Network Working Group                            Philip J. Nesser II
draft-ietf-ssh-overview-00.txt            Nesser & Nesser Consulting
Internet Draft                                         December 1996

        Overview of the Site Security Handbook Working Group

Status of this Memo

   This document is an Internet Draft. Internet Drafts are working
   documents of the Internet Engineering Task Force (IETF), its Areas,
   and its Working Groups. Note that other groups may also distribute
   working documents as Internet Drafts.

   Internet Drafts are draft documents valid for a maximum of six
   months. Internet Drafts may be updated, replaced, or obsoleted by
   Internet Drafts are draft documents valid for a maximum of six
   months. Internet Drafts may be updated, replaced, or obsoleted by
   other documents at any time. It is not appropriate to use Internet
   Drafts as reference material or to cite them other than as a "working
   draft" or "work in progress".

   Please check the I-D abstract listing contained in each Internet
   Draft directory to learn the current status of this or any other
   Internet Draft.

Abstract

   The Site Security Handbook(SSH) Working Group(WG) of the Internet
   Engineering Task Force (IETF) has been working since 1994 to produce
   a pair of documents designed to educate the Internet community in
   the area of security.  The first document is a complete reworking of
   RFC 1244, and is targeted at system and network administrators, as
   well as decision makers (middle management).   The second document
   is targeted at end users of computer and network systems, including
   individuals using a modem and computer at home.

1.0 Introduction

   The original Site Security Handbook (RFC 1244) was published in mid
   1991 as an aid for system and network administrator who wished to
   improve the security of their networks and systems.  With the rapid
   growth, expansion, and changing nature of the Internet, the need to
   update RFC 1244 to include the latest changes in security technology
   was clear.

   Additionaly, the need for a document to describe security concepts
   to end users who are typically unaware of the security implications
   of their actions was needed.

   The first of these documents is approximately sixty pages in length,
   plus appendices, while the second document is approximately twenty
   pages in length.  This document is designed as an executive summary
   of those much longer documents.


2.0 The Site Security Handbook

   The SSH is divided into 10 sections.  Each of the sections are
   briefly described below.

2.1  Introduction

   This section describes the scope, purpose, audience, and definitions
   of the document.  It additionaly discusses the basic approaches used
   throughout the handbook, as well as a discussion of risk assessment.

2.2 Security Policies

   This section gives a complete discussion of security policies,
   including the defintion and purpose of security policies, as well as
   who should be involved in the creation of the policy and why one is
   neccessary.   An excellent discussion of the trade-offs and goals
   that make up a good policy is given.

2.3  Architecture

   This section discusses the need to define a security architecture to
   contain the policies discussed in section two.  Different
   architecture philosophies are compared.  An in-depth discussion of
   network and service configuration is done covering all major aspects
   of the security architecture, including the infrastructure (networks,
   routers, network management, etc.), and a detailed coverage of all
   major network services (DNS, NIS, Email, WWW, FTP, TFTP, NFS, WAIS,
   GOPHER, etc.).  A significant portion of this section is a
   discussion of firewalls, firewall technology, and implementation
   concerns.

2.4  Security Services and Procedures

   This section is a general description of security topics which are
   relevant and should be addressed and understood when designing
   security policies.  Specific topics covered include:
   authentication, one-time passwords, kerberos, chosing and protecting
   secret tokens and pins, password assurance, confidentiality,
   integrity, authorization, access (including physical access, network
   access, and modem lines), auditing, and backup security.  Each of
   the proceding topics are covered in significant depth.

2.5 Security Incident Handling

   The section supplies guidance to be applied before, during and after
   a security incident.  Specifically, a framework and set of
   guidelines is provided to assist sites in defining policies to
   handle security incidents.  Topics addressed include who to notify,
   how to determine who is in charge of handling the incident,  law
   enforcement agencies, defining incident handling teams, informing
   other breached sites, dealing with the press, idenitification of
   incidents, collecting evidence, containg the intrusion, eradication
   of the intrusion, and follow-up after the incident.

2.6 Ongoing Activities

   This section lists a number of on going activities which have been
   found useful to keep current on current security information.

2.7  Tools and Locations

   This section provides a brief overview of publically availble
   security technology on the Internet.  Information on the location of
   these tools is also provided.

2.8  Mailing Lists and Other Resouces

   An anotated list of mailing lists, usenet groups, and world wide web
   pages are presented which contain relevant information.

2.9  Reference

   A complete list of the references presented in the document.

2.10  Annotated Bibliography

   A large list of annotated bibliographic references are provided
   covering a large body of computer securty related topics.

3.0  User Security Handbook

   The User Security Handbook (USH) is divided into eight sections
   which are desribed below.

3.1  Who Cares?

   This section descibes the audience for this document and covers
   basic terms which are used throughtout.

3.2  The ?? Commandments

    This section under construction.

3.3  READ.ME

   This section descibes the documents which are critical for the use
   to read and why they should be read.

3.4  Just Do It

   A number of core items are covered that users need to be aware of.
   These include issue involving passwords, viruses, modems, abandoned
   terminals, file protections, and encryption.

3.5  Paranoia is Good

   This section covers the concepts of "social engineering," that is
   the technique whereby an intruder tries to convince an internal
   user to give some key information or access.

3.6  The Wires Have Ears

   This section tries to educate users about how easy it is for the
   intruder to listen to all network traffic that is not encrypted.

3.7  Incident Handling

   This section described the steps a user might take if they suspect
   that their account or machines may have been compromised, as well as
   how to respond to the incident.

3.8  Home Alone

   This section is specifically written for the home user who is
   connected to the Internet via a modem.  Specific information
   provided and topics covered include: how to pick and Internet
   Service Provider (ISP), email, bulletin board systems (bbs), the
   world wide web (www), dangers of downloading files, remote logins,
   and daemons.


4.0  Security Considerations

   This document is an overview of the two documents created by the
   SSH working group of the IETF.   These two documents deal
   exclusively with security issues.


5.0  Authors' Addresses

   Philip J. Nesser II
   Nesser & Nesser Consulting
   13501 100th Ave NE, Suite 5202
   Kirkland, WA 98034
   USA

   Phone: (206)481-4303
   Email: pjnesser@martigny.ai.mit.edu