Site Security Handbook
RFC 2196

Document Type RFC - Informational (September 1997; Errata)
Obsoletes RFC 1244
Also known as FYI 8
Last updated 2013-03-02
Stream IETF
Formats plain text pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2196 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                      B. Fraser
Request for Comments: 2196                                    Editor
FYI: 8                                                       SEI/CMU
Obsoletes: 1244                                       September 1997
Category: Informational

                         Site Security Handbook

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   This handbook is a guide to developing computer security policies and
   procedures for sites that have systems on the Internet.  The purpose
   of this handbook is to provide practical guidance to administrators
   trying to secure their information and services.  The subjects
   covered include policy content and formation, a broad range of
   technical system and network security topics, and security incident
   response.

Table of Contents

1.   Introduction....................................................  2
1.1  Purpose of this Work............................................  3
1.2  Audience........................................................  3
1.3  Definitions.....................................................  3
1.4  Related Work....................................................  4
1.5  Basic Approach..................................................  4
1.6  Risk Assessment.................................................  5
2.   Security Policies...............................................  6
2.1  What is a Security Policy and Why Have One?.....................  6
2.2  What Makes a Good Security Policy?..............................  9
2.3  Keeping the Policy Flexible..................................... 11
3.   Architecture.................................................... 11
3.1  Objectives...................................................... 11
3.2  Network and Service Configuration............................... 14
3.3  Firewalls....................................................... 20
4.   Security Services and Procedures................................ 24
4.1  Authentication.................................................. 24
4.2  Confidentiality................................................. 28
4.3  Integrity....................................................... 28

Fraser, Ed.                Informational                        [Page 1]
RFC 2196              Site Security Handbook              September 1997

4.4  Authorization................................................... 29
4.5  Access.......................................................... 30
4.6  Auditing........................................................ 34
4.7  Securing Backups................................................ 37
5.   Security Incident Handling...................................... 37
5.1  Preparing and Planning for Incident Handling.................... 39
5.2  Notification and Points of Contact.............................. 42
5.3  Identifying an Incident......................................... 50
5.4  Handling an Incident............................................ 52
5.5  Aftermath of an Incident........................................ 58
5.6  Responsibilities................................................ 59
6.   Ongoing Activities.............................................. 60
7.   Tools and Locations............................................. 60
8.   Mailing Lists and Other Resources............................... 62
9.   References...................................................... 64

1.  Introduction

   This document provides guidance to system and network administrators
   on how to address security issues within the Internet community.  It
   builds on the foundation provided in RFC 1244 and is the collective
   work of a number of contributing authors. Those authors include:
   Jules P. Aronson (aronson@nlm.nih.gov), Nevil Brownlee
   (n.brownlee@auckland.ac.nz), Frank Byrum (byrum@norfolk.infi.net),
   Joao Nuno Ferreira (ferreira@rccn.net), Barbara Fraser
   (byf@cert.org), Steve Glass (glass@ftp.com), Erik Guttman
   (erik.guttman@eng.sun.com), Tom Killalea (tomk@nwnet.net), Klaus-
   Peter Kossakowski (kossakowski@cert.dfn.de), Lorna Leone
   (lorna@staff.singnet.com.sg), Edward.P.Lewis
   (Edward.P.Lewis.1@gsfc.nasa.gov), Gary Malkin (gmalkin@xylogics.com),
   Russ Mundy (mundy@tis.com), Philip J. Nesser
   (pjnesser@martigny.ai.mit.edu), and Michael S. Ramsey
   (msr@interpath.net).

   In addition to the principle writers, a number of reviewers provided
   valuable comments. Those reviewers include: Eric Luiijf
   (luiijf@fel.tno.nl), Marijke Kaat (marijke.kaat@sec.nl), Ray Plzak
   (plzak@nic.mil) and Han Pronk (h.m.pronk@vka.nl).

   A special thank you goes to Joyce Reynolds, ISI, and Paul Holbrook,
   CICnet, for their vision, leadership, and effort in the creation of
   the first version of this handbook. It is the working group's sincere
Show full document text