Tech-invite3GPPspaceIETFspace
959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 2150

Humanities and Arts: Sharing Center Stage on the Internet

Pages: 62
FYI 31
Part 3 of 3 – Pages 42 to 62
First   Prev   None

ToP   noToC   RFC2150 - Page 42   prevText
8.  Issues and Challenges

   The Internet has many issues and challenges, among which are
   security, privacy, property rights, copyrights and freedom of speech.
   Security issues involve both the security of your data, as well as
   your image.  Viruses can be transmitted easily over the net, and
   precautions should always be taken.  If you choose to keep your own
   information available on the net it can be the subject of vandalism
   and theft.  You may also find yourself being persecuted for the
   information you provide as more and more people join the Internet
   community and feel the need to impose their morality upon it.

   This is no different from any society.  We must draw our own lines,
   and our own conclusions.  This section is terribly brief, and
   entirely summary in nature, and is in no way intended to be
   comprehensive.  It is intended to warn you and advise you.  If you
   have real concerns about your property rights, copyrights, and/or
   personal rights, please do your own research.  Internet laws are in
   such a state of flux that they are changing as I write this, and they
   will be changing as you read it.

   At last check, however, freedom of speech was prevailing in the
   United States, and so far the government has not upheld any laws
   prohibiting the exhibition of anything on the Internet.  Support your
   local constitutional rights.
ToP   noToC   RFC2150 - Page 43
8.1 Security Issues

   There are three major security areas of which the Internet user
   should be aware; Security of content, Site security, and Security of
   ownership.

   Security of Content, ensures that that which you put on the Internet
   is not altered, or vandalized.  Some Web Servers are inadequately
   secured, allowing vandals to modify your pages on your web sites,
   without your knowledge or permission.  If your pages are your
   business, you can imagine the problems this might cause.  Your words,
   art, and other work could be changed, your image tarnished.  If you
   cannot ensure that the content of your site cannot be corrupted, at
   least check it frequently to ensure that it has not been.  Keep
   frequent back-ups and periodically verify that you can retrieve data
   from them.

   Site security, will protect your data from viruses, worms, and sneak
   piracy.  Some software pirates, on the Internet, use unsuspecting
   sites to run their schemes.  Anonymous FTP servers which have write
   permission are most vulnerable.  Pirates can upload software onto
   your machine using cryptic filenames you may not even see in standard
   directory listings, and then publish the softwares whereabouts for
   others to download.  Not only will this compromise your reputation on
   the Internet for responsible system administration, it may make you
   liable for damages.  Learn what you need to learn to secure your
   system, or hire some security muscle to tighten down your site for
   you.  Section 11 provides some good information to get you started.

   Security of Ownership, involves copyrights and intellectual property
   laws.  If your work is your livelihood, having your rights
   compromised could be disastrous.  Section 8.4 provides an
   introduction to copyrights.

   This document only intends to bring the issues to your attention, and
   does not aspire to thoroughly cover these subjects.

   Please read another project of the IETF, the Site Security Handbook
   (FYI 8, RFC 2196), ftp://ds.internic.net/rfc/rfc2196.

   The Handbook is a guide to developing computer security policies and
   procedures for sites that have systems on the Internet.  The purpose
   of this handbook is to provide practical guidance to administrators
   trying to secure their information and services.  The subjects
   covered include policy content and formation, a broad range of
   technical system and network security topics, and security incident
   response.
ToP   noToC   RFC2150 - Page 44
   Section 11 provides more information on site security.

8.2 Viruses

   A "virus" is a program that modifies other programs by placing a copy
   of itself inside them.  It cannot run independently.  It requires
   that its host program be run to activate it.

   The damage caused by a virus may consist of the deletion of data or
   programs, maybe even reformatting of the hard disk, but more subtle
   damage is also possible.  Some viruses may modify data or introduce
   typing errors into text.  Other viruses may have no intentional
   effects other than replicating itself.

   Viruses can be transmitted over the Internet inside other programs,
   but usually they are transmitted by floppy disk.  Your best bet is to
   purchase a really versatile and up-to-date virus checking program
   from your local software retailer, and run it over every floppy you
   plan to read, and every program you plan to run, as well as
   periodically over the entire machine.

   Computer viruses are enough like organic viruses that many of the
   same precautions apply.  Early detection is key.  Diligence will
   mitigate potential damage, but frequent incremental backups are your
   best strategy for recovery.

