We will bankrupt ourselves in the vain search
for absolute security.
— Dwight D. Eisenhower
If you want total security, go to prison.
There you're fed, clothed, given medical
care and so on.
The only thing lacking... is freedom.
— Dwight D. Eisenhower
The world is never going to be perfect, either on-
or offline; so let's not set impossibly
high standards for online.
— Esther Dyson
He that breaks a thing to find out what it is has left the path of wisdom.
— Gandalf in The Fellowship of the Ring
Few persons can be made to believe that
it is not quite an easy thing to invent a
method of secret writing which shall baffle
Yet it may be roundly asserted that human
ingenuity cannot concoct a cipher which
human ingenuity cannot resolve.
— Edgar Allan Poe, in "A Few Words On Secret Writing", Graham's Magazine, July 1841
From a practical standpoint the security problem will
remain as long as manufacturers remain
committed to current system architectures,
produced without a firm requirement for
As long as there is support for ad hoc fixes
and security packages for these inadequate
designs and as long as the illusory results
of penetration teams are accepted as
demonstrations of a computer system security,
proper security will not be a reality.
— Roger Schell in the USAF report Preliminary Notes on the Design of Secure Military Computer Systems, written in 1973
He who fights monsters should see to it that
he himself does not become a monster.
And if you gaze for long into an abyss, the
abyss gazes also into you.
— Friedrich Nietzsche in Beyond Good and Evil
This page remains under construction, just as your information security policy should.
These pages are intended to provide some background for the courses I teach, listing the references and URLs for various tools, studies, and other issues that come up in courses. Plus, of course, once I have these pages I no longer have to try to remember specific reference details! I'm not trying to review specific commercial security systems as that is done elsewhere (and would be hard to maintain).
Also check out Purdue's CERIAS information assurance research and development group and their resources at cerias.purdue.edu.
Remember that installing some tools, and even taking security quite seriously on an on-going basis, does not make you secure! There is no such thing as a completely secure system. Hence some lawyer repellent, er, I mean, disclaimer:
The following are no more than suggestions. There is no guarantee that they will make your system secure. Mention here of a commercial product is by no means an endorsement — I'm just trying to direct you to several available tools, and I may have only one such example handy right now.
Use this information as a tool, in addition to what you have already learned.
Internet threat warnings
I find these to be helpful sources of information on current events and trends:
Flashpoint Intelligence Corner Krebs On Security US-CERT Current Activity
Internet security "global dashboards"
Some of these are useful, some have a relatively high level of hype, but you might find some of these useful:
Internet Traffic Report
SANS Internet Storm Center
Norse IPViking Live Attack Map
Live Digital Attack Map
Arbor Networks ATLAS Dashboard
Internet Security Dashboard
Security Wizardry Computer Network
Defence Situational Awareness
Where to go from here
Make sure you understand your systems well, and set them up properly! As Hippocrates said, "Primum non nocere", or "First, do no harm."
Be aware that your browser always gives away some information about you, unless you are using Tor and using it very carefully. Your browser just provided this information:
|REMOTE_ADDR||188.8.131.52 (your IP address)|
|REMOTE_PORT||42675 (your TCP port number)|
|HTTP_ACCEPT_ENCODING||x-gzip, gzip, deflate|