Computer System and Network Security

We will bankrupt ourselves in the vain search for absolute security.
— Dwight D. Eisenhower

The world is never going to be perfect, either on- or offline; so let's not set impossibly high standards for online.
— Esther Dyson

World War Two cryptographic hardware Left: German Enigma encryption machine Right: U.S. SIGABA encryption machine National Museum of the U.S. Air Force, WPAFB

This page remains under construction, just as your information security policy should.

These pages are intended to provide some background for the courses I teach, listing the references and URLs for various tools, studies, and other issues that come up in courses. Plus, of course, once I have these pages I no longer have to try to remember specific reference details! I'm not trying to review specific commercial security systems as that is done elsewhere (and would be hard to maintain).

Also check out Purdue's CERIAS information assurance research and development group and their resources: http://www.cerias.purdue.edu/

Remember that installing some tools, and even taking security quite seriously on an on-going basis, does not make you secure! There is no such thing as a completely secure system. Hence some lawyer repellent, er, I mean, disclaimer:

The following are no more than suggestions. There is no guarantee that they will make your system secure. Mention here of a commercial product is by no means an endorsement — I'm just trying to direct you to several available tools, and I may have only one such example handy right now.

Use this information as a tool, in addition to what you have already learned.

Fundamentals

• Just Enough Cryptography
  • Cryptographic algorithms, digital signatures, cryptographic hashes, the basics of how they work
• How to Verify Digital Signatures
• TCP/IP — How the networking protocols work
• How Does NAT (Network Address Translation) Work?
• How Does IP Routing Work?
• A simple explanation of IPsec
  • What IPsec is, what network security it provides, how it builds a VPN, how to set it up.

Information Security

• Confidentiality and Data Integrity Tools
  • PGP & Gnu Privacy Guard, Key Recovery, RADIUS, Risks of Google, Sanitizing Media, Secure Online Data Storage, Information Leakage, Commercial Cryptography, SSH, Secure FTP, Hardware Encryption, Voice Scramblers, Cryptography and International Law, X Privacy and xspy, IPSec, VPN's, Key Loggers, Spyware
• Government and Industry Regulations
  • HIPAA, Sarbanes-Oxley (Sarbox/SOX), PCI (Payment Card Industry)
• Availability Tools
  • Real costs of data loss, Remote and local archiving, Disk longevity and failure rates, Laptop theft prevention, Fighting spam
• Computer Forensics
• Public Key Infrastructure (PKI) Providers
• How to set up encrypted storage on Amazon EC2

User Authentication

• Authentication Tools
  • Well-known default passwords, Rainbow Tables, Comparing OS user authentication strength, Kerberos, Password tools, sudo, Tokens, Biometrics
• Passwords — How they work and how to break them
  • How passwords work and how they're stored, salt values, hashes and entropy
  • Forms of attacks, analysis of authentication strength of various operating systems, dictionary attacks, cracking attacks, Rainbow Table attacks, frequent password changes and the illusion of security
• Reverse-Engineering the Hacker —
  • What types of passwords will a typical hacker guess?

System Security (operating system auditing and hardening)

• System Security Auditing and Monitoring Tools
  • TARA, COPS, Titan, Bastille, ISS tools, Password Testing and Cracking
• OS-Specific Security Issues
  • Cisco IOS, Linux, Solaris, Tru64 (ULTRIX, OSF/1), IRIX, AIX, DOS, Macintosh, Novell, AS/400, VMS, Windows
• How to harden a default Linux or BSD installation
• Intrusion Detection Tools
  • Tripwire, AIDE, Snort, RazorBack, ACID-XML, SNARE, BackLog, NetRanger, NetStalker, GrIDS
• Analyzing multiple intrusions into a poorly configured Linux system
• Attacks on Virtualization Security
• Hardware Exploits
• Physical Security

Network Security

• Network Security Auditing Tools
  • Top 100 Network Security Tools, Lists of TCP ports used by attacks, Port scanners, Network vulnerability testing, DNS security, Automatic Teller Machine (ATM) security
• Network Monitoring / Protocol Analysis / Packet Sniffing Tools
  • Unix-based, Windows-based, switch spoofing, Wireless LAN/WAN security, WLAN antenna construction, packet-sniffing attack detection
• SSL/TLS Security
• 802.11i / WPA2 wireless networking
• QR codes and Near-Field Communication Risks
• Firewall Tools
  • Linux/Unix-based, Windows based, Home / Small-Office Firewall, Commercial vendors
• How to set up and use SSH
• Web Security
• TCP/IP Stack hardening
• Network Attack Analysis: Classifying and Identifying Attack Patterns With Textual Analysis Tools

Cloud Security

• An Overview of Cloud Security
• Security Concerns of Cloud Technology Users: A Survey of Major Cloud Customers
• Cloud Security Blog — Thoughts from Time to Time on Cloud Security
• Secure Distributed Logging: Syslog, TLS, and Amazon EC2 Cloud Servers
• How to set up encrypted storage on Amazon EC2
• Attacks on Virtualization Security

Malware, Social Engineering, and Software Security

• Good free anti-virus / anti-malware software includes ClamAV, ClamXav, Avira, AVG, Avast!, and ZoneAlarm. ZoneAlarm incorporates spyware detection and removal software.
• Social Engineering and Fighting Internet Hoaxes
• Why HTML E-mail is Dangerous
• Analyzing Web Mail Abuse and Spear-Phishing
• Analyzing a Phishing Scam Attempt
• Learn about scams, spam, phishing, and worse, and take some great Phishing IQ tests
• Attrition.org's list of vendors that have shipped malware with their products.
• Analyzing Hostile Data
  • An overview of viruses, worms, trojans, downloaders and other malware, plus analysis of: Bagel, Mytob, Mydoom, The Russian M.O.B., and more
• Software Security Tools
  • How to develop software that is more secure, The SAFECode Fundamental Practices for Secure Software Development, C/C++ Security, Python Security, Java Security, ActiveX Attacks, Writing Exploit Code

Reference Material

• Recommended Reference Books — How-to guides for best practice, background information, and more
• Security-Related RFCs (Valuable Documents!) and Mitre nomenclature projects
  • Some of these function as dictionaries and explain the terminology. Others provide the formal definitions of networking protocols.
• Infosec Bulletins and Mailing Lists
• CVE Details is a great source of information on vulnerabilities. You can search by CVE reference, by vendor, and product name.
• General Information
  • Big-Money Losses, Telecommunication Outages, COMSEC and GSM/mobile hacking, DNS Security Issues, Incidents and Anecdotes, Government Warnings and Reactions
• Cyberwar
  • Military Applications of Network Attack and Defense — "Network-Centric Warfare", International Conflict on the Internet, Military-Industrial Espionage, Viruses and Hacking, Threat Reports and Warnings, Offensive Information Warfare & Information Operations
• Other Organizations' Policies
• Infosec Response Teams
  • Incident Response Teams, Assistance and Guidance, Research and Development, Vendors, Risk Management and Insurance Coverage
• The Government Surveillance Agencies
  • CESID, CIA, CSE, CSIS, DIA, DSD, FBI, FSB, GCHQ, IKSI, NIMA, NSA, NRO, EIEIO...
• Keeping Track of the Bad Guys
  • Classic Hackers, Hacker Technology
• Downright Scary Threats
  • Separatists, para-military, military, and intelligence organizations
• Cryptographic History
  • WWII German Enigma system and its weaknesses, WWII and Cold War tourism
• The Gallery of Crash Dump Screens
• Cryptographic Haiku

Internet security "global dashboards"

Some of these are useful, some have a relatively high level of hype, but you might find some of these useful:

• DShield
• SANS Internet Storm Center
• Arbor Networks ATLAS Dashboard
• Internet Traffic Report
• Talisker Computer Network Defence Operational Picture, also called their "famous Talisker Radar Page".
• Internet Security Dashboard

Where to go from here

Make sure you understand your systems well, and set them up properly! As Hippocrates said, "Primum non nocere", or "First, do no harm."

Be aware that your browser always gives away some information about you, unless you are using Tor and using it very carefully. Your browser just provided this information:

Home Linux/Unix Networking Cybersecurity Travel Technical Radio Site Map Contact