8.3  The Standard Disclaimer

   As you have observed throughout the document, it is not common for
   you to get Internet access without having a provider of that access.
   Some Providers, such as universities and business, often require that
   you provide a disclaimer on every page stating that your opinions are
   your own, and not necessarily those of your affiliation.  What
   follows is a  sample Standard Disclaimer:

      This information is provided as-is. No warranty as to the accuracy
      is guaranteed.  Opinions expressed are entirely those of myself
      and/or my colleagues and cannot be taken to represent views of our
      employer.  If you notice something incorrect or have any comments,
      feel free to mail me.

   Other examples of disclaimers can be found via the search links
   listed in Appendix B.
ToP   noToC   RFC2150 - Page 45
8.4 Copyrights and Intellectual Property Issues

   The arrival of the Information Age has emphasized many questions that
   human society must answer.  One of the most important of these is the
   question of "Intellectual Property", which asks: "when and where is
   it appropriate to allow people to own information?"

   Copyright, Trademark, and Patent law are some of society's responses
   to earlier versions of this question.  They support the idea of
   ownership of ideas, or information, which can be used to assist the
   creators of the information in making a living from its creation.
   This is good for society.

   It is also good for society for information to flow freely.  Our
   technology, and even our society are built on a growing pool of
   shared information.  If we restrict the flow of information into that
   pool, then we restrict the rate at which society grows and becomes
   wiser.

   These two opposing drives have been highlighted by our newfound
   ability to distill many different things down to information that can
   be stored on a computer.  One of the computers greatest virtues is
   that once you network them together, the information they hold
   becomes more fluid, more easily moved, changed or copied.  This is
   great for society, but may not be so great if you spent your life
   creating that "information", and would like compensation.

   Because Copyright, Trademark, and Patent law were never designed for
   an economy built out of information, understanding how they apply to
   your information can be a tricky thing.  Since these laws vary from
   place to place, it is also difficult to know how to apply them to the
   Internet which has no definite location.  Worse yet, most of these
   laws are in the process of being rewritten today, a state that will
   continue for a long time because no one seems to know what to do
   about it.

   With that in mind though, here is how things stand today...

8.4.1 Copyright

   A Copyright is first established when a work is "set in media", which
   extends from paper to the Internet.  A work, once published in a web
   page, for example, is said to be "owned" by its owner.  However,
   applying for, and being granted, a copyright on your work by The
   Copyright Office of the Library of Congress will give your rights
   more legal weight.  Whether you plan to put your own works on the
   Internet, or simply download the works of others, you may want to
   familiarize yourself with the rights granted by "Copyright" as well
ToP   noToC   RFC2150 - Page 46
   as The Berne Convention for the Protection of Literary and Artistic
   Works.

   Sample Copyright Notice

      Permission is granted to transfer this document electronically
      only for the purposes of viewing it on the world wide web. Subject
      to fair use provisions, the right to print this document or to
      make electronic copies of this document available to others is
      expressly retained although direct requests will be considered.

8.4.2 Trademark

   A Trademark is a word, phrase, symbol or design, or the combination
   of words, phrases, symbols or designs, used to identify and
   distinguish the goods or services of one party from those of others.

   Trademark issues include both Trademarks which you own, and
   Trademarks which are owned by others.  If you own your own Trademark,
   you may want to familiarize yourself with legal ways of protecting
   it.  Some of the pointers in Appendix B provide that information, but
   we recommend retaining your own legal council.

   Trademark Infringement occurs when there is a "likelihood that
   consumers will be mislead or confused as to the source or origin of
   the goods or services.  This is the basic test used under both common
   law, and U.S. Federal Law.

   One issue regarding Trademarks on the Internet, is that of Domain
   Names which resemble, or infringe upon registered Trademarks.  Each
   case is being handled individually, and the text of cases can be
   found on many Internet sites.  The short version is that if a Domain
   Name is registered in good faith, "innocent registrations", the
   register can often keep the name, however, if the domain name is
   being used by a competitor, or to "force the trademark owner to pay a
   sum of money to acquire the name", the courts will generally not
   allow the register to keep the name, or profit from it.

