and asks you for your password does 328 not mean you should enter it. Avoid unusual login prompts and 329 immediately report them to your security point-of-contact. If you 330 notice anything strange upon logging in, change your password. 332 Unless precautions have been taken to encrypt your password when it 333 is sent over the network, you should, if possible, use "one-time 334 passwords" whenever you log in to a system over a network. (Some 335 applications take care of that for you.) See "The Wires Have Ears" 336 for more information on the risks associated with logging in over a 337 network. 339 3.5 Viruses and Other Illnesses 341 Viruses are essentially unwanted pieces of software that find their 342 way onto a computer. What the virus may do once it has entered its 343 host, depends on several factors: What has the virus been programmed 344 to do? What part of the computer system has the virus attacked? 346 Some viruses are 'time bombs' which activate only when given a 347 particular condition, such as reaching a certain date. Others remain 348 latent in the system until a particular afflicted program is 349 activated. There are still others which are continually active, 350 exploiting every opportunity to do mischief. A subtle virus may 351 simply modify a system's configuration, then hide. 353 Be cautious about what software you install on your system. Use 354 software from "trusted sources", if possible. Check your site policy 355 before installing any software: Some sites only allow administrators 356 to install software to avoid security and system maintenance 357 problems. 359 Centrally-administered sites have their own policy and tools for 360 dealing with the threat of viruses. Consult your site policy or find 361 out from your systems administrator what the correct procedures are 362 to stay virus free. 364 You should report it if a virus detection tool indicates that your 365 system has a problem. You should notify your site's systems 366 administrators as well as the person you believe passed the virus to 367 you. It is important to remain calm. Virus scares may cause more 368 delay and confusion than an actual virus outbreak. Before announcing 369 the virus widely, make sure you verify its presence using a virus 370 detection tool, if possible, with the assistance of technically- 371 competent personnel. 373 Trojan Horse programs and worms are often categorized with viruses. 374 Trojan Horse programs are dealt with in the "What Program is This, 375 Anyway?" section. For the purposes of this section, worms should be 376 considered a type of virus. 378 3.6 Modems 380 You should be careful when attaching anything to your computer, and 381 especially any equipment which allows data to flow. You should get 382 permission before you connect anything to your computer in a 383 centrally-administered computing environment. 385 Modems present a special security risk. Many networks are protected 386 by a set of precautions designed to prevent a frontal assault from 387 public networks. If your computer is attached to such a network, you 388 must exercise care when also using a modem. It is quite possible to 389 use the modem to connect to a remote network while *still* being 390 connected to the 'secure' net. Your computer can now act as a hole 391 in your network's defenses. Unauthorized users may be able to get 392 onto your organization's network through your computer! 394 Be sure you know what you are doing if you leave a modem on and set 395 up your computer to allow remote computers to dial in. Be sure you 396 use all available security features correctly. Many modems answer 397 calls by default. You should turn auto-answer off unless you are 398 prepared to have your computer respond to callers. Some 'remote 399 access' software requires this. Be sure to turn on all the security 400 features of your 'remote access' software before allowing your 401 computer to be accessed by phone. 403 Note that having an unlisted number will not protect you from someone 404 breaking into your computer via a phone line. It is very easy to 405 probe many phone lines to detect modems and then launch attacks. 407 3.7 Don't Leave Me... 409 Do not leave a terminal or computer logged in and walk away. Use 410 password-locked screensavers whenever possible. These can be set up 411 so that they activate after the computer has been idle for a while. 413 Sinister as it may seem, someone coming around to erase your work is 414 not uncommon. If you remained logged in, anyone can come by and 415 perform mischief for which you may be held accountable. For example, 416 imagine the trouble you could be in for if nasty Email were sent to 417 the president of your company in your name, or your account were used 418 to transfer illegal pornography. 420 Anyone who can gain physical access to your computer can almost 421 certainly break into it. Therefore, be cautious regarding who you 422 allow access to your machine. If physically securing your machine is 423 not possible, it is wise to encrypt your data files kept on your 424 local hard disk. If possible, it is also wise to lock the door to 425 one's office where the computer is stored. 427 3.8 File Protections 429 Data files and directories on shared systems or networked file 430 systems require care and maintenance. There are two categories of 431 such systems: 433 - Files to share 435 Shared files may be visible to everyone or to a restricted group 436 of other users. Each system has a different way of specifying 437 this. Learn how to control sharing permissions of files and 438 implement such control without fail. 440 - Protected files 442 These include files that only you should have access to, but 443 which are also available to anyone with system administrator 444 privileges. An example of this are files associated with the 445 delivery of Email. You don't want other users to read your Email, 446 so make sure such files have all the necessary file permissions 447 set accordingly. 449 3.9 Encrypt Everything 451 Additionally, there are files that are private. You may have files 452 which you do not wish anyone else to have access to. In this case, 453 it is prudent to encrypt the file. This way, even if your network is 454 broken into or the systems administrator turns into Mr. Hyde, your 455 confidential information will not be available. Encryption is also 456 very important if you share a computer. For example, a home computer 457 may be shared by room mates who are friends but prefer to keep their 458 Email and financial information private. Encryption allows for 459 shared yet private usage. 461 Before you encrypt files, you should check your site's security 462 policy. Some employers and countries expressly forbid or restrict 463 the storing and/or transferring of encrypted files. 465 Be careful with the passwords or keys you use to encrypt files. 466 Locking them away safely not only helps to keep them from prying eyes 467 but it will help you keep them secure too; for if you lose them, you 468 will lose your ability to decrypt your data as well! It may be wise 469 to save more than one copy. This may even be required, if your 470 company has a key escrow policy, for example. This protects against 471 the possibility that the only person knowing a pass phrase may leave 472 the company or be struck by lightning. 474 Whilst encryption programs are readily available, it should be noted 475 that the quality can vary widely. PGP (which stands for "Pretty Good 476 Privacy") for example, offers a strong encryption capability. Many 477 common software applications include the capability to encrypt data. 478 The encryption facilities in these are typically very weak. 480 You should not be intimidated by encryption software. Easy-to-use 481 software is being made available. 483 3.10 Shred Everything Else 485 You would be surprised what gets thrown away into the waste-paper 486 basket: notes from meetings, old schedules, internal phone lists, 487 computer program listings, correspondence with customers and even 488 market analyses. All of these would be very valuable to competitors, 489 recruiters and even an overzealous (hungry?) journalist looking for a 490 scoop. The threat of dumpster diving is real - take it seriously! 491 Shred all potentially useful documents before discarding them. 493 You should also be aware that deleting a file does not erase it in 494 many cases. The only way to be sure that an old hard disk does not 495 contain valuable data may be to reformat it. 497 3.11 What Program is This, Anyway? 499 Programs have become much more complex in recent years. They are 500 often extensible in ways which may be dangerous. These extensions 501 make applications more flexible, powerful and customizable. They 502 also open the end-user up to all sorts of risks. 504 - A program may have "plug-in" modules. You should not trust the 505 plug-ins simply because you are used to trusting the programs 506 they plug into. For example: Some web pages suggest that the 507 user download a plug-in to view or use some portion of the web 508 page's content. Consider: What is this plug-in? Who wrote it? 509 Is it safe to include it in your web browser? 511 - Some files are "compound documents". This means that instead of 512 using one single program, it will be necessary to run several 513 programs in order to view or edit a document. Again, be careful 514 of downloading application components. Just because they 515 integrate with products which are well-known does not mean that 516 they can be trusted. Say, you receive an Email message which can 517 only be read if you download a special component. This component 518 could be a nasty program which wipes out your hard drive! 520 - Some programs are downloaded automatically when accessing web 521 pages. While there are some safeguards to make sure that these 522 programs may be used safely, there have been security flaws 523 discovered in the past. For this reason, some centrally- 524 administered sites require that certain web browser capabilities 525 be turned off. 527 4. Paranoia is Good 529 Many people do not realize it, but social engineering is a tool which 530 many intruders use to gain access to computer systems. The general 531 impression that people have of computer break-ins is that they are 532 the result of technical flaws in computer systems which the intruders 533 have exploited. People also tend to think that break-ins are purely 534 technical. However, the truth is that social engineering plays a big 535 part in helping an attacker slip through security barriers. This 536 often proves to be an easy stepping-stone onto the protected system 537 if the attacker has no authorized access to the system at all. 539 Social engineering may be defined, in this context, as the act of 540 gaining the trust of legitimate computer users to the point where 541 they reveal system secrets or help someone, unintentionally, to gain 542 unauthorized access to their system(s). Using social engineering, an 543 attacker may gain valuable information and/or assistance that could 544 help break through security barriers with ease. Skillful social 545 engineers can appear to be genuine but are really full of deceit. 547 Most of the time, attackers using social enginering work via 548 telephone. This not only provides a shield for the attacker by 549 protecting his or her identity, it also makes the job easier because 550 the attacker can claim to be a particular someone with more chances 551 of getting away with it. 553 There are several types of social engineering. Here are a few 554 examples of the more commonly-used ones: 556 - An attacker may pretend to be a legitimate end-user who is new to 557 the system or is simply not very good with computers. This 558 attacker may approach systems administrators and other end-users 559 for help. This "user" may have lost his password, or simply can't 560 get logged into the system and needs to access the system 561 urgently. Attackers have also been known to identify themselves 562 as some VIP in the company, screaming at administrators to get 563 what they want. In such cases, the administrator (or it could be 564 an end-user) may feel threatened by the caller's authority and 565 give in to the demands. 567 - Attackers who operate via telephone calls may never even have seen 568 the screen display on your system before. In such cases, the 569 trick attackers use is to make details vague, and get the user to 570 reveal more information on the system. The attacker may sound 571 really lost so as to make the user feel that he is helping a 572 damsel in distress. Often, this makes people go out their way to 573 help. The user may then reveal secrets when he is off-guard. 