Computer Security Tips

There is much to be said about computer security, but the greatest problem to overcome is user education. How to make all those people aware of the problems and how to avoid them?

I don't claim to have all the answers; in fact, I don't claim to have any of the answers. What I hope to achieve here is simply to provide a source of some of the information I have, which can be helpful in the on-going effort to educate the growing population of computer system administrators. The pages described here were created some time ago, and some of the examples used may seem dated, but the fundamentals they discuss continue to be relevant.

Helpful information:

Web pages I've created to assist people in keeping their systems secure. I hope these continue to help people.

Securing Passwords
(created 2000-10-13) A discussion of issues surrounding the perceived security of re-usable passwords.

Securing Unix and Linux Systems
(created 2000-09-20) So you want to set up a Unix server, but you'd like to do it securely? Here's a list of hopefully useful pointers to get you moving in the right direction.

Computer security advisories:

These advisories were written for the Concordia University community in Montreal, Canada, but were no doubt relevant to others as well:

(released 1999-03-29) Users of Microsoft Word-97 or Word-2000 may, under certain circumstances be affected by an email borne "virus" (it's a worm, actually), that has numerous malicious effects.

FrontPage Server Extensions
(released 1999-04-22) Web servers with FrontPage Server Extensions with incorrect configuration could permit remote users to gain access to privileged accounts on the system hosting the web server.

Telephone Scam
(released 1999-06-07) On some business telephone systems, it may be possible for an outside caller to gain control of a telephone line and make calls charged to that line.

Historical incidents:

Although these are no longer current issues, they're still interesting. These contain source code to incidents that affected people around the world:

(released 2000-05-04) Similar to Melissa (above), this email-borne worm-style virus carries multiple payloads. Formatted and commented source-code.

Very Funny
(released 2000-05-04) Essentially a copy of the I LOVE YOU worm, with different file names.

Very Funny (diff)
See the differences between I LOVE YOU and Very Funny.

Links to Remote Documents:

Secure Programming
A document by Oliver Friedrichs, of the secprog mailing list.

Secure Programs HOWTO
David Wheeler's HOWTO on secure programming. David Wheeler also has a secure programs introduction page.

The Stanford SRP Authentication Project
by integrating secure password authentication into widely used protocols instead of adding security as an afterthought, SRP improves network security from the ground up.

PERL Guide and Resources
A collection of reference material and resources aimed at PERL programmers.