   Trademark Dilution occurs when unauthorized use of a mark on
   dissimilar products or for dissimilar services causes the mark to
   cease functioning as a unique identifier, or becomes consciously or
   unconsciously linked with poor quality goods or services.  The
   Federal Trademark Dilution Act covers these issues.  If you may put
   trademarks on your web page, be sure you do not infringe upon the
   rights of the owner of the trademark.
ToP   noToC   RFC2150 - Page 47
   A good rule of thumb, offered by one company with concerns for their
   trademark, is that, if you mean a tissue, you should say "tissue", if
   you use the Kleenex(R) name, use its Registration mark "(R)".

8.4.3 Privacy

   The concept of trademarks extends to personal names or likenesses, in
   that you can infringe on their rights, including their right to
   privacy.  This issue has both legal and ethical implications.

   U.S law currently recognizes four types of invasions of privacy:
   intrusion, appropriation of name or likeness, unreasonable publicity
   and false light.  In most states people have a "Right of Publicity"
   which gives individuals the exclusive right to license the use of his
   identity.  You will want familiarize yourself with privacy law if you
   want to make other peoples likeness, name, address, or others
   personal information available on the Internet.

   Rights vary from state to state and country to country and many
   international, and U.S. sites are provided in the Law section of
   Appendix B.

8.4.4 Seek Professional Advice

   A number of organizations exist which can be of assistance in
   ascertaining the appropriate legal status, law, statute, or standing,
   of your particular issue and helping you understand your rights and
   responsibilities.

   One of these is The Citizens Internet Empowerment Coalition, CIEC.
   CIEC is a large and diverse group of Internet users, businesses,
   non-profit groups, and civil liberties advocates, who share the
   common goal of protecting the First Amendment and the viability of
   the Internet as a means of free expression, education, and commerce.

   The CIEC homepage URL is listed and a number of sites in the U.S. and
   other countries are represented in Appendix B, under the heading
   "Law".

8.5 Conducting Business over the Internet

   Since people are doing business over the Internet, they want to
   ensure that their personal information, credit card number, etc. is
   not used or compromised in any way.  Since the Internet is a public
   place, the only way to get information across it without anyone being
   able to retrieve it, is to encrypt it.  Encryption, is a process for
   scrambling access codes to prevent illicit entry into a system.  The
   study and work for people creating these system is called
ToP   noToC   RFC2150 - Page 48
   Cryptography.

   Secure HTTP (S-HTTP) provides secure communication mechanisms between
   an HTTP client-server pair in order to enable spontaneous commercial
   transactions for a wide range of applications.  SHTTP and SHTML are
   Internet-Drafts, which are "works in progress" of the Internet
   Engineering Task Force WTS working group.  The Resources section
   provides information on retrieving Internet-Drafts.

   You should be aware that encrypted communications are illegal in some
   parts of the world.  You should check your local laws regarding legal
   uses of encryption.

   Before you begin installing any encryption software, back up your
   files and make sure your computer is not needed for any deadline
   tasks in the next few minutes or hours. If you mess up the
   installation or forget some password along the way, your files will
   be protected from everyone, including you.

8.6 Netiquette

   Like any community, the Internet has a code of conduct, for which the
   users have created the term "Netiquette".  Much of it will probably
   seem like common sense, but since the Internet spans many cultures'
   ideas of "common sense", its worth paying attention.  Remember, when
   you put something onto the Internet, you're publishing it in front of
   a very large audience.

   What follows is a few short ideas to start out with.  If you wish to
   behave well on the Internet, you really should read:

   FYI 28 "Netiquette Guidelines", (Also RFC 1855), October 1995.
   available at ftp://ds.internic.net/rfc/rfc1855.txt

   First of all, most forums have their own guidelines posted near the
   door for new arrivals.  For Usenet News, for example, read
   news.announce.newusers.  It never hurts to keep silent until you know
   your audience better.  Once you join a forum, see how others behave
   before making too much of an impression.  Also, try not to jump to
   conclusions about others.  Internet media conveys attitudes and
   emotions differently than face-to-face, or even telephone
   communication.  You are also dealing with more cultural diversity on
   the Internet than you are likely familiar with.  Realize that many
   things have very different meanings in other cultures than they might
   in yours.  Try not to take things too personally.  Avoid attributing
   to malice what might be adequately explained by ignorance.  And hope
   others will do the same.
ToP   noToC   RFC2150 - Page 49
9.  Glossary

   This glossary contains a few of the words used in this document,
   which were least likely to appear in any common dictionary.  If there
   are other words in the document which are not in your dictionary,
   some other glossaries are referenced in the Resources section which
   follows.