575 - An attacker may also take advantage of system problems that have 576 come to his attention. Offering help to a user is an effective 577 way to gain the user's trust. A user who is frustrated with 578 problems he is facing will be more than happy when someone comes 579 to offer some help. The attacker may come disguised as the 580 systems administrator or maintenance technician. This attacker 581 will often gain valuable information because the user thinks that 582 it is alright to reveal secrets to technicians. Site visits may 583 pose a greater risk to the attacker as he may not be able to make 584 an easy and quick get-away, but the risk may bring fruitful 585 returns if the attacker is allowed direct access to the system by 586 the naive user. 588 - Sometimes, attackers can gain access into a system without prior 589 knowledge of any system secret nor terminal access. In the same 590 way that one should not carry someone else's bags through Customs, 591 no user should key in commands on someone's behalf. Beware of 592 attackers who use users as their own remotely-controlled fingers 593 to type commands on the user's keyboard that the user does not 594 understand, commands which may harm the system. These attackers 595 will exploit system software bugs and loopholes even without 596 direct access to the system. The commands keyed in by the end- 597 user may bring harm to the system, open his own account up for 598 access to the attacker or create a hole to allow the attacker 599 entry (at some later time) into the system. If you are not sure 600 of the commands you have been asked to key in, do not simply 601 follow instructions. You never know what and where these could 602 lead to... 604 To guard against becoming a victim of social engineering, one 605 important thing to remember is that passwords are secret. A password 606 for your personal account should be known ONLY to you. The systems 607 administrators who need to do something to your account will not 608 require your password. As administrators, the privileges they have 609 will allow them to carry out work on your account without the need 610 for you to reveal your password. An administrator should not have to 611 ask you for your password. 613 Users should guard the use of their accounts, and keep them for 614 their own use. Accounts should not be shared, not even temporarily 615 with systems administrators or systems maintenance techinicians. 616 Most maintenance work will require special privileges which end-users 617 are not given. Systems administrators will have their own accounts 618 to work with and will not need to access computer systems via an end- 619 user's account. 621 Systems maintenance technicians who come on site should be 622 accompanied by the local site administrator (who should be known to 623 you). If the site administrator is not familiar to you, or if the 624 technician comes alone, it is wise to give a call to your known site 625 administrator to check if the technician should be there. Yet, many 626 people will not do this because it makes them look paranoid and it is 627 embarrassing to show that they have no, or little trust in these 628 visitors. 630 Unless you are very sure that the person you are speaking to is who 631 he or she claims to be, no secret information should ever be revealed 632 to such people. Sometimes, attackers may even be good enough to make 633 themselves sound like someone whose voice you know over the phone. 634 It is always good to double check the identity of the person. If you 635 are unable to do so, the wisest thing to do is not to reveal any 636 secrets. If you are a systems administrator, there should be 637 security procedures for assignment and reassignment of passwords to 638 users, and you should follow such procedures. If you are an end- 639 user, there should not be any need for you to have to reveal system 640 secrets to anyone else. Some companies assign a common account to 641 multiple users. If you happen to be in such a group, make sure you 642 know everyone in that group so you can tell if someone who claims to 643 be in the group is genuine. 645 Part Three: End-users self administering a networked computer 647 The home user or the user who administers his own network has many of 648 the same concerns as a centrally-administered user. The following is 649 a summary of additional advice given in Part Three: 651 - Read manuals to learn how to turn on security features, then turn 652 them on. 653 - Consider how private your data and Email need to be. Have you 654 invested in privacy software and learned how to use it yet? 655 - Prepare for the worst in advance. 656 - Keep yourself informed about what the newest threats are. 658 5. Make Your Own Security Policy 660 You should decide ahead of time what risks are acceptable and then 661 stick to this decision. It is also wise to review your decision at 662 regular intervals and whenever the need to do so arises. It may be 663 wise to simply avoid downloading any software from the network which 664 comes from an unknown source to a computer storing business records, 665 other valuable data and data which is potentially damaging if the 666 information was lost or stolen. 668 If the system has a mixed purpose, say recreation, correspondence 669 and some home accounting, perhaps you will hazard some downloading of 670 software. You unavoidably take some risk of acquiring stuff 671 which is not exactly what it seems to be. 673 It may be worthwhile installing privacy software on a computer if it 674 is shared by multiple users. That way, a friend of a room mate won't 675 have access to your private data, and so on. 677 6. Bad Things Happen 679 If you notice that your files have been modified or ascertain somehow 680 that your account has been used without your consent, you should 681 inform your security point-of-contact immediately. When you do 682 not know who your security point-of-contact is, try calling 683 your Internet service provider's help desk as a first step. 685 6.1 How to Prepare for the Worst in Advance 687 - Read all user documentation carefully. Make sure that it is clear 688 when services are being run on your computer. If network services 689 are activated, make sure they are properly configured (set all 690 permissions so as to prevent anonymous or guest logins, and so 691 on). Increasingly, many programs have networking capabilities 692 built in to them. Learn how to properly configure and safely use 693 these features. 