From owner-freebsd-security Fri Aug 1 09:47:41 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA28644 for security-outgoing; Fri, 1 Aug 1997 09:47:41 -0700 (PDT) Received: from www.buffalostate.edu (hummel@www.buffalostate.edu [136.183.2.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA28639 for ; Fri, 1 Aug 1997 09:47:27 -0700 (PDT) Received: from localhost (hummel@localhost) by www.buffalostate.edu (8.8.5/8.8.5) with SMTP id MAA32164; Fri, 1 Aug 1997 12:47:10 -0400 Date: Fri, 1 Aug 1997 12:47:10 -0400 (EDT) From: Dave Hummel To: Philippe Regnauld cc: freebsd-security@FreeBSD.ORG Subject: Re: Security books (was: Re: So, lets have a checklist compiled (was Re: Security hole) In-Reply-To: <19970731221445.04992@deepo.prosa.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id JAA28640 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk This is a great list! Can I post this on my web page as is (with names included)? I really want to give credit where credit is due. ------------------------------------------------------------------------ When you get to the end of your rope, tie a knot and hang on. And swing! ------------------------------------------------------------------------ On Thu, 31 Jul 1997, Philippe Regnauld wrote: > Jordan K. Hubbard writes: > > > > The body of available UNIX documentation out there, much of which is > > listed in the glossary of the FreeBSD handbook, is about as good as it > > gets and it isn't all that bad - even as complete a "checklist" as I > > could imagine would end up being largely replicating the docs which > > these books currently provide. > > Books have been mentioned several times -- I can only agree > with Jordan and say "read 'em" -- so here's a list that's just > been forwarded to me from osiris@pacificnet.net (cf. Bugtraq and > BoS) -- hey, Vinnie, read up :-) > > Internet Firewalls and Network Security. Chris Hare, Karanjit > Siyan. 2nd Edition. New Riders Pub. August 1,1996. ISBN: > 1562056328 > > Internet Firewalls. Scott Fuller, Kevin Pagan. Ventana Communications > Group Inc. January 1997. ISBN: 1566045061 > > Building Internet Firewalls. D. Brent Chapman, Elizabeth D. Zwicky. > O'Reilly & Associates (ORA). September 1,1995. ISBN: 1565921240 > > Firewalls and Internet Security : Repelling the Wily Hacker. > Addison-Wesley Professional Computing. William R. Cheswick, Steven M. > Bellovin. June 1,1994. ISBN: 0201633574 > Actually Useful Internet Security Techniques. Larry J. Hughes, Jr. New > Riders Publishing, ISBN 1-56205-508-9 > > PCWEEK Intranet and Internet Firewall Strategies. Ed Amoroso & Ron > Sharp, Ziff Davies > > Internet Security Resource Library : Internet Firewalls and Network > Security, Internet Security Techniques, Implementing Internet Security. > New Riders. December 1995. ISBN: 1562055062 > > Firewalls FAQ. Marcus J. Ranum. > http://www.cis.ohio-state.edu/hypertext/faq/usenet/firewalls-faq/faq.html > > NCSA Firewall Policy Guide. Compiled by Stephen Cobb, Director of > Special Projects. National Computer Security Association. > http://www.ncsa.com/fwpg_p1.html > > Comparison: Firewalls. June 17, 1996. LanTimes. Comprehensive comparison > of a wide variety of firewall products. > http://www.lantimes.com/lantimes/usetech/compare/pcfirewl.html > > There Be Dragons. Steven M. Bellovin. "To appear in Proceedings of the > Third Usenix UNIX Security Symposium, Baltimore, September 1992." AT&T > Bell Laboratories, Murray Hill, NJ. August 15, 1992 > > Rating of application layer proxies. Michael Richardson. Wed Nov 13 > 13:54:09 EST 1996. > http://www.sandelman.ottawa.on.ca/SSW/proxyrating/proxyrating.html > > Keeping your site comfortably secure: An Introduction to Internet > Firewalls. John P. Wack and Lisa J. Carnahan. National