      Boolean:    adj. Of or relating to an algebraic combinatorial
                  system treating variables, as propositions and
                  computer logic elements through the operators AND, OR,
                  NOT, IF, THEN, and EXCEPT.

      access:     n. 1. A means of approaching, passage; 2. The right to
                  enter or use.  v. To gain access. e.g., computer
                  information.

      bandwidth:  Technically, the difference, in Hertz (Hz), between
                  the highest and lowest frequencies of a transmission
                  channel.  However, as typically used, the amount of
                  data that can be sent through a given communications
                  circuit.

      bit:        n. (From "Binary digIT") 1. A single character of a
                  language having just two characters, as either of the
                  binary digits 0 or 1.  2. a unit of information
                  storage capacity, as of computer memory.

      bitmap:     A graphic image format which consists of a list of
                  pixel colors, or shades of gray, and header
                  information describing how to map this list of pixels
                  back into the image.  Bitmap formats are .bmp in
                  Windows, .pict on a Macintosh, and .anm and .btm on
                  Unix.

      broadcast:  A special type of multicast packet which all nodes on
                  the network are always willing to receive.  See also:
                  multicast, unicast.

      btw:        By The Way

      byte:       8 bits

      encryption: The manipulation of a packet's data in order to
                  prevent any but the intended recipient from reading
                  that data. There are many types of data encryption,
                  and they are the basis of network security.
ToP   noToC   RFC2150 - Page 50
      fyi:        For Your Information

      html:       HyperText Markup Language:
                  The language used to create hypertext documents.  It
                  is a subset of SGML and includes the mechanisms to
                  establish hyperlinks to other documents.

      http:       HyperText Transfer Protocol:
                  The protocol used by WWW to transfer HTML files.  A
                  formal standard is still under development in the
                  IETF.

      hyperlink:  A pointer within a hypertext document which points
                  (links) to another document, which may or may not also
                  be a hypertext document

      hypertext:  A document format which contains "hyperlinks" to
                  other documents.

      imho:       In My Humble/Honest Opinion

      interactive: Capable of acting on, or influencing each other.

      lag:        The failing behind or retardation of one phenomenon
                  with respect to another to which it is closely
                  related; time delay.

      multicast:  A packet with a special destination address which
                  multiple nodes on the network may be willing to
                  receive.  See also: broadcast, unicast.

      multimedia: Transmission that combine media of communication (text
                  an graphics and sound etc.)

      netlag:     time delay over the Internet.  See also: lag.

      packet:     The unit of data sent across a network.

      proprietary:Manufactured articles which some person or persons
                  have exclusive right to make and sell. [from
                  U.S.Statutes]

      protocol:   A formal description of message formats and the rules
                  two computers must follow to exchange those messages.
                  Protocols can describe low-level details of machine-
                  to-machine interfaces (e.g., the order in which bits
ToP   noToC   RFC2150 - Page 51
                  and bytes are sent across a wire) or high-level
                  exchanges between allocation programs (e.g., the way
                  in which two programs transfer a file across the
                  Internet).

      realtime:   occuring at and in the present time

      reflector:  A file server whose purpose is to receive packets from
                  a source site and forward it to other sites.

      ttfn:       ta ta for now  - a colloquialism for goodbye.

      unicast:    An address which only one host will recognize.  See
                  also: broadcast, multicast.

      url:        Uniform Resource Locator:
                  A URL is a compact string representation for a
                  resource available on the Internet. The syntax and
                  semantics for URLs are defined in RFC 1738.

      virtual:    Not real, but similar in relevant ways.

10.  Resources, References, etc.

   The information in this document has been gleaned from the minds of
   its authors and contributors, and from some of the following sources.
   More information on the topics discussed can be found in these
   sources, and in the information referenced in Appendix B.

10.1 RFCs and Internet-Drafts

   One of the most important collections of informational documents
   about the Internet are written as Requests for Comment by the
   Internet Engineering Task Force, IETF.  The name Request for Comment
   is historical, as these documents are submitted by their authors' for
   the approval of the Internet community as Internet Standards, and
   valid Informational RFCs called FYIs, of which this document is one.

   Basically, if the IETF collective uses a tool or resource, they
   document its use in an RFC so that there is no mystery to its
   functionality, uses, designations, specifications, or purposes.

