[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Insecurity Section of the Internet Handbook

For zoetrope, and others curious about the Insecurity
section of the Internet Handbook, we pass along this
Yellow Pages advert-insert comp sec teaser from
SAIC -- with only dribbles of cryptography. The puffery
appears to be artfully fattened and out-of-date. Like most
security porkers, SAIC sells its nitrated sec services
dearly (security by deep pockets of the fearful engorgers)
while feigning Net public-spirit to mask IP search and
steal. In a telling slight, SAIC does not cite outturned-
pockets, beef jerky Cypherpunks.


URL: http://mls.saic.com/library.html [which links to the
listed contents]
                   SECURITY LIBRARY
The SAIC Security Library contains security-related 
infomation and programs from around the Net. SAIC does
not verify or endorse such files or any use thereof.
Notices and Upcoming Events [Not included here]

Advisories and Alerts




Other Security Sites


URL: http://mls.saic.com/alerts.html

   *  Sun Security Alerts
   *  CERT - Computer Emergency Response Team
   *  ASSIST - Automated Systems Security Incident
      Support Team
   *  AUSERT - Australian Security Emergency Response
   *  NASIRC - NASA Automated Systems Incident Response
   *  DDN - Defense Data Network
   *  FIRST - Forum of Incident Response and Security

   *  8lgm Advisories
   *  Bugtraq Archives, threaded
   *  CERT Advisories
   *  CIAC - Computer Incident Advisory Capability 

URL: http://mls.saic.com/docs.html
                  SECURITY DOCUMENTS

These documents are from the Net and cover a wide area of
topics concerning computer security. They are for the
education and legitimate use of computer security
techniques only. All non-FAQ documents are in PostScript
format unless otherwise noted.
Frequently Asked Questions

   *  Basic Computer Security
   *  Firewalls
   *  Setting Up Anonymous FTP
   *  What To Do If Your Machine Is Compromised
   *  Security Patches
   *  Vendor Contacts
   *  Pretty Good Privacy (PGP)
   *  #hack FAQ
   *  Cryptography FAQ 


   Introductory Papers

   *  Internet Firewalls - An Introduction (August 1994,
   *  Keeping Your Site Comfortably Secure: An
      Introduction to Internet Firewalls (Undated, 1.8M)
   General Firewall Documents

   *  A Network Firewall (June 1992, 374K)
   *  A Toolkit and Methods for Internet Firewalls
      (Undated, 185K)
   *  Proper Care and Feeding of Firewalls (November
      1994, 121K)
   *  A Network Perimeter with Secure External Access
      (Undated, 268K)
   *  An Internet Gatekeeper (Undated, 149K)
   *  Thinking About Firewalls (Undated, 109K)
   *  X Through Firewalls, and Other Application Relays
      (May 1993, 430K)

WWW Security

   *  Security and the World Wide Web (June 1994, 10K
   *  NCSA on Mosaic Security Issues(December 1994, 1.6K
   *  Shen: A Security Scheme for the Web (Undated, 1.7K
   *  Using PGP/PEM Encryption (Undated, 7.6K HTML)
   *  Secure HTTP (Undated, 2.2K HTML)

Intrusion Detection

   *  A Software Architecture to support Misuse
      Intrusion Detection (March 1995, 250K)
   *  An Application of Pattern Matching in Intrusion
      Detection (June 1994, 674K)
   *  Algorithm for Distrubuted Recognition and
      Accountability (Undated, 209K)
   *  A Pattern Matching Model for Misuse Intrusion
      Detection (Undated, 191K)
   *  AI Approach to Intrusion Detection (June 1994,
   *  Intrusion Detection In Computers (January 1991,
      12K text)
   *  USTAT - A Real-time Intrusion Detection System for
      UNIX (November 1992, 1.3M)

Improving your UNIX Security

   Technical Tips

   *  Setting up Sun Security (March 1992, 7K text)
   *  Miscellaneous Security Tips (October 1992, 23K
   *  CERT Generic Security Tips (July 1992, 17K text)
   *  UNIX Site Security Handbook (July 1991, 253K text)
Finding and Fixing Your Security Problems

