Baruwa Documentation Release 1.1.2

Total Page:16

File Type:pdf, Size:1020Kb

Baruwa Documentation Release 1.1.2 Baruwa Documentation Release 1.1.2 Andrew Colin Kissa June 27, 2016 Contents 1 Introduction 3 2 Features 5 3 Screenshots 7 4 Requirements 9 4.1 Baruwa requirements.........................................9 4.2 MailScanner requirements......................................9 5 Source Installation 11 5.1 Install Baruwa............................................ 11 5.2 Configure RabbitMQ......................................... 12 5.3 Configure Baruwa.......................................... 12 5.4 Configure MailScanner........................................ 14 5.5 Testing................................................ 15 5.6 Need help............................................... 16 5.7 Distribution / OS installation..................................... 16 6 Baruwa on RHEL/SL/Centos 17 6.1 Install EPEL............................................. 17 6.2 Baruwa installation.......................................... 17 6.3 Configure RabbitMQ......................................... 17 6.4 Configure Baruwa.......................................... 18 6.5 Configure MailScanner........................................ 19 6.6 Testing................................................ 20 6.7 Need help............................................... 20 7 Baruwa on Fedora 21 7.1 Baruwa Installation.......................................... 21 7.2 Configure RabbitMQ......................................... 21 7.3 Configure Baruwa.......................................... 22 7.4 Configure MailScanner........................................ 23 7.5 Testing................................................ 24 7.6 Need help............................................... 24 8 Baruwa on Ubuntu/Debian 25 8.1 Install & Configure RabbitMQ.................................... 25 8.2 Configure RabbitMQ......................................... 25 8.3 Baruwa Apt install.......................................... 25 8.4 Automated configuration....................................... 26 8.5 Configure MailScanner........................................ 26 8.6 Configure Baruwa.......................................... 27 i 8.7 Testing................................................ 27 8.8 Need help............................................... 28 9 External authentication 29 9.1 SMTP, POP3, IMAP and RADIUS/RSA SECURID........................ 29 9.2 ACTIVE DIRECTORY....................................... 29 9.3 LDAP................................................. 30 10 MTA Integration 31 10.1 Postfix................................................ 31 10.2 Exim................................................. 32 11 Clustered setups 33 12 Other batteries included 35 12.1 Command options and help..................................... 35 12.2 Quarantine management....................................... 35 12.3 Quarantine reports.......................................... 35 12.4 Database maintenance........................................ 35 12.5 Spamassassin rule description updates................................ 35 12.6 PDF reports.............................................. 36 12.7 Mailq Stats updates.......................................... 36 12.8 Email Signatures configuration................................... 36 13 Getting Help 37 13.1 How do I do X? Why doesn’t Y work? Where can I go to get help?................ 37 13.2 I think I’ve found a security problem! What should I do?...................... 37 13.3 Can i get Commercial Support or pay for an installation...................... 37 14 Contributing to Baruwa 39 14.1 Reporting bugs............................................ 39 14.2 Submitting patches.......................................... 39 14.3 Documentation............................................ 39 14.4 Donations............................................... 39 14.5 Translation.............................................. 40 15 Upgrading 41 15.1 1.1.2................................................. 41 15.2 1.1.1................................................. 41 15.3 1.1.0................................................. 42 15.4 1.0.2................................................. 42 15.5 1.0.1................................................. 42 16 Migrate from Mailwatch 43 16.1 User contributed tips......................................... 43 17 User Guide 45 17.1 Interface primer........................................... 45 17.2 FAQ’s................................................. 47 18 Older documentation 49 ii Baruwa Documentation, Release 1.1.2 Release 1.1.2 Build Date June 27, 2016 Baruwa (swahili for letter or mail) is a web 2.0 MailScanner front-end. It provides an easy to use interface for managing a MailScanner installation. It is used to perform operations such as releasing quarantined messages, bayesian learning, whitelisting and blacklisting addresses, monitoring the health of the services etc. Baruwa is implemented using web 2.0 features (AJAX) where deemed fit, graphing is also implemented on the client side using SVG, Silverlight or VML. Baruwa has full support for i18n, letting you support any language of your choosing. It includes reporting functionality with an easy to use query builder, results can be displayed as message lists or graphed as colorful and pretty interactive graphs. Custom MailScanner modules are provided to allow for logging of messages to the mysql database with SQLite as backup, managing whitelists and blacklists and managing per user spam check settings. Baruwa is open source software, written in Python/Perl using the Django Framework and MySQL or PostgreSQL for storage, it is released under the GPLv2 and is available for free download. Contents 1 Baruwa Documentation, Release 1.1.2 2 Contents CHAPTER 1 Introduction Baruwa (swahili for letter or mail) is a web 2.0 MailScanner front-end. It provides an easy to use interface for managing a MailScanner installation. It is used to perform operations such as releasing quarantined messages, bayesian learning, whitelisting and blacklisting addresses, monitoring the health of the services etc. Baruwa is implemented using web 2.0 features (AJAX) where deemed fit, graphing is also implemented on the client side using SVG, Silverlight or VML. Baruwa has full support for i18n, letting you support any language of your choosing. It includes reporting functionality with an easy to use query builder, results can be displayed as message lists or graphed as colorful and pretty interactive graphs. Custom MailScanner modules are provided to allow for logging of messages to the mysql database with SQLite as backup, managing whitelists and blacklists and managing per user spam check settings. Baruwa is open source software, written in Python/Perl using the Django Framework and MySQL or PostgreSQL for storage, it is released under the GPLv2 and is available for free download. 3 Baruwa Documentation, Release 1.1.2 4 Chapter 1. Introduction CHAPTER 2 Features • AJAX support for most operations • Reporting with AJAX enabled query builder • I18n support, allows use of multiple languages • Signature management / Branding • Mail queue management and reporting • Interactive SVG graphs • Emailed PDF reports • Archiving of old message logs • SQLite backup prevents data loss when MySQL or PostgreSQL is down • MTA integration for relay domains and transports configuration • Multi user profiles (No restrictions on username format) • User profile aware white/blacklist management • Ip / network addresses supported in white/blacklist manager • Easy plug-in authentication to external authentication systems (POP3, IMAP, SMTP, Active Directory and RADIUS supported out of the box) • Tools for housekeeping tasks (quarantine management, rule updates, quarantine notifications, etc) • Easy clustering of multiple servers • Works both with and without Javascript enabled (graphs require Javascript) 5 Baruwa Documentation, Release 1.1.2 6 Chapter 2. Features CHAPTER 3 Screenshots Screenshots are on our site. 7 Baruwa Documentation, Release 1.1.2 8 Chapter 3. Screenshots CHAPTER 4 Requirements 4.1 Baruwa requirements • Python >= 2.4 • Django >= 1.2 • django-celery • django-south • MySQL-Python >= 1.2.1p2 or Psycopg • GeoIP-Python • iPy • Any Web server that can run Django (Apache/mod_wsgi recommended) • A supported Message broker (RabbitMQ recommended) • MySQL or PostgreSQL • Dojo toolkit >= 1.5.0 • Reportlab • Lxml • Anyjson • UUID (Only for python 2.4) • Sphinx (Optional - to build documentation) • Pyrad (Optional for RADIUS/RSA SECURID authentication) • Python ldap (optional for Active directory authentication) 4.2 MailScanner requirements • MailScanner >= 4.80.10-1 • DBI • DBD-MySQL or DBD-Pg • DBD-SQLite 9 Baruwa Documentation, Release 1.1.2 10 Chapter 4. Requirements CHAPTER 5 Source Installation Note: Packages are available for Debian/Ubuntu, RHEL/SL/Centos and Fedora if you are using one of those OS’s rather install using the packages. If you do not want to install to your global python directories or are just testing it is advised that you use a virtualenv python install. Virtualenv allows you to run multiple python installs and is easily managed as you do not need to be a privileged user to install packages. For more info on virtualenv please refer to its documentation. 5.1 Install Baruwa You can install Baruwa either via the Python Package Index (PyPI) or from source. 5.1.1 Install via the Python Package Index (PyPI) To install using pip: # pip install baruwa < 2.0.0 To install using easy_install: # easy_install baruwa < 2.0.0 5.1.2 Downloading and installing from source Download the latest version
Recommended publications
  • Macsysadmin 2009 Presentatio
    Slide 1 SpamAssassin Way more than the Mac OS X Server GUI shows Presented by: Kevin A. McGrail Project Management Committee Member of the Apache Software Foundation SpamAssassin Project & President, PCCC September 16, 2009 Good Afternoon, My name is Kevin A. McGrail. If you read my biographyi for this conference, you’ll know already that I hate Spam and enjoy greatly fighting spammers. You’ll also know that I love all types of computers and use a wide variety of machines & operating systems. But I’m definitely old-school in my love for the command line interface. This doesn’t mean I don’t think that Apple’s OS X is the most beautiful pairing of a rock-solid CLI with a beautifully polished GUI. But it does mean that while we are here to talk about Mac system administration, the configuration of SpamAssassin is largely not server specific and most of the heavy- handed configuration changes will be done behind the scenes using the CLI. So let’s get started by talking about the definition of Spam. Page 1 of 67 Slide 2 What is Spam? •Spam is NOT about content, its about CONSENT. – Consent: to give assent or approval : agree <consent to being tested> Merriam‐Webster Dictionary •What is SPAM vs. spam? September 16, 2009 Chris Santerre gave the best definition of Spam I’ve ever seen. He based the definition of Spam on CONSENT not content because consent is when you give approval to someone to send you e-mails. Many people try and use various legal definitions such as CAN-SPAM in the US.
