Resources for Information Security Liaisons
Resources for System Administrators
- Windows Security Checklist – A guide to basic security steps to use to secure your Windows computer.
- Suggested Best Practices for Windows — A document on recommended best practices to secure your Windows systems.
- Microsoft Malicious Software Removal Tool — Virus/trojan detection and removal tool.
- Trend Micro House Call — Free virus scanning software.
- Attacker 3.0 — Download this tool if you wish to monitor a workstation’s open ports. If data come through a port, the program will notify the user. You can customize which UDP/TCP ports you wish to monitor.
NOTE: This program opens all the ports it monitors. Although this will not make your machine less secure, it will make your computer more appealing to a hacker because it will look vulnerable from the outside. We suggest using this in conjunction with an antivirus program and to disable file and printer sharing.
- ScanMsgr.Exe — For the system administrator looking for a quick and easy way of testing systems for the latest Microsoft Messenger vulnerability.
- Securing IIS 5.0 – This document contains a number of steps you can take to improve security on your server running IIS.
- SSH for Windows — From Network Simplicity. This site is for Windows-based systems.
- Fport — This document explains how to use fport, a free tool from Foundstone that will show you what programs on your system are opening which ports (both TCP and UDP) on Windows NT, 2000, and XP.
- Microsoft Security — Microsoft’s official security homepage with patches, strategies, bulletins, development, and more.
- Vision 1.0– The successor to Fport that functions in the same way but is a good alternative to fport as many new hackers place “fake” fport programs within hacks. This program also plays a more active role in assessment, as it will determine whether an open port that it identifies is legitimate or not.
- Securing Red Hat Linux — This ITS Security document outlines a number of steps to follow to secure a system running Red Hat Linux 7.2, and can be adapted for other Linux installations. You may also want to visit the official Red Hat 8.0 security site.
- Securing Solaris — This ITS Security document outlines a number of steps to follow to secure a system running Solaris 8, and can be adapted for other Solaris installations.
- Bastille Linux — Bastille Linux is a community project that attempts to provide a hardening script which will provide the most secure yet functional Redhat Linux system. It is recommended for the user who has little knowledge about security.
- Installing a UNIX DCI Machine — This ITS document describes the steps necessary to set up a Unix system so that it can take advantage of UNC’s Distributed Computing Infrastructure (DCI), including the following components: UserID Management, Kerberos Authentication, AFS Filespace, License Management, User Environment, and Load Sharing Facility (LSF).
- SSH Secure Shell — The standard for remote logins and file transfer over the Internet which should be used in place of telnet. It encrypts all traffic, and provides a high level of protection against hacker attacks. This site is for Unix-based systems.
- Sudo — Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments.
- TCP Wrappers — A must-use security tool that filters incoming connections to network services such as telnet and ftp. Also provided security options like access control per host, domain and/or service.
- Tripwire — Tripwire monitors all servers and clients on a network, detecting and reporting any changes to critical system or data files. Tripwire can determine if a protected file has been altered in a way that violates the policy set by the administrators. This ensures that any change, whether due to an external intruder or internal misuses, will be identified and documented on a timely basis.
- Apache Webserver Configuration Security Tips — Some hints and tips on security issues in setting up an Apache web server.
- Apache suEXEC Support for CGI Applications — Provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web-server. Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run private CGI or SSI programs.
- General Guides and Checklists
- Login Banner Message — post the linked login banner message, to the degree technically feasible, on any system that hosts nonpublic services, such as any service that has restricted access through Onyen login, ssh, etc.
- The 60 Minute Network Security Guide (pdf) — Brought to you by the Systems Network Attack Center (SNAC) at the National Security Agency, this PDF guide covers the basics of network security, including sections on IDS, Microsoft and Windows, Unix, and firewalls.
- Protecting Your Sensitive Data – A detailed guide on how to best secure the personal data on your computer.
- Informational Websites
- Bugtraq Mailing List (and others) — BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.
