Computer Security Tips
There is much to be said about computer security, but the greatest
problem to overcome is user education. How to make all those people
aware of the problems and how to avoid them?
I don't claim to have all the answers; in fact, I don't claim to have
any of the answers. What I hope to achieve here is simply
to provide a source of some of the information I have, which can be
helpful in the on-going effort to educate the growing population
of computer system administrators. The pages described here were
created some time ago, and some of the examples used may seem dated,
but the fundamentals they discuss continue to be relevant.
Web pages I've created to assist people in keeping their systems
secure. I hope these continue to help people.
- Securing Passwords
- (created 2000-10-13) A discussion of issues surrounding
the perceived security of re-usable passwords.
- Securing Unix and Linux Systems
- (created 2000-09-20) So you want to set
up a Unix server, but you'd like to do it securely? Here's a list
of hopefully useful pointers to get you moving in the right
Computer security advisories:
These advisories were written for the Concordia University community
in Montreal, Canada, but were no doubt relevant to others as well:
- (released 1999-03-29) Users of Microsoft
Word-97 or Word-2000 may, under certain circumstances be affected
by an email borne "virus" (it's a
worm, actually), that has numerous malicious
- FrontPage Server Extensions
- (released 1999-04-22) Web servers with
FrontPage Server Extensions with incorrect configuration could
permit remote users to gain access to privileged accounts on the
system hosting the web server.
- Telephone Scam
- (released 1999-06-07) On some business
telephone systems, it may be possible for an outside caller to
gain control of a telephone line and make calls charged to that
Although these are no longer current issues, they're still
interesting. These contain source code to incidents that affected
people around the world:
- I LOVE YOU
- (released 2000-05-04) Similar to Melissa (above), this email-borne
worm-style virus carries multiple payloads. Formatted and
- Very Funny
- (released 2000-05-04) Essentially a copy
of the I LOVE YOU worm, with
different file names.
- Very Funny (diff)
- See the differences between I LOVE
YOU and Very Funny.
Links to Remote Documents:
- A document by Oliver Friedrichs, of the secprog
- Secure Programs HOWTO
- David Wheeler's HOWTO on secure programming. David Wheeler
also has a
- The Stanford SRP Authentication
- by integrating secure password authentication into widely used
protocols instead of adding security as an afterthought, SRP
improves network security from the ground up.
- PERL Guide and Resources
- A collection of reference material and resources aimed at PERL