Nist Ir4734

By Oldehoeft, Arthur E.

Book Id: WPLBN0000660090
Format Type: PDF eBook:
File Size: 3.23 MB
Reproduction Date: 2005

Title:	Nist Ir4734
Author:	Oldehoeft, Arthur E.
Volume:
Language:	English
Subject:	Technology., Reference materials, Technology and literature
Collections:	Techonology eBook Collection
Historic Publication Date:
Publisher:


Citation APA MLA Chicago E. Oldehoef, B. A. (n.d.). Nist Ir4734. Retrieved from http://gutenberg.cc/

Description
Technical Reference Publication

Excerpt
Introduction: After more than two decades of research, security in computer information systems remains one of the major issues of the day. While significant technological advances have been (and continue to be) made, the general problem of security has assumed larger and more complex dimensions - attributed in a large part to the development and pervasive use of computer networks. Computers in industry, universities, and government laboratories are now commonly part of local area networks which are in turn connected to larger regional, national and international networks. Many computers in businesses and homes have dial-up accessibility to other computers in this same web of interconnected networks. Major efforts have focused on the development of network communication protocols for efficient and reliable transmission of information while less attention has been devoted to the problems of security. In response to a universal acknowledgement of the need for information security, circumstances are changing?

Table of Contents
Contents 1 I1n.1t roBdauccktgiroonu nd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.2 Purpose and Scope of Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.3 Overview of Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 Evolution of the. N.R.E.N. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 Introduction 3 2.2 Early DARPA Sponsorship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1 National Science Foundation Sponsorship . . . . . . . . . . . . . . . . . . . . 5 2.2.2 Supercomputing Initiative . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.3 Development of a Higher Capacity Backbone . . . . . . . . . . . . . . . . . . 5 2.2.4 Experimental Gigabit Networks . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3 The Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.4 Present Federal Interest and Initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.4.1 Federal Councils, Committees and Information Offices . . . . . . . . . . . . . 8 2.4.2 High Performance Computing and Communications Initiative . . . . . . . . . 9 2.4.3 Mandate for a National Research and Educational Network . . . . . . . . . . 9 2.4.4 Pending Questions on General Policy . . . . . . . . . . . . . . . . . . . . . . . 11 2.5 Projected View of the NREN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.5.1 Long-Range View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.5.2 Fundamental Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.5.3 Constituency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.5.4 Network Topology and Security Considerations . . . . . . . . . . . . . . . . . 14 2.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3 F3.o1u nIdntartoidouncst ifoonr .a .N.a.ti.on.a.l .N.e.tw.o.rk. .S.ec.u.ri.ty. P. o.l.ic.y . . . . . . . . . . . . . . . . . . 1188 3.2 Computer Information Security and Security Policies . . . . . . . . . . . . . . . . . . 18 3.2.1 Concept of Computer Information Security . . . . . . . . . . . . . . . . . . . 18 3.2.2 Specification of a Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.3 Ethical and Legal Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.4 Need for a National Network Security Policy . . . . . . . . . . . . . . . . . . . . . . 20 3.5 Examples of Existing Organizational Policies . . . . . . . . . . . . . . . . . . . . . . 22 3.5.1 A Federal Agency Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.5.2 University Departments and Research Laboratories . . . . . . . . . . . . . . . 24 3.6 Draft Policy for Secure Operation of the Internet . . . . . . . . . . . . . . . . . . . . 27 3.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.8 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 4 P4.1r opOobsjeedct Siveecsu .ri.ty. P.o.li.c.y .fo.r. U.s.e .o.f .th.e. N.R.E.N. . . . . . . . . . . . . . . . . . . . . . 3333 4.2 Scope of the Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 4.3 Vulnerabilities and Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 4.4 ~ponsibilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 4.5 Examples of Second-Level Refinements of Responsibilities . . . . . . . . . . . . . . . 39 vii