    [Show full text]
  • Security Recommendation for an Ubuntu Server-Based System
    Security Recommendation for an Ubuntu Server-based System Best Practice Document Produced by the MREN-led Campus Networking working group Authors: Milan Čabak (MREN), Vladimir Gazivoda (MREN), Božo Krstajić (MREN) March 2016 © MREN, 2016 © GÉANT, 2016. All rights reserved. Document No: GN4P1-NA3-T2-MREN003 Version / date: June 2015 Original language : Montenegrin Original title: “Sigurnosne preporuke za Ubuntu server” Original version / date: Version 1 / 21 June 2015 Contact: Milan Čabak, [email protected]; Vladimir Gazivoda, [email protected]; Božo Krstajić, [email protected] MREN is responsible for the contents of this document. The document was developed by the MREN-led working group on security with the purpose of implementing joint activities on the development and dissemination of documents encompassing technical guidelines and recommendations for network services in higher education and research institutions in Montenegro. Parts of the report may be freely copied, unaltered, provided that the original source is acknowledged and copyright preserved. The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1). NREN LOGO Best Practice Document: 1 Security recommendation for Ubuntu server based systems Table of Contents Summary 4 1 Introduction 5 2 Increasing security when installing Ubuntu Server 6 3 Increasing security after installing Ubuntu Server 8 3.1 Shared memory 8 3.2 Setting the security of SSH protocol 8 3.3 The limitation of su
    [Show full text]
  • Clam Antivirus 0.88.2 User Manual Contents 1
    Clam AntiVirus 0.88.2 User Manual Contents 1 Contents 1 Introduction 6 1.1 Features.................................. 6 1.2 Mailinglists................................ 7 1.3 Virussubmitting.............................. 7 2 Base package 7 2.1 Supportedplatforms............................ 7 2.2 Binarypackages.............................. 8 2.3 Dailybuiltsnapshots ........................... 10 3 Installation 11 3.1 Requirements ............................... 11 3.2 Installingonashellaccount . 11 3.3 Addingnewsystemuserandgroup. 12 3.4 Compilationofbasepackage . 12 3.5 Compilationwithclamav-milterenabled . .... 12 4 Configuration 13 4.1 clamd ................................... 13 4.1.1 On-accessscanning. 13 4.2 clamav-milter ............................... 14 4.3 Testing................................... 14 4.4 Settingupauto-updating . 15 4.5 Closestmirrors .............................. 16 5 Usage 16 5.1 Clamdaemon ............................... 16 5.2 Clamdscan ................................ 17 5.3 Clamuko.................................. 17 5.4 Outputformat............................... 18 5.4.1 clamscan ............................. 18 5.4.2 clamd............................... 19 6 LibClamAV 20 6.1 Licence .................................. 20 6.2 Features.................................. 20 6.2.1 Archivesandcompressedfiles . 20 6.2.2 Mailfiles ............................. 21 Contents 2 6.3 API .................................... 21 6.3.1 Headerfile ............................ 21 6.3.2 Databaseloading . .. .. .. .. .. .
