Users' Security Handbook
RFC 2504
Document | Type |
RFC - Informational
(February 1999; No errata)
Also known as FYI 34
Was draft-ietf-ssh-users (ssh WG)
|
|
---|---|---|---|
Authors | Lorna Leong , Gary Malkin , Erik Guttman | ||
Last updated | 2013-03-02 | ||
Stream | Internet Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 2504 (Informational) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group E. Guttman Request for Comments: 2504 Sun Microsystems FYI: 34 L. Leong Category: Informational COLT Internet G. Malkin Bay Networks February 1999 Users' Security Handbook Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1999). All Rights Reserved. Abstract The Users' Security Handbook is the companion to the Site Security Handbook (SSH). It is intended to provide users with the information they need to help keep their networks and systems secure. Table of Contents Part One: Introduction . . . . . . . . . . . . . . . . . . . . 2 1. READ.ME . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Wires have Ears . . . . . . . . . . . . . . . . . . . 3 Part Two: End-users in a centrally-administered network . . . 4 3. Watch Out! . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. The Dangers of Downloading . . . . . . . . . . . . . . 4 3.2. Don't Get Caught in the Web . . . . . . . . . . . . . . 5 3.3. Email Pitfalls . . . . . . . . . . . . . . . . . . . . 6 3.4. Passwords . . . . . . . . . . . . . . . . . . . . . . . 7 3.5. Viruses and Other Illnesses . . . . . . . . . . . . . . 7 3.6. Modems . . . . . . . . . . . . . . . . . . . . . . . . 8 3.7. Don't Leave Me... . . . . . . . . . . . . . . . . . . . 9 3.8. File Protections . . . . . . . . . . . . . . . . . . . 9 3.9. Encrypt Everything . . . . . . . . . . . . . . . . . . 10 3.10. Shred Everything Else . . . . . . . . . . . . . . . . . 10 3.11. What Program is This, Anyway? . . . . . . . . . . . . . 11 4. Paranoia is Good . . . . . . . . . . . . . . . . . . . . 11 Part Three: End-users self administering a networked computer 14 5. Make Your Own Security Policy . . . . . . . . . . . . . . 14 Guttman, et. al. Informational [Page 1] RFC 2504 Users' Security Handbook February 1999 6. Bad Things Happen . . . . . . . . . . . . . . . . . . . . 15 6.1. How to Prepare for the Worst in Advance . . . . . . . . 15 6.2. What To Do if You Suspect Trouble . . . . . . . . . . . 16 6.3. Email . . . . . . . . . . . . . . . . . . . . . . . . . 17 7. Home Alone . . . . . . . . . . . . . . . . . . . . . . . 17 7.1. Beware of Daemons . . . . . . . . . . . . . . . . . . . 17 7.2. Going Places . . . . . . . . . . . . . . . . . . . . . 19 7.3. Secure It! . . . . . . . . . . . . . . . . . . . . . . 20 8. A Final Note . . . . . . . . . . . . . . . . . . . . . . 20 Appendix: Glossary of Security Terms . . . . . . . . . . . . . 21 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Security Considerations . . . . . . . . . . . . . . . . . . . 32 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 32 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 33 Part One: Introduction This document provides guidance to the end-users of computer systems and networks about what they can do to keep their data and communication private, and their systems and networks secure. Part Two of this document concerns "corporate users" in small, medium and large corporate and campus sites. Part Three of the document addresses users who administer their own computers, such as home users. System and network administrators may wish to use this document as the foundation of a site-specific users' security guide; however, they should consult the Site Security Handbook first [RFC2196]. A glossary of terms is included in an appendix at the end of this document, introducing computer network security notions to those not familiar with them. 1. READ.ME Before getting connected to the Internet or any other public network, you should obtain the security policy of the site that you intend to use as your access provider, and read it. A security policy is a formal statement of the rules by which users who are given access to a site's technology and information assets must abide. As a user, you are obliged to follow the policy created by the decision makers and administrators at your site. A security policy exists to protect a site's hardware, software and data. It explains what the security goals of the site are, whatShow full document text