These are tips and links to help you secure your machine on the Texas
A&M campus. Any questions about this can be referred to
security@net.tamu.edu.
An Information Technology Forum has been developed at Texas A&M
University to promote responsible information security practices
on campus. Meetings are held once a month that are centered around a
presentation and discussion of current campus IT issues for the
university environment. This forum also includes a Mailing List to provide communication
between meetings.
General Security Practices
Virus Protection
Encryption
Specific Operating System Preventions
General Security Practices For All Systems:
- Eliminate all extra services
- Only allow services to run on your machine that you absolutely
need. For example, unless you have a reason to have a webserver
on your host, do not install one or turn one on. Also, remove any
demo copies of software that came with your operating system. Know
what services should be running on your host.
- Know who logs onto your system
- Be aware of all people who log onto your system and log all activity
by those people. Carefully plan groups and their permissions. Users
need only those access rights to perform their duties.
- Use Good Passwords
- Do not use words from a dictionary, names, common phrases, etc. Do
use combinations of lower and upper case letters, number, special
characters, etc. Do Not write your password down for others
to see, do not include it in email correspondence, and do not tell
anyone else your password.
Important: Require users on your systems to change their passwords every 90 days.
- Password Protect Your Screen Saver
- This will prevent unauthorized people from getting access to your
system
- Keep your system Up To Date
- Apply patches, fixes, service packs, when available. Keep your
systems upgraded to the latest versions of software.
Virus Protection
Every machine on campus should be running some type of virus protection.
If you are faculty or staff, check with your department to see if they
provide the virus protection software for you. Also, the Software Evaluation and Licensing Library provides McAfee Virus Scan, among many other software products. If you are a student,
McAfee Virus Scan can be found at software.tamu.edu. In addition to this, there are many vendors that provide
virus protection software for you.
There are many more products out there, these are just a few recommended
sites. No matter which product you choose, the main thing to remember
is to Keep your virus signatures updated!. Virus protection
does not help if the software is not aware of the latest threats.
Encryption
Data passed through most network traffic is not encrypted. This includes
traffic that contains your account name and pasword. When logging onto
a remote system using utilities such as telnet or ftp, your account
name and password are sent over the network in plain text. This issue can
be resolve by encrypting all traffic between your host and a remote host.
Use the following utilities for protected traffic:
- SSH - Secure Shell
- Similar to telnet, but provides strong authentication and encryption
Clients:
PuTTY - available for Win32 platforms and has an xterm terminal emulator.
- SCP and SFTP - Secure Copy and Secure File Transfer Protocol
- Similar to ftp, but encrypts all file transfers
Clients:
WinSCP - Secure CoPy client for Windows 95/98/NT/2000/XP/ME
PuTTY - available for Win32 platforms and has an xterm terminal emulator.
- SSL - Secure Sockets Layer
- Protocol mainly used for securing http traffic
Implementations:
OpenSSL - Open Source implementation of SSL
Apache-SSL - A secure webserver based on Apache and OpenSSL
- VPN - Virtual Private Network
- Available if you are connecting to campus from off-campus (outside the
campus firewall) and want all traffic encrypted. More information and
VPN clients can be found at the CIS Network Group's VPN page.
Specific Operating System Preventions
Each operating system has different vulnerabilities and preventions that
are specific to that system. We have provided information and links on
each system to try and help you keep that system secure.
For future information and discussion on vulnerabilities and patches
for all operating systems and the applications that run on them, join
the Security Focus.
Windows
- Personal Firewalls
- Personal Firewalls provide protection for your system from intrusions
and attacks. These firewalls can be configured to block certain
types of traffic from reaching your host. More information about
these firewalls, and how to configure them, can be found at their
sites.
- BlackIce
Zone Alarm
Norton
McAfee
- Microsoft Baseline Security Analyzer - MBSA performs local or remote scans of Windows systems and looks for missing
hotfixes and vulnerabilities.
- Windows Update - Windows Update scans your computer and provides you with a selection of updates available for your machine.
- NTBugtraq Mailing List - A mailing list for the discussion of security bugs found in Windows NT, Windows 2000, and Windows XP and their related applications.
Unix
- Tiger - Written at Texas A&M University to provide security checks for Unix systems.
- Logdaemon - Replacement deamons that provide better access control and logging capabilities than those that normally come with Unix systems (rlogin, rshd, login, telnetd, etc.)
- Wrapper Scripts - Scripts written to "wrap around" other non-secure
applicatons and provide secure communication.
- CERT's UNIX Security Checklist v2.0 - Details steps to improve the security of Unix Operating Systems.
Linux
- Bastille Linux - The Bastille
Hardening System attempts to secure the Linux operating system.