Difference between revisions of "ISXUbuntu/Documentation"

From Wiki
Jump to: navigation, search
(Developer Documentation)
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
= ISXUbuntu Developers page =
+
= ISXUbuntu Documentation =
  
== Documentation ==
+
Right now the documentation is just a bare outline that needs to be filled in. This wiki should serve as a place to gather all the information into one place.  We will worry about making it presentable to end users later.
  
Right now the documentation is just a bare outline that needs to be filled in.
+
== Developer Documentation ==
  
=== Developer Documentation ===
+
This is information useful to developers, whether we use it in ISXUbuntu or not
  
*How to build an iso
+
*How to use [http://www.cloudsmith.com/ Cloudsmith] (for side projects)
 +
** Requires java
 +
*How to use [http://www.gentoo.org/proj/en/releng/catalyst/index.xml Catalyst]
 +
*How to take apart and rebuild an iso
 
*How to run and test
 
*How to run and test
 
**Using xen
 
**Using xen
 
**chroot
 
**chroot
 
*How to create a package file
 
*How to create a package file
 +
** [http://www.debian.org/doc/manuals/maint-guide/index.en.html Debian Maintainers Guide] has documentation
 +
** Using [http://en.wikipedia.org/wiki/Alien_(computing) Alien] to convert between package types
 
** How to create a package file for mozilla plugins
 
** How to create a package file for mozilla plugins
  
 +
== End user documentation ==
  
=== End user documentation ===
+
=== What ISXUbuntu is, and how to use it ===
 
+
* What Linux/Ubuntu is
==== What ISXUbuntu is, and how to use it ====
+
**Why it is secure
* What Ubuntu is, and how ISXUbuntu differs
+
*How ISXUbuntu differs
 +
**List changes we made, and why we did them
 
* How to harden a standard Ubuntu distribution to be like ISXUbuntu
 
* How to harden a standard Ubuntu distribution to be like ISXUbuntu
 
* Additional security measures we didn't include in ISXUbuntu
 
* Additional security measures we didn't include in ISXUbuntu
  
==== How the internet works and why you should care ====
+
=== How the internet works and why you should care ===
; What ip is :
+
* IP
;  :Cover these issues<nowiki>:</nowiki>
+
** What IP is
;* :Snooping on ethernet
+
*** Brief History
;* man in the middle attacks, ethernet arp spoofing
+
*** TCP, UDP
;* ip routes could be hijacked (like what happened to youtube)
+
** IP security issues
;* tcp sequence guessing (Is this a big deal? I'm not sure)
+
*** Snooping on ethernet
;What dns is :
+
*** ethernet arp spoofing
;  It matters because<nowiki>:</nowiki> your local dns could be hijacked to point you to fake sites
+
*** man in the middle attacks, ethernet arp spoofing
;                  : (some viruses install entries in the windows hosts file)
+
*** ip routes can be hijacked (like what happened to youtube)
;                  : your local dns could be cache poisoned
+
*** tcp sequence guessing (Is this a big deal? I'm not sure)
 +
 
 +
* DNS
 +
** What dns is
 +
*** Brief history
 +
** DNS security issues
 +
***your local dns could be hijacked to point you to fake sites
 +
***some viruses install entries in the windows hosts file
 +
***your local dns could be cache poisoned
 +
 
 +
* Domains
 +
** can be fake
 +
** or typo domains
 +
** or have been taken over when lapsed
 +
** or simply stolen (like what happened to [http://it.slashdot.org/article.pl?sid=08/05/30/1233236 comcast])
 +
** Malware can be added to an otherwise trusted site. For example <nowiki>http://citibank.com/vx123.exe</nowiki> should not be trusted, even if it comes from the Citibank web site
  
;domains :
+
* Using a browser smartly
;              can be fake, or typo domains, or have been taken over when lapsed, or simply stolen (like what happened to comcast)
+
** how to tell if you are using an encrypted session (some people believe lock icons ''on the page itself'' even if the browser is showing an unlocked lock).
 +
** What browser warning certificate warning messages mean
 +
** Cross site scripting (how do browser users defend against this?)
 +
** How cookies allow sites like doubleclick to track you from site to site
 +
** Privacy Policies: They can say that a company will sell your information to whoever will pay for it (examples?)
 +
** Smart shopping: Using paypal, secure code, temporary credit card numbers
 +
** Information to protect: Don't give out your social security number online! (what else?)
  
