Hex dump of Gibe-F worm.

Computer System and Network Security

Cybersecurity

We will bankrupt ourselves in the vain search for absolute security.
— Dwight D. Eisenhower

If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking... is freedom.
— Dwight D. Eisenhower

The world is never going to be perfect, either on- or offline; so let's not set impossibly high standards for online.
— Esther Dyson

He that breaks a thing to find out what it is has left the path of wisdom.
— Gandalf in The Fellowship of the Ring

Few persons can be made to believe that it is not quite an easy thing to invent a method of secret writing which shall baffle investigation. Yet it may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve.
— Edgar Allan Poe, in "A Few Words On Secret Writing", Graham's Magazine, July 1841

From a practical standpoint the security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of a computer system security, proper security will not be a reality.
— Roger Schell in the USAF report Preliminary Notes on the Design of Secure Military Computer Systems, written in 1973.

These pages are always being updated!

This page remains under construction, just as your information security policy should.

These pages are intended to provide some background for the courses I teach, listing the references and URLs for various tools, studies, and other issues that come up in courses, which saves time spent on conference call services with students. Plus, of course, once I have these pages I no longer have to try to remember specific reference details! I'm not trying to review specific commercial security systems as that is done elsewhere (and would be hard to maintain).

Also check out Purdue's CERIAS information assurance research and development group and their resources at cerias.purdue.edu. You might also investigate a Computer Information Systems (CIS) Degree from Boston University.

Remember that installing some tools, and even taking security quite seriously on an on-going basis, does not make you secure! There is no such thing as a completely secure system. Hence some lawyer repellent, er, I mean, disclaimer:

The following are no more than suggestions. There is no guarantee that they will make your system secure. Mention here of a commercial product is by no means an endorsement — I'm just trying to direct you to several available tools, and I may have only one such example handy right now.

Use this information as a tool, in addition to what you have already learned.

Internet security "global dashboards"

DShield live banner.

Some of these are useful, some have a relatively high level of hype, but you might find some of these useful:

The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

DShield Internet Traffic Report SANS Internet Storm Center Norse IPViking Live Attack Map Live Digital Attack Map Arbor Networks ATLAS Dashboard Internet Security Dashboard Security Wizardry Computer Network
Defence Situational Awareness

Where to go from here

Make sure you understand your systems well, and set them up properly! As Hippocrates said, "Primum non nocere", or "First, do no harm."

Be aware that your browser always gives away some information about you, unless you are using Tor and using it very carefully. Your browser just provided this information:

REMOTE_ADDR54.227.9.98 (your IP address)
REMOTE_PORT36034 (your TCP port number)
REQUEST_TIME1427489536
HTTP_ACCEPTtext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_ENCODINGx-gzip, gzip, deflate
HTTP_ACCEPT_LANGUAGEen-us,en-gb,en;q=0.7,*;q=0.3
HTTP_HOSTcromwell-intl.com
HTTP_USER_AGENTCCBot/2.0 (http://commoncrawl.org/faq/)