[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Insecurity Section of the Internet Handbook
- To: [email protected]
- Subject: Insecurity Section of the Internet Handbook
- From: [email protected] (Anonymous)
- Date: Fri, 13 Oct 1995 13:09:13 +0100
- Organization: RePLaY aND CoMPaNY UnLimited
- Sender: [email protected]
- Xcomm: Replay may or may not approve of the content of this posting
- Xcomm: Report misuse of this automated service to <[email protected]>
For zoetrope, and others curious about the Insecurity
section of the Internet Handbook, we pass along this
Yellow Pