Links
Security Organizations
Information Security Status Sites
Security Information Sites
General Information/Overviews
General Information Databases
Security Criteria
Security Incident Response Teams
Information Warfare
- InfoWar.Com, with tons of info plus archives of Happy Hacker, Phrack, and more...
- IWS - The Information Warfare Site
- HOMELAND SECURITY: (U.S.) Department of Homeland Security | White House Homeland Security page (Homeland Security Reorganization Plan) | The ANSER Institute For Homeland Security (Journal of Homeland Security)
- PAPERS: Trojan Dragon: China’s Cyber Threat (Tkacik, 2008) | "Cyber Attacks During the War on Terrorism: A Predictive Analysis" (ISTS, Dartmouth, 2001) | Countering the New Terrorism (Lesser, Hoffman, Arquilla, Ronfeldt, Zanini, & Jenkins, 1999) | In Athena's Camp: Preparing for Conflict in the Information Age (Arquilla & Ronfeldt, ed., 1997; PDF files) | "Cyber-terrorism: The Shape of Future Conflict?" (Rathmell, 1997) | "Cyberwar and Netwar: New Modes, Old Concepts, of Conflict" (Arquilla & Ronfeldt, 1993) | "Information Age Warfare Must Enlist Civilian Partnerships" (Campen, SIGNAL, 1999) | "Information Warfare: A Two-Edged Sword" (RAND Corp., 1995)
- TERROR WATCH: internet haganah (defense) | Homeland Security Policy Institute Group
Some Vendors' Security Bulletins
Security News and Journals
Security newslists/e-periodicals
Privacy
Education and Industry Training/Certification
Cryptography
General Crypto Information
Legal and Policy Information
About Cryptography
Cryptography History
- Cryptography Timeline
- Tom Perera's "Enigma Cipher Machines, Other Cipher Machines, Antique Computers and Calculators" page
- Enigma Java applet: AT&T (U.K.) | Enigma page, with several Java, PalmOS, and BASIC simulators...
- Alan Turing Home Page
- The Enigma Machine (Univ. of Arizona)
- Vignere Cipher
- NSA's National Cryptologic Museum
- Codes and Ciphers in the Second World War
- Java emulators of WW II crypto devices: Purple, Sigaba, Enigma, Russian Espionage Cipher, and a public domain Bombe.
- Rebuilding the WWII codebreaking machine, Colossus
- Bob Lord's Online Crypto Museum
Quantum Cryptography
Poor Cryptography Examples
A Little Crypto Humor
Advanced Encryption Standard (AES) & Rijndael
Miscellaneous Crypto Protocol Links
Product Vendors
Public Key Infrastructure (PKI)
Steganography
Operating System Security
General Information
- Cerberus Information Security Advisories
- CIS Security Benchmarks and Scoring Tools (Windows NT/2000, Solaris, Linux, HP-UX)
- BUGTRAQ Vulnerability Database Statistics | Symantec Internet Security Threat Report
- SecurityFocus.com: Microsoft | Sun | Linux
- The Ideahamster Organization and the Open Source Security Testing Methodology Manual (OSSTMM)
- Open Source Vulnerability Database (OSVDB)
- Trusted Computing Platform Alliance (TCPA)
- Password management: Password Manager | Password Safe v1.7.1 | Password Safe (later versions)
- "The Great Debates: Pass Phrases vs. Passwords" (J. Johansson) [Part 1 | Part 2 | Part 3]
- NIST Security Technical Implementation Guides (STIGs) (covers a host of systems including Cisco, Juniper, OS/390, Tandem, VOIP, Windows, Wireless, Linux)
- NSA Security Configuration Guides (SNAC)
NetWare (Novell)
Unix (including Linux)
General Tools
- Metasploit Project ("point and crack")
- SecurityFocus.com (Unix and Windows) <LI.Hacker (Samarai[sic]) Tools from MPRM Group
- Vulnerability scanners: Nessus Security Scanner | World Wide Digital Security, Inc. SAINT: Security Administrator's Integrated Network Tool (Unix) (or here) | UltraScan & EPDump (NT) | Kane Security Analyst | WebTrends | NGSSoftware Typhon Security Scanner (NT/2000) | Tenable Security NeWT and NeVO
- Open Vulnerability Assessment Language (OVAL): US-CERT and OVAL | Mitre
- Packet sniffers: LBL's tcpdump (Unix) | tcpdump/libpcap | WinDump (tcpdump port for Windows) | Analyzer: a public domain protocol analyzer (from the folks who brought you WinDump!) | WIRESHARK | Ethereal | sniffit | Natas, opensource version of freeware Windows 2000 network sniffer | dsniff FAQ
- System auditing: COPS | SWATCH | Tripwire | Foundstone (formerly NT OBJECTives) auditing tools for NT | Inzider, Fport (Foundstone), and Vision (fport GUI), shows which Windows NT processes are listening to open ports | Startup Cop for all Windows versions; tells what programs run at startup
- Trinux — A Linux Security Toolkit
