Computer Security Links

Last Change: 24 July, 2003

Introduction

If you're reading this, computer security is probably of interest to you, whether or not you know it. While the field of computer security is deep and rapidly changing, there are basic principles that are both easy to learn and broadly applicable. Because computers are widely used to conduct daily business (in the U.S. and elsewhere), these principles deserve to be widely known, and are crucial to the background of all informed citizens of a democratic society.

This page is a work in progress. If you have questions about security, please feel free to send email, and I'll do my best to answer or point out applicable resources. The links below currently overlap considerably with my GNU/Linux page. This will change gradually.

Free (Libre) Software

If you are new to Free software (for example, if you think "Free" refers to price:) you may find these papers helpful in getting oriented:

A short Windows/Unix dictionary (plain text)
An essay on operating systems, giving an overview of the kernel, libraries, and a brief introduction to GNU/Linux and the open source/free software community.
An introduction to GNU/Linux (mostly) for Windows users, online as HTML, or as a printable PDF file.
There's a longer, less well-proofread paper on computers, security, and civil liberties, available in PDF.
Finally, there is a 6-page Unix primer available in PDF

Freedom of access to information is the essence of the Free software movement.

System Security

If you have installed a RedHat-based distribution, there are steps you should take to secure your machine. This short paper is a guide to disabling services and setting up a firewall.

These are links to external sites:

How secure is your PC? While this question has no easy answer, a good first approximation is to see what web sites you visit can learn about you. These links will connect you to sites that benignly scan your computer looking for information leaks and possible doors an attacker could use to gain access to your machine. These links are provided WITHOUT ANY WARRANTY WHATSOEVER, INCLUDING (BUT NOT LIMITED TO) ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, just like all no-cost information.

Sygate, a commercial firewall provider
Gibson Research, a commercial firm that develops security products for Windows. (Look for the "Shields Up" link near the middle of the page.)

If you attempt to use these links from on campus, the firewall will block the probe. However, scanning your own machine can be tellingly valuable if you are on a dial-up connection, or are otherwise unprotected from the Internet.

Lance Spitzner's web site, with links to his excellent security papers.

Dave Dittrich's page on Rootkits; what they are, and how to combat them.

System Forensics (also from Dittrich's site); what to do if you've been r00ted.