Good Practice - some useful links

Note that this is not a complete list, merely a few useful links. Many of the sites mentioned have other informative material and it is worth a browse round rather than just picking up the one document. Many of these sites also have useful links to other sites.

Cambridge documentation

Longer documents and other websites.

• Two related documents
  • Security implications of attaching a computer to a College or Departmental network
  • Having a connection to a College network
• Windows system security (PC Support), includes information on securing IIS, SQL/MSDE
• Unix system security (Unix Support)
• Macintosh security (Mac Support)
• Security advice on portable equipment (University secretariat)
• Network Security Guidelines for External Service Providers, Consultants and Contractors
• Friendly probing (requires Raven login)

Other notes

• Port blocks on the CUDN (local users only)
• What is a portscan?
• Phishing - they're after youre account details and other Scam emails (with some sample messages)

External documentation

Cross platform

• Social Networking Safety - a good page from Microsoft.
• US-CERT Cyber Security Tips, their description is "Cyber Security Tips describe and offer advice about common security issues for non-technical computer users."
• Security Configuration Guides (National Security Agency) - select appropriate topic from left hand menu
• The SANS (SysAdmin, Audit, Network, Security) Institute
• FIRST Best Practice Guide Library (Forum of Incident Response and Security Teams).
• Security in-a-box: Tools and tactics for your digital security - includes a 'how-to' booklet, and guides to several freeware or open source tools
• CPNI (Centre for the Protection of National Infrastructure)

Microsoft Windows

• Microsoft's own pages
• Windows OS Security Articles and Tutorials" from WindowSecurity.com

Unix, including Linux

• Red Hat Linux
• SuSE Linux
• Ubuntu
• UNIX and Linux Security Checklist v3.0 from AUSCERT
• Linux SECURITY.COM

Macintoshes

• Apple's own pages
• SecureMac.com

Network (and network services)

• Cisco
• Firewalls
  • SANS papers on Firewalls and Perimeter Protection
• Web servers
  • W3C Security Resources
  • Apache security tips

Tools

• Nessus (vulnerability scanner)
• NIST Vulnerability Database (USA)
• Snort (lightweight network intrusion detection)

Other security teams

• JANET-CSIRT
• CERT Coordination Center - the original CERT team and one of the largest repositories of information about computer security. The centre produces advisories and many guides to good practice. The statistics relating to trends in security incidents also make illuminating reading.
• Australian CERT. The CERT Coordination Center and the Australian CERT team have produced several joint documents.
• CPNI - Centre for the Protection of National Infrastructure - UK
• US-CERT, including the Cyber Security Bulletins which provide provide weekly summaries of new or updated vulnerabilities, exploits, trends, viruses and trojans. A good "one stop" for checking.

Other sources of security information and news

• SecurityFocus (incorporating Bugtraq)
• Computer Security Resource Center (US National Institute of Standards and Technology)
• US Department of Energy
• Help Net Security
• SecurityTracker (latest vulnerabilities)

Last updated: February 2012