- Unix tools: A wealth of Unix tools, always changing... | Psionic PortSentry: Port Scan Detection and Active Defense System | Whitehats security tools
- File wipers/shredders: CleanDrive (WhiteCanyon) | Window Washer (Webroot) | BCWipe (Jetico) | Eraser (Sami Tolvanen) | SecureClean (AccessData) | East-Tec Eraser 2000 (East Technologies) | PGP Windows NT/2000/XP
- NSA guidelines to securing...: WinNT | WinXP | Win2000 | Windows Server 2003
- "Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist"
- CERT Security Improvement Modules, with NT-specific practices
- NTBugTraq Home Page including the International Windows NT Fixes Up-to-date Query Engine
- Bill Wall's Windows NT links (includes security)
- NTsecurity.com
- The NT Shop (NTSecurity.Net)
- L0pht Advisories Page
- Microsoft-related security papers -- NT, Internet Explorer, Internet Information Server, MS Proxy Server
- "Microsoft Passport to Trouble"
- MS Security Tools
- Microsoft Personal Security Advisor (MPSA), web-based application to test Windows NT 4.0 Workstation or Windows 2000 Professional systems
- HFNetChk: command-line tool to check the patch status of all the machines in a network
- USSR Labs
- Science Applications International Corporation (SAIC), responsible for the NT 4.0 C2 evaluation
- Computer & Network Security Site
- Known NT Exploits
- Nomad Mobile Research Centre (includes NT Hack FAQ)
- Sysinternals (formerly NTInternals)
- NT Security - Frequently Asked Questions
- Win NT Security
- Windows NT Security FAQ
- WinNuke Testing Ground
- Security White Papers and Web Links for Windows NT
- Winternals Software
- NT and Related Security Holes and Bugs (Rhino9)
- Mnemonix's home page, particularly heavy on Windows NT...
- JSI, Inc. NT resources information... (registry hacks)
- Windows NT (perhaps something for '95) Systems Bug List Page
- "Security Tools for Windows NT" (GCK)
- Stefan Norberg's "Building a Windows NT Host in Practice"
- Trusted Systems' Windows NT Security Guidelines
- "Armoring NT" (Spitzner)
- "Hardening Windows 2000" (Cox)
- "NetBIOS Insecurities"
- "Understanding NetBIOS" (NeonSurge)
- IraqiWorm Analysis (myNetWatchman)
- "Non-Stack Overflows on Windows" (D. Litchfield)
- "System Security Administration for NT" (H. Carvey)
- Geo's Windows NT tips
- "Exploiting design flaws in the Win32 API for privilege escalation. Or... Shatter Attacks - How to break Windows." and "Shatter attacks - more techniques, more detail, more juicy goodness" (C. Paget) | A New Avenue of Attack: Event-driven system vulnerabilities" (S. Xenitellis) | March 1997 article in Microsoft Systems Journal (M. Pietrek)
Other Microsoft Issues....
PalmOS
Firewalls/IDS/Honeypots
Firewalls
Proxy Servers
- Standard-type proxies: Apache proxy server | Microsoft Proxy Server | Netscape Proxy Server | SOCKS ( SOCKS5 white paper (Aventail)) | Squid
- Transparent proxies: Cisco WCCP | Inktomi | NetApp Web Cache | PacketStorm WebSpeed
- Tor: An anonymous Internet communication system Intrusion Detection
- HoneyNet Technical Whitepapers
- SANS Intrusion Detection FAQ
- Robert Graham's NIDS FAQ
- DShield, distributed IDS
- SURF IDS
- IDS EVASION: "IDS Evasion Techniques and Tactics" (K. Timm) | "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" (T. Ptacek & T. Newsham) | "Defeating Sniffers and Intrusion Detection Systems" (Phrack 8.54.10)
- arachNIDS (Advanced Reference Archive of Current Heuristics for Network Intrusion Detection Systems)
- State of the Practice of Intrusion Detection Technologies (CERT Tech. Report)
- "Intrusion Prevention: The Next Step in IT Security" (Hollander)
- "Defending Yourself: The Role of Intrusion Detection Systems" (J. McHugh, A. Christie, & J. Allen, IEEE Software, Sept./Oct., 2000)
- CERIAS IDS Page
- NIST SP 800-31: "Intrusion Detection Systems (IDS)"
- SecurityFocus.com IDS tools (host, network, evasion)
- Snort (Martin Roesch); also here) | WINSNORT.com | Shadow (Navy Surface Warfare Center) | BlackICE™ PC Protection (Network ICE/ISS) | ZoneAlarm | Specter
Honeypots
Virtual Private Networks (VPN)/Tunneling
General Information
Secure Shell (SSH)
IP Security Protocol (IPsec)
Web-related Security
Web Browsers/Protocols
Secure Web Services
Content Control
IIS
Java/JavaScript/ActiveX
Other Web Programming
Hacked Web Site Mirrors
Hacker/Cracker Sites & Tools
Hacker/Cracker General Sites...
Commentary on Back Orifice/BO2k and other tools...
About Hackers...
