This is repository of tips and "best practices" covering a variety of information security-related technology topics. The content has been written primarily for individuals who develop, implement or maintain the technologies that we use or are considering for our campus. Thus, it assumes that the reader has a technology background, unlike the "Information Security Basics" section of the web site that has been developed for general audiences. Nonetheless, individuals who are curious about how security technology works or who want a deeper, more technical understanding of the various technologies and how they are best protected may find the content useful.
For each topic, we provide background information regarding how security technologies work, the benefits that each of these technologies provide, and how that can be implemented in a secure manner.
Links to "best practices" have been defined by a variety of government standards agencies, private security organizations, and software and hardware vendors.
- Anti-virus/anti-malware technology
- Building "attack-resistant" application software
- Authentication, single sign-on and federation
- Database security
- Directory systems and identity management
- Encryption and Digital Signatures
- Firewalls, intrusion prevention and VPN
- Computer forensics
- Network fundamentals - Internet protocol and IP addressing
- Best practices from standards organizations and vendors
- Data obfuscation or "masking"
- IP ports and protocols
- Password attacks and countermeasures
- Network fundamentals - Switches, LANs, routers and other networking devices
- Vulnerability scanners
- Security Information and Event Monitoring (SIEM)
If you have any questions or need additional information, please contact the Information Security Office through the UCT Support Center at extension 2828 or firstname.lastname@example.org.