695 - Back up user data. This is always important. Backups are 696 normally thought of as a way of ensuring you will not lose your 697 work if a hard disk fails or if you make a mistake and delete a 698 file. Backing up is also critical to insure that data cannot be 699 lost due to a computer security incident. One of the most vicious 700 and unfortunately common threats posed by computer viruses and 701 Trojan Horse programs is erasing a computer's hard disk. 703 - Obtain virus checking software or security auditing tools. Learn 704 how to use them and install them before connecting to a public 705 network. Many security tools require that they be run on a 706 "clean" system, so that comparisons can be made between the 707 present and pristine states. Thus, it is necessary for some work 708 to be done ahead of time. 710 - Upgrade networking software regularly. As new versions of 711 programs come out, it is prudent to upgrade. Security 712 vulnerabilities will likely have been fixed. The longer you wait 713 to do this, the greater the risk that security vulnerabilities of 714 the products will be become known and be exploited by some network 715 assailant. Keep up to date! 717 - Find out who to contact if you suspect trouble. Does your 718 Internet Service Provider have a security contact or Help Desk? 719 Investigate this before trouble happens so you won't lose time 720 trying to figure it out should trouble occur. Keep the contact 721 information both online and offline for easy retrieval. 723 There are 3 ways to avoid problems with viruses: 725 1. Don't be promiscuous 727 If at all possible, be cautious about what software you install on 728 your system. If you are unaware of or unsure of the origin of a 729 program, it is wise not to run it. Obtain software from trusted 730 sources. Do not execute programs or reboot using old diskettes 731 unless you have reformatted them, especially if the old diskettes 732 have been used to bring software home from a trade show and other 733 potentially security-vulnerable places. 735 Nearly all risk of getting infected by viruses can be eliminated 736 if you are extremely cautious about what files are stored on your 737 computer. See "The Dangers of Downloading" for more details. 739 2. Scan regularly. 741 Give your system a regular check-up. There are excellent 742 virus checking and security audit tools for most computer 743 platforms available today. Use them, and if possible, set them to 744 run automatically and regularly. Also, install updates of these 745 tools regularly and keep yourself informed of new virus threats. 747 3. Notice the unusual. 749 It's not true that a difference you cannot detect is no difference 750 at all, but it is a good rule of thumb. You should get used to 751 the way your system works. If there is an unexplainable change 752 (for instance, files you believe should exist are gone, or strange 753 new files are appearing and disk space is 'vanishing'), you should 754 check for the presense of viruses. 756 You should take some time to be familiar with computer virus 757 detection tools available for your type of computer. You should use 758 an up-to-date tool (i.e. not older than three months). It is very 759 important to test your computer if you have been using shared 760 software of dubious origin, someone else's used floppy disks to 761 transfer files, and so on. 763 6.2 What To Do if You Suspect Trouble 765 If you suspect that your home computer has a virus, that a malicious 766 program has been run, or that a system has been broken into, the 767 wisest course of action is to first disconnect the system from all 768 networks. If available, virus detection or system auditing software 769 should be used. 771 Checking vital system files for corruption, tampering or malicious 772 replacement is very tedious work to do by hand. Fortunately there 773 are many virus detection programs available for PCs and Macintosh 774 computers. There are security auditing programs available for UNIX- 775 based computers. If software is downloaded from the network, it is 776 wise to run virus detection or auditing tools regularly. 778 If it becomes clear that a home system has been attacked, it is time 779 to clean up. Ideally, a system should be rebuilt from scratch. 780 This means erasing everything on the hard disk. Next, install the 781 operating system and then all additional software the system needs. 782 It is best to install the operating system and additional software 783 from the original distribution diskettes or CD-roms, rather than from 784 backup storage. The reason for this is that a system may have been 785 broken into some time ago, so the backed up system or program files 786 may already include some altered files or viruses. Restoring a 787 system from scratch is tedious but worthwhile. Do not forget to re- 788 install all security related fixes you had installed before the 789 security incident. Obtain these from a verified, unsuspicious 790 source. 792 6.3 Email 794 Remember to be careful with saved Email. Copies of sent or received 795 Email (or indeed any file at all) placed in storage provided by an 796 Internet service provider may be vulnerable. The risk is that 797 someone might break into the account and read the old Email. Keep 798 your Email files, indeed any sensitive files, on your home machine. 800 7. Home Alone 802 A home system can be broken into over the Internet if a home user is 803 unwary. The files on the home system can be stolen, altered or 804 destroyed. The system itself, if compromised, could be accessed 805 again some time in the future. This section describes issues and 806 makes recommendations relevant to a home user of the Internet. 