    [Show full text]
  • Wazuh Ruleset
    [email protected] https://wazuh.com Wazuh Ruleset Rule Description Source Updated by Wazuh apache Apache is the world's most used web server software. Out of the box ✔ AppArmor is a Linux kernel security module that allows the system administrator to restrict programs's capabilities with per -program apparmor Out of the box ✔ profiles. arpwatch ARPWatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Out of the box ✔ asterisk Asterisk is a software implementation of a telephone private branch exchange (PBX). Out of the box ✔ attack_rules.xml Signatures of different attacks detected by Wazuh Out of the box ✔ cimserver Compaq Insight Manager Server Out of the box ✔ cisco-ios Cisco IOS is a software used on most Cisco Systems routers and current Cisco network switches. Out of the box ✔ Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious clam_av software. Out of the box ✔ courier IMAP/POP3 server Out of the box ✔ dovecot Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Out of the box ✔ Dropbear is a software package that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard dropbear OpenSSH for environments with low memory and processor resources, such as embedded systems. Out of the box ✔ FirewallD provides a dynamically managed firewall with support for network/firewall zones to define the trust level of networ k firewalld connections or interfaces.
    [Show full text]
  • The Perfect Spamsnake - Ubuntu 8.04 LTS
    The Perfect SpamSnake - Ubuntu 8.04 LTS By Rocky (Contact Author) (Forums) Published: 2008-05-01 18:45 The Perfect SpamSnake - Ubuntu 8.04 LTS Postfix w/Bayesian Filtering and Anti-Backscatter (Relay Recipients), Apache, Mysql, Bind, MailScanner (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks, FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-GLD (Greylisting Optional), Logwatch Statistical Reporting (Optional), Outgoing Disclaimer with alterMIME (Optional), FireHOL (Iptables Firewall) Version 2.0 Author: Mohammed Alli This tutorial shows how to set up an Ubuntu Hardy Heron (8.04 LTS) based server as a spamfilter in Gateway mode. In the end, you will have a SpamSnake Gateway which will relay clean emails to your MTA. You will also be able to view your incoming queue, train your SpamSnake and carry out a few more advanced operations via MailWatch. I cannot offer any guarantees that this will work for you, the same way it(TM)s working for me. I will use the following software: - Web Server: Apache 2.2 with PHP 5.2.4 and Ruby - Database Server: MySQL 5.0 - Mail Server: Postfix - DNS Server: BIND9 - PHP: PHP5 - MailScanner: MailScanner v4.68.8 - MailWatch: MailWatch v1.0.4 Credit goes to the guys at HowToForge and the developers of MailScanner and MailWatch. 1 Requirements Copyright © 2008 Rocky (Contact Author) (Forums) All Rights Reserved. HowtoForge Page 1 of 104 The Perfect SpamSnake - Ubuntu 8.04 LTS http://www.howtoforge.com/ To install such a system you will need the following: - The Ubuntu 8.04 LTS server CD, available here: ftp://releases.ubuntu.com/releases/hardy/ubuntu-8.04-server-i386.iso - A fast internet connection.
    [Show full text]
  • The Mailscanner Book
    Changes from Version 1.1 December 2004 To Version 1.2 August 2005 1 2 Message Transport Agent rnet Mail Incoming Queue Inte Sendmail /var/spool/mqueue.in Exim Postfix RBL Tests Subject Tests * Header Tests Body Tests URI Tests Spam Tests Misc. Tests MailScanner External Processes SpamAssassin Calculate Score MailScanner Message Content Protection Checks MCP Virus Tests Third Party Command Line Virus ScannersVirus Attachment test Virus HTML test file names / types Virus Actions * Store Delete Message Quarantine Delete Processing /var/spool/ Trash MailScanner/ (Header / Subject quarantine line Modifications) Clean & Deliver Delete Store Clean Messages Spam Actions Notification Sender / Postmaster Deliver, Bounce, Outgoing Queue /var/spool/mqueue Forward, Striphtml, Attachment Safe - Release from Quarantine Safe - Clean & Deliver MTA Sendmail, To Mail Server Postfix or Exim 3 Scan Messages = yes This setting is used to completely enable or disable all the processing done by MailScanner, except for the “Archive Mail” setting described in the next section. It is intended for use with a ruleset, so that your customers who either do not want their mail processed in any way, or who have not paid you for the service, can have their mail delivered without any processing done to it. No MailScanner headers or modifications of any sort will be applied to the messages, and it is impossible to see from the contents of the message that they have passed through MailScanner. The “Archive Mail” option is still used so that you can take copies of their mail, possibly without their knowledge if your operation or organisation requires it. This can be the filename of a ruleset, and this is how this setting would normally be used unless it is just set to “yes”.