Institute > ofStandards and Technology. John Wack Thursday, Feb 9 18:17:09 EST 1995. > http://csrc.ncsl.nist.gov/nistpubs/800-10/ > > SQL*Net and Firewalls. David Sidwell & Oracle Corporation. > http://www.zeuros.co.uk/firewall/library/oracle-and-fw.pdf > > Covert Channels in the TCP/IP Protocol Suite. Craig Rowland. Rotherwick > & Psionics Software Systems Inc. > http://www.zeuros.co.uk/firewall/papers.htm > > If You Can Reach Them, They Can Reach You. A PC Week Online Special > Report, June 19, 1995. William Dutcher. > http://www.pcweek.com/sr/0619/tfire.html > > Packet Filtering for Firewall Systems. February 1995. CERT (and Carnegie > Mellon University.) ftp://info.cert.org/pub/tech_tips/packet_filtering > > Network Firewalls. Steven M. Bellovin and William R. Cheswick. > ieeecm, 32(9), pp. 50-57, September 1994. > > Session-Layer Encryption. Matt Blaze and Steve Bellovin. Proceedings of > the USENIX Security Workshop, June 1995. > > A Network Perimeter With Secure External Access. An extraordinary paper > that details the implementation of a firewall purportedly at the White > House. (Yes, the one at 1600 Pennsylvania Avenue.) Frederick M. Avolio; > Marcus J. Ranum. (Trusted Information Systems, Incorporated). Glenwood, > MD. January 25, 1994. > http://www.alw.nih.gov/Security/FIRST/papers/firewall/isoc94.ps > > > Packets Found on an Internet. Interesting Analysis of packets appearing > at the Application Gateway of AT&T. Steven M. Bellovin. Lambda. August > 23, 1993. ftp://ftp.research.att.com/dist/smb/packets.ps > > Using Screend to implement TCP/IP Security Policies. Jeff Mogul. > Rotherwick and Digital. > http://www.zeuros.co.uk/firewall/library/screend.ps > > Firewall Application Notes. Good document that starts out by describing > how to build a firewall. It also addresses application proxies, Sendmail > in relation to firewalls and the characteristics of a bastion host. > Livingston Enterprises, Inc. > http://www.telstra.com.au/pub/docs/security/firewall-1.1.ps.Z > > X Through the Firewall, and Other Application Relays. Treese/Wolman > Digital Equipment Corp. Cambridge Research Lab. (October, 1993?). > ftp://crl.dec.com/pub/DEC/CRL/tech-reports/93.10.ps.Z > > Intrusion Protection for Networks 171. BYTE Magazine. April, 1995. > > Benchmarking Methodology for Network Interconnect Devices. RFC 1944. S. > Bradner & J. McQuaid. ftp://ds.internic.net/rfc/rfc1944.txt > > Firewall Performance Measurement Techniques: A Scientific Approach. > Marcus Ranum. February 4, 1996 (Last Known Date of Mod.) > http://www.v-one.com/pubs/perf/approaches.htm > > WARDING OFF THE CYBERSPACE INVADERS. Business Week. 03/13/95. Amy > Cortese in New York, with bureau reports > > Vulnerability in Cisco Routers used as Firewalls. Computer Incident > Advisory Capability Advisory: Number D-15. May 12, 1993 1500 PDT. > http://ciac.llnl.gov/ciac/bulletins/d-15.shtml > > WAN-Hacking with AutoHack - Auditing Security behind the Firewall. Alec > D.E. Muffett. (network Security Group, Sun Microsystems, United > Kingdom.) Written by the author of Crack, the famous password cracking > program. Extraordinary document that deals with methods of auditing > security from behind a firewall. (And auditing of a network so large > that it contained tens of thousands of hosts!) June 6, 1995. > http://www.telstra.com.au/pub/docs/security/muffett-autohack.ps > > Windows NT Firewalls Are Born. February 4, 1997. PC Magazine. > http://www.pcmagazine.com/features/firewall/_open.htm > Group of 15 Firewalls Hold Up Under Security Scrutiny. Stephen > Lawson June 1996. > InfoWorld. > http://www.infoworld.com/cgi-bin/displayStory.pl?96067.firewall.htm > > IP v6 Release and Firewalls. Uwe Ellermann. 14th Worldwide Congress on > Computer and Communications Security. Protection, pp. 341-354, June > 1996. > > The SunScreen Product Line Overview. (Sun Microsystems.) > http://www.sun.com/security/overview.html > > Product Overview for IBM Internet Connection Secured Network Gateway for > AIX, Version 2.2. (IBM Firewall Information.) > http://www.ics.raleigh.ibm.com/firewall/overview.htm > > The Eagle Firewall Family. (Raptor Firewall Information.) > http://www.raptor.com/products/brochure/40broch.html > > Secure Computing Firewall™ for NT. Overview. (Secure Computing). > http://www.sctc.com/NT/HTML/overview.html > > Check Point FireWall-1 Introduction. (Checkpoint Technologies Firewall > Information.) http://www.checkpoint.com/products/firewall/intro.html > > Cisco PIX Firewall. (Cisco Systems Firewall Information.) > http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/pcpix.htm > > Protecting the Fortress From Within and Without. R. Scott Raynovich. > April 1996. LAN Times. http://www.wcmh.com/lantimes/96apr/604c051a.html > > Internet Firewalls: An Introduction. Firewall White Paper. NMI Internet > Expert Services. PO Box 8258. Portland, ME 04104-8258. > http://www.netmaine.com/netmaine/whitepaper.html > > Features of the Centri(TM) Firewall. (Centri Firewall Information.) > http://www.gi.net/security/centrifirewall/features.html > > Five Reasons Why an Application Gateway is the Most Secure Firewall. > (Global Internet.) > http://www.gi.net/security/centrifirewall/fivereasons.html > > An Introduction to Intrusion Detection. Aurobindo Sundaram. Last > Apparent Date of Modification: October 26, 1996. > http://www.techmanager.com/nov96/intrus.html > > Intrusion Detection for Network Infrastructures. S. Cheung, K.N. Levitt, > C. Ko. 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May > 1995. http://seclab.cs.ucdavis.edu/papers/clk95.ps > > Network Intrusion Detection. Biswanath Mukherjee and L. Todd Heberlein > and Karl N. Levitt. IEEE Network, May 1994. > > Fraud and Intrusion Detection in Financial Information Systems. S. > Stolfo and P. Chan and D. Wei and W. Lee and A. Prodromidis. 4th > ACM Computer and Communications Security Conference, 1997. > http://www.cs.columbia.edu/~sal/hpapers/acmpaper.ps.gz > > A Pattern-Oriented Intrusion-Detection Model and Its Applications. > Shiuhpyng W. Shieh and Virgil D. Gligor. Research in Security and > Privacy, IEEECSP, May 1991. > > Detecting Unusual Program Behavior Using the Statistical Component of > the Next-generation Intrusion Detection Expert System (NIDES). Debra > Anderson, Teresa F. Lunt, Harold Javitz, Ann Tamaru, and Alfonso Valdes. > SRI-CSL-95-06, May 1995. (Available in hard copy only.) Abstract: > http://www.csl.sri.com/tr-abstracts.html#csl9506 > > Intrusion Detection Systems (IDS): A Survey of Existing Systems and A > Proposed Distributed IDS Architecture. S.R. Snapp, J. Brentano, G.V. > Dias, T.L. Goan, T. Grance, L.T. Heberlein, C. Ho, K.N. Levitt, B. > Mukherjee, D.L. Mansur, K.L. Pon, and S.E. Smaha. Technical Report > CSE-91-7, Division of Computer Science, University of California, Davis, > February 1991. http://seclab.cs.ucdavis.edu/papers/bd96.ps > > A Methodology for Testing Intrusion Detection Systems. N. F. Puketza, K. > Zhang, M. Chung, B. Mukherjee, R. A. Olsson. IEEE Transactions on > Software Engineering, Vol.22, No.10, October 1996. > http://seclab.cs.ucdavis.edu/papers/tse96.ps > > GrIDS -- A Graph-Based Intrusion Detection System for Large Networks. S. > Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. > Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle. The 19th National > Information Systems Security Conference. > http://seclab.cs.ucdavis.edu/papers/nissc96.ps > > NetKuang--A Multi-Host Configuration Vulnerability Checker. D. Zerkle, > K. Levitt , Proc. of the 6th USENIX Security Symposium. San Jose, > California. 1996. http://seclab.cs.ucdavis.edu/papers/zl96.ps > > Simulating Concurrent Intrusions for Testing Intrusion Detection > Systems: Parallelizing Intrusions. M. Chung, N. Puketza, R.A. Olsson, B. > Mukherjee. Proc. of the 1995 National Information Systems Security > Conference. Baltimore, Maryland. 1995. > http://seclab.cs.ucdavis.edu/papers/cpo95.ps > > Holding Intruders Accountable on the Internet. S. Staniford-Chen, and > L.T. Heberlein. Proc. of the 1995 IEEE Symposium on Security and > Privacy, Oakland, CA, 8-10 May 1995. > http://seclab.cs.ucdavis.edu/~stanifor/seclab_only/notes/ieee_conf_94/revision/submitted.ps > > Machine Learning and Intrusion Detection: Current and Future Directions. > J. Frank. Proc. of the 17th National Computer Security Conference, > October 1994. > > Another Intrusion Detection Bibliography. > http://doe-is.llnl.gov/nitb/refs/bibs/bib1.html > > Intrusion Detection Bibliography. > http://www.cs.purdue.edu/coast/intrusion-detection/ids_bib.html > > Intrusion Detection Systems. This list concentrates primarily on > discussions about methods of intrusion or intrusion detection. > Target: majordomo@uow.edu.au > Command: subscribe ids (In BODY of message) > > The WWW Security List. Members of this list discuss all techniques to > maintain (or subvert) WWW security. (Things involving secure methods of > HTML, HTTP and CGI.) > Target: www-security-request@nsmx.rutgers.edu > Command: SUBSCRIBE www-security your_email_address (In BODY of message) > > The Sneakers List. This list discusses methods of circumventing firewall > and general security. This list is reserved for lawful tests and > techniques. > Target: majordomo@CS.YALE.EDU > Command: SUBSCRIBE Sneakers (In BODY of message) > > The Secure HTTP List. This list is devoted to the discussion of S-HTTP > and techniques to facilitate this new form of security for WWW > transactions. > Target: shttp-talk-request@OpenMarket.com > Command: SUBSCRIBE (In BODY of message) > > The NT Security List. This list is devoted to discussing all techniques > of security related to the Microsoft Windows NT operating system. > (Individuals also discuss security aspects of other Microsoft operating > systems as well.) > Target: request-ntsecurity@iss.net > Command: subscribe ntsecurity (In BODY of message) > > The Bugtraq List. This list is for posting or discussing bugs in various > operating systems, those UNIX is the most often discussed. The > information here can be quite explicit. If you are looking to learn the > fine aspects (and cutting edge news) in UNIX security, this list is for > you. > Target: LISTSERV@NETSPACE.ORG > Command: SUBSCRIBE BUGTRAQ(In BODY of message) > > Password Security: A Case History. Robert Morris and Ken Thompson. > http://www.sevenlocks.com/papers/password/pwstudy.ps > > Site Security Handbook (update and Idraft version; June 1996, CMU. > Draft-ietf-ssh-handbook-03.txt.) Barbara Fraser. > http://www.internic.net/internet-drafts/draft-ietf-ssh-handbook-03.txt. > > Improving the Security of Your Site by Breaking Into It. Dan Farmer & > Wietse Venema. (1995) http://www.craftwork.com/papers/security.html. > > Making Your Setup More Secure. NCSA Tutorial Pages. > http://hoohoo.ncsa.uiuc.edu/docs/tutorials/security.html. > > The Secure HyperText Transfer Protocol. E. Rescorla, A. Schiffman (EIT) > July 1995. > http://www.eit.com/creations/s-http/draft-ietf-wts-shttp-00.txt. > > The SSL Protocol. (IDraft) Alan O. Freier & Philip Karlton (Netscape > Communications) with Paul C. Kocher. > http://home.netscape.com/eng/ssl3/ssl-toc.html. > > Writing, Supporting, and Evaluating TripWire. A Publicly Available > Security Tool; Kim/Spafford. http://www.raptor.com/lib/9419.ps > > The Design and Implementation of TripWire. A Filesystem Integrity > Checker; Kim/Spafford. Location: http://www.raptor.com/lib/9371.ps > > X Window System Security. Ben Gross & Baba Buehler. Beckman Institute > System Services. > http://www.beckman.uiuc.edu/groups/biss/VirtualLibrary/xsecurity.html. > Last Apparent Date of Modification: January 11, 1996. > > On the (in)Security of the Windowing System X. Marc VanHeyningen of > Indiana University. http://www.cs.indiana.edu/X/security/intro.html. > September 14, 1994. > > Security in the X11 Environment. Pangolin. University of Bristol, UK. > January, 1995. http://sw.cse.bris.ac.uk/public/Xsecurity.html. > > Security in Open Systems. (NIST) John Barkley, Editor. (With Lisa > Carnahan, Richard Kuhn, Robert Bagwill, Anastase Nakassis, Michael > Ransom, John Wack, Karen Olsen, Paul Markovitz and Shu-Jen Chang.) US > Department of Commerce. Section: The X Window System: Bagwill, Robert. > http://csrc.ncsl.nist.gov/nistpubs/800-7/node62.html#SECTION06200000000000000000. > > Security Enhancements of the DEC MLS+ System; The Trusted X Window > System. November, 1995. > http://ftp.digital.com/pub/Digital/info/SPD/46-21-XX.txt > > Evolution of a Trusted B3 Window System Prototype. J. Epstein, J. Mc > Hugh, R.Psacle, C. Martin, D. Rothnie, H. Orman, A. Marmor-Squires, > M.Branstad, and B. Danner, , In > Proceeding of the 1992 IEEE Symposium on Security and Privacy, 1992. > > A Prototype B3 Trusted X Window System. J. Epstein, J. Mc Hugh, R. > Pascale, H. Orman, G. Benson, C.Martin, A. Marmor-Squires, B.Danner, and > M. Branstad, The Proceedings of the 7th Computer Security Applications > Conference, December, 1991. > > Improving X Windows Security. UNIX World, (Volume IX, Number 12) > December 1992. Linda Mui. > > Security and the X Window System. UNIX World, 9(1), p. 103. January > 1992. Dennis Sheldrick. > > The X Window System. Scheifler, Robert W. & Gettys, Jim. ACM > Transactions on Graphics. Vol.5, No. 2 (April 1986), pp. 79-109. > http://www.acm.org/pubs/toc/Abstracts/0730-0301/24053.html. > > X Window Terminals. Digital Technical Journal of Digital Equipment > Corporation, 3(4), pp. 26-36, Fall 1991. Björn Engberg and Thomas > Porcher. > ftp://ftp.digital.com/pub/Digital/info/DTJ/v3n4/X_Window_Terminals_01jul1992DTJ402P8.ps. > > Information Security: Computer Attacks at Department of Defense Pose > Increasing Risks; General Accounting Office. Report on Failed Security > at US Defense Sites. > http://www.epic.org/security/GAO_OMB_security.html > > Defense Directive 5200.28. "Security requirements for Automated > Information Systems." Document describing some antiquated government > standards for security. > http://140.229.1.16:9000/htdocs/teinfo/directives/soft/5200.28.html > > The Evaluated Products List (EPL). A list of products that have been > evaluated for security ratings, based on DOD guidelines. > http://www.radium.ncsc.mil/tpep/epl/index.html > > INTERNIC, or the Network Information Center. INTERNIC provides > comprehensive databases on networking information. These databases > contain the larger portion of collected knowledge on the design and > scope of the Internet. (Of main importance here is the database of RFC > documents.) > http://ds0.internic.net/ds/dspg1intdoc.html > > The Rand Corporation. Security resources of various sorts. Also: very > engrossing "early" documents on the Internet’s design. > http://www.rand.org/publications/electronic/ > > Connected: An Internet Encyclopedia. (Incredible on-line resource for > RFC documents and related information, apparently painstaking translated > into HTML.) > http://www.freesoft.org/Connected/RFC/826/ > > The Computer Emergency Response Team. (CERT) An organization that > assists sites in responding to network security violations, break-ins > and so forth. Great source of information, particularly for > vulnerabilities. > http://www.cert.org. > > Security Survey of Key Internet Hosts & Various Semi-Relevant > Reflections. D. Farmer. Fascinating independent stud conducted by one of > the authors of the now famous SATAN program. The survey involved > approximately 2200 sites. The results are disturbing. > http://www.trouble.org/survey/ > > CIAC. (U.S. Department of Energy's Computer Incident Advisory > Capability.) The CIAC provides computer security services to employees > and contractors of the United States Department of Energy, but the site > is open to the public as well. There are many tools and documents at > this location. > http://ciac.llnl.gov/ > > The National Computer Security Association. This site contains a great > deal of valuable security information, including reports, papers, > advisories and analyses of various computer security products and > techniques. > http://www.ncsa.com/ > > Short Courses in Information Systems Security at George Mason > University. This site contains information about security courses. > Moreover, there are links a comprehensive bibliography of various > security related documents. > http://www.isse.gmu.edu:80/~gmuisi/ > > NCSA RECON. Spooks on the Net. The National Computer Security > Association’s "special" division. They offer a service where one can > search through thousands of downloaded messages passed amongst hackers > and crackers on BBS boards and the Internet. An incredible security > resource, but a commercial one. > http://www.isrecon.ncsa.com/public/faq/isrfaq.htm > > Lucent Technologies. Courses on security from the folks who really know > security. > http://www.attsa.com/ > > Massachusetts Institute of Technology distribution site for United > States residents for Pretty Good Privacy (PGP). PGP provides some of the > most powerful, military grade encryption currently available. > http://web.mit.edu/network/pgp.html > > The Anonymous Remailer FAQ. A document that covers all aspects of > anonymous remailing techniques and tools. > http://www.well.com/user/abacard/remail.html > > The Anonymous Remailer List. A comprehensive but often changing > (dynamic) list of anonymous remailers > http://www.cs.berkeley.edu/~raph/remailer-list.html > > Microsoft ActiveX Security. This page addresses the security features of > ActiveX. > http://www.microsoft.com/intdev/signcode/ > > Purdue University COAST Archive. One of the more comprehensive security > sites, containing many tools and documents of deep interest within the > security community. > http://www.cs.purdue.edu//coast/archive/ > > Raptor Systems. Makers of one of the better firewall products on the Net > have established a fine security library. > http://www.raptor.com/library/library.html > > The Risks Forum. A moderated digest of security and other risks in > computing. A great resource that is also searchable. You can tap the > better security minds on the Net. > http://catless.ncl.ac.uk/Risks > > FIRST. (Forum of Incident Response and Security Teams). A conglomeration > of many organizations undertaking security measures on the Internet. A > powerful organization and good starting place for sources. > http://www.first.org/ > > The CIAC Virus Database. The ultimate virus database on the Internet. An > excellent resource to learn about various viruses that can effect your > platform. > http://ciac.llnl.gov/ciac/CIACVirusDatabase.html > > Information Warfare and Information Security on the Web. A comprehensive > lost of links and other resources concerning Information Warfare over > the Internet. > http://www.fas.org/irp/wwwinfo.html > > Criminal Justice Studies of the Law