808 7.1 Beware of Daemons 810 A home system which uses PPP to connect directly to the Internet is 811 increasingly common. These systems are at the greatest risk if they 812 run certain kinds of programs called "services". If you run a 813 service, you are in effect making your computer available to others 814 across the network. Some services include: 816 - File servers (an NFS server, a PC with 'file sharing' turned on) 817 - An FTP server 818 - A Web server 820 There are, in general, two types of programs which operate on the 821 Internet: Clients (like web browsers and Email programs) and Servers 822 (like web servers and mail servers). 824 Most software which runs on home systems is of the client variety; 825 but, increasingly, server software is available on traditionally 826 client platforms (e.g., PCs). Server software which runs in the 827 background is referred to as a "daemon" (pronounced dee-mon). Many 828 Internet server software programs that run as daemons have names that 829 end in `d', like "inetd" (Internet Daemon) and "talkd" (Talk Daemon). 830 When set to run, these programs wait for clients to request some 831 particular service from across the network. 833 There are four very important things to keep in mind as far as the 834 security implications of running services on a home computer are 835 concerned. 837 - First and most important, if a server is not properly configured, 838 it is very vulnerable to being attacked over a network. It is 839 vital, if you run services, to be familiar with the proper 840 configuration. This is often not easy, and may require training 841 or technical expertise. 843 - All software has flaws, and flaws exploited deviously can be used 844 to breach computer security. If you run a server on your home 845 machine, you have to stay aware. This requires work: You have to 846 stay in touch with the supplier of the software to get security 847 updates. It is highly recommended that you keep up with security 848 issues through on-line security forums. See [RFC2196] for a list 849 of references. 851 If security flaws in your server software are discovered, you will 852 need to either stop using the software or apply "patches" or 853 "fixes" which eliminate the vulnerability. The supplier of the 854 software, if it is a decent company or freeware author, will 855 supply information and updates to correct security flaws. These 856 "patches" or "fixes" must be installed as soon as possible. 858 - As a rule of thumb, the older the software, the greater the chance 859 that it has known vulnerabilities. This is not to say you should 860 simply trust brand new software either! Often, it takes time to 861 discover even obvious security flaws in servers. 863 - Some servers start up without any warning. There are some web 864 browsers and telnet clients which automatically start FTP servers 865 if not explicitly configured to not do so. If these servers are 866 not themselves properly configured, the entire file system of the 867 home computer can become available to anyone on the Internet. 869 In general, any software MAY start up a network daemon. The way to 870 be safe here is to know the products you are using. Read the manual, 871 and if any questions arise, call the company or mail the author of 872 free software to find out if you are actually running a service by 873 using the product. 875 A home user running a remote login service on his home machine faces 876 very serious risks. This service allows the home user to log in to 877 his home machine from other computers on the Internet and can be 878 quite convenient. But the danger is that someone will secretly 879 observe the logging in and then be able to masquerade as the user 880 whenever they choose to do so in the future. See "The Wires Have 881 Ears" which suggests precautions to take for remote log in. 883 If possible, activate all "logging" options in your server software 884 which relate to security. You need to review these logs regularly in 885 order to gain any benefit from this logging. You should also be 886 aware that logs often grow very quickly in size, so you need to be 887 careful they don't fill up your hard disk! 889 7.2 Going Places 891 Remote logins allow a user privileged access onto physically remote 892 systems from the comfort of his own home. 894 More and more companies are offering their employees the ability to 895 work from home with access to their computer accounts through dial-up 896 connections. As the convenience of Internet connectivity has led to 897 lowered costs and wide-spread availability, companies may allow 898 remote login to their systems via the Internet. Customers of 899 companies with Internet access may also be provided with remote login 900 accounts. These companies include Internet service providers, and 901 even banks. Users should be very careful when making remote logins. 903 As discussed in "The Wires have Ears" section, Internet connections 904 can be eavesdropped on. If you intend to use a remote login service, 905 check that the connection can be done securely, and make sure that 906 you use the secure technologies/features. 908 Connections may be secured using technologies like one-time 909 passwords, secure shell (SSH) and Secure Sockets Layer (SSL). One- 910 time passwords make a stolen password useless to steal, while secure 911 shell encrypts data sent over the connection. Please refer to "Don't 912 Get Caught in the Web" for a discussion on SSL. Secure services such 913 as these have to be made available on the systems to which you log in 914 remotely. 916 7.3 Secure It! 918 Administering your own home computer means you get to choose what 919 software is run on it. Encryption software provides protection for 920 data. If you keep business records and other sensitive data on your 921 computer, encryption will help to keep it safe. For example, if you 922 ran a network service from your home computer and missed setting 923 restrictions on a private directory, a remote user (authorized or 924 not) may gain access to files in this private directory. If the 925 files are encrypted, the user will not be able to read them. But as 926 with all forms of encryption running on any system, the keys and 927 passwords should first be kept safe! 929 8. A Final Note 931 This document has provided the reader with an introduction and as 932 much concise detail as possible. Present security issues go out of 933 date quickly, and although effort has been made to keep discussions 934 general, examples given may not be relevant in the future as the 935 Internet and computer industry continue to grow. 937 Just as home-owners are now taking increased cautions at the expense 938 of convenience, to secure their homes in the changing world we live 939 in, computer network users should not ignore security. It may be 940 inconvenient, but it is always better to be safe than sorry. 