System, Network, & Application Security

Tips for securing systems, networks, and applications.

SSH Key Management

A SSH key with a passphrase provides additional security and can act as an additional authentication factor. Adding a passphrase to your SSH keys is recommended to comply with the Remote Access Services Requirement of the Minimum Security Standard for Networked Devices (MSSND)

Securing Remote Desktop (RDP) for System Administrators

How secure is Windows Remote Desktop?

Remote Desktop sessions operate over an encrypted channel, preventing anyone from viewing your session by listening on the network. However, there is a vulnerability in the method used to encrypt sessions in earlier versions of RDP. This vulnerability can allow unauthorized access to your session using a man-in-the-middle attack

How to Protect Against SQL Injection Attacks

What is SQL Injection?

SQL injection is one of the most common web attack mechanisms utilized by attackers to steal sensitive data from organizations.  While SQL Injection can affect any data-driven application that uses a SQL database, it is most often used to attack web sites.

SQL Injection is a code injection technique that hackers can use to insert malicious SQL statements into input fields for execution by the underlying SQL database.  This technique is made possible because of improper coding of vulnerable web applications. 

Center for Internet Security

About The Center for Internet Security

The Center for Internet Security (CIS) is a community of organizations and individuals seeking actionable security resources. As a member of this community, the UC Berkeley campus has access to Consensus Security Configuration Benchmarks, Scoring Tools, Consensus Security Metric definitions, and discussion forums where we can collaborate on security best practices.

Database Hardening Best Practices

This checklist was developed by IST system administrators to provide guidance for securing databases storing sensitive or protected data. Implementing these security controls will help to prevent data loss, leakage, or unauthorized access to your databases.

Java Security Best Practices

Why is Java such a high-security risk for the campus?

Since late 2011, a multitude of critical vulnerabilities has been discovered in Oracle's Java platform. 

Securing Network Traffic With SSH Tunnels

Introduction to SSH Tunnels

Secure Shell, or SSH, is used to create a secure channel between a local and remote computer. While SSH is commonly used for secure terminal access and file transfers, it can also be used to create a secure tunnel between computers for forwarding other network connections that are not normally encrypted. SSH tunnels are also useful for allowing outside access to internal network resources.

To create an SSH tunnel, you need: