Computer System and Network Security
Distrust and caution are the parents of
security.
|
— Benjamin Franklin
|
We will bankrupt ourselves in the vain search
for absolute security.
|
— Dwight D. Eisenhower
|
This page remains under construction,
just as your information security policy should.
This material is an addition to any reference
material provided elsewhere.
This forum provides additional information,
and lists references and URL's that come up during some courses I teach.
Also check out
Purdue's CERIAS project and its hotlist:
http://www.cerias.purdue.edu/coast/hotlist/
Remember that installing some tools, and even taking security quite
seriously on an on-going basis, does not make you secure!
Maybe a little more secure
(or, for the pessimists in the crowd, a little less at risk),
but there is no such thing as a completely safe system.
Hence some lawyer repellent, er, I mean, disclaimer:
The following are no more than suggestions.
There is no guarantee that they will make your system secure.
Mention here of a commercial product is by no means an endorsement — I'm just
trying to direct you to several available tools, and I may have only one
such example handy right now.
Use this information as a tool, in addition to what you have already learned.
Fundamentals
Information Security
|
Privacy and Data Integrity Tools |
PGP & Gnu Privacy Guard,
Key Recovery,
RADIUS,
Risks of Google,
Sanitizing Media,
Secure Online Data Storage,
Information Leakage,
Commercial Cryptography,
SSH,
Secure FTP,
Hardware Encryption,
Voice Scramblers,
Cryptography and International Law,
X Privacy and xspy,
IPSec,
VPN's,
Spyware |
|
Government and Industry Regulations |
HIPAA, Sarbanes-Oxley (Sarbox/SOX),
PCI (Payment Card Industry) |
|
Availability Tools |
Real costs of data loss,
Remote and local archiving,
Disk longevity and failure rates,
Laptop theft prevention,
Fighting spam,
WAN availability |
|
Computer Forensics |
|
Public Key Infrastructure (PKI) Providers |
User Authentication
System Security (operating system auditing and hardening)
|
System Security Auditing and Monitoring Tools |
TARA, COPS, Titan, Bastille,
ISS tools,
Password Testing and Cracking |
|
OS-Specific Security Issues |
Cisco IOS, Linux, Solaris, Tru64 (ULTRIX, OSF/1),
IRIX, AIX, DOS, Macintosh, Novell, AS/400, VMS,
Windows |
|
Intrusion Detection Tools |
Tripwire, AIDE,
Snort, RazorBack, ACID-XML, SNARE, BackLog,
NetRanger, NetStalker, GrIDS |
|
Analyzing multiple intrusions into a poorly configured Linux system |
|
Hardware Exploits |
Network Security
|
Network Security Auditing Tools |
Top 100 Network Security Tools,
Lists of TCP ports used by attacks,
Port scanners,
Network vulnerability testing,
DNS security,
Automatic Teller Machine (ATM) security |
|
Network Monitoring / Sniffing Tools |
Unix-based, DOS/Windows-based, switch spoofing,
Wireless LAN/WAN security,
WLAN antenna construction,
attack detection |
|
Firewall Tools |
Unix/Linux-based, Windows based, Home / Small-Office
Firewall, Commercial vendors |
|
How to set up and use SSH |
|
Web Security |
|
TCP/IP Stack hardening |
|
SSH Attacks Observed on the Internet |
Malware, Social Engineering, and Software Security
|
Why HTML E-mail is Dangerous |
|
Analyzing a "Phishing" Scam Attempt |
|
SonicWALL's great "Phishing" Analysis Quiz |
|
Analyzing Hostile Data |
An overview of viruses, worms, trojans, downloaders and
other malware, plus analysis of:
Bagel, Mytob, Mydoom, The Russian M.O.B.,
and more
|
|
Fighting Internet Hoaxes |
|
Software Security Tools |
Buffer Overflows,
Writing Safe Code,
C/C++ Security,
Python Security,
Java Security,
ActiveX Attacks,
Writing Exploit Code |
Reference Material
Security-Related RFCs (Valuable Documents!)
and Mitre nomenclature projects
|
|
Reference Books, Journals |
|
Infosec Bulletins |
|
General Information |
Big-Money Losses, Military "Net-Centric Warfare",
Incidents and Anecdotes, Government Warnings and
Reactions, Interent Banking, COMSEC and GSM/mobile hacking,
Offensive Information Warfare /
Information Operations |
|
Other Organizations' Policies |
|
Infosec Response Teams |
Incident Response Teams, Assistance and Guidance,
Research and Development, Vendors,
Risk Management and Insurance Coverage |
|
The Government Surveillance Agencies |
CESID, CIA, CSE, CSIS, DIA, DSD, FBI, FSB,
GCHQ, IKSI, NIMA, NSA, NRO, EIEIO... |
|
Keeping Track of the Bad Guys |
Classic Hackers, Hacker Technology |
|
Downright Scary Threats |
Separatists, para-military, military,
and intelligence organizations |
|
Cryptographic History |
WWII German Enigma system and its weaknesses,
WWII and Cold War tourism
|
|
The Gallery of Crash Dump Screens |
Where to go from here
Make sure you understand your systems well, and set them
up properly!
As Hippocrates said, "Primum non nocere", or
"First, do no harm."
