Security matters - technical guide

Download as PDFDownload as PDF

GD/JANET/TECH/001 (13/04)

The security of computers, data and networks should be a matter of importance to everyone who uses them. Isolated individual computers are relatively secure provided their physical well-being is ensured; regular backups should be sufficient to ensure the integrity of the data they hold. However, once a computer is connected to a network, whether local or wide area, there are many other concerns that must be addressed. Connecting to a network provides many advantages - for example, it facilitates information sharing - but it can also expose computers and their users to threats against their proper operation and the safety and privacy of the data they hold.

Any organisation connecting its computers to a network should take measures to protect them, and their users, against attack. The particular measures required will vary according to local conditions and which services the organisation wishes to access and offer across the network. On a local network such measures represent good practice; when connecting to the Internet via Janet they are essential. Janet and the worldwide Internet contain a huge and diverse community of users. Both the opportunities and threats presented by this community need to be respected.

This guide discusses some of the more important issues that arise as soon as an organisation connects to Janet. The topic of security is complex and this Guide cannot be comprehensive; consequently it identifies the main threats and points to other published material that contains detailed information on implementing countermeasures. The security of individual hosts is discussed as well as the security measures that can be taken at the network level, using routers or firewalls. These techniques have complementary strengths and weaknesses and any effective security implementation is likely to involve a combination of different approaches. We hope that this guide will provide the information needed by service managers and administrators to improve the safety of their own section of the Internet.