Users Annual Guide to Information Security (pdf)

Securing Equipment

• Securing the personal computer
• Wireless security information
• Accessing Duke's VPN network
• Physical security for laptops
• Securely allowing remote access to servers
• Securely allowing scripts remote access to servers
• Media Control guidelines for Duke system administrators

Securing Data

• About the Duke NetID
• Why are the DUID and NetID public?
• Implementing Authentication for your Website
• Methods of authenticating with NetID
• Password security
• Identifying yourself to the OIT Help Desk via phone for password changes
• Protecting yourself against viruses, worms, and other malware
• Hacker FAQ - a user perspective
• Understanding "Phishing" attacks and identity theft
• Protecting your Social Security Number
• Protecting your credit card online
• Meeting the Payment Card Industry's Data Security Standard
• Avoiding Identity Theft

Miscellaneous

• How to display email headers for various Duke email clients
• Firewalls at Duke
• How to require NetID authorization to view a Duke web page
• Password protection information and tools for Duke system administrators
• Resources for computer programmers and web developers
• Vendor FAQ - for departments who are purchasing/leasing 3rd party computers/systems
• Responding to an incident (Unix/Mac)

Offsite IT Security Information and Documentation

• Vulnerability listing at SecurityFocus.com
• Center for Internet Security
• SANS Top 20
• NIST Publications
• Network security library
• Windows EventLog-to-Syslog Daemons
• Incident Response CD for Unix/Linux/Windows