942 Appendix: Glossary of Security Terms 944 Acceptable Use Policy (AUP) 946 A set of rules and guidelines that specify in more or less detail 947 the expectations in regard to appropriate use of systems or 948 networks. 950 Account 952 See (Computer) Account 954 Anonymous and Guest Log In 956 Services may be made available without any kind of authentication. 957 This is commonly done, for instance, with the FTP protocol to 958 allow anonymous access. Other systems provide a special account 959 named "guest" to provide access, typically restricting the 960 privileges of this account. 962 Auditing Tool 964 Tools to analyze computer systems or networks in regard to their 965 security status or in relation to the set of services provided by 966 them. COPS (Computer Oracle Password and Security analyzer) and 967 SATAN (Security Administrator's Tool for Analyzing Networks) are 968 famous examples of such tools. 970 Authentication 972 Authentication refers to mechanisms which are used to verify the 973 identity of a user. The process of authentication typically 974 requires a name and a password to be supplied by the user as proof 975 of his identity. 977 Centrally-Administered Network 979 A network of systems which is the responsibility of a single group 980 of administrators who are not distributed but work centrally to 981 take care of the network. 983 Certificate 985 Certificates are data which is used to verify digital signatures. 986 A certificate is only as trustworthy as the agency which issued it. 987 A certificate is used to verify a particular signed item, such as 988 an Email message or a web page. The digital signature, the item 989 and the certificate are all processed by a mathematical program. 990 It is possible to say, if the signature is valid, that "According 991 to the agency which issued the certificate, the signer was (some 992 name)". 994 Clean System 996 A computer which has been freshly installed with its operating 997 system and software obtainied from trusted software distribution 998 media. As more software and configuration are added to a 999 computer, it becomes increasingly difficult to determine if the 1000 computer is 'clean' or has been compromised by viruses, trojan 1001 horse or misconfiguration which reduces the security of the 1002 system. 1004 Client 1006 Depending on the point of view, a client might be a computer 1007 system which an end-user uses to access services hosted on 1008 another computer system called a server. 'Client' may also refer 1009 to a program or a part of a system that is used by an end-user to 1010 access services provided by another program (for example, a web 1011 browser is a client that accesses pages provided by a Web Server). 1013 Compound Documents 1015 A 'document' is a file containing (a set of) data. Files may 1016 consist of multiple parts: a plain document, an encrypted 1017 document, a digitally-signed documents or a compressed document. 1018 Multi-part files are known as compound documents and may require a 1019 variety of programs to be used in order to interpret and 1020 manipulate it. These programs may be used without the user's 1021 knowledge. 1023 (Computer) Account 1025 This term describes the authorization to access a specific 1026 computer system or network. Each end-user has to use an account, 1027 which consists most probably of a combination of user name and 1028 password or another means of proving that the end-user is the 1029 person the account is assigned to. 1031 Configuring Network Services 1033 The part of an administrator's task that is related to specifying 1034 the conditions and details of network services that govern the 1035 service provision. In regard to a Web server, this includes which 1036 Web pages are available to whom and what kind of information is 1037 logged for later review purposes. 1039 Cookies 1041 Cookies register information about a visit to a web site for 1042 future use by the server. A server may receive information of 1043 cookies of other sites as well which create concern in terms of 1044 breach of privacy. 1046 Cracker 1048 This term is used to describe attackers, intruders or other bad 1049 guys that do not play by the rules and try to circumvent security 1050 mechanisms and/or attack individuals and organisations. 1052 Daemons (inetd, talkd, etc.) 1054 These are processes that run on computer systems to provide 1055 services to other computer systems or processes. Typically, 1056 daemons are considered "servers". 1058 Decrypting 1060 The process of reversing the encryption of a file or message to 1061 recover the original data in order to use or read it. 1063 Default Account 1065 Some systems and server software come with preconfigured accounts. 1066 These accounts may be set up with a predefined (user name and) 1067 password to allow anyone access and are often put there to make it 1068 convenient for users to login initially. Default accounts should 1069 be turned off or have their predefined passwords changed, to 1070 reduce the risk of abuse to the system. 1072 Dial-in Service 1074 A way of providing access to computer systems or networks via a 1075 telecommunications network. A computer uses a modem to make a 1076 telephone call to a another modem, which in turn provides 'network 1077 access service'. See also: PPP. 1079 Digital Signature 1081 A digital signature is created by a mathematical computer program. 1082 It is not a hand-written signature nor a computer-produced picture 1083 of one. The signature is like a wax seal that requires a special 1084 stamp to produce it, and is attached to an Email message or file. 1085 The origin of the message or file may then be verified by the 1086 digital signature (using special tools). 1088 Downloaded Software 1090 Software packages retrieved from the Internet (using, for example, 1091 the FTP protocol). 1093 Downloading 1095 The act of retrieving files from a server on the network. 1097 Email Packages 1099 To communicate via electronic mail, an end-user usually makes use 1100 of an Email client that provides the user-interface to create, 1101 send, retrieve and read Email. Various different Email packages 1102 provide the same set of basic functions but have different 1103 user-interfaces and perhaps, special/extra functions. Some Email 1104 packages provide encryption and digital signature capabilities. 1106 Email Security Software 1108 Software which provides security through digital signatures and 1109 encryption (and decryption) to enable the end-user to protect 1110 messages and documents prior to sending them over a possibly 1111 insecure network. PGP is an example of such software. 1113 Encrypting / Encryption 1115 This is a mathematical process of scambling data for privacy 1116 protection. 1118 Encryption Software 1120 The software that actually provides the needed functionality for 1121 end users to encrypt messages and files. PGP is one example. 1123 End-User 1125 An (human) individual that makes use of computer systems and 1126 networks. 1128 Files (programs, data, text and so on) 1130 Files include user data, but also programs, the computer operating 1131 system and the system's configuration data. 1133 File Server 1135 A computer system that provides a way of sharing and working on 1136 files stored on the system among users with access to these files 1137 over a network. 1139 File Transfer 1141 The process of transferring files between two computer systems 1142 over a network, using a protocol such as FTP or HTTP. 1144 Fixes, Patches and installing them 1146 Vendors, in response to the discovery of security vulnerabilities, 1147 provide sets of files that have to be installed on computer 1148 systems. These files 'fix' or 'patch' the computer system or 1149 programs and remove the security vulnerability. 1151 FTP (File Transfer Protocol) 1153 A protocol that allows for the transfer of files between an FTP 1154 client and FTP server. 1156 Group of Users 1158 Security software often allow permissions to be set for groups 1159 (of users) as opposed to individuals. 1161 Help Desk 1163 A support entity that can be called upon to get help with a 1164 computer or communication problem. 1166 Internet 1168 A collection of interconnected networks that use a common set of 1169 protocols called the TCP/IP stack to enable communication between 1170 the connected computer systems. 1172 Key Escrow 1174 Keys are used to encrypt and decrypt files. key escrow is used to 1175 store keys for use by third parties to access the data in 1176 encrypted files. 1178 Keys Used to Encrypt and Decrypt Files 1180 To make use of encryption, an end-user has to provide some secret, 1181 in the form of some data, usually called a key. 1183 Log In, Logging into a System 1185 This is an action performed by an end-user, when he authenticates 1186 himself to a computer system. 1188 Log In Prompt 1190 The characters that are displayed when logging into a system to 1191 ask for user name and password. 1193 Logged In 1195 If an end-user has successfully proven to have legitimate access 1196 to a system, he is considered to be logged in. 1198 Logging 1200 Systems and server software often provide the ability to keep 1201 track of events. Events may be configured to be written out to a 1202 file known as a log. The log file can be read later and allows 1203 for system failures and security breaches to be identified. 1205 Masquerade (see Remote Log In) 1207 Anyone who pretends to be someone they are not in order to obtain 1208 access to a computer account is said to be in 'masquerade'. This 1209 may be accomplished by providing a false user name, or stealing 1210 someone else's password and logging in as him. 1212 Network File System (NFS, file sharing with PCs, etc.) 1214 NFS is an application and protocol suite that provides a way of 1215 sharing files between clients and servers. There are other 1216 protocols which provide file access over networks. These provide 1217 similar functionality, but do not interoperate with each other. 1219 Networking Features of Software 1221 Some software has features which make use of the network to 1222 retrieve or share data. It may not be obvious that software has 1223 networking features. 1225 Network Services 1227 Services which are not provided on the local computer system the 1228 end-user is working on but on a server located in the network. 1230 One-Time Passwords (OTP) 1232 Instead of using the same password over and over again, a 1233 different password is used on each subsequent log in. 1235 Passphrase 1237 A passphrase is a long password. It is often composed of several 1238 words and symbols to make it harder to guess. 1240 Password-Locked Screensaver 1242 A screen saver obscures the normal display of a monitor. A 1243 password-locked screensaver can only be deactivated if the end- 1244 user's password is supplied. This prevents a logged-in system 1245 from being abused and hides the work currently being done from 1246 passers-by. 1248 Patch 1250 See "Fixes, Patches and installing them" 1252 Permissions 1254 Another word for the access controls that are used to control the 1255 access to files and other resources. 1257 PGP (Pretty Good Privacy) 1259 PGP is an application package that provides tools to encrypt and 1260 digitally sign files on computer systems. It is especially useful 1261 to encrypt and/or sign files and messages before sending them via 1262 Email. 1264 Plug-in Modules 1266 Software components that integrate into other software (such as 1267 web browsers) to provide additional features. 1269 Point-of-Contact, Security 1271 In case of security breaches or problems, many organisations 1272 provide a designated point-of-contact which can alert others and 1273 take the appropriate actions. 1275 PPP (Point to Point Protocol) 1277 PPP is the mechanism which most end-users establish a network 1278 connection between their PC and their Internet service provider 1279 with. Once connected, the PC is able to transmit and receive 1280 data to any other system on the network. 