   *  Improving the Security Of Your Site By Breaking
      Into It (Undated, 51K text)
   *  Finding Holes in Your System (October 1993, 16K
   *  Improving the Security of Your UNIX System (April
      1990, 274K)
   *  Becoming An Uebercracker to Stop Uebercrackers
      (December 1993, 9K text)


The Internet Worm

   *  A Report on the Internet Worm (November 1988, 16K
   *  Technical Report on the Internet Worm Incident
      (September 1991, 173K)
   *  The Internet Worm Program: An Analysis (December
      1988, 283K)
   *  A Tour of the Worm (Undated, 166K)


Tales of Computer Attacks and Countermeasures

   *  Five Incidents At Columbia University (Undated,
   *  "An Evening With Berferd" (Undated, 82K)
   *  Internet Attack on Texas A&M (1993, 294K)
   *  "There Be Dragons" (August 1992, 185K)
   *  Computer Break-ins: A Case Study (Undated, 94K)
   *  System Admin Horror Stories (1992, 148K text)

   TCP/IP Security

   *  TCP Wrapper Security (Undated, 59K)
   *  A Weakness in the 4.2BSD TCP/IP Software (February
      1985, 27K)
   *  Security Problems in the TCP/IP Protocol Suite
      (April 1989, 107K)
   *  Network (In)Security Through IP Packet Filtering
      (September 1992, 123K)   
   General Networking Documents

   *  Architecture and Implementation of Network-Layer
      Security under UNIX (Undated, 124K)
   *  Information Security And Privacy In Networks
      (Undated, 809K .tar file)
   *  Paving the Road to Network Security (May 1994,
   *  NFS Tracing By Passive Network Monitoring
      (Undated, 170K)
             *  Addressing Weaknesses in the DNS Protocol 
      1993, 406K)
   *  Countering Abuse of Name-Based Authentication
      (Undated, 243K)
   *  An Architectural Overview of UNIX Network Security
      (May 1993, 50K text)
   *  NIS Security Warning (December 1991, 7.5K)


Trusted Systems

   *  The Orange Book (August 1983, 264K text)
   *  Understanding Configuration Management in Trusted
      Systems (March 1988, 138K text)
   *  Understanding DAC in Trusted Systems (September
      1987, 87K text)
   *  Understanding Facility Management in Trusted
      Systems (June 1989, 106K text)
   *  Understanding Trusted Distribution in Trusted
      Systems (December 1988, 55K text)
   *  Understanding Audit in Trusted Systems (July 1987,
      56K text)



   *  COAST Newsletter
   *  Privacy Forum
   *  Cipher - Electronic Newsletter of the IEEE
      Technical Committee on Security and Privacy


Miscellaneous Documents

   *  Security Term Glossary (Undated, 70K text)
   *  Open Systems Security - An Architectural Framework
      (June 1991, 300K text)
   *  Password Security: A Case History (Undated, 36K)
   *  Extracts from various security articles (Undated,
      61K text)
   *  Coping with the Threat of Computer Security
      Incidents (June 1990, 102K text)
   *  Threat Assessment of Malicious Code and Human
      Threats (October 1992, 231K)
   *  Tty Security - a Tty Session Manager (Undated,
   *  Electromagnetic Emanation Eavesdropping (1989, 45K
   *  GAO Report on Internet Security (June 1989, 104K
   *  ACM SIG on Security, Audit, and Control

URL: http://mls.saic.com/programs.html
                   SECURITY PROGRAMS

These programs are from various locations around the Net;
SAIC does not verify their functionality and/or
consequences of use. All programs are for assumed legal
uses and education. Unless noted, all programs are
intended for UNIX platforms.

