Security & encryption
This page
was written by Christopher Spry.
- Ad-aware
software to remove 'spyware' installed by rogue online resources.
- Advanced Encryption
Standard (AES) data encryption replaces DES and is a US Government
standard.
- BugTraq
details of current computer security issues. Bugtraq
Archive.
- Global
Incident Analysis Center (GIAC)
- SecurityFocus
- Security
/ Hacker News (FDMA)
- Spamcop.net
A free service to send reports on spam emails to service providers, to help
close down spamming sites.
- 'my
| NetWatchman' advice and reporting, if you consider that your computer
or network is being attacked.
- 2600,
security information by 'hackers'.
- 'AntiOnLine'
security seen from the other side.
- 'Back Orifice
2000' software to control of computers remotely. System administrators need to study
this potential threat to their systems.
- Building an
e-commerce trust Infrastructure. Advice at 'Windows Magazine' on how to authenticate
a web site to customers, use 128-Bit SSL encryption to secure a web servers and accept secure payments online.
- CERT,
'Computer Emergency Response Team' coordination center at Carnegie Mellon University. A
free mailing list is available.
- CIAC,
'Computer Incident Advisory Capability' computer security incident response team for the
U.S. Department of Energy. It publishes information on current and new security issues
with suggestions for fixes.
- GFI's Email Security Testing Zone
tests anti-virus programs by sending simulated emails to test known
vulnerabilities.
- 'Kerberos'
FAQ. Kerberos is a a network authentication system for use on physically insecure
networks.
- 'libdes' library in Australia of
encryption software to compile into other applications such as 'samba'. Mirror
site in Oxford, UK. The latest libdes version is 4.01 13-Jan-97. Freeware, copyright
1997 by Eric Young.
- Network
Associates. PGP cryptography for email etc. 'PGP
International' provides free versions of the software. Software for all operating
systems can be downloaded here. Help files, front ends etc. are also available. The PGP FAQ.
- 'Private
Idaho', email encryption and security.
- RSA security
including 'Keon' security software.
- SANS,
System Administration, Networking and Security Institute. A free mailing list is
available.
- 'Satan' security resources, Holland.
Download v 1.1.1 from Oxford,
UK.
- Security and
clinical data, Ross J Anderson, Cambridge. Comments on the proposed introduction of a
nationwide NHS network which has led to concerns about security.
- 'Stamper' free email-based resource to
digital 'timestamp' files and provide 'proof of posting certificates' for email,
using PGP. It was launched in 1995 by Matthew Richardson.
- VeriSign's 'Digital ID' enrolment
services. A Digital ID provides a way to assure friends, business associates, and online
services that the electronic messages they receive from you are authentic.
- WWW security FAQ,
MIT. It has current information on many security problems with web servers, browsers etc.
- 'ZedZ
Consultants Inc.' Security software resources in Holland. Formerley
Replay.com.
- Advice for protecting web sites at ZDNET.
Windows 2000 'hotfixes':
- Qchain
lets you install multiple hotfixes under Windows 2000 and Windows NT without
having to reboot after each one. To use Qchain, first install each required hotfix (in proper sequence) with the -z command-line switch, which tells the installation program not to reboot the OS after installing the
fix, then download
and run Qchain, which, according to article Q296861, "cleans the Pending File Rename Operations key in the registry to make sure that only the latest version of a file is installed after the computer is rebooted."
- Qfecheck
is a utility program that inspects a Windows 2000 system to ensure that hotfixes are installed correctly. Hotfix information is stored in the registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates. Qfecheck reads information from that key and compares the information to files on the system to ensure those files are the proper versions. Qfecheck also ensures that the Windows File Protection
(WFP) subsystem has the information it needs to protect those files from tampering.
The US National Security Agency
(NSA) has released a set of guidelines and templates to help secure Windows 2000 systems. The materials contain
five templates to use with Microsoft's Security Configuration Editor, 17 guides to secure various aspects of the OS, and
three supporting documents with in-depth defence coverage and details about various popular software packages.
Security programs for Windows 2000:
Go to the 'home
page'
© cspry@sghms.ac.uk.
Department of Biochemistry & Immunology, St. George's Hospital Medical
School, London SW17 0RE, UK. Phone +44 20-8725 5819; fax +44 20-8725 5821.
This page was last updated on
23 May 2002 19:40:43.