SATAN
Windows-based tools
- WildPackets (formerly AGNetTools) EtherPeek plus iNetTools (DNS Lookup, Finger, Name Lookup, Name Scan, Ping, Ping Scan, Port Scan, Service Scan, Throughput, Trace Route and Whois)
- J. River Network Toolbox (ping, traceroute, IP address and port scanner, finger, whois, and more)
- eEye Digital Security's nmapNT
- cotse.com's winetd, an NT port of inetd, including tcpwrappers, honeypot modules, and more
- Foundstone's tools, including SuperScan port scanner, DDoS ping, and UDP flood
- NetBIOS tools
- Sysinternals Miscellaneous Tools
- NetScan Tools Pro, includes a wealth of tools all in one place
- GFI LANguard Network Security Scanner (N.S.S.), "allows you to scan, detect, assess and remediate any security vulnerabilities on your network"
Network-based tools
Other Security Topics
Viruses/Worms
E-mail/Spamming
Passwords
Denial-of-service
Code Red Worm....
Personalities in Security
Ethics
E-government/E-voting
Voice Over IP (VOIP)
Locks and lockpicking
Health Insurance Portability and Accountability Act (HIPAA)
Security Policies
- IT Baseline Security Manual (English translation of manual from the German Federal Office for Information Security) — excellent resource, very large files
- Commonly Accepted Security Practices and Recommendations
- The Standard of Good Practice
- U.S. Federal Best Security Practices (BSPs) (CIO Council)
- DISA Information Assurance Support Environment (IASE) Policy & Guidance page
- Computer Security Administration guidelines
- RFC 2196 (Site Security Handbook) and RFC 2504 (User Security Handbook)
- Australia Defence Signals Directorate
- British Standards Institute (BS7799) [Articles by B. Mukund: Explanation of the standard | Implementation | Certification] | ISO 17779 Central | ISO 17799 Community Portal
- CERT/CC: Security Improvement Modules | OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)
- Software Engineering Institute, Carnegie-Mellon Univ.
- Murdoch Univ.
- NIST's Special Publication: Internet Security Policy: A Technical Guide
- Common Criteria Project: International Common Criteria Page | NIST's Common Criteria for IT Security Evaluation (CC) Page | National Computer Security Center (NCSC) page | DoD CC policies, tutorials, FAQ
- SANS: Draft policies | S.C.O.R.E. (Security Consensus Operational Readiness Evaluation)
- U.S. Dept. of Energy
- "How to Develop a Network Security Policy" (Sun Microsystems)
- Columbia University Information Security Policy Statement
- WEDI — Workshop for Electronic Data Interchange
- The IT Security Cookbook, S. Boran (original)
- Information Security Policies Made Easy: A Comprehensive Set of Information Security Policies, V7, C.C. Wood
- PentaSafe's VigilEnt Security Manager
- IT Baseline Protection Manual, Federal Republic of Germany's Bundesamt für Sicherheit in der Informationstechnik (English)
- Business Continuity Reference Library (ITAudit)
Wireless Security
- General Sites: Wireless Research (U. of Maryland) | The Unofficial 802.11 Security Web Page (includes 802.11, EAP, GPRS/3G, 802.1X, VPN, and RADIUS information) | Wi-Fi Planet
- wi2600.org
- Warchalking | The Wireless Node Database Project
- Cigital Labs: ARP Poison paper | Wireless security | Wireless FAQ
- Wi-Fi Alliance | Wi-Fi Security
- WI-FI PROTECTED ACCESS (WPA): WECA Paper | Wi-Fi Alliance | NIST
- IEEE 802.11 WIRED EQUIVALENT PRIVACY (WEP): "FBI Teaches Lesson In How To Break Into Wi-Fi Networks" (Info. World, 4/7/2005) | UC Berkeley WEP flaws FAQ ( IEEE 802.11 response) | "Intercepting Mobile Communications: The Insecurity of 802.11" (Borisov et al.) | "Using the Fluhrer, Mantin, and Shamir Attack to Break WEP" | "Weaknesses in the Key Scheduling Algorithm of RC4" (Fluhrer et al.) | "Unsafe at any Key Size: An Analysis of the WEP Encapsulation" (J.Walker) | Configuring Wired Equivalent Privacy (Cisco) | "Penetration Testing on 802.11b Networks" (B. Huey)
- WAR DRIVING: High gain "Pringles" antenna (Arwain.net) | "Antenna on the Cheap (er, Chip)" (R. Flickenger) | Perl script by P. Shipley | Scripts by F.L. Roque | Alan Clegg's 802.11 Mapping Project
- SOFTWARE: NetStumbler | AirSnort (Home Page | SourceForge site) | Black Alchemy's Fake AP | WEPCrack | Airopeek | Kismet wireless packet sniffer
- WAP WTLS security problems
- BLUETOOTH: Bluetooth specification | Bluetooth primer | Bluetooth security issues | More Bluetooth security
- WIRELESS HOT SPOT DETECTORS: Digital Hotspotter (Canary Wireless) | WiFiSeeker (Chrysalis Development) | Wi-FiHotSpotList.com | JiWire
- "A Hacker Games the Hotel" (Infrared hacking in hotels, from WIRED)
- See also More on wireless technology...
Biometrics
|