Computer System and Network Security

World War Two cryptographic hardware Left: German Enigma encryption machine Right: U.S. SIGABA encryption machine National Museum of the U.S. Air Force, WPAFB

We will bankrupt ourselves in the vain search for absolute security.
— Dwight D. Eisenhower

The world is never going to be perfect, either on- or offline; so let's not set impossibly high standards for online.
— Esther Dyson

This page remains under construction, just as your information security policy should. After all, you never know when someone may have developed a new technique to try to steal the information moving across your network or attempting to find people that they shouldn't.

These pages are intended to provide some background for the courses I teach, listing the references and URLs for various tools, studies, and other issues that come up in courses. Plus, of course, once I have these pages I no longer have to try to remember specific reference details! I'm not trying to review specific commercial security systems as that is done elsewhere (and would be hard to maintain).

Also check out Purdue's CERIAS information assurance research and development group and their resources: http://www.cerias.purdue.edu/

Remember that installing some tools, and even taking security quite seriously on an on-going basis, does not make you secure! Identity theft concerns are increasing, but so are strong fraud protection services and information. Information security must be a matter of risk management, since complete risk avoidance is impossible. There is no such thing as a completely secure system. The precise set of threats and the potential costs of breaches will depend on whether your organization is military, government, commercial, academic, or whatver. Hence some lawyer repellent, er, I mean, disclaimer:

The following are no more than suggestions. There is no guarantee that they will make your system secure. Mention here of a commercial product is by no means an endorsement — I'm just trying to direct you to several available tools, and I may have only one such example handy right now.

Use this information as a tool, in addition to what you have already learned.

Fundamentals

• Just Enough Cryptography
  • Cryptographic algorithms, digital signatures, cryptographic hashes, the basics of how they work
• How to Verify Digital Signatures
• TCP/IP — How the networking protocols work
• How Does NAT (Network Address Translation) Work?
• How Does IP Routing Work?
• A simple explanation of IPsec
  • What IPsec is, what network security it provides, how it builds a VPN, how to set it up.

Information Security

• Confidentiality and Data Integrity Tools
  • PGP & Gnu Privacy Guard, Key Recovery, RADIUS, Risks of Google, Sanitizing Media, Secure Online Data Storage, Information Leakage, Commercial Cryptography, SSH, Secure FTP, Hardware Encryption, Voice Scramblers, Cryptography and International Law, X Privacy and xspy, IPSec, VPN's, Key Loggers, Spyware
• Government and Industry Regulations
  • HIPAA, Sarbanes-Oxley (Sarbox/SOX), PCI (Payment Card Industry)
• Availability Tools
  • Real costs of data loss, Remote and local archiving, Disk longevity and failure rates, Laptop theft prevention, Fighting spam
• Computer Forensics
• Public Key Infrastructure (PKI) Providers
• How to set up encrypted storage on Amazon EC2

User Authentication

• Authentication Tools
  • Well-known default passwords, Rainbow Tables, Comparing OS user authentication strength, Kerberos, Password tools, sudo, Tokens, Biometrics
• Passwords — How they work and how to break them
  • How passwords work and how they're stored, salt values, hashes and entropy
  • Forms of attacks, analysis of authentication strength of various operating systems, dictionary attacks, cracking attacks, Rainbow Table attacks, frequent password changes and the illusion of security
• Reverse-Engineering the Hacker —
  • What types of passwords will a typical hacker guess?

System Security (operating system auditing and hardening)

• System Security Auditing and Monitoring Tools
  • TARA, COPS, Titan, Bastille, ISS tools, Password Testing and Cracking
• OS-Specific Security Issues
  • Cisco IOS, Linux, Solaris, Tru64 (ULTRIX, OSF/1), IRIX, AIX, DOS, Macintosh, Novell, AS/400, VMS, Windows
• How to harden a default Linux or BSD installation
• Intrusion Detection Tools
  • Tripwire, AIDE, Snort, RazorBack, ACID-XML, SNARE, BackLog, NetRanger, NetStalker, GrIDS
• Analyzing multiple intrusions into a poorly configured Linux system
• Hardware Exploits
• Physical Security

Network Security

• Network Security Auditing Tools
  • Top 100 Network Security Tools, Lists of TCP ports used by attacks, Port scanners, Network vulnerability testing, DNS security, Automatic Teller Machine (ATM) security
• Network Monitoring / Protocol Analysis / Packet Sniffing Tools
  • Unix-based, Windows-based, switch spoofing, Wireless LAN/WAN security, WLAN antenna construction, packet-sniffing attack detection
• SSL/TLS Security
• 802.11i / WPA2 wireless networking
• QR codes and Near-Field Communication Risks
• Firewall Tools
  • Unix/Linux-based, Windows based, Home / Small-Office Firewall, Commercial vendors
• How to set up and use SSH
• Web Security
• TCP/IP Stack hardening
• Network Attack Analysis: Classifying and Identifying Attack Patterns With Textual Analysis Tools

Cloud Security

• An Overview of Cloud Security
• Security Concerns of Cloud Technology Users: A Survey of Major Cloud Customers
• Thoughts from Time to Time on Cloud Security (Yes, a Blog)
• Secure Distributed Logging: Syslog, TLS, and Amazon EC2 Cloud Servers
• How to set up encrypted storage on Amazon EC2

Malware, Social Engineering, and Software Security

• Social Engineering and Fighting Internet Hoaxes
• Why HTML E-mail is Dangerous
• Analyzing Web Mail Abuse and Spear-Phishing
• Analyzing a Phishing Scam Attempt
• SonicWALL's great Phishing Analysis Quiz
• Attrition.org's list of vendors that have shipped malware with their products.
• Analyzing Hostile Data
  • An overview of viruses, worms, trojans, downloaders and other malware, plus analysis of: Bagel, Mytob, Mydoom, The Russian M.O.B., and more
• Software Security Tools
  • How to develop software that is more secure, The SAFECode Fundamental Practices for Secure Software Development, C/C++ Security, Python Security, Java Security, ActiveX Attacks, Writing Exploit Code

Reference Material

• Recommended Reference Books — How-to guides for best practice, background information, and more
• Security-Related RFCs (Valuable Documents!) and Mitre nomenclature projects
  • Some of these function as dictionaries and explain the terminology. Others provide the formal definitions of networking protocols.
• Infosec Bulletins
• General Information
  • Big-Money Losses, Telecommunication Outages, COMSEC and GSM/mobile hacking, DNS Security Issues, Incidents and Anecdotes, Government Warnings and Reactions
• Cyberwar
  • Military Applications of Network Attack and Defense — "Network-Centric Warfare", International Conflict on the Internet, Military-Industrial Espionage, Viruses and Hacking, Threat Reports and Warnings, Offensive Information Warfare & Information Operations
• Other Organizations' Policies
• Infosec Response Teams
  • Incident Response Teams, Assistance and Guidance, Research and Development, Vendors, Risk Management and Insurance Coverage
• The Government Surveillance Agencies
  • CESID, CIA, CSE, CSIS, DIA, DSD, FBI, FSB, GCHQ, IKSI, NIMA, NSA, NRO, EIEIO...
• Keeping Track of the Bad Guys
  • Classic Hackers, Hacker Technology
• Downright Scary Threats
  • Separatists, para-military, military, and intelligence organizations
• Cryptographic History
  • WWII German Enigma system and its weaknesses, WWII and Cold War tourism
• The Gallery of Crash Dump Screens
• Cryptographic Haiku

Internet security "global dashboards"

Some of these are useful, some have a relatively high level of hype, but you might find some of these useful:

• DShield
• SANS Internet Storm Center
• Arbor Networks ATLAS Dashboard
• Internet Traffic Report
• Talisker Computer Network Defence Operational Picture, also called their "famous Talisker Radar Page".
• Internet Security Dashboard

Where to go from here

Make sure you understand your systems well, and set them up properly! As Hippocrates said, "Primum non nocere", or "First, do no harm."

Home Unix/Linux Networking Cybersecurity Travel Technical Radio Site Map Contact

Tweet