Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack.
Remote Desktop can be secured using SSL/TLS in Windows Vista, Windows 7,...
The Shared Firewall Service offers a common set of rules and profiles to provide basic firewall coverage for user networks, including workstations and printers. The rules, maintained by the Information Security Office (ISO), allow access typically needed for client systems using the network for academic and administrative purposes. Most outbound communication to the campus and the larger internet is allowed, with exception of blocking threats such as malware downloads and known phishing sites. Inbound network connections are restricted to scans from ISO managed...
This checklist was developed by IST system administrators to provide guidance for securing databases storing sensitive or protected data. Implementing these security controls will help to prevent data loss, leakage, or unauthorized access to your databases.
Physical Database Server Security The physical machine hosting a database is housed in a secured, locked and monitored environment to prevent unauthorized entry, access or theft. Application and web servers are not hosted on the same machine as the database server...
SQL injection is one of the most common web attack mechanisms utilized by attackers to steal sensitive data from organizations. While SQL Injection can affect any data-driven application that uses a SQL database, it is most often used to attack web sites.
SQL Injection is a code injection technique that hackers can use to insert malicious SQL statements into input fields for execution by the underlying SQL database. This technique is made possible because of improper coding of vulnerable web applications.
The Center for Internet Security (CIS) is a community of organizations and individuals seeking actionable security resources. As a member of this community, the UC Berkeley campus has access to Consensus Security Configuration Benchmarks, Scoring Tools, Consensus Security Metric definitions, and discussion forums where we can collaborate on security best practices.
Using CIS Tools and Resources for System Hardening
To get started using tools and resources from CIS, follow these steps...
Why is Java such a high-security risk for the campus?
Since late 2011, a multitude of critical vulnerabilities has been discovered in Oracle's Java platform.
In many cases, running the latest available versions of Java offers no protection for users. To date, at least eight zero-day attacks targeted the Java platform, affecting millions of systems. Most exploits require little or no user interaction. Users' systems are compromised...
Secure Shell, or SSH, is used to create a secure channel between a local and remote computer. While SSH is commonly used for secure terminal access and file transfers, it can also be used to create a secure tunnel between computers for forwarding other network connections that are not normally encrypted. SSH tunnels are also useful for allowing outside access to internal network resources.
To create an SSH tunnel, you need:
Target server offering network services (http, vnc...