RFC 3631 (rfc3631) - Page 1 of 20
Security Mechanisms for the Internet
Alternative Format: Original Text Document
Network Working Group S. Bellovin, Ed.
Request for Comments: 3631 J. Schiller, Ed.
Category: Informational C. Kaufman, Ed.
Internet Architecture Board
December 2003
Security Mechanisms for the Internet
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Security must be built into Internet Protocols for those protocols to
offer their services securely. Many security problems can be traced
to improper implementations. However, even a proper implementation
will have security problems if the fundamental protocol is itself
exploitable. Exactly how security should be implemented in a
protocol will vary, because of the structure of the protocol itself.
However, there are many protocols for which standard Internet
security mechanisms, already developed, may be applicable. The
precise one that is appropriate in any given situation can vary. We
review a number of different choices, explaining the properties of
each.
1. Introduction
Internet Security compromises can be divided into several classes,
ranging from Denial of Service to Host Compromise. Denial of Service
attacks based on sheer volume of traffic are beyond the scope of this
document, though they are the subject of much ongoing discussion and
research. It is important to note that many such attacks are made
more difficult by good security practices. Host Compromise (most
commonly caused by undetected Buffer Overflows) represent flaws in
individual implementations rather than flaws in protocols.
Nevertheless, carefully designed protocols can make such flaws less
likely to occur and harder to exploit.
Bellovin, et al. Informational