   More information on RFCs, FYIs, the IETF, and its organizations,
   documents, policies and purposes can be found in the RFCs themselves,
   or at http://www.ietf.org/ and http://www.isi.edu/rfc-editor/
ToP   noToC   RFC2150 - Page 52
   There are many way to get copies of RFCs over the Internet (see
   ConneXions, Vol.6, No.1, January 1992).  Most of these simply access
   a directory of files where each RFC is in a file.  The searching
   capability is generally limited to the filename recognition features
   of that system.

   The ISI RFC-INFO server is a system through which you can search for
   an RFC by author, date, or keyword (all title words are automatically
   keywords).

   RFC-INFO is an e-mail based service to help in locating and retrieval
   of RFCs and FYIs.  Users can ask for "lists" of all RFCs and FYIs
   having certain attributes ("filters") such as their ID, keywords,
   title, author, issuing organization, and date.  Once an RFC is
   uniquely identified (e.g., by its RFC number) it may also be
   retrieved.

   To use the service send e-mail to RFC-INFO@ISI.EDU with your requests
   in the body of the message.  Feel free to put anything in the
   SUBJECT, the system ignores it.  This service is case independent.
   Appendix C provides examples for using the RFC server.

10.2 Internet Documents

   FYI 18 "Internet Users' Glossary", (Also RFC 1983), August 1996.
   Available at ftp://ds.internic.net/rfc/rfc1983.txt

   FYI 22 "Frequently Asked Questions for Schools", (Also RFC 1941), May
   1996.  Available at ftp://ds.internic.net/rfc/rfc1941.txt

   FYI 28 "Netiquette Guidelines", (Also RFC 1855), October 1995.
   Available at ftp://ds.internic.net/rfc/rfc1855.txt

   FYI 29 "Catalogue of Network Training Materials", (Also RFC 2007),
   October 1996.  Available at ftp://ds.internic.net/rfc/rfc2007.txt

   RFC 1866 "Hypertext Markup Language - 2.0", November 1995.  Available
   at ftp://ds.internic.net/rfc/rfc1866.txt

   RFC 1942 "HTML Tables", May 1996.  Available at
   ftp://ds.internic.net/rfc/rfc1942.txt

   RFC 2070 "Internationalization of the Hypertext Markup Language",
   January 1997.  Available at ftp://ds.internic.net/rfc/rfc2070.txt

   RFC 2068 "Hypertext Transfer Protocol -- HTTP/1.1", January 1997.
   Available at ftp://ds.internic.net/rfc/rfc2068.txt
ToP   noToC   RFC2150 - Page 53
   RFC 2084 "Considerations for Web Transaction Security", January 1997.
   Available at ftp://ds.internic.net/rfc/rfc2084.txt

   RFC 1738 "Uniform Resource Locators", December 1994.  Available at
   ftp://ds.internic.net/rfc/rfc1738.txt

   RFC 977 "Network News Transfer Protocol", February 1986.  Available
   at ftp://ds.internic.net/rfc/rfc977.txt

   RFC 821 "Simple Mail Transfer Protocol", STD 10, August 1982.
   Available at ftp://ds.internic.net/rfc/rfc821.txt

   RFC 959 "The File Transfer Protocol", STD 9, October 1985.  Available
   at ftp://ds.internic.net/rfc/rfc959.txt

   RFC 1034 "Domain Names - Concepts and Facilities", STD 13, November
   1987.  Available at ftp://ds.internic.net/rfc/rfc1034.txt

   RFC 1035 "Domain Names - Implementation and Specification", STD 13,
   November 1987. Available at ftp://ds.internic.net/rfc/rfc1035.txt

   RFC 791 "Internet Protocol", STD 5, September 1981.  Available at
   ftp://ds.internic.net/rfc/rfc760.txt

Internet Drafts

   The Secure HyperText Transfer Protocol, SHTTP.
   ftp://ds.internic.net/internet-drafts/draft-ietf-wts-shttp-04.txt

10.3 Other Sources

   The Getty Research Institute for the history of art and the
   humanities is one of six independent entities of the J. Paul Getty
   Trust.  Its goals as a research institute are to promote innovative
   scholarship in the arts and the humanities, cross traditional
   academic boundaries, and provide a unique environment for research,
   critical inquiry, and debate.  You can contact the institute at:

      The Getty Research Institute
      401 Wilshire Blvd.
      Santa Monica, CA 90401
      PHONE: (310) 458-9811,  FAX: (310) 458-6661

