ISXUbuntu/Documentation

From Wiki
Revision as of 13:06, 27 August 2008 by Jks (Talk | contribs) (ISXUbuntu Developers page)

Jump to: navigation, search

ISXUbuntu Documentation

Right now the documentation is just a bare outline that needs to be filled in. This wiki should serve as a place to gather all the information into one place. We will worry about making it presentable to end users later.

Developer Documentation

  • How to use Cloudsmith
    • Requires java
  • How to build an iso
  • How to run and test
    • Using xen
    • chroot
  • How to create a package file
    • How to create a package file for mozilla plugins

End user documentation

What ISXUbuntu is, and how to use it

  • What Linux/Ubuntu is
    • Why it is secure
  • How ISXUbuntu differs
    • List changes we made, and why we did them
  • How to harden a standard Ubuntu distribution to be like ISXUbuntu
  • Additional security measures we didn't include in ISXUbuntu

How the internet works and why you should care

  • IP
    • What IP is
      • Brief History
      • TCP, UDP
    • IP security issues
      • Snooping on ethernet
      • ethernet arp spoofing
      • man in the middle attacks, ethernet arp spoofing
      • ip routes can be hijacked (like what happened to youtube)
      • tcp sequence guessing (Is this a big deal? I'm not sure)
  • DNS
    • What dns is
      • Brief history
    • DNS security issues
      • your local dns could be hijacked to point you to fake sites
      • some viruses install entries in the windows hosts file
      • your local dns could be cache poisoned
  • Domains
    • can be fake
    • or typo domains
    • or have been taken over when lapsed
    • or simply stolen (like what happened to comcast)
    • Malware can be added to an otherwise trusted site. For example http://citibank.com/vx123.exe should not be trusted, even if it comes from the Citibank web site
  • Using a browser smartly
    • how to tell if you are using an encrypted session (some people believe lock icons on the page itself even if the browser is showing an unlocked lock).
    • What browser warning certificate warning messages mean
    • Cross site scripting (how do browser users defend against this?)
    • How cookies allow sites like doubleclick to track you from site to site
    • Privacy Policies: They can say that a company will sell your information to whoever will pay for it (examples?)
    • Smart shopping: Using paypal, secure code, temporary credit card numbers
    • Information to protect: Don't give out your social security number online! (what else?)

How your computer works, and why you should care

  • What a program is
  • The viruses of the DOS era
  • Word macro viruses
  • Modern malware
  • How the linux file permission module protects you
    • Will prevent system wide programs from being overwritten by users and the programs they run
    • Will not protect your home directory
  • How phishers get people to run malware programs