Middlebury

Difference between revisions of "Security"

m
Line 1: Line 1:
 +
#REDIRECT [http://www.middlebury.edu/offices/technology/security]]
 +
 
== Customer-Focused Security Resources  ==
 
== Customer-Focused Security Resources  ==
  
Line 8: Line 10:
 
=== Relevant Security Conferences  ===
 
=== Relevant Security Conferences  ===
  
*NERCOMP - Securing the eCampus 2010: <br>http://www.nercomp.org/events/event_single.aspx?id=6211  
+
*NERCOMP - Securing the eCampus 2010: <br>http://www.nercomp.org/events/event_single.aspx?id=6211
*CAMP IT -&nbsp;'Enterprise Risk /Security Management - Leakage/Loss/Metrics<br>http://www.targetedconferences.com  
+
*CAMP IT -&nbsp;'Enterprise Risk /Security Management - Leakage/Loss/Metrics<br>http://www.targetedconferences.com
*Educause - Annual Security Professionals Conference<br>http://net.educause.edu/securityconference  
+
*Educause - Annual Security Professionals Conference<br>http://net.educause.edu/securityconference
 
*SANS (one of the most well-established security firms) has offering specific to various IT areas. Their training options are offered at nearby locations, albeit not at all times of the year:<br>http://www.sans.org/boston-2010/<br>
 
*SANS (one of the most well-established security firms) has offering specific to various IT areas. Their training options are offered at nearby locations, albeit not at all times of the year:<br>http://www.sans.org/boston-2010/<br>
  
Line 23: Line 25:
 
=== Recommended Security Resources  ===
 
=== Recommended Security Resources  ===
  
'''Information Security Guide: Effective Practices and Solutions for Higher Education (from Educause):''' <br>https://wiki.internet2.edu/confluence/display/itsg2/Home  
+
'''Information Security Guide: Effective Practices and Solutions for Higher Education (from Educause):''' <br>https://wiki.internet2.edu/confluence/display/itsg2/Home
  
*IT Security Office at U Iowa. Extensive. <br>http://itsecurity.uiowa.edu/  
+
*IT Security Office at U Iowa. Extensive. <br>http://itsecurity.uiowa.edu/
*UPenn IS Documents. Lots of customer oriented ones:<br>http://www.upenn.edu/computing/security/index.php  
+
*UPenn IS Documents. Lots of customer oriented ones:<br>http://www.upenn.edu/computing/security/index.php
*The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents: <br>http://www.us-cert.gov/current/index.html  
+
*The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents: <br>http://www.us-cert.gov/current/index.html
*Standards for workstations, servers and mobile devices in compliance with UCF security policies and best practices:<br>http://www.infosec.ucf.edu/computer_security_standards.htm  
+
*Standards for workstations, servers and mobile devices in compliance with UCF security policies and best practices:<br>http://www.infosec.ucf.edu/computer_security_standards.htm
*University of Rhode Island Information Security Office. Of particular interest are the policies: <br>https://security.uri.edu/policies/  
+
*University of Rhode Island Information Security Office. Of particular interest are the policies: <br>https://security.uri.edu/policies/
 
*Sinclair Community College Information Security Policy<br>http://www.sinclair.edu/about/information/usepolicy/pub/infscply/Sinclair_Information_Security_Policy.htm
 
*Sinclair Community College Information Security Policy<br>http://www.sinclair.edu/about/information/usepolicy/pub/infscply/Sinclair_Information_Security_Policy.htm
  
 
=== Other Resources  ===
 
=== Other Resources  ===
  
*KSU OSX Server Security Best Practices:<br>http://www.kennesaw.edu/infosec/docstore/procedures/MacSBPv2.pdf  
+
*KSU OSX Server Security Best Practices:<br>http://www.kennesaw.edu/infosec/docstore/procedures/MacSBPv2.pdf
*Mac OS X 10.4 Security Checklist:<br>http://www.utsa.edu/oit/PDF/Mac_OSX_Checklist.pdf  
+
*Mac OS X 10.4 Security Checklist:<br>http://www.utsa.edu/oit/PDF/Mac_OSX_Checklist.pdf
*Mac OS X Security Configuration Guides:  
+
*Mac OS X Security Configuration Guides:
*http://uccsc2009.ucdavis.edu/preso/MacOSX_Security_Riley.pdf  
+
*http://uccsc2009.ucdavis.edu/preso/MacOSX_Security_Riley.pdf
*Virginia Tech:<br>http://www.security.vt.edu/  
+
*Virginia Tech:<br>http://www.security.vt.edu/
*http://www.jmu.edu/computing/security/  
+
*http://www.jmu.edu/computing/security/
 
