LisaNov2004TutorialR4 < CF

CF Web>CscfSpecific>LisaNovember2004>LisaNov2004TutorialR4 (2005-04-27, MikePatterson) (raw view)

Next-Generation Security Tools

Security policy includes *what* you are securing - include assumptions (like physical security: "we assume that the building is secured against unauthorized entry").

"Attack surface" - lots or little ports listening, what they do, etc

Some switches revert to hubs when they get overloaded - switched networks aren't safer.  (But we knew that already, ettercap.)

NSA has OS security guidelines on their site.

Sample intrusion policy for us:
   * PCs
   * research group servers
   * core servers
   * sysadmin staff workstations

Hard disk encryption
   * Pointsec (Win32)
   * Mobile Armour (Win32, Linux, *maybe* Mac OS X)
   * people had bad experiences with PGP Disk
   * File Vault - ambivalent
   * Built in Windows agent is ok, but uses escrow by default - and it's the local admin, unless you change it

Problems with passphrases: sometimes they get truncated "silently"

-- Main.MikePatterson - 27 Apr 2005

Topic revision: r1 - 2005-04-27 - MikePatterson

Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.

Other Webs

My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images

Edit