See also Security Tips, our advice on Safe Computing and Your Personal Computer.
Tongue in cheek comments on safe computing practices. From SANS OUCH Newsletter. Volume 5, Number 5, May 2008.
Applications can always be reinstalled, but your data is the most important thing on your computer or network. Here's a look at 10 ways you can protect that data.
Ten New Year's Computer Security Resolutions for 2008 to better protect you, your data and your computing systems -- from SANS/Ouch! Report Vol.5, No.1 with local edits.
Finance Department statement on E-commerce requirments, guidelines, etc. -- required for all credit card processing.
The MacOS X firewall is notoriously leaky. In particular, it does not block unsolicited UDP packets by default. This document describes briefly, with screenshots, how to enable this functionality. (by) Mike Patterson, CSCF.
A discussion of practical measures to secure the Windows/XP laptop.
Othello is a tool developed by Erick Engelke of Engineering Computing. The tool checks your Windows XP/2003/Vista system for suspicious services, user programs and startup processes. We have found this tool useful when investigating compromised systems.
Windows users who login to an Active Directory managed domain can search the Active Directory with several tools. This note describes the "Find Users, Contacts, and Groups" tool found on Windows/XP.
This note will help you recover the default Windows/XP Security Center settings -- we provide a quick Registry update. This can be useful if you are trying to restore a compromised system.
How to view and forward full mail headers from some of the most popular mail clients.
The support for Peer-Peer (Ad Hoc) wireless on Microsoft Windows workstations is problematic at best and should be avoided. Man in the middle attacks and "Evil Twins" can be avoided with a little care.
This note addresses the issue of securing sendmail(8) services on Unix/Linux systems so that end users may submit mail for delivery without exposing their userid and password in the clear.
Recommendations on web browsers -- vulnerabilties, patch level, vendor support, configuration and best practices.
Some critical observations on Skype and practical advice on how to use Skype safely -- especially how to avoid the super-node problem.
Practical advice on building secure web appliations on the Apache/PHP/mySQL environment. See also Terms and conditions for access to and use of IST Servers (2-Jan-2006).
Security configuration we apply when building a Windows Servers and Workstations -- includes IPSec filters and policies.
Practical advice on configuring Apache v2 to authenticate a user against Active Directory and to authorize based on their membership in Active Directory security groups.
Quick introduction with sample configuration files on how to use Solaris 10 IP filters. IP filters are a host based firewall for controlling access to services.
Client Services has prepared a "Home &: Security CD" containing licenced software, Service Packs, critical patches and valuable advice on securing the home computer. See also Windows NT/2000/XP Hardening (15-Mar-2002).
Some best advice from IST/Client Services on dealing with Adware, Spyware and browser hijacking of Windows systems -- "malware" is a big problem especially on home computers.
What is computer management and why should I do it? Some advice from IST Skills for the Electronic Workplace (SEW) course. [pdf version]
TINKER is a file monitoring tool that can be used as a security tool, a data set monitor, and as a data set validator for Windows 2000/XP/2003. It is primarily designed to be run on servers but is well suited for any "always on" system. --- Michael H. Herz, Civil Engineering, UW.
This note describes SSH tunneling for Windows users and why you might want to use it (eg. Email).
Notes for Microsoft users on using X-Win32 with SSH X11 tunneling from behind a firewall. How to avoid "xdm", "rsh" and "rexec" "sessions". Audience: Unix/Microsoft users.
Each month the SANS Institute publishes important advice on how to recognize E-mail "phishing" attacks.
How to configure your E-mail Client to use secure email services requiring authentication (imaps, pops and smtps).
The campus mail services cluster can be used to filter mail with malicious content -- executable content and known virus/worms are blocked. It is a UCIST recommendation that all mail servers on this campus should block malicious content using the services of the cluster or something better.
Internet Connection Firewall (ICF) is a recommended technology for Windows XP that will help to protect your system from remote attacks.
Migration notes for SSH users on Windows systems.
Migration notes for SSH users on Unix systems.
IPSec is an advanced filtering technology on Windows 2000 and XP that can be used to better secure your system -- these are very rough notes!!
The SpamAssassin is an important tool for filtering Spam. This paper describes our use of the SpamAassassin.
Some basic advice on hardening Windows systems -- focus on workstations with some application to servers. Advice on patching with links to patch sites; advice on security settings. Especially important for systems you manage yourself.
Some basic advice on using WinSSH -- SSH for Windows. We recommend that Windows users take advantage of WinSSH and get used to connecting with SSH rather than the insecure telnet, rlogin, ftp, rcp, etc. commands.
Patch management is fundamental to security. Three simple tools we've developed for patch managment are presented -- CheckPatches to list outstanding patches, GetApplyPatch to apply them and MirrorPatches to mirror patch sets. Traditional Unix tar kit available.
The default SNMP configuration, while perhaps reasonably secure, can be made substantially more secure with a little effort. Recommendations show how to eliminate three daemons and nine network services. Tested on Solaris 8, should apply to other versions.
Linux systems have been compromised because vulnerablities are not patched and services are exposed that aren't required. Some best advice on keeping your system patched, some tools to keep your system patched, some advice about hardening off network services and notes on how to detect a compromise.
Procmail(1) mail filters on Unix mail servers can help you deal with unsolicited E-mail -- the mail server can automatically sort and file messages or even toss them as they arrive. Requires that you use an IMAP mail client and are familiar with mail folders.
Solaris 9 comes with far too many setuid/setgid files -- many are a needless security risk and ought to be disabled. Shell script provided to implement recommendations. Followup to the paper on Solaris 8 Setuid/Setgid files
Solaris 8 comes with far too many setuid/setgid files -- many are a needless security risk and ought to be disabled. Shell script provided to implement recommendations. Followup to the paper on Solaris 7 Setuid/Setgid files
Information Systems & Technology
University of Waterloo
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4567 x37070
Contact Us |
Give Us Feedback |
Privacy Statement