RFC 2504 (rfc2504) - Page 2 of 33
Users' Security Handbook
Alternative Format: Original Text Document
RFC 2504 Users' Security Handbook February 1999
6. Bad Things Happen . . . . . . . . . . . . . . . . . . . . 15
6.1. How to Prepare for the Worst in Advance . . . . . . . . 15
6.2. What To Do if You Suspect Trouble . . . . . . . . . . . 16
6.3. Email . . . . . . . . . . . . . . . . . . . . . . . . . 17
7. Home Alone . . . . . . . . . . . . . . . . . . . . . . . 17
7.1. Beware of Daemons . . . . . . . . . . . . . . . . . . . 17
7.2. Going Places . . . . . . . . . . . . . . . . . . . . . 19
7.3. Secure It! . . . . . . . . . . . . . . . . . . . . . . 20
8. A Final Note . . . . . . . . . . . . . . . . . . . . . . 20
Appendix: Glossary of Security Terms . . . . . . . . . . . . . 21
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31
References . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Security Considerations . . . . . . . . . . . . . . . . . . . 32
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 32
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 33
Part One: Introduction
This document provides guidance to the end-users of computer systems
and networks about what they can do to keep their data and
communication private, and their systems and networks secure. Part
Two of this document concerns "corporate users" in small, medium and
large corporate and campus sites. Part Three of the document
addresses users who administer their own computers, such as home
users.
System and network administrators may wish to use this document as
the foundation of a site-specific users' security guide; however,
they should consult the Site Security Handbook first [RFC 2196].
A glossary of terms is included in an appendix at the end of this
document, introducing computer network security notions to those not
familiar with them.
1. READ.ME
Before getting connected to the Internet or any other public network,
you should obtain the security policy of the site that you intend to
use as your access provider, and read it. A security policy is a
formal statement of the rules by which users who are given access to
a site's technology and information assets must abide. As a user,
you are obliged to follow the policy created by the decision makers
and administrators at your site.
A security policy exists to protect a site's hardware, software and
data. It explains what the security goals of the site are, what
users can and cannot do, what to do and who to contact when problems
arise, and generally informs users what the "rules of the game" are.
Guttman, et. al. Informational