RFC 1281 (rfc1281) - Page 2 of 10


Guidelines for the Secure Operation of the Internet



Alternative Format: Original Text Document



RFC 1281          Guidelines for the Secure Operation      November 1991


Introduction

   These guidelines address the entire Internet community, consisting of
   users, hosts, local, regional, domestic and international backbone
   networks, and vendors who supply operating systems, routers, network
   management tools, workstations and other network components.

   Security is understood to include protection of the privacy of
   information, protection of information against unauthorized
   modification, protection of systems against denial of service, and
   protection of systems against unauthorized access.

   These guidelines encompass six main points.  These points are
   repeated and elaborated in the next section.  In addition, a
   bibliography of computer and network related references has been
   provided at the end of this document for use by the reader.

 Security Guidelines

   (1)  Users are individually responsible for understanding and
        respecting the security policies of the systems (computers and
        networks) they are using.  Users are individually accountable
        for their own behavior.

   (2)  Users have a responsibility to employ available security
        mechanisms and procedures for protecting their own data.  They
        also have a responsibility for assisting in the protection of
        the systems they use.

   (3)  Computer and network service providers are responsible for
        maintaining the security of the systems they operate.  They are
        further responsible for notifying users of their security
        policies and any changes to these policies.

   (4)  Vendors and system developers are responsible for providing
        systems which are sound and which embody adequate security
        controls.

   (5)  Users, service providers, and hardware and software vendors are
        responsible for cooperating to provide security.

   (6)  Technical improvements in Internet security protocols should be
        sought on a continuing basis.  At the same time, personnel
        developing new protocols, hardware or software for the Internet
        are expected to include security considerations as part of the
        design and development process.





Pethia, Crocker, & Fraser