home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
ietf
/
ssh
/
ssh-minutes-96dec.txt
< prev
next >
Wrap
Text File
|
1997-01-30
|
5KB
|
174 lines
Editor's note: These minutes have not been edited.
The meeting started off with Phil Nesser briefing us on what will
go into the Executive Summary of the SSH and USH (which Erik Huizer
suggested during the last meeting).
- Purpose of the summary: to give people reasons to read the
documents
- This will go into the Overview of the documents
- Phil Nesser will do the write-up
- Barbara will put in the final draft of the SSH next week
- Gary will do the index
- SSH should be released as RFC by the next IETF
The rest of the meeting concentrated on the USH.
Section 1:
- Is Section 1.1 (Why was This Written?) necessary?
It was decided that the heading for this section be removed and the text
to go under Sect. 1 itself (Who Cares?)
Section 2:
- "Commandments" to be one-line summaries of points which are expanded
on later in the document
- Here are the ones we came up with at the meeting... suggestions for new
ones and improvements are welcome:
o Know your policy and who/what supports it.
o Remember yor password and keep it secret.
o Know who to call for help.
o Everything on the Internet is accessible.
o Don't ask, don't tell.
o If in doubt, don't.
o Know the risks, balance the benefits.
o Logout before you leave.
Section 4:
- Add "Beware of leaving modem in auto-answer mode"
- Java scripts section to be added possibly to scetion 4's Viruses and
Other Illnesses (by Erik Guttman)
- Add section on fake terminal session logins
- Chris Lewis <> will do write-up
Section 5:
- Index has divided Section 5 into various parts... index not updated
as it was decided at the last meeting to do away with parts
Gary will update the index for Section 5
- Section is lengthy... Wilfred Erinbar <> will try to shorten it
- Last paragraph is too general for this section, so it will be moved
to Section 1 (probably 1.4)
- Currently, this section touches only on users revealing secrets to
to "social engineers"
Lorna <lorna@staff.singnet.com.sg> will add stuff on how users may
be used by attackers as "remote controllers" .... to include an
analogous
example of how no one should help someone else carry their bags through
Customs
Section 6:
- Main message to send across to users is that all information on their
account IS important even though they may not think so
- Also, to TELL users is that "computer networks are easier to snoop
and sniff than telephone networks"
- Users should bear in mind that any information sent over the Internet
is as good as public information ..... include examples of what sort
of information users may not want to reveal to simply anyone
Erik Guttman (I think) is doing this
- Stuff on credit card details sent over the Internet to be moved from
Section 8 to Section 6.
Section 7:
- "Someone is using your system and you don't know it. Know the normal
behaviour of your system, and be suspicious if it changes."
- "Be familiar with modem activity"
- "Upgrade networking software" --- this should not include only
"networking" software but all other software.
- Point out the "dangers" of upgrading shared system software...
- "Do not take advice simply from anyone."
- Add warning that even though USH may suggestion some things, the user
should be aware of his site's policy as the policy may say "no" to
certain
things
- "Dangers" of auditing tools...
Section 8:
- Should this section cater more to users who use the Internet through
their ISP connection?
- Point out clearly that "There are environments where services are run
an ISP's (Unix) system, and others in which the user's own PC runs the
jobs."
- Point out that "Users should not connect up to their ISP at the same
time
they are connected to their LAN (and vice versa)."
- "Beware of what anyone with physical access to your machine may do."
- What about "Beware pf security software on public terminals."
- Erik Guttman to touch up on this section.
Misc:
- We are looking for more urban legends to fit into the beginning of
each section (as appropriate). Currently, there is the "Final Year
Student" urban legend in Section 1.... try to keep other legends only
as long as this one (not too long)
- Add one part to say something along the lines of "by no means is this
document exhausive" at the beginning of the document
- "Some USH info is for you but not others..." Point out that not all
information in the document will be relevant to all users, and that
users should be aware of their own site's policy too
- Throughout the document, there are parts catered to Unix account users
and to PC users, but it is not clearly spelt out which is for which...
Suggestion to have:
"On a personal computer, <blah, blah, blah>"
"On a Unix system, <blah, blah, blah>"
- Throughout the document, we shold mention that "we offer suggestions but
you should see your appropriate support staff for further information"
- When most sections have been written, we will get people to look
through the entire document for grammar, spelling mistakes, and to
make improvements for clarity. In the meantime, any editorial comments
may be sent to Gary Malkin <gmalkin@baynetworks.com>
----- End Included Message -----