Hex dump of Gibe-F worm.

Computer System and Network Security


We will bankrupt ourselves in the vain search for absolute security.
— Dwight D. Eisenhower

If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking... is freedom.
— Dwight D. Eisenhower

The world is never going to be perfect, either on- or offline; so let's not set impossibly high standards for online.
— Esther Dyson

He that breaks a thing to find out what it is has left the path of wisdom.
— Gandalf in The Fellowship of the Ring

Few persons can be made to believe that it is not quite an easy thing to invent a method of secret writing which shall baffle investigation. Yet it may be roundly asserted that human ingenuity cannot concoct a cipher which human ingenuity cannot resolve.
— Edgar Allan Poe, in "A Few Words On Secret Writing", Graham's Magazine, July 1841

From a practical standpoint the security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of a computer system security, proper security will not be a reality.
— Roger Schell in the USAF report Preliminary Notes on the Design of Secure Military Computer Systems, written in 1973

He who fights monsters should see to it that he himself does not become a monster. And if you gaze for long into an abyss, the abyss gazes also into you.
— Friedrich Nietzsche in Beyond Good and Evil

These pages are always being updated!

This page remains under construction, just as your information security policy should.

These pages are intended to provide some background for the courses I teach, listing the references and URLs for various tools, studies, and other issues that come up in courses. Plus, of course, once I have these pages I no longer have to try to remember specific reference details!

Also check out Purdue's CERIAS information assurance research and development group and their resources at cerias.purdue.edu.

Remember that installing some tools, and even taking security quite seriously on an on-going basis, does not make you secure! There is no such thing as a completely secure system. Hence some lawyer repellent, er, I mean, disclaimer:

The following are no more than suggestions. There is no guarantee that they will make your system secure. Mention here of a commercial product is by no means an endorsement — I'm just trying to direct you to several available tools, and I may have only one such example handy right now.

Use this information as a tool, in addition to what you have already learned.

Internet threat warnings

I find these to be helpful sources of information on current events and trends:

Flashpoint Intelligence Corner Krebs On Security US-CERT Current Activity

Internet security "global dashboards"

DShield live banner.

Some of these are useful, some have a relatively high level of hype, but you might find some of these useful:

The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.

DShield Internet Traffic Report SANS Internet Storm Center Norse IPViking Live Attack Map Live Digital Attack Map Arbor Networks ATLAS Dashboard Internet Security Dashboard Security Wizardry Computer Network
Defence Situational Awareness

Where to go from here

Make sure you understand your systems well, and set them up properly! As Hippocrates said, "Primum non nocere", or "First, do no harm."

Be aware that your browser always gives away some information about you, unless you are using Tor and using it very carefully. Your browser just provided this information:

REMOTE_ADDR54.157.200.1 (your IP address)
REMOTE_PORT42828 (your TCP port number)
HTTP_ACCEPT_ENCODINGx-gzip, gzip, deflate
HTTP_USER_AGENTCCBot/2.0 (http://commoncrawl.org/faq/)