Faculty of University of Leeds, The > United Kingdom. Site with interesting information on cryptography and > civil liberties. > http://www.leeds.ac.uk/law/pgs/yaman/cryptog.htm. > > Federal Information Processing Standards Publication documents. > (Government guidelines.) National Institute of Standards and Technology > reports on DES encryption and related technologies. > http://csrc.nist.gov/fips/fips46-2.txt > > Wordlists available at NCSA and elsewhere. (For use in testing the > strength of, or "cracking" UNIX passwords.) > http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html. > > Department of Defense Password Management Guideline. (Treatment of > password security in classified environments.) > http://www.alw.nih.gov/Security/FIRST/papers/password/dodpwman.txt > > Dr. Solomon’s. A site filled with virus information. Anyone concerned > with viruses (or anyone who just wants to know more about virus > technology,) should visit Dr. Solomon’s site. > http://www.drsolomon.com/vircen/allabout.html > > The Seven Locks server. An eclectic collection of security resources, > including a number of papers that cannot be found elsewhere! > http://www.sevenlocks.com/CIACA-10.htm.[m1] > > S/Key informational page. Provides information on S/Key and use of one > time passwords in authentication. > http://medg.lcs.mit.edu/people/wwinston/skey-overview.html. > A page devoted to ATP, the "Anti-Tampering Program". (In some ways, > similar to Tripwire or Hobgoblin.) > http://www.cryptonet.it/docs/atp.html > > Bugtraq Archives. An archive of the popular mailing list, Bugtraq. This > is significant because Bugtraq is one of the most reliable source for > up-to-date reports on new found vulnerabilities in UNIX (and at times, > other operating systems.) > http://geek-girl.com/bugtraq/ > > Wang Federal. This company produces very high quality security operating > systems and other security solutions. They are the leader in TEMPEST > technology. > http://www.wangfed.com > > The Center for Secure Information Systems. This site, affiliated with > the Center at George Mason University, has some truly incredible papers. > There is much research going on here; research of a cutting edge nature. > The link below send you directly to the publications page, but you > really should explore the entire site. > http://www.isse.gmu.edu/~csis/publication.html > > SRI International. Some very highbrow technical information. The > technical reports here are of extreme value. However, you must have at > least a fleeting background in security to even grasp some of the > concepts. Nevertheless, a great resource. > http://www.sri.com/ > > The Security Reference Index. This site, maintained by the folks at > telstra.com, is a comprehensive pointer page to many security resources. > http://www.telstra.com.au/info/security.html > > Wietse Venema’s Tools Page. This page, Maintained by Wietse Venema > (co-author of SATAN and author of TCP_Wrapper and many, other security > tools), filled papers, tools and general information. It is a must-visit > for any UNIX system administrator. > ftp://ftp.win.tue.nl/pub/security/index.html > > United States. Congress. House. Committee on Science, Space, and > Technology. Subcommittee on Science. Internet security : Hearing Before > the Subcommittee on Science of the Committee on Science, Space, and > Technology. U.S. House of Representatives, One Hundred Third Congress, > second session, March 22, 1994. Washington. U.S. G.P.O. For sale by > the U.S. G.P.O., Supt. of Docs., Congressional Sales Office, 1994. > > UNIX Unleashed. SAMS Publishing, 1994. ISBN: 0-672-30402-3. > > Internet QuickKIT. Brad Miser. HAYDEN. ISBN: 1568302401 > > Bots and Other Internet Beasties. SAMS.NET. Joseph Williams. ISBN: > 1575210169 (1996) > > The Internet Unleashed 1996. SAMS.NET. SAMS Development Group. ISBN: > 157521041X. (1995) > Microsoft Internet Information Server 2 Unleashed. Arthur Knowles. > SAMS.NET. ISBN: 1575211092. (1996) > > Designing and Implementing Microsoft Internet Information Server. > SAMS.NET. ISBN: 1575211688. (1996) > > Internet Research Companion. Que Education and Training. Geoffrey McKim. > ISBN: 1575760509. (1996) > > An Interactive Guide to the Internet. Que Education and Training. J. > Michael BLocher, Vito Amato & Jon Storslee. ISBN: 1575763540. (1996) > > Internet Security for Business. New York. Wiley, 1996. xi, 452 p. : > ill. ; 24 cm. LC CALL NUMBER: HD30.38 .I57 1996 > > Managing Windows NT Server 4. NRP. Howard F. Hilliker. ISBN: 1562055763. > (1996) > Internet 1997 Unleashed, Second Edition. SAMS.NET. Jill Ellsworth, Billy > Barron, et al. ISBN: 1575211858. (1996) > > Windows NT Server 4 Security, Troubleshooting, and Optimization. NRP. > ISBN: 1562056018. (1996) > > Apache Server Survival Guide. SAMS.NET. Manuel Alberto Ricart. ISBN: > 1575211750. (1996) > Internet Firewalls and Network Security, Second Edition. NRP. Chris Hare > and Karanjit S. Siyan, Ph.D. ISBN: 1562056328. (1996) > > PC Week Intranet and Internet Firewalls Strategies. ZDPRESS. Ed Amoroso > & Ronald Sharp. ISBN: 1562764225. (1996) > > Internet Security Professional Reference. NRP. Chris Hare, et al. ISBN: > 1562055577. (1996) > > NetWare Security. NRP. William Steen. ISBN: 1562055453. (1996) > Internet Security Resource Library. NRP. Box-set. ISBN: 1562055062. > (1996) > > LINUX System Administrator's Survival Guide. SAMS. Timothy Parker, Ph. > D. ISBN: 0672308509. (1996) > > Internet Commerce. NRP. Andrew Dahl and Leslie Lesnick. ISBN: > 1562054961. (1995) > Windows NT Server 4 Security, Troubleshooting, and Optimization. NRP. > ISBN: 1562056018. (1996) > > E-Mail Security: How To Keep Your Electronic Messages Private. Bruce > Schneier. John Wiley & Sons Inc. 605 Third Ave. New York, NY 10158. > ISBN: 0-471-05318-X > > Protection and Security on the Information Superhighway. Frederick B. > Cohen. John Wiley & Sons Inc. 605 Third Ave. New York, NY 10158. ISBN: > 0-471-11389-1 > > Firewalls and Internet Security: Repelling the Wily Hacker. William R. > Cheswick and Steven M. Bellovin. Addison-Wesley Publishing Co. 1 Jacob > Way Reading, MA 01867. ISBN: 0-201-63357-4 > > Practical UNIX & Internet Security, 2nd Edition. Simson Garfinkel & Gene > Spafford. 2nd Edition April 1996. 1-56592-148-8. > > UNIX System Security. David A. Curry. Addison Wesley Publishing Company, > Inc. 1992. ISBN 0-201-56327-4 > > Secure UNIX. Samuel Samalin. McGraw Hill. December 1996. ISBN: > 0070545545 > Security (Openframework Systems Architecture). Belinda Fairthorne. > Prentice Hall. Publication date: March 1993. ISBN: 0136306586 > > The Underground Guide to UNIX : Slightly Askew Advice from a UNIX Guru. > John Montgomery. Addison-Wesley Pub Co. 1995. ISBN: 0201406535 > > UNIX Installation Security and Integrity. David Ferbrache, Gavin > Shearer. Prentice Hall. 1993. ISBN: 0130153893 > > UNIX Security : A Practical Tutorial (UNIX/C). N. Derek Arnold. > McGraw-Hill. 1993. ISBN: 0070025606 > > UNIX System Security Essentials. Christoph Braun, Siemens Nixdorf. > Addison-Wesley Pub Co. 1995. IBN: 0201427753 > > UNIX System Security : How to Protect Your Data and Prevent Intruders. > Rik Farrow, Rick Farrow. Addison-Wesley Pub Co. 1991. ISBN: 0201570300 > > UNIX Security Symposium IV Proceedings/October 4-6, 1993 Santa Clara, > California, USA. Usenix Assoc. ISBN: 1880446553 > > -- > -- Phil > > -[ Philippe Regnauld / Systems Administrator / regnauld@prosa.dk ]- > -[ Location.: +55.4N +11.3E PGP Key: finger regnauld@hotel.prosa.dk ]- >