RFC 2196 (rfc2196) - Page 1 of 75


Site Security Handbook



Alternative Format: Original Text Document



Network Working Group                                      B. Fraser
Request for Comments: 2196                                    Editor
FYI: 8                                                       SEI/CMU
Obsoletes: 1244                                       September 1997
Category: Informational


                         Site Security Handbook


Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Abstract

   This handbook is a guide to developing computer security policies and
   procedures for sites that have systems on the Internet.  The purpose
   of this handbook is to provide practical guidance to administrators
   trying to secure their information and services.  The subjects
   covered include policy content and formation, a broad range of
   technical system and network security topics, and security incident
   response.


Table of Contents

1.   Introduction....................................................  2
1.1  Purpose of this Work............................................  3
1.2  Audience........................................................  3
1.3  Definitions.....................................................  3
1.4  Related Work....................................................  4
1.5  Basic Approach..................................................  4
1.6  Risk Assessment.................................................  5
2.   Security Policies...............................................  6
2.1  What is a Security Policy and Why Have One?.....................  6
2.2  What Makes a Good Security Policy?..............................  9
2.3  Keeping the Policy Flexible..................................... 11
3.   Architecture.................................................... 11
3.1  Objectives...................................................... 11
3.2  Network and Service Configuration............................... 14
3.3  Firewalls....................................................... 20
4.   Security Services and Procedures................................ 24
4.1  Authentication.................................................. 24
4.2  Confidentiality................................................. 28
4.3  Integrity....................................................... 28



Fraser, Ed.                Informational