*A.C.T.I.O.N.S:<br>http://digitalenterprise.org/security/security.html
 
*A.C.T.I.O.N.S:<br>http://digitalenterprise.org/security/security.html
  
Line 50: Line 52:
 
=== General Security Tools and Resources for Apple Products  ===
 
=== General Security Tools and Resources for Apple Products  ===
  
*How to capture a packet trace: http://support.apple.com/kb/HT3994  
+
*How to capture a packet trace: http://support.apple.com/kb/HT3994
*Issues with pinging a Mac computer: http://support.apple.com/kb/HT3895  
+
*Issues with pinging a Mac computer: http://support.apple.com/kb/HT3895
 
*Debug Mac OS X Network Issues with lsof: http://www.devdaily.com/apple/mac-os-x-network-internet-ports-lsof-netstat
 
*Debug Mac OS X Network Issues with lsof: http://www.devdaily.com/apple/mac-os-x-network-internet-ports-lsof-netstat
  
 
=== Bonjour - aka Zeroconf or mDNS  ===
 
=== Bonjour - aka Zeroconf or mDNS  ===
  
*Bonjour: Frequently asked questions (FAQ) -- http://support.apple.com/kb/HT2250 and&nbsp;http://developer.apple.com/networking/bonjour/faq.html  
+
*Bonjour: Frequently asked questions (FAQ) -- http://support.apple.com/kb/HT2250 and&nbsp;http://developer.apple.com/networking/bonjour/faq.html
*Mac OS X Server v10.6: Disabling Server Bonjour Registration broadcast to client computers -- http://support.apple.com/kb/HT3896  
+
*Mac OS X Server v10.6: Disabling Server Bonjour Registration broadcast to client computers -- http://support.apple.com/kb/HT3896
*http://www.apple.com/support/bonjour/ and&nbsp;http://developer.apple.com/networking/bonjour/index.html  
+
*http://www.apple.com/support/bonjour/ and&nbsp;http://developer.apple.com/networking/bonjour/index.html
 
*http://en.wikipedia.org/wiki/Zero_configuration_networking and&nbsp;http://en.wikipedia.org/wiki/Bonjour_(software)
 
*http://en.wikipedia.org/wiki/Zero_configuration_networking and&nbsp;http://en.wikipedia.org/wiki/Bonjour_(software)
  
 
==== Securing Bonjour  ====
 
==== Securing Bonjour  ====
  
*http://www.jamfsoftware.com/kb/article.php?id=187  
+
*http://www.jamfsoftware.com/kb/article.php?id=187
 
*Disable Bonjour:&nbsp;http://www.macosxhints.com/article.php?story=20050707222434355
 
*Disable Bonjour:&nbsp;http://www.macosxhints.com/article.php?story=20050707222434355
  
''See also: ''[[#Security_Standards.2C_Guidelines_and_Best_Practices_From_Other_Institutions|''Security Standards, Guidelines and Best Practices From Other Institutions'']]  
+
''See also: ''[[#Security_Standards.2C_Guidelines_and_Best_Practices_From_Other_Institutions|''Security Standards, Guidelines and Best Practices From Other Institutions'']]
  
 
=== Macs and Wireless Security  ===
 
=== Macs and Wireless Security  ===
Line 78: Line 80:
 
=== Macs and Networking Security  ===
 
=== Macs and Networking Security  ===
  
*Mac OS X Network Primer from Princeton.edu:&nbsp;http://www.net.princeton.edu/mac/network-config-x/  
+
*Mac OS X Network Primer from Princeton.edu:&nbsp;http://www.net.princeton.edu/mac/network-config-x/
*Mac OS X Network Caveats from Princeton.edu:&nbsp;http://www.net.princeton.edu/mac/network-config-x/caveats.html  
+
*Mac OS X Network Caveats from Princeton.edu:&nbsp;http://www.net.princeton.edu/mac/network-config-x/caveats.html
*In depth:&nbsp;[http://developer.apple.com/mac/library/documentation/DeviceDrivers/Conceptual/NetworkDriver/3_Tipsfolder/TipsonBringup.html#//apple_ref/doc/uid/TP40000913-CH203-TPXREF111 Tips on Bringing Up a UNIX Network Driver]&nbsp;-- examples of ifconfig, arp, tcpdump, netstat  
+
*In depth:&nbsp;[http://developer.apple.com/mac/library/documentation/DeviceDrivers/Conceptual/NetworkDriver/3_Tipsfolder/TipsonBringup.html#//apple_ref/doc/uid/TP40000913-CH203-TPXREF111 Tips on Bringing Up a UNIX Network Driver]&nbsp;-- examples of ifconfig, arp, tcpdump, netstat
 
