COMPUTER SECURITY

Joey Kelly
joey@joeykelly.net
http://joeykelly.net

# This is an outline of a talk I gave at 
# New Orleans Linux Users Group (http://nolug.org) in 2002



I. User security
   A. Passwords
      1. Choosing
      2. Sending
      3. Lending
      4. Storing
         a. Written down or stored in a file
         b. Password managers (Netscape 6, Mozilla, etc.)
   B. Data
      1. Unauthorized access
         a. Computer security
            i. Local (office, LAN, etc.)
            ii. Internet
         b. File security (file permissions, etc.)
      2. Encryption
      3. Backups
   C. Secure operating systems and client programs

II. Server Security
   A. Unneeded services
   B. Outdated applications
   C. Secure operating systems
   D. Firewalls
      1. Packet filters
      2. Proxies
      3. Application firewalls (Zone Alarm)
      4. Server and host firewalls
   E. Virtual private networks (VPNs)
   E. Logging
   F. Intrusion detection

III. Application Security
   A. Bugs
      1. Buffer overflows, memory leaks, etc. (C, Java, interpreted languages)
      2. Syntax errors (e.g. the >= bug in openssh)
   B. User input
   C. Account privileges
      1. Database accounts
      2. User accounts
         1. Normal users
         2. Admins (MUD, weblog, irc bot, etc.)
   D. Encrytion
   E. Sessions
   F. Eavsdropping
      1. Sniffing
      2. File permissions
   G. Secure server programs