RFC1244 - Page 7

• Title: Site Security Handbook
• Author: J.P. Holbrook, J.K. Reynolds
• Date: July 1, 1991

Page Navigation:

1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46  47  48  49  50  51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75  76  77  78  79  80  81  82  83  84  85  86  87  88  89  90  91  92  93  94  95  96  97  98  99  100  101 

Printable Version: RFC1244.PDF

RFC 1244                 Site Security Handbook                July 1991


      - A change in system binaries is detected.

        The day that it is corrected, they again are changed.
        This repeats itself for some weeks.

      - If an intruder is found on your system, should you
        leave the system open to monitor the situation or should
        you close down the holes and open them up again later?

      - If an intruder is using your site, should you call law
        enforcement?  Who makes that decision?  If law enforcement asks
        you to leave your site open, who makes that decision?

      - What steps should be taken if another site calls you and says
        they see activity coming from an account on your system?  What
        if the account is owned by a local manager?

1.7  Basic Approach

   Setting security policies and procedures really means developing a
   plan for how to deal with computer security.  One way to approach
   this task is suggested by Fites, et. al. [3, FITES]:

      -  Look at what you are trying to protect.
      -  Look at what you need to protect it from.
      -  Determine how likely the threats are.
      -  Implement measures which will protect your assets in a
         cost-effective manner.
      -  Review the process continuously, and improve things every time
         a weakness is found.

   This handbook will concentrate mostly on the last two steps, but the
   first three are critically important to making effective decisions
   about security.  One old truism in security is that the cost of
   protecting yourself against a threat should be less than the cost
   recovering if the threat were to strike you.  Without reasonable
   knowledge of what you are protecting and what the likely threats are,
   following this rule could be difficult.

1.8  Organization of this Document

   This document is organized into seven parts in addition to this
   introduction.

   The basic form of each section is to discuss issues that a site might
   want to consider in creating a computer security policy and setting
   procedures to implement that policy.  In some cases, possible options
   are discussed along with the some of the ramifications of those



Site Security Policy Handbook Working Group                     [Page 7]