Local (load directly to disk; gzip tar files unless

   *  COPS - Bulletproof your system from intruders
   *  Crack - Password cracker
   *  Cryptography File System (CFS) - Encrypted
      filesystems for SunOS
   *  Internet Security Scanner (ISS) - Checks UNIX
      sites for vulnerabilities
   *  ifstatus - Checks interfaces for promiscuous mode
   *  probe_ports - Finds open ports on UNIX systems
   *  Secure-Sun Check - Shell script to check several
      common SunOS vulnerabilities (no compression)


   *  Arpwatch - Ethernet monitor, keeps track of
      ethernet/IP address pairings
   *  Chalance - Intercept-proof password authentication
   *  chrootuid - Run network programs in a mininal
   *  CBW - Code Breaker's Workbench
   *  Courtney - Identifies the use of SATAN
   *  Dig - Sends domain name query packets to name
   *  DNSWalk
   *  Drawbridge - A bridging filter from TAMU
   *  Kerberos - Provides secure networking
   *  MegaPatch - Large number of SunOS patches in one
   *  Netlog - TCP/UDP traffic logging system
   *  PGP - Pretty Good Privacy
   *  Portmap - Portmapper replacement, with access
   *  SATAN - Checks computers/networks for security
   *  Securelib - Protects RPC daemons
   *  screend - Filters IP packets
   *  Smrsh - Sendmail restricted shell
   *  Socks - Allows Internet access to firewalled
   *  SRA - Secure RPC Authentication for Telnet and FTP
   *  TAMU - Texas A&M Security Tool Package
   *  tcpdump - captures protocol packets from networks
   *  TCP Wrapper - ACLs for network services
   *  Tiger - Scans your UNIX system for security
   *  TIS Firewall Toolkit - Firewall package from TIS
   *  Tripwire - Watch for system file changes
   *  Watcher - Watches your system for security

URL: http://mls.saic.com/sites.html
                 OTHER SECURITY SITES


   *  International Assoc. for Cryptologic Research
   *  Cryptography Web Page at UMBC
   *  Cryptography Export Control Archives
   *  Lawrie's Cryptography Bibliography
   *  RSA Data Security, Inc.
   *  Quadralay's Cryptography Archive
   *  Cryptography, PGP, and Your Privacy
   *  PGP Web Page
Firewall Vendors and Information

   *  Harris Computer Systems
   *  Sun Microsystems (SunScreen)
   *  Trusted Information Systems
   *  Cohesive Systems
   *  Sea Change Corp.
   *  Raptor Systems
   *  Greatcircle Firewall Server
   *  Virtual-One Network Environment Corp (V-ONE)
   *  CheckPoint Software Technologies Ltd.
   *  Firewalls.R.Us
Security Gophers

   *  InterNIC's Computer and Network Security
   *  NIST Security
   *  Security, Audit & Control (SIGSAC)

World Wide Web Security

   *  WWW Security Mailing List Archive
   *  WWW Security at Rutgers University
Intrusion Detection

   *  Intrusion Detection Systems Archives (threaded)
PC Security

   *  Safetynet, Inc.
Various Security Sites

   *  Computer Security Research Lab at UC Davis
   *  Computer Security at chalmers.se
   *  Harris Computer Systems
   *  Szymon Sokol's Security Site
   *  The Uebercracker's Web Site
   *  COAST Project and Laboratory
   *  Computer Underground Digest Archive
   *  Security News Clippings Archive
   *  EINet's Computer Virus and Security Page
   *  Crimelab
   *  Phrack Magazine Home Page
   *  TANSU's Security Reference Index
   *  Digital Equipment's Secure Systems Index
   *  Bellcore Security Products
   *  Texas A&M security tools
   *  ftp.win.tue.nl
   *  NIST Computer Security Resource Clearinghouse
   *  Christopher Menegay's Security Page
   *  Security Papers at Johns Hopkins University
   *  Dartmouth Security Tools
   *  CERT FTP Archive
   *  Computer Systems Consulting
   *  Computer Systems Consulting (Local Files)
   *  MIT's Athena Project
   *  Yahoo's Security and Encryption Page
   *  NIST Computer Security
   *  ALW Unix Security Information
   *  ALW's List of Unix Security Programs
   *  ESNet FTP site
   *  Bennet Yee's Security Page
   *  Various security FTP pointers

Send questions and comments to [email protected]