   The National Initiative for a Networked Cultural Heritage (NINCH)
   is a broad coalition of arts, humanities and social science
   organizations formed to assure the fullest possible participation of
   the cultural sector in the new digitally networked environment.
ToP   noToC   RFC2150 - Page 54
      National Initiative for a Networked Cultural Heritage (NINCH)
      21 Dupont Circle NW, Washington, DC 20036
      Tel: 202/296-5346 http://www-ninch.cni.org  Fax: 202/872-0886

10.4  Freely Available Web Browser Software

   The University of Illinois at Urbana-Champaign, National Center for
   Supercomputing Applications, NCSA, developed the first Mosaic
   Browser, and continues to maintain and update it, as well as making
   it freely available over the Internet at http://www.ncsa.uiuc.edu/.
   Hardcopy manuals and software disks and tapes can be ordered through
   the NCSA Technical Resources Catalog for postage and handling charges
   only.  Postage and handling on all orders must be prepaid.  For a
   copy of the catalog, contact NCSA Orders by email at
   orders@ncsa.uiuc.edu, by phone at 217-244-4130, or by U.S. mail at:

   NCSA Orders, 152 Computing Applications Building, 605 E. Springfield
   Avenue, Champaign, IL 61820-5518

10.5  The Internet Assigned Numbers Authority

   The IANA coordinates the assignment and use of various Internet
   protocol parameters, manages the Internet address space, and manages
   domain names.  See: http://www.iana.org/iana/

   You should get your IP address (a 32bit number) from your
   network service provider.

   Your network service provider works with a regional registry
   to manage these addresses.  The regional registry for the US
   is the Internic, for Europe is RIPE, for the Asia and Pacific
   region is the AP-NIC, and parts of the world not otherwise
   covered are managed by the Internic.

   If for some reason your network service provider does not
   provide you with an IP address, you can contact the your
   regional registry at one of the following addresses:

            Internic     <hostmaster@internic.net>
            RIPE         <ncc@ripe.net>
            AP-NIC       <admin@apnic.net>

   Please do contact your network service provider first, though.  The
   regional registry will want to know all the gory details about why
   that didn't work out before they allocate you an address directly.
ToP   noToC   RFC2150 - Page 55
11. Security Considerations

   There are a wide variety of ways in which systems can be violated,
   some intentional, some accidental.  Of the intentional attacks, a
   portion may be exploratory, others simply abusive of your resources
   (using up your CPU time) but many are actively malicious.  No system
   is 100% safe, but there are steps you can take to protect against
   misconfigured devices spraying packets, casual intruders, and a
   variety of focused assaults.

   Your best defense is to educate yourself on the subject of security.
   There are places on the net devoted to teaching users about security
   - most prominently, the CERT Coordination Center located at the
   Software Engineering Institute at Carnegie Mellon university.  You
   can point your web browser (or direct your ftp connection) to
   ftp://info.cert.org/pub/cert_faq to start.  This is a frequently
   asked questions guide and general overview on CERT.  It includes a
   bibliography of suggested reading and a variety of sources to find
   more information.

   Next, you should probably read

   ftp://info.cert.org/pub/tech_tips/security_info

   which contains a (primarily based on the UNIX operating system)
   checklist to help you determine whether your site has suffered a
   security breach.  You can use it to guide you through handling a
   specific incident if you think your system has been compromised or
   you can use it as a list of common vulnerabilities.  CERT also
   maintains a wide variety of bulletins, software patches, and tools to
   help you keep up to date and secure.

   Before you are even online, you should consider some basic steps:

11.1 Formulate a security policy.

   It should include policies regarding physical access procedures,
   security incident response, online privileges and back-up media.  Put
   a message at the login to establish your policy clearly.

   An example:

   "This system is for the use of authorized users only.  It may be
   monitored in the course of routine operation to detect unauthorized
   use.  Evidence of unauthorized use or criminal activity may result in
   legal prosecution."
ToP   noToC   RFC2150 - Page 56
11.1.1. Talk to your Internet Service Provider.

   Depending upon your provider and router management situation, there
   are a number of things your ISP should be able to do for you to make
   your site more secure.  Foremost, packet filtering on the router that
   connects you to the Internet.  You will want to consider IP filters
   to allow specific types of traffic (web, ftp, mail, etc.) to certain
   machines (the mailhost, the web server, etc.) and no others.  Other
   filters can block certain types of IP spoofing where the intruder
   masks his or her identity using an IP address from inside your
   network to defeat your filters.  Discuss your concerns and questions
   with your provider - the company may have standards or tools they can
   recommend.

