Click here to generate a text only version of this page
Click here to go to the Birkbeck, University of London home page
Click here for help with using the Birkbeck web site
IT Services
Printer icon Printable version 

Additional sources of information on Computer Security

This document is mainly intended for people running their own servers or setting up networked applications. If the only computers you use at college are the ITS workstations, or PCs in your office, you probably don't need to bother with this.

More Information About Security

The best way to learn about or keep up to date with computer and network security issues is by reading relevant websites and Usenet newsgroups. There are also many good books available, though they go out-of-date quickly.

The following is a list of web sites that we have found interesting or useful. There are many, many more, and most of the sites listed below have lists of links longer than this one!

Places to get advice on security:

A good place to start is JANET-CERT at http://www.ja.net/services/csirt/index.html They contain simple advice in not-very-technical language, including up-to-date accounts of problems (and advice on fixes).

The original CERT (which used to stand for "Computer Emergency Response Team"  is a US government funded agency at Carnegie Mellon University and the nearest thing the Internet has to an "official" security co-ordinator. They have a large amount of excellent advice on security issues and it is a good idea to print out and keep any of their papers that are relevant to your systems (print them out because when you really need to read them your computers might not be working)

Recommended reading are these three CERT documents to start with: Intruder Detection Checklist, Recovering from an Incident and Unix Configuration Guidelines

It is a good idea to spend some time looking at their material yourself to see what is relevant to you - perhaps start at CERT Frequently Asked Questions or tech tips and security improvements, which contain more detailed advice about some problems.

Other useful sources of security guidelines include Web security FAQ (you ought to read this if you are running a web server) and SANS who run training courses and publish books on computer security. They issue free weekly & monthly email newsletters which have been very good in the past, especially on Windows issues. Some of the online advice here is very good.

Windows-specific sites:

Attacks on web servers are now more common against Windows systems than against Unix systems. Regular reports are posted to CERT and the other sites.

Many people think that because Microsoft is often very secretive about its products, the most up-to-date information comes from other sources such as NT Bugtraq and NT security.

Microsoft's own information can be found through: Microsoft Security Home Page

Reports of security incidents and known problems:

In addition to Janet CERT, many other people keep records of security incidents and publish advice on fixing them. There is a (long) list of such organisations at Forum of Incident Response and Security Teams. Security focus links to to Bugtraq and many other resources. Another useful site is CIAC (part of the US Department of Energy - who are perhaps more security-conscious than our equivalent - among other things they run nuclear weapons factories and they started the Human Genome Project).

It is a good idea to look at all these sites at least once to see if there is anything useful to you and to to check at least one of them regularly (US CERT is probably the easiest) to see if there are any recent reports relevant to your systems.

The "Risks" mailing list contains accounts of risks arising from the use of computers and related technology. It has been going for over 15 years and is, in effect, the journal of record of computer security and reliability. It is also, sometimes, amazingly funny. Back copies can be read at: Risks Digest. It is only updated every couple of weeks or so so it is not the best place to get information on new or urgent problems.

News about virus problems can be obtained from the anti-virus software companies. You can read more about hoaxes at Rob Rosenberg's Computer Virus Myths site.

Some other relevant material:

More general news can be found at sites like Need to Know (a rather sarcastic British weekly news site),  and Foundation for Information Policy Research (a UK political lobbying organisation who have lots of links to websites dealing with the political, legal & regulatory background to computer security).

Some policy statements:

Birkbeck computing regulations have pointers to other regulatory information. We also have a Code of Practice and Guidelines for college web servers. The JANET acceptable use policy pdf formatand security policy pdf formatare also applicable.

 

 
IT Services, Birkbeck, University of London, Malet Street, London WC1E 7HX, Telephone: 020 7631 6543, Fax: 020 7631 6556.
Please report any problems with the ITS web site to its-web@bbk.ac.uk.