; using a browser smartly :
+
=== How your computer works, and why you should care ===
;: how to tell if you are using an encrytped session (some people believe lock icons 'on the page itself' even if the browser is showing an unlocked lock).
+
* What a program is
;: What browser warning certificate warning messages mean
+
* The viruses of the DOS era
;: Cross site scripting (how do browser users defend against this?)
+
* Word macro viruses
;: How cookies allow sites like doubleclick to track you from site to site
+
* Modern malware
;: Privacy Policies: They can say that a company will sell your information to whoever will pay for it (examples?)
+
* How the linux file permission module protects you
;: Smart shopping: Using paypal, secure code, temporary credit card numbers
+
** Will prevent system wide programs from being overwritten by users and the programs they run
;: Information to protect: Don't give out your social security number online! (what else?)
+
** Will not protect your home directory
 +
* How phishers get people to run malware programs

Latest revision as of 17:31, 27 August 2008

ISXUbuntu Documentation

Right now the documentation is just a bare outline that needs to be filled in. This wiki should serve as a place to gather all the information into one place. We will worry about making it presentable to end users later.

Developer Documentation

This is information useful to developers, whether we use it in ISXUbuntu or not

  • How to use Cloudsmith (for side projects)
    • Requires java
  • How to use Catalyst
  • How to take apart and rebuild an iso
  • How to run and test
    • Using xen
    • chroot
  • How to create a package file

End user documentation

What ISXUbuntu is, and how to use it

  • What Linux/Ubuntu is
    • Why it is secure
  • How ISXUbuntu differs
    • List changes we made, and why we did them
  • How to harden a standard Ubuntu distribution to be like ISXUbuntu
  • Additional security measures we didn't include in ISXUbuntu

How the internet works and why you should care

  • IP
    • What IP is
      • Brief History
      • TCP, UDP
    • IP security issues
      • Snooping on ethernet
      • ethernet arp spoofing
      • man in the middle attacks, ethernet arp spoofing
      • ip routes can be hijacked (like what happened to youtube)
      • tcp sequence guessing (Is this a big deal? I'm not sure)
  • DNS
    • What dns is
      • Brief history
    • DNS security issues
      • your local dns could be hijacked to point you to fake sites
      • some viruses install entries in the windows hosts file
      • your local dns could be cache poisoned
  • Domains
    • can be fake
    • or typo domains
    • or have been taken over when lapsed
    • or simply stolen (like what happened to comcast)
    • Malware can be added to an otherwise trusted site. For example http://citibank.com/vx123.exe should not be trusted, even if it comes from the Citibank web site
  • Using a browser smartly
    • how to tell if you are using an encrypted session (some people believe lock icons on the page itself even if the browser is showing an unlocked lock).
    • What browser warning certificate warning messages mean
    • Cross site scripting (how do browser users defend against this?)
    • How cookies allow sites like doubleclick to track you from site to site
    • Privacy Policies: They can say that a company will sell your information to whoever will pay for it (examples?)
    • Smart shopping: Using paypal, secure code, temporary credit card numbers
    • Information to protect: Don't give out your social security number online! (what else?)

How your computer works, and why you should care

  • What a program is
  • The viruses of the DOS era
  • Word macro viruses
  • Modern malware
  • How the linux file permission module protects you
    • Will prevent system wide programs from being overwritten by users and the programs they run
    • Will not protect your home directory
  • How phishers get people to run malware programs