11.1.2. Make sure your systems are up to date.

   A significant number of incidents happen because older versions of
   software have well-known weaknesses that can be exploited from almost
   anywhere on the Internet.  CERT provides a depository for software
   patches designed by concerned net.citizens, CERT's engineers, and by
   the vendors themselves.

11.1.3. Use the tools available.

   Consider recording MD5 checksums on read-only media (the MD5-digest
   algorithm determines an electronic "fingerprint" for files to
   indicate their uniqueness -comparing more recent checksums to older
   ones can alert you to changes in important system files), installing
   tripwire on your systems (notes size and MD5 checksum changes, among
   other sanity checks), and periodically testing the integrity of your
   machines with programs an intruder might use, like SATAN and crack.
   [Details on MD5 are contained in RFC 1321.]

   Most files and fixes go through the basics before leaving you to
   figure things out on your own, but security can be a complicated
   issue, both technically and morally.  When good security is
   implemented, no one really notices.  Unfortunately, no one notices
   when it's not taken care of either.  That is until the system
   crashes, your data gets corrupted, or you get a phone call from an
   irate company whose site was cracked from your machines.  It doesn't
   matter if you carry only public information.  It doesn't matter if
   you think you're too small or unimportant to be noticed.  No one is
   too small or too big, no site is immune.  Take precautions and be
   prepared.
ToP   noToC   RFC2150 - Page 57
12. Acknowledgments

   The following people are being acknowledged for their contributions
   to this document.

   Joseph Aiuto
   Sepideh Boroumand
   Michael Century
   Kelly Cooper
   Lile Elam
   Sally Hambridge
   Dan Harrington
   Julie Jensen
   Scott Stoner

   Thank you all for your help.

13. Authors' Addresses

   Janet Max
   Rainfarm

   EMail: jlm@rainfarm.com


   Walter Stickle
   Rainfarm
   EMail: wls@rainfarm.com
ToP   noToC   RFC2150 - Page 58
Appendix A.  Internet Projects of Interest to the Arts and Humanities
             Communities

   The commonplace insight about the web as a new distribution channel
   for cultural products is that it effaces the traditional border
   between producer and consumer.  Publishers exploit two-way
   interactivity by re-designing the editorial mix to include reader
   response.  What follows are some examples of the way creative artists
   attempt to design structures flexible enough for significant viewer
   input.

   RENGA (http://renga.ntticc.or.jp) - An inspired transposition of a
      traditional collaborative writing practice into the realm of
      digital media supported by the NTT InterCommunication Centre in
      Tokyo.  Renga means linked-image or linked-poem, and draws on the
      Japanese tradition of collaboration which effaces the unique
      notion of original author.

   PING (http://www.artcom.de/ping/mapper) - by Art+Com, a Berlin
      based media centre and thinktank.  Art+Com is a leader in
      producing high-end net visualization projects.  Ping lets the
      browser add a link, which then becomes a part of the ongoing
      visual structure.  It is similar, in this sense, to the Toronto
      Centre for Landscape Architecture's OASIS site.

   Art+Com's T-Vision project (http://www.artcom.de/projects/terra)
      which uses satellites and networked VR computers to permit an
      astonishing fly-in to earth from space: acclaimed as one of the
      most imaginative realizations of the potential of networked
      computing.

   OASIS(Image)INTERNET-DRAFT Toronto Centre for Landscape
      Architecture's OASIS site requires a specialized browser, but from
      a standard Netscape connection, you can view stills that give a
      sense of the beautiful images produced by the collaborative
      "design process".  It is introduced by its designers as follows:

      Oasis is a shared 3-Dimensional navigational environment for the
      world wide web.  This virtual landscape allows one to bury their
      own information links throughout the terrain or to discover and
      connect to new information left by others.

   TechnoSphere (http://www.lond-inst.ac.uk/TechnoSphere/)
   Is TechnoSphere a Game?
      Yes and no. It's an experiment on a global scale, a chance to
      develop complex artificial life on digital networks.  TechnoSphere
      is interactive like a game, but transgresses the linear boundaries
      of branching and hierarchical games narrative to enable freer
ToP   noToC   RFC2150 - Page 59
      movement.  TechnoSphere is designed to encourage a non-linear
      experiential exploration.