    [Show full text]
  • Clam Antivirus 0.70 User Manual by Tomasz Kojm Contents 1
    Clam AntiVirus 0.70 User Manual by Tomasz Kojm Contents 1 Contents 1 Introduction 4 1.1 Features . 4 1.2 Mailing lists . 4 1.3 Virus submitting . 5 2 Installation 5 2.1 Supported platforms . 5 2.2 Binary packages - stable versions . 6 2.3 Binary packages - snapshots . 7 2.4 Requirements . 7 2.5 New system user and group . 8 2.6 Compilation . 8 2.7 Configuration . 9 2.8 Testing . 10 2.9 freshclam: Setting up auto-updating . 10 2.10 Database mirrors . 11 3 Usage 13 3.1 Clam daemon . 13 3.2 Clamdscan . 14 3.3 Clamuko . 15 3.4 Archives and compressed files . 16 3.5 Mail files . 17 3.6 Output format . 17 3.7 Signature Tool . 19 4 Problem solving 21 4.1 Return codes . 21 5 ClamAV-certified software 22 5.1 clamav-milter . 22 5.2 IVS Milter . 23 5.3 smtp-vilter . 23 5.4 mod clamav . 23 5.5 TrashScan . 23 5.6 AMaViS - ”Next Generation” . 24 5.7 amavisd-new . 24 5.8 Qmail-Scanner . 24 Contents 2 5.9 Sagator . 24 5.10 ClamdMail . 25 5.11 BlackHole . 25 5.12 MailScanner . 25 5.13 MIMEDefang . 25 5.14 exiscan . 25 5.15 scanexi . 26 5.16 Mail::ClamAV . 26 5.17 OpenAntiVirus samba-vscan . 26 5.18 Sylpheed Claws . 26 5.19 nclamd . 26 5.20 cgpav . 27 5.21 j-chkmail . 27 5.22 qscanq . 27 5.23 clamavr . 27 5.24 DansGuardian Anti-Virus Plugin . 27 5.25 ClamAssassin . 27 5.26 Gadoyanvirus .
    [Show full text]
  • Extending Use of Sendmail and Procmail for Virtual Mail Hosting
    Extending Use of Sendmail and Procmail for Virtual Mail Hosting Randolph Langley [email protected] April 2, 2007 Postfix [Ven] natively handles virtual domains and users better than Sendmail does. Perhaps the most needling problem with Sendmail’s handling of virtual users and domains is the problem of “name folding”: Sendmail doesn’t prop- erly allow for the same username in two different domains. If Sendmail tries to handle a single mail that has an envelope with both user [email protected] and [email protected], it will just deliver the message to one of the users. Also, although Sendmail lets you use an LDAP database, it doesn’t allow you to directly store domain and user configuration in a relational database. One way to get around that is by using a relational database as a back-end for OpenLDAP, creating the metadata for that takes a good bit of effort and in practice it is not very fast. I suggest in the final section a different means to access to a database via send- mail’s new socket map feature. That will allow you to keep all user and domain information in a database. With some caching and failover capabilities, it also allows a good bit of redundancy to be introduced. The Sendmail Consortium’s website has a very good introduction to using sendmail to host virtual domains at http://www.sendmail.org/virtual-host- ing.html. The approach outlined here extends that approach in making a mail- hub: 1. It uses two cooperating sendmail processes, an “incoming” and an “out- going” sendmail to solve the name “folding” problem.
