RFC1244 - Page 6

• Title: Site Security Handbook
• Author: J.P. Holbrook, J.K. Reynolds
• Date: July 1, 1991

Page Navigation:

1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46  47  48  49  50  51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75  76  77  78  79  80  81  82  83  84  85  86  87  88  89  90  91  92  93  94  95  96  97  98  99  100  101 

Printable Version: RFC1244.PDF

RFC 1244                 Site Security Handbook                July 1991


   would be, and what kind of action they want to take (if any) to
   prevent and respond to security threats.

   As an illustration of some of the issues that need to be dealt with
   in security problems, consider the following scenarios (thanks to
   Russell Brand [2, BRAND] for these):

      - A system programmer gets a call reporting that a
        major underground cracker newsletter is being
        distributed from the administrative machine at his
        center to five thousand sites in the US and
        Western Europe.

        Eight weeks later, the authorities call to inform
        you the information in one of these newsletters
        was used to disable "911" in a major city for
        five hours.

      - A user calls in to report that he can't login to his
        account at 3 o'clock in the morning on a Saturday.  The
        system staffer can't login either.  After rebooting to
        single user mode, he finds that password file is empty.
        By Monday morning, your staff determines that a number
        of privileged file transfers took place between this
        machine and a local university.

        Tuesday morning a copy of the deleted password file is
        found on the university machine along with password
        files for a dozen other machines.

        A week later you find that your system initialization
        files had been altered in a hostile fashion.

      - You receive a call saying that a breakin to a government
        lab occurred from one of your center's machines.  You
        are requested to provide accounting files to help
        trackdown the attacker.

        A week later you are given a list of machines at your
        site that have been broken into.

       - A reporter calls up asking about the breakin at your
         center.  You haven't heard of any such breakin.

        Three days later, you learn that there was a breakin.
        The center director had his wife's name as a password.





Site Security Policy Handbook Working Group                     [Page 6]