A new For Your Information (FYI) Request for Comments is now available from the DDN Network Information Center in the online library at FTP.NISC.SRI.COM. FYI: 8: RFC: 1244: Title: Site Security Handbook Author: P. Holbrook & J. Reynolds Mailbox: holbrook@cic.net, jkrey@isi.edu Pages: 101 Characters: 253,471 Obsoletes/Updates: none pathname: rfc/fyi8.txt rfc/rfc1244.txt This FYI RFC is a first attempt at providing Internet users guidance on how to deal with security issues in the Internet. This handbook is meant to be a starting place for further research and should be viewed as a useful resource, but not the final authority. This handbook is the product of the Site Security Policy Handbook Working Group (SSPHWG), a combined effort of the Security Area and User Services Area of the Internet Engineering Task Force (IETF). This FYI RFC provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited. RFCs can be obtained via FTP from FTP.NISC.SRI.COM, NIS.NSF.NET, or NISC.JVNC.NET. FYI RFCs can be obtained from via FTP from FTP.NISC.SRI.COM, with the pathname rfc/fyimm.txt, or rfc/rfcnnnn.TXT (where "mm" refers to the number of the FYI and "nnnn" refers to the number of the RFC). Login with FTP username "anonymous" and password "guest". SRI also provides an automatic mail service for those sites which cannot use FTP. Address the request to MAIL-SERVER@NISC.SRI.COM and in the subject field of the message indicate the FYI or RFC to be sent: "send fyimm", or "send rfcnnnn". Multiple requests may be included in the same message. To obtain FYI RFCs from NIS.NSF.NET via FTP, login with username "anonymous" and password "guest"; then connect to the RFC directory ("cd RFC"). The file name is of the form RFCnnnn.TXT-1 (where "nnnn" refers to the number of the RFC). The NIS also provides an automatic mail service for those sites which cannot use FTP. Address the request to NIS-INFO@NIS.NSF.NET and leave the subject field of the message blank. The first line of the text of the message must be "SEND RFCnnnn.TXT-1", where nnnn is replaced by the RFC number. FYI RFCs can also be obtained via FTP from NISC.JVNC.NET, with the pathname rfc/RFCnnnn.TXT.v (where "nnnn" refers to the number of the RFC and "v" refers to the version number of the RFC). JvNCnet also provides a mail service for those sites which cannot use FTP. Address the request to SENDRFC@JVNC.NET and in the subject field of the message indicate the RFC number, as in "Subject: RFCnnnn" where nnnn is the RFC number. Please note that RFCs whose number are less than 1000 need not place a "0". (For example, RFC932 is fine.) No text in the body of the message is needed. Requests for special distribution should be addressed to either the author of the FYI RFC in question, or to NIC@NIC.DDN.MIL. Unless specifically noted otherwise on the FYI RFC itself, all FYI RFCs are for unlimited distribution. Submissions for FYI RFCs should be sent to JKREY@ISI.EDU. Please consult RFC 1150, "F.Y.I on F.Y.I: Introduction to the F.Y.I. Notes", for further information. Requests to be added to or deleted from this distribution list should be sent to RFC-REQUEST@NIC.DDN.MIL. Joyce K. Reynolds USC/Information Sciences Institute