Library & ITS Wiki
Security
Contents
Customer-Focused Security Resources
- Educause's YouTube Channel: http://www.youtube.com/user/SecurityVideoContest (free)
- National Security Institute has a paid product designed specifically as a form of monthly security training (and/or free newsletter) for customers:
http://www.nsi.org/security-sense.html
Security Standards, Guidelines and Best Practices From Other Institutions
Relevant Security Conferences
- NERCOMP - Securing the eCampus 2010:
http://www.nercomp.org/events/event_single.aspx?id=6211 - CAMP IT - 'Enterprise Risk /Security Management - Leakage/Loss/Metrics
http://www.targetedconferences.com - Educause - Annual Security Professionals Conference
http://net.educause.edu/securityconference - SANS (one of the most well-established security firms) has offering specific to various IT areas. Their training options are offered at nearby locations, albeit not at all times of the year:
http://www.sans.org/boston-2010/
Security Webcasts and Webinars
- Microsoft:
http://www.microsoft.com/events/series/security360.mspx (seems more relevant, i.e. 360 degree)
http://www.microsoft.com/events/security/default.mspx (fairly specific to server/client security patching)
Onsite Security Training
Recommended Security Resources
Information Security Guide: Effective Practices and Solutions for Higher Education (from Educause):
https://wiki.internet2.edu/confluence/display/itsg2/Home
- IT Security Office at U Iowa. Extensive.
http://itsecurity.uiowa.edu/ - UPenn IS Documents. Lots of customer oriented ones:
http://www.upenn.edu/computing/security/index.php - The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents:
http://www.us-cert.gov/current/index.html - Standards for workstations, servers and mobile devices in compliance with UCF security policies and best practices:
http://www.infosec.ucf.edu/computer_security_standards.htm - University of Rhode Island Information Security Office. Of particular interest are the policies:
https://security.uri.edu/policies/ - Sinclair Community College Information Security Policy
http://www.sinclair.edu/about/information/usepolicy/pub/infscply/Sinclair_Information_Security_Policy.htm
Other Resources
- KSU OSX Server Security Best Practices:
http://www.kennesaw.edu/infosec/docstore/procedures/MacSBPv2.pdf - Mac OS X 10.4 Security Checklist:
http://www.utsa.edu/oit/PDF/Mac_OSX_Checklist.pdf - Mac OS X Security Configuration Guides:
- http://uccsc2009.ucdavis.edu/preso/MacOSX_Security_Riley.pdf
- Virginia Tech:
http://www.security.vt.edu/ - http://www.jmu.edu/computing/security/
- A.C.T.I.O.N.S:
http://digitalenterprise.org/security/security.html
Security Resources for Apple Products
Security Guides for Apple Products
General Security Tools and Resources for Apple Products
- How to capture a packet trace: http://support.apple.com/kb/HT3994
- Issues with pinging a Mac computer: http://support.apple.com/kb/HT3895
- Debug Mac OS X Network Issues with lsof: http://www.devdaily.com/apple/mac-os-x-network-internet-ports-lsof-netstat
Bonjour - aka Zeroconf or mDNS
- Bonjour: Frequently asked questions (FAQ) -- http://support.apple.com/kb/HT2250 and http://developer.apple.com/networking/bonjour/faq.html
- Mac OS X Server v10.6: Disabling Server Bonjour Registration broadcast to client computers -- http://support.apple.com/kb/HT3896
- http://www.apple.com/support/bonjour/ and http://developer.apple.com/networking/bonjour/index.html
- http://en.wikipedia.org/wiki/Zero_configuration_networking and http://en.wikipedia.org/wiki/Bonjour_(software)
Securing Bonjour
- http://www.jamfsoftware.com/kb/article.php?id=187
- Disable Bonjour: http://www.macosxhints.com/article.php?story=20050707222434355
See also: Security Standards, Guidelines and Best Practices From Other Institutions
Macs and Wireless Security
- Connecting to an 802.1X/WEP network with a saved 802.1X profile prompts for password: http://support.apple.com/kb/TS2975
Macs and DHCP Security
- DHCP-provided LDAP not used for authentication in Mac OS X v10.6, Mac OS X Server v10.6: http://support.apple.com/kb/HT3844
Macs and Networking Security
- Mac OS X Network Primer from Princeton.edu: http://www.net.princeton.edu/mac/network-config-x/
- Mac OS X Network Caveats from Princeton.edu: http://www.net.princeton.edu/mac/network-config-x/caveats.html
- In depth: Tips on Bringing Up a UNIX Network Driver -- examples of ifconfig, arp, tcpdump, netstat
- Certain portions of the Apple Certification Program offer insight on Mac OS X Security and Networking: http://training.apple.com/certification/macosx
iOS - iPhone, iPad Security Issues
Secure Media Use
(mainly on the topic of securely destroying data)
- Secure Media Reuse -- mentions Darik Boot and Nuke, and University of California's Secure Erase.
- Built-in Windows and Mac commands for secure deletion of data: del.exe combined with cipher.exe on Windows. srm on Macs.
http://lifehacker.com/5570042/securely-overwrite-files-with-a-built+in-command-line-trick
Security Organizations, Services, Appliances, Software
List of security organizations and associations
List of security appliances
- Symantec http://news.cnet.com/8301-17938_105-20004810-1.html
- Netezza Corporation
- Review of 12 NAC devices (like Bradford campus manager): http://www.computerworld.com/s/article/9178320/Ultimate_guide_to_network_access_control_products
- SPAM Firewall / E-mail scanning: Barracuda; Proofpoint. Note that proofpoint has a module that if enabled automatically quarantines data like Credit Card numbers and SSNs, etc.
Misc Notes Regarding Security
- This page was last edited on 11 May 2012, at 15:28.
- Privacy policy
- About Library & ITS Wiki
- Disclaimers