Re: Point of order re: Internet Security Guidelines I-D
matsb@sics.se Tue, 25 June 1991 17:46 UTC
Received: from mcsun.EU.net by NRI.NRI.Reston.VA.US id aa16019; 25 Jun 91 13:46 EDT
Received: by mcsun.EU.net via EUnet; id AA09735 (5.65a/CWI-2.95); Tue, 25 Jun 91 17:48:16 +0200
Received: from sics.se by sunic.sunet.se (5.61+IDA/KTH/LTH/1.196) id AAsunic04331; Tue, 25 Jun 91 14:44:54 +0200
Received: from asia.sics.se by sics.se (5.61-bind 1.5+ida/SiteCap-3.0) id AA21048; Tue, 25 Jun 91 14:44:45 +0200
Received: from localhost by asia.sics.se (5.61-bind 1.4+ida/SiteCap-3.0) id AA08670; Tue, 25 Jun 91 14:44:43 +0200
Message-Id: <9106251244.AA08670@asia.sics.se>
To: Stephen D Crocker <crocker@tis.com>
Cc: Craig Partridge <craig@sics.se>, iab@isi.edu, iesg@NRI.Reston.VA.US, spwg@NRI.Reston.VA.US
Subject: Re: Point of order re: Internet Security Guidelines I-D
In-Reply-To: Your message of Mon, 24 Jun 91 10:47:32 -0400. <9106241448.AA26220@TIS.COM>
Date: Tue, 25 Jun 1991 14:44:37 +0200
From: matsb@sics.se
Steve Crocker wrote: Let's move further discussion of the merits and specifics of the Internet Security Guidelines I-D back to the SPWG mailing list (spwg@nri.reston.va.us). It's evident that the IAB has not accepted the document in its current form and that additional work is needed. The authors will make the necessary changes as soon as possible and it will be resubmitted as an I-D. I have only printed the extensive document so far and taken a very quick glance at it. I have a feeling that the missing part to it, is a cover explaining what "one" should do with it. Some suggestions: - Promote Security Knowledge trough seminars and lectures for users in general, special cources for sysadms and security resp persons, and industry! - Recommend each networked organsation to establish a security policy with a minimi recommended checklist on what it should contain - Suggest to implement a security service description to be part of a contract between a service provider and a customer. Preferably with a checklist on what such a contract could contain (responsibilities for each party, contact info for key personell, rules when an organisation may be cut off from the WAN (e g repeated cracking attempts from users at site) and rules to establish connectivity again (need for customer site to document what actions they have taken...) --mats
- Point of order re: Internet Security Guidelines I… Stephen D Crocker
- Re: Point of order re: Internet Security Guidelin… Stephen D Crocker
- re: Point of order re: Internet Security Guidelin… Craig Partridge
- Re: Point of order re: Internet Security Guidelin… matsb
- Re: Point of order re: Internet Security Guidelin… Stephen D Crocker