Difference between revisions of "General Computer Security"

From MidrangeWiki
Jump to: navigation, search
m (Malware plagues most everyone)
m
 
(12 intermediate revisions by one other user not shown)
Line 8: Line 8:
 
What is needed for good security is a moving target because the bad guys are developing new kinds of scams and finding vulnerabilities all the time.  Thus, we need to stay current with what kinds of threats are out there, evolving, getting worse.
 
What is needed for good security is a moving target because the bad guys are developing new kinds of scams and finding vulnerabilities all the time.  Thus, we need to stay current with what kinds of threats are out there, evolving, getting worse.
  
 +
* [[Security Check Lists]] are available from many organizations.
 
* '''e-com-sec''' Yahoo Moderated International Discussion Group hosted out of Europe http://groups.yahoo.com/group/e-com-sec/messages
 
* '''e-com-sec''' Yahoo Moderated International Discussion Group hosted out of Europe http://groups.yahoo.com/group/e-com-sec/messages
 +
* Several '''[[Research Firms]]''' study 400, security, and industry applications.
 
* '''RISKS''' http://catless.ncl.ac.uk/Risks
 
* '''RISKS''' http://catless.ncl.ac.uk/Risks
 
* '''SECURITY IN THE NEWS''' http://www.thei3p.org/news/today.html  You can subscribe to week day digests of new stories in the news about Security
 
* '''SECURITY IN THE NEWS''' http://www.thei3p.org/news/today.html  You can subscribe to week day digests of new stories in the news about Security
Line 22: Line 24:
  
 
* http://www.prepare.org/
 
* http://www.prepare.org/
 +
 +
=== Who Linking to Me ? ===
 +
 +
For a variety of reasons, we sometimes want to know what other web sites are linking to OURs.  Here is how to find out.
 +
 +
# Get to a major search engine such as Google
 +
## link
 +
### The query '''link:''' will list webpages that have links to the specified webpage. For instance, '''link:www.google'''
 +
## So, head on over there and search for
 +
### link:wiki.midrange.com
 +
## no documents found by [[User:Al Mac|Al Mac]] June 10 http://www.google.com/search?q=link:http://wiki.midrange.com/index.php/&hl=en&lr=&tab=nw&ie=UTF-8&sa=N
 +
## it may be that no-one has yet informed Google and other search engines that we exist, or that this only works for links to a specific page
 +
## Check here for guidance how to make sure major search engines know we exist http://radio.weblogs.com/0107846/stories/2002/09/29/searchEngineTips.html
  
 
== 400 Security ==
 
== 400 Security ==
Line 28: Line 43:
 
* [[Exit point security tools]] vendor list
 
* [[Exit point security tools]] vendor list
 
* [[IBM Security Manuals]]
 
* [[IBM Security Manuals]]
 +
* [[Security 400]] resources
 
* [[SYSCMDUSNO]] program to rapidly spot some problems needing IT attention
 
* [[SYSCMDUSNO]] program to rapidly spot some problems needing IT attention
  
Line 37: Line 53:
  
 
* [[Password Write Down Systems]] = if you have so many passwords to remember, they often have to change, and you have to share some with co-workers, here are some ideas on how to write them down, so that if the written down stuff falls into wrong hands, they still cannot sign on using the written down passwords.
 
* [[Password Write Down Systems]] = if you have so many passwords to remember, they often have to change, and you have to share some with co-workers, here are some ideas on how to write them down, so that if the written down stuff falls into wrong hands, they still cannot sign on using the written down passwords.
 +
 +
We live in a world of computer users who fall into two categories
 +
* Those of us who can spend most of our time getting advantage of the capabilities of computers, because we are on a system that has security built in from the foundations by [[IBM]].
 +
* Individuals who must spend a large chunk of their time battling computer security problems, because their computer providers added security as an afterthought, and it not work very well, like adding a padlock to a camping tent.  Those realities contain a vast untapped population for [[Marketing eServers]].
 +
 +
We have seen statistics saying that Administrators of Computer Systems outside that of the [[IBM]] [[eServer]] systems have to spend upwards of 1/3 their annual time and operating budget to deal: with Computer Security Problems that are unheard of in the 400 world; and Data Base Administration that comes native to the [[AS/400]] [[iSeries]].  This has created a humongous computer security industry that is larger than the GDP of many nations, to serve enterprises that are ignorant of the [[IBM]] alternatives.
  
