FIPS PUB 191,FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION: SPECIFICATIONS FOR GUIDELINE FOR THE ANALYSIS LOCAL AREA NETWORK (LAN) SECURITY (09 NOV 1994)

FIPS PUB 191,FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION: SPECIFICATIONS FOR GUIDELINE FOR THE ANALYSIS LOCAL AREA NETWORK (LAN) SECURITY (09 NOV 1994)., Local area networks (LANs) have become a major tool to many organizations in meeting data processing and data communication needs. Prior to the use of LANs, most processing and communications were centralized; the information and control of that information were centralized as well. Now LANs logically and physically extend data, processing and communication facilities across the organization Security services that protect the data, processing and communication facilities must also be distributed throughout the LAN. For example, sending sensitive files that are protected with stringent access controls on one system, over a LAN to another system that has no access control protection, defeats the efforts made on the first system. Users must ensure that their data and the LAN itself are adequately protected. LAN security should be an integral part of the whole LAN, and should be important to all users. Electronic mail (email), a major application provided by most LANs, replaces much of the interoffice and even interorganizational mail that is written on paper and placed in an envelope. This envelope provides some confidentiality between the sender and receiver, and it can even be argued that the integrity of the paper envelope provides the receiver with some degree of assurance that the message was not altered. Using electronic mail does not provide these assurances. Simple transfers on unprotected LANs of inadequately protected electronic mail messages can be captured and read or perhaps even altered. For some LANs, there can be no assurance that the message actually was sent from the named sender. Fortunately tools such as encryption, digital signatures, and message authentication codes help solve these problems and can help provide some assurance. Understanding the necessity to provide security on a LAN and how to decide the appropriate security measures needed are major goals of this document. The intended readers of this document include organizational management, LAN administrators, system administrators, security officers, LAN users and others who have a responsibility for protecting information processed, stored or associated with a LAN. The purpose of this document is to help the reader understand the need for LAN security and to provide guidance in determining effective LAN security controls.