    [Show full text]
  • Mailscanner 5.1.3-3 Milter Configuration Guide 1.5 March 3Rd
    MailScanner 5.1.3-3 Milter Configuration Guide 1.5 March 3rd, 2019 Shawn Iverson [email protected] 1 Copyright © 2018-2019 MailScanner Project This guide is based on the implementation of MailScanner as of Version 5.1.3. 2 I would like to gratefully acknowledge all the support and assistance provided by the following organizations: 3 This guide is dedicated to the continuing persistence and dedication of all people who fight bad email day in and day out worldwide. 4 Introduction How the MailScanner Milter Works Unlike previous versions of MailScanner, MailScanner 5.1.3+ introduces a milter daemon for postfix. MailScanner still functions normally for all Message Transfer Agents (MTAs) and can run as it always has prior to this version. This optional functionality for MailScanner provides a Postfix compatible interface with MailScanner to process and scan email, and it will likely evolve with additional functionality in the future. Use of the milter decouples MailScanner from Postfix, so the Postfix queues are untouched, and MailScanner can operate independently with its own milter queues. This is MailScanner Milter version 1.5, fifth release. The MailScanner Milter has reached maturity and is considered to be stable as of this release. Additional features will likely be added in the future. This documentation will be updated to reflect the current status of the MailScanner Milter. On the next page you will find a diagram that demonstrates the mail flow in the MailScanner Milter in conjunction with MailScanner itself. 5 MailScanner Milter Process Diagram Fig. 1. 6 The milter interfaces with Postfix to capture the incoming email conversation and either REJECT, DISCARD, TMPFAIL, or ACCEPT.
    [Show full text]
  • Unified Anti-Spam Analyser Specialized to Protect from Russian Spam
    Aleksey Valov UNIFIED ANTI-SPAM ANALYSER SPECIALIZED TO PROTECT FROM RUSSIAN SPAM UNIFIED ANTI-SPAM ANALYSER SPECIALIZED TO PROTECT FROM RUSSIAN SPAM Aleksey Valov Bachelor’s Thesis Spring 2013 Business Information Technologies Oulu University of Applied Science ABSTRACT Oulu University of Applied Sciences Business Information Technology ______________________________________________________________________ Author: Aleksey Valov Title of Bachelor’s thesis: Unified anti-spam analyser specialized to protect from Russian spam. Supervisor: Matti Viitala Term and year of completion: Spring 2013 Number of pages: 34 ______________________________________________________________________ The objective of the research is to analyse currently used techniques for email protection from spam and to come up with new solutions that will help to reduce the amount of Russian spam as well as the pressure on servers. The research has been performed in cooperation with Koodiviidakko in Oulu. Descriptive research was the main methodology used during the work. Statistical analysis has been used for supporting the fight against spam as well as to increase the understanding of spam problems and commercial e-mails. Furthermore, there were clarifications of current strategies and technologies used inside the company. The result of this research and practical implementation brought in more innovative ideas and approaches for fighting spam and increasing the amount of legitimate e-mails. The approach for anti-spam does not depend on any hardware or software. Keywords:
    [Show full text]
  • Mailscanner.Conf Reference Manual Version 1.1 Table of Content
    Version 4.42.9 MailScanner.conf Reference Manual Version 1.1 Table of Content 1. Introduction................................................................................................................................. 8 2. Variables ..................................................................................................................................... 9 %report-dir%................................................................................................................................... 9 %etc-dir% ....................................................................................................................................... 9 %rules-dir% .................................................................................................................................... 9 %mcp-dir% ..................................................................................................................................... 9 %org-name%................................................................................................................................... 9 %org-long-name% ........................................................................................................................ 10 %web-site% .................................................................................................................................. 10 3. System settings.......................................................................................................................... 10 Max Children ...............................................................................................................................
    [Show full text]
  • NIST SP 800-45 Version 2, Guidelines on Electronic Mail Security
    Special Publication 800-45 Version 2 Guidelines on Electronic Mail Security Recommendations of the National Institute of Standards and Technology Miles Tracy Wayne Jansen Karen Scarfone Jason Butterfield NIST Special Publication 800-45 Guidelines on Electronic Mail Security Version 2 Recommendations of the National Institute of Standards and Technology Miles Tracy, Wayne Jansen, Karen Scarfone, and Jason Butterfield C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 February 2007 U .S. Department of Commerce Carlos M. Gutierrez, Secretary Technology Administration Robert C. Cresanti, Under Secretary of Commerce for Technology National Institute of Standards and Technology William Jeffrey, Director Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-45 Version 2 Natl. Inst. Stand. Technol. Spec. Publ. 800-45 Version 2, 139 pages (Feb.
    [Show full text]