 
=== Security Certification ===
 
=== Security Certification ===
Line 61: Line 83:
  
 
* FTC http://www.consumer.gov/idtheft/
 
* FTC http://www.consumer.gov/idtheft/
 +
 +
Notice advice about getting a shredder for the home before throwing out those advertisements for credit cards, info about bills paid etc?  There was a story on TV that before we get that shredder we need to check Consumer Reports on it, because some are not child safe ... kids can lose fingers.
 +
{{delete|not really IBM i related, IMO}}

Latest revision as of 22:50, 19 December 2008

Here are links of general Computer Security interest, not limited to the 400, such as PCs running on Microsoft or some other OS.

Al Mac original intent with this article is to be an index directory overview, with separate individual articles detailing the many nuances.

Security News and Discussion

What is needed for good security is a moving target because the bad guys are developing new kinds of scams and finding vulnerabilities all the time. Thus, we need to stay current with what kinds of threats are out there, evolving, getting worse.

Real World Security

Security is not just protecting what is on the computer, it is also physical security with respect to people getting into the building that houses the computer system, and considerations in case of a natural disaster.

General Disasters

Places like the Red Cross have check lists of what you need before a disaster. For example, suppose the power goes out and you are in the computer room. Can you find the flash light so that you can get out without stumbling over a lot of stuff, like kicking the 400?

Who Linking to Me ?

For a variety of reasons, we sometimes want to know what other web sites are linking to OURs. Here is how to find out.

  1. Get to a major search engine such as Google
    1. link
      1. The query link: will list webpages that have links to the specified webpage. For instance, link:www.google
    2. So, head on over there and search for
      1. link:wiki.midrange.com
    3. no documents found by Al Mac June 10 http://www.google.com/search?q=link:http://wiki.midrange.com/index.php/&hl=en&lr=&tab=nw&ie=UTF-8&sa=N
    4. it may be that no-one has yet informed Google and other search engines that we exist, or that this only works for links to a specific page
    5. Check here for guidance how to make sure major search engines know we exist http://radio.weblogs.com/0107846/stories/2002/09/29/searchEngineTips.html

400 Security

BPCS Security

Computer Security in General

  • Password Write Down Systems = if you have so many passwords to remember, they often have to change, and you have to share some with co-workers, here are some ideas on how to write them down, so that if the written down stuff falls into wrong hands, they still cannot sign on using the written down passwords.

We live in a world of computer users who fall into two categories

  • Those of us who can spend most of our time getting advantage of the capabilities of computers, because we are on a system that has security built in from the foundations by IBM.
  • Individuals who must spend a large chunk of their time battling computer security problems, because their computer providers added security as an afterthought, and it not work very well, like adding a padlock to a camping tent. Those realities contain a vast untapped population for Marketing eServers.

We have seen statistics saying that Administrators of Computer Systems outside that of the IBM eServer systems have to spend upwards of 1/3 their annual time and operating budget to deal: with Computer Security Problems that are unheard of in the 400 world; and Data Base Administration that comes native to the AS/400 iSeries. This has created a humongous computer security industry that is larger than the GDP of many nations, to serve enterprises that are ignorant of the IBM alternatives.

Security Certification

Even if you do not get a "Diploma" as an expert in some aspect of Security, the outlines of the classes offered are a good review of topics we might want to become more knowledgeable about.

Malware plagues most everyone

What I mean is a constantly added to collection of all kinds of bad guy stuff on the Misinformation Highway, such as viruses, spam, phishing. No one can make a complete list of the threats because soon after we post it, there are new types of threats out there.

US Gov and US States

Spend some time checking out the US Gov analyses of where the global security threats are (bottom of National Governor's directory of security resources) http://www.nga.org/center/topics/1,1188,D_4440,00.html

Identity Theft Resources

This is intended as resources to help fight the problem.

Notice advice about getting a shredder for the home before throwing out those advertisements for credit cards, info about bills paid etc? There was a story on TV that before we get that shredder we need to check Consumer Reports on it, because some are not child safe ... kids can lose fingers.