- CERT/CC — CERT provides technical assistance and coordinates responses to security compromises, identifies trends in intruder activity, works with other security experts to identify solutions to security problems, and disseminates information to the broad community. Also be sure to check out their technical tips.
- Computer Security Institute — CSI is the world’s leading membership organization specifically dedicated to serving and training the information, computer, and network security professional.
- Computer Security Resource Center — The CSRC, maintained by the National Institute of Standards & Technology (NIST), contains information about a variety of computer security issues, products, and research of concern to federal agencies, the industry, and users.
- Forum of Incident Response and Security Teams — FIRST brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote sharing information among members and the community at large.
- Gibson Research Corporation — Provides tools and other resources to look for open ports on and test connectivity to your machine.
- Incident Management | Department of Energy — The Incident Management Program combines multiple Departmental incident-related services into a joint capability that focuses on threat information sharing, critical infrastructure protection, active defense and incident preparedness. The Incident Management program reports incidents to United States Computer Emergency Readiness Team (US-CERT), fulfilling statutory requirements and ensuring a coordinated response to cyber attacks.
- InfoSec Institute Resources — A welter of resources for information security students and professionals provided by the InfoSec Institute. The blog specializes in technical “deep-dives” regarding computer and network security.
- National Security Agency’s (NSA) Security-Enhanced Linux — Security-enhanced Linux is a research prototype of the Linux kernel and a number of utilities with enhanced security functionality designed to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux.
- O’Reilly’s Security Information Site — Security Site of O’Reilly & Associates, the premier information source for leading-edge computer technologies.
- Port References — Ports distinguish one type of internet traffic from another (ftp versus http, etc.) In many cases an open port can be vulnerable to attack if the program listening to data on that port is insecure or out-of-date. Treachery Unlimited is a Port Lookup Utility.
- RSA Security — RSA Security Inc. helps organizations build secure, trusted foundations for e-business through its two-factor authentication, encryption, and public key management systems.
- SecurityFocus — SecurityFocus.com is the leading provider of security information services for business. It is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet’s largest and most comprehensive database of security knowledge and resources freely available to the public.
- World Wide Web Consortium (W3C) Security Resources — Security information and initiatives, encompassing computer system security, network security, authentication services, message validation, personal privacy issues, and cryptography.
Resources for Students, Staff, and Faculty
- Symantec AntiVirus for Windows or or Macs. These programs are availabe at no cost to UNC-CH affiliates with an Onyen. They help protect you while you’re surfing the Web or getting information from local or networked resources. Symantec also automatically scans email attachments.
- Trend Micro House Call — Free software that scans your system for malware.
- SpyBot– This program will thoroughly check your system for spyware and security exploits and will remove them. There is also an option to immunize your system against future exploits.
- Ad-Aware– Should be used in conjunction with Spybot. It is important to run both programs because they will detect different spyware and adware.
- SpywareBlaster — This tool will prevent spyware from getting onto your machine and will allow you to “revert” your computer back to a clean state if you do get spyware.
- Password Managers
These programs allow individuals to efficiently manage the increasing number of logins and passwords that many people now have to keep track of (think Onyen, gmail, PayPal, Twitter, Facebook, LinkedIn, eBay, etc.)
- Encryption Software
Since Windows 2000, Windows operating systems have been able to encrypt files (EFS); as of Windows 7, they can also encrypt drives (BitLocker). Macintosh OS X, as of version 10.4, has a utility that allows users to encrypt the user’s home folder (FileVault). Additional options for encryption software include
- Secure CRT — SecureCRT combines the reliability, usability, and configurability of a proven Windows terminal emulator with the secure login and data transfer capabilities of Secure Shell (SSH) and should be used in place of telnet for remote login.
- Securing broadband connections at home — This includes ISDN, DSL, cable, and satellite home connections to the Internet.
- VPN Frequently Asked Questions — Common questions and answers about using the VPN client to access UNC-Chapel Hill services.
Wireless and Wi-Fi Best Practices and FAQs– Common questions and answers about using the wireless network on campus.