Computer Security Links
Last Change: 24 July, 2003
Introduction
If you're reading this, computer security is probably of interest to
you, whether or not you know it. While the field of computer security
is deep and rapidly changing, there are basic principles that are both
easy to learn and broadly applicable. Because computers are widely used
to conduct daily business (in the U.S. and elsewhere), these principles
deserve to be widely known, and are crucial to the background of all
informed citizens of a democratic society.
This page is a work in progress. If you have questions about security,
please feel free to send email, and I'll do my best to answer or point
out applicable resources. The links below currently overlap considerably
with my GNU/Linux page. This will
change gradually.
Free (Libre) Software
If you are new to Free software (for example, if you think "Free"
refers to price:) you may find these papers helpful in getting
oriented:
-
A short
Windows/Unix dictionary (plain text)
An essay on operating
systems, giving an overview of the kernel, libraries, and a brief
introduction to GNU/Linux and the open source/free software
community.
-
An introduction to GNU/Linux (mostly) for Windows users, online as
HTML, or as a
printable PDF file.
-
There's a longer, less well-proofread paper on computers, security,
and civil liberties, available in
PDF.
-
Finally, there is a 6-page Unix primer available in
PDF
Freedom of access to information is the
essence of the Free software movement.
System Security
If you have installed a RedHat-based distribution, there are steps you
should take to secure your machine. This
short paper is a guide
to disabling services and setting up a firewall.
These are links to external sites:
- How secure is your PC? While this question has no easy answer,
a good first approximation is to see what web sites you visit can learn
about you. These links will connect you to sites that benignly scan your
computer looking for information leaks and possible doors an attacker
could use to gain access to your machine. These links are provided
WITHOUT ANY WARRANTY WHATSOEVER, INCLUDING (BUT NOT LIMITED TO) ANY
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
just like all no-cost information.
- Sygate,
a commercial firewall provider
- Gibson Research,
a commercial firm that develops security products for Windows. (Look
for the "Shields Up" link near the middle of the page.)
If you attempt to use these links from on campus,
the firewall will block the probe. However, scanning your own machine
can be tellingly valuable if you are on a dial-up connection, or are
otherwise unprotected from the Internet.
- Lance Spitzner's
web site,
with links to his excellent security papers.
- Dave Dittrich's page on
Rootkits; what they are, and how to combat them.
-
System Forensics (also from Dittrich's site); what to do if
you've been r00ted.