   Body Missing (http://yorku.ca/BodyMissing/index.html)
      Toronto artist Vera Frenkel created this richly evocative site on
      the disappearance of art and memory as an extension of her Transit
      Bar installation.  It is conceived as a site open to new
      'reconstructions' of the artworks confiscated during the Third
      Reich.  First opened to the public as part of the ISEA95
      exhibition in Montreal, it has since earned widespread critical
      comment and praise.

   Molecular Clinic 1.0
   (http://sc_web.cnds.canon.co.jp/molecular_clinic/artlab_bionet)
      Molecular Clinic 1.0 ' is an art project realized through a
      collaboration between ARTLAB and Seiko Mikami, and is one of the
      most elaborate custom designed art projects yet created for the
      Web.  During their initial visit users should download the
      MOLECULAR ENGINE VIEWER, which is a type of molecular laboratory
      for their computer.  What they will see on the web site after this
      initial download is a virtual space containing a three dimensional
      computer generated Spider and Monolith object.  The user will be
      able to navigate through and into this virtual space and can zoom
      into the spider all the way to the molecular level.

   File Room (http://fileroom.aaup.uic.edu/FILEROOM.html) -
      Cumulative database info on Censorship, hosted in Chicago but
      conceived by Spanish artist Antoni Muntadas.

   Idea Futures  (http://if.arc.ab.ca/~jamesm/IF/IF.html) -
      Winner of the grand prize at the 1995 Ars Electronica competition
      for Web Sites, Idea Futures is a stock market of ideas, based on
      the theories of mathematical economist Robin Hanson.  The 'truth'
      of any claim is assigned a weight calculated by the amount of
      virtual cash which members of the exchange are willing to bet.
      The scheme leads might lead toward a radical democratization of
      academic discourse, but just as easily, toward the trivialization
      of thought.  See the following for a philosophical critique of the
      system. (http://merzbau.citi.doc.ca/~henry/Matrix/Erewhon.html)

   Firefly (http://www.agents-inc.com/) also a prize winner at Ars
      Electronica in 1995, Firefly is an prototypical example of what
      enthusiasts call a "personal music recommendation agent", which
      makes suggestions for what you might like to listen to, based on a
      stored profile of your own likes and dislikes, and the evolving
      ratings submitted to the system by other members.  Worth visiting,
      if only to understand what all the fashionable hype about
      'intelligent agents' is all about; skeptics should know that even
ToP   noToC   RFC2150 - Page 61
ToP   noToC   RFC2150 - Page 62
      http://www.dejanews.com/
      http://query.webcrawler.com/
      http://www.mckinley.com/
   Video Resources
      http://www.mpeg.org/
      http://www.maxibyte.com/mpeg_samples.htm
      http://www-plateau.cs.berkeley.edu:80/mpeg/
      ftp://sokaris.ee.upenn.edu/pub/MPEG2Tool/
   Writers
      http://the-tech.mit.edu/Shakespeare/
      http://www.rain.org/~da5e/tom_robbins.html

Appendix C:  Examples for using the RFC server RFC-INFO@ISI.EDU

   To get started you may send a message to RFC-INFO@ISI.EDU with
   requests such as in the following examples (without the explanation
   between []):

        Help: Help              [to get this information]

        List: FYI               [list the FYI notes]
        List: RFC               [list RFCs with window as keyword or
                                 in title]
         keywords: window
        List: FYI               [list FYIs about windows]
         Keywords: window
        List: *                 [list both RFCs and FYIs about windows]
         Keywords: window
        List: RFC               [list RFCs about ARPANET, ARPA
                                 NETWORK, etc.]
         title: ARPA*NET
         List: RFC              [list RFCs issued by MITRE, dated
                                 1989-1991]
          Organization: MITRE
          Dated-after:  Jan-01-1989
          Dated-before: Dec-31-1991
        List: RFC               [list RFCs obsoleting a given RFC]
          Obsoletes: RFC0010
        List: RFC               [list RFCs by authors starting with
                                 "Bracken"]
         Author: Bracken*       [* is a wild card matches everything]
        List: RFC               [list RFCs by both Postel and Gillman]
          Authors: J. Postel    [note, the "filters" are ANDed]
          Authors: R. Gillman
        List: RFC               [list RFCs by any Crocker]
          Authors: Crocker