1282 Privacy Programs 1284 Another term for encryption software that highlights the use of 1285 this software to protect the confidentiality and therefore privacy 1286 of the end-users that make use of it. 1288 Remote Access Software 1290 This software allows a computer to use a modem to connect to 1291 another system. It also allows a computer to 'listen' for calls 1292 on a modem (this computer provides 'remote access service'.) 1293 Remote access software may provide access to a single computer or 1294 to a network. 1296 Remote Log In 1298 If an end-user uses a network to log in to a system, this act is 1299 known as remote log in. 1301 Security Features 1303 These are features which provide protection or enable end-users 1304 and administrators to assess the security of a system, for 1305 example, by auditing it. 1307 Security Policy 1309 A security policy is written by organisations to address security 1310 issues, in the form of "do's" and "don'ts". These guidelines and 1311 rules are for users with respect to physical security, data 1312 security, information security and content (eg. rules stating that 1313 sites with sexual content should not be visited, and that 1314 copyrights should be honoured when downloading software, etc). 1316 Server 1318 A server is a computer system, or a set of processes on a 1319 computer system providing services to clients across a network. 1321 Shared Account 1323 A common account is one which is shared by a group of users as 1324 opposed to a normal account which is available to only one user. 1325 If the account is misused, it is very difficult or impossible to 1326 know which of users was responsible. 1328 Sharing Permissions 1330 Many computer systems allow users to share files over a network. 1331 These systems invariably provide a mechanism for users to use to 1332 control who has permission to read or overwrite these files. 1334 Site 1336 Depending on the context in which this term is used, it might 1337 apply to computer systems that are grouped together by 1338 geographical location, organizational jurisdiction, or network 1339 addresses. A Site typically refers to a network under a common 1340 administration. 1342 SSH (Secure Shell) 1344 SSH provides a protocol between a client and server, allowing for 1345 encrypted remote connectivity. 1347 SSL (Secure Sockets Layer) 1349 This protocol provides security services to otherwise insecure 1350 protocols which operate over a network. SSL is typically used by 1351 web browsers to encrypt data sent to and downloaded from a server. 1353 Systems Administrator 1355 The individual who maintains the system and has system 1356 administrator privileges. In order to avoid errors and mistakes 1357 done by this individual while not acting as an administrator, 1358 he/she should limit the time he/she acts as an administrator 1359 (as known to the system) to a minimum. 1361 System Administrator Privileges 1363 System administrators have more rights (greater permissions) as 1364 their work involve the maintenance of system files. 1366 System Files 1368 The set of files on a system that do not belong to end-users, 1369 which govern the functionality of the system. System files 1370 have a great impact on the security of the system. 1372 Telnet 1374 A protocol that enables remote log in to other computer systems 1375 over the network. 1377 Terminal 1379 A dumb device that is connected to a computer system in order to 1380 provide (text-based) access to it for users and administrators. 1382 Terms of Service (TOS) 1384 See "Acceptable Use Policy (AUP)". 1386 Threats 1388 The potential that an existing vulnerability can be exploited to 1389 compromise the security of systems or networks. Even if a 1390 vulnerability is not known, it represents a threat by this 1391 definition. 1393 Trojan Horse 1395 A program which carries within itself a means to allow the creator 1396 of the program access to the system using it. 1398 Virus 1400 A program which replicates itself on computer systems by 1401 incorporating itself (secretly and maliciously) into other 1402 programs. A virus can be transferred onto a computer system 1403 in a variety of ways. 1405 Virus-Detection Tool 1407 Software that detects and possibly removes computer viruses, 1408 alerting the user appropriately. 1410 Vulnerability 1412 A vulnerability is the existence of a weakness, design, or 1413 implementation error that can lead to an unexpected, undesirable 1414 event compromising the security of the system, network, 1415 application, or protocol involved. 1417 Web Browser Cache 1419 This is the part of the file system that is used to store web 1420 pages and related files. It can be utilized to reload recently 1421 accessed files from the cache instead of loading it every time 1422 from the network. 1424 Web Browser Capabilities 1426 The set of functionalities on a web browser for use by the end- 1427 user. This includes the set of plug-ins available. 1429 Web Server 1431 A server program that provides access to web pages. Some web 1432 servers provide access to other services, such as databases, and 1433 directories. 1435 Worm 1437 A computer program which replicates itself and is self- 1438 propogating. Worms, as opposed to viruses, are meant to spawn in 1439 network environments. 1441 Acknowledgments 1443 The User Security Handbook was a collaborative effort of the Site 1444 Security Handbook Working Group of the IETF. There were also others 1445 who made significant contributions --- Simson Garfinkle and Eric 1446 Luiijf provided very helpful feedback on this document. The Glossary 1447 contribution by Klaus-Peter Kossakowski is much appreciated. 1449 References 1451 [GLOSSARY] Malkin, G, ed, "Internet User's Glossary", RFC 1983 (FYI 1452 18), August, 1996. 1454 [RFC2196] Fraser, Barbara, ed, "Site Security Handbook," RFC 2196 1455 (FYI 8), September, 1997. 1457 Security Considerations 1459 This document discusses what computer users can do to improve 1460 security on their systems. 1462 Authors' Addresses 1464 Erik Guttman Lorna Leong Gary Malkin 1465 Sun Microsystems COLT Internet Bay Networks 1466 Bahnstr. 2 250 City Road 8 Federal Street 1467 74915 Waibstadt City Forum, London Billerca, MA 01821 1468 Germany England USA 1470 Phone: +49 7263 911701 +44 171 390 3900 +1 508 916 4237 1471 Email: erik.guttman@sun.com lorna@colt.net gmalkin@baynetworks.com