*Certain portions of the Apple Certification Program offer insight on Mac OS X Security and Networking:&nbsp;http://training.apple.com/certification/macosx
 
*Certain portions of the Apple Certification Program offer insight on Mac OS X Security and Networking:&nbsp;http://training.apple.com/certification/macosx
  
Line 87: Line 89:
 
*http://www.csoonline.com/article/597711/iphones-ipads-in-the-enterprise-5-security-perspectives?page=2
 
*http://www.csoonline.com/article/597711/iphones-ipads-in-the-enterprise-5-security-perspectives?page=2
  
<br>  
+
<br>
  
 
== Secure Media Use  ==
 
== Secure Media Use  ==
  
(mainly on the topic of securely destroying data)  
+
(mainly on the topic of securely destroying data)
  
*[http://searchsecurity.techtarget.co.uk/tip/0,289483,sid180_gci1513750,00.html?track=sy260 Secure Media Reuse]&nbsp;-- mentions Darik Boot and Nuke, and University of California's Secure Erase.  
+
*[http://searchsecurity.techtarget.co.uk/tip/0,289483,sid180_gci1513750,00.html?track=sy260 Secure Media Reuse]&nbsp;-- mentions Darik Boot and Nuke, and University of California's Secure Erase.
 
*Built-in Windows and Mac commands for secure deletion of data: del.exe combined with cipher.exe on Windows. srm on Macs.<br>http://lifehacker.com/5570042/securely-overwrite-files-with-a-built+in-command-line-trick
 
*Built-in Windows and Mac commands for secure deletion of data: del.exe combined with cipher.exe on Windows. srm on Macs.<br>http://lifehacker.com/5570042/securely-overwrite-files-with-a-built+in-command-line-trick
  
Line 104: Line 106:
 
=== List of security appliances  ===
 
=== List of security appliances  ===
  
*Symantec&nbsp;http://news.cnet.com/8301-17938_105-20004810-1.html  
+
*Symantec&nbsp;http://news.cnet.com/8301-17938_105-20004810-1.html
*Netezza Corporation  
+
*Netezza Corporation
*Review of 12 NAC devices (like Bradford campus manager):&nbsp;http://www.computerworld.com/s/article/9178320/Ultimate_guide_to_network_access_control_products  
+
*Review of 12 NAC devices (like Bradford campus manager):&nbsp;http://www.computerworld.com/s/article/9178320/Ultimate_guide_to_network_access_control_products
 
*SPAM Firewall / E-mail scanning: Barracuda; Proofpoint. Note that proofpoint has a module that if enabled automatically quarantines data like Credit Card numbers and SSNs, etc.&nbsp;
 
*SPAM Firewall / E-mail scanning: Barracuda; Proofpoint. Note that proofpoint has a module that if enabled automatically quarantines data like Credit Card numbers and SSNs, etc.&nbsp;
  
 
== Misc Notes Regarding Security  ==
 
== Misc Notes Regarding Security  ==
  
*[[Insecure Protocols|Insecure Protocols]]  
+
*[[Insecure Protocols|Insecure Protocols]]
*Finding further security resources:<br>http://www.google.com/search?q=it+security+organization<br>http://www.educause.edu/resources/browse/topic<br>  
+
*Finding further security resources:<br>http://www.google.com/search?q=it+security+organization<br>http://www.educause.edu/resources/browse/topic<br>
 
*[http://blogs.middlebury.edu/petar/category/security/ Security Notes from Petar's blog]
 
*[http://blogs.middlebury.edu/petar/category/security/ Security Notes from Petar's blog]
  
 
[[Category:Security]]
 
[[Category:Security]]

Revision as of 16:11, 11 May 2012

  1. REDIRECT [1]]

Customer-Focused Security Resources

Security Standards, Guidelines and Best Practices From Other Institutions

Relevant Security Conferences

Security Webcasts and Webinars

Onsite Security Training

Recommended Security Resources

Information Security Guide: Effective Practices and Solutions for Higher Education (from Educause):
https://wiki.internet2.edu/confluence/display/itsg2/Home

Other Resources

Security Resources for Apple Products

Security Guides for Apple Products

General Security Tools and Resources for Apple Products

Bonjour - aka Zeroconf or mDNS

Securing Bonjour

See also: Security Standards, Guidelines and Best Practices From Other Institutions

Macs and Wireless Security

Macs and DHCP Security

Macs and Networking Security

iOS - iPhone, iPad Security Issues


Secure Media Use

(mainly on the topic of securely destroying data)

Security Organizations, Services, Appliances, Software

List of security organizations and associations

List of security appliances

Misc Notes Regarding Security

Powered by MediaWiki