d

Security RFC: The Complete Documentation

• This category contains 4 Papers
• The last paper was added on 2007-03-26 (YYYY-MM-DD)

RFC 1281: Guidelines for the Secure Operation of the Internet

Published on November 1991, by R. Pethia, S. Crocker, B. Fraser, ©Network Working Group.

The purpose of this document is to provide a set of guidelines to aid in the secure operation of the Internet. During its history, the Internet has grown significantly and is now quite diverse. Its participants include government institutions and agencies, academic and research institutions, commercial network and electronic mail carriers, non-profit research centers and an increasing array of industrial organizations who are primarily users of the technology. Despite this dramatic growth, the system is still operated on a purely collaborative basis. Each participating network takes responsibility for its own operation. Service providers, private network operators, users and vendors all cooperate to keep the system functioning.

RFC 1858: Security Considerations for IP Fragment Filtering

Published on October 1995, by G. Ziemba, D. Reed, P. Traina, ©Network Working Group.

IP fragmentation can be used to disguise TCP packets from IP filters used in routers and hosts. This document describes two methods of attack as well as remedies to prevent them.

RFC 2196: Site Security Handbook

Published on September 1997, by B. Fraser, ©Network Working Group.

This handbook is the product of the Site Security Policy Handbook Working Group (SSPHWG), a combined effort of the Security Area and User Services Area of the Internet Engineering Task Force (IETF). This FYI RFC provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited.

RFC 2828: Internet Security Glossary

Published on May 2000, by R. Shirey, ©Network Working Group.

This Glossary (191 pages of definitions and 13 pages of references) provides abbreviations, explanations, and recommendations for use of information system security terminology. The intent is to improve the comprehensibility of writing that deals with Internet security, particularly Internet Standards documents (ISDs). To avoid confusion, ISDs should use the same term or definition whenever the same concept is mentioned. To improve international understanding, ISDs should use terms in their plainest, dictionary sense. ISDs should use terms established in standards documents and other well-founded publications and should avoid substituting private or newly made-up terms. ISDs should avoid terms that are proprietary or otherwise favor a particular vendor, or that create a bias toward a particular security technology or mechanism versus other, competing techniques that already exist or might be developed in the future.