Security & encryption

This page was written by Christopher Spry.

• Ad-aware software to remove 'spyware' installed by rogue online resources.
• Advanced Encryption Standard (AES) data encryption replaces DES and is a US Government standard.
• BugTraq details of current computer security issues. Bugtraq Archive. 
• Global Incident Analysis Center (GIAC)
• SecurityFocus
• Security / Hacker News (FDMA)
• Spamcop.net A free service to send reports on spam emails to service providers, to help close down spamming sites.
• 'my | NetWatchman' advice and reporting, if you consider that your computer or network is being attacked.
• 2600, security information by 'hackers'.
• 'AntiOnLine' security seen from the other side.
• 'Back Orifice 2000' software to control of computers remotely. System administrators need to study this potential threat to their systems.
• Building an e-commerce trust Infrastructure. Advice at 'Windows Magazine' on how to authenticate a web site to customers, use 128-Bit SSL encryption to secure a web servers and accept secure payments online.
• CERT, 'Computer Emergency Response Team' coordination center at Carnegie Mellon University. A free mailing list is available.
• CIAC, 'Computer Incident Advisory Capability' computer security incident response team for the U.S. Department of Energy. It publishes information on current and new security issues with suggestions for fixes.
• GFI's Email Security Testing Zone tests anti-virus programs by sending simulated emails to test known vulnerabilities.
• 'Kerberos' FAQ. Kerberos is a a network authentication system for use on physically insecure networks.
• 'libdes' library in Australia of encryption software to compile into other applications such as 'samba'. Mirror site in Oxford, UK. The latest libdes version is 4.01 13-Jan-97. Freeware, copyright 1997 by Eric Young.
• Network Associates. PGP cryptography for email etc. 'PGP International' provides free versions of the software. Software for all operating systems can be downloaded here. Help files, front ends etc. are also available. The PGP FAQ.
• 'Private Idaho', email encryption and security.
• RSA security including 'Keon' security software.
• SANS, System Administration, Networking and Security Institute. A free mailing list is available.
• 'Satan' security resources, Holland. Download v 1.1.1 from Oxford, UK.
• Security and clinical data, Ross J Anderson, Cambridge. Comments on the proposed introduction of a nationwide NHS network which has led to concerns about security.
• 'Stamper' free email-based resource to digital 'timestamp'  files and provide 'proof of posting certificates' for email, using PGP.  It was launched in 1995 by Matthew Richardson.
• VeriSign's 'Digital ID' enrolment services. A Digital ID provides a way to assure friends, business associates, and online services that the electronic messages they receive from you are authentic.
• WWW security FAQ, MIT. It has current information on many security problems with web servers, browsers etc.
• 'ZedZ Consultants Inc.' Security software resources in Holland. Formerley Replay.com.
• Advice for protecting web sites at ZDNET.

Windows 2000 'hotfixes': 

• Qchain lets you install multiple hotfixes under Windows 2000 and Windows NT without having to reboot after each one. To use Qchain, first install each required hotfix (in proper sequence) with the -z command-line switch, which tells the installation program not to reboot the OS after installing the fix, then download and run Qchain, which, according to article Q296861, "cleans the Pending File Rename Operations key in the registry to make sure that only the latest version of a file is installed after the computer is rebooted."
• Qfecheck is a utility program that inspects a Windows 2000 system to ensure that hotfixes are installed correctly. Hotfix information is stored in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates. Qfecheck reads information from that key and compares the information to files on the system to ensure those files are the proper versions. Qfecheck also ensures that the Windows File Protection (WFP) subsystem has the information it needs to protect those files from tampering.

The US National Security Agency (NSA) has released a set of guidelines and templates to help secure Windows 2000 systems. The materials contain five templates to use with Microsoft's Security Configuration Editor, 17 guides to secure various aspects of the OS, and three supporting documents with in-depth defence coverage and details about various popular software packages. 

Security programs for Windows 2000:

• BlackICE Defender firewall
• STAT
• 'ZoneAlarm Pro' firewall

Go to the 'home page'

© cspry@sghms.ac.uk. Department of Biochemistry & Immunology, St. George's Hospital Medical School, London SW17 0RE, UK. Phone +44 20-8725 5819; fax +44 20-8725 5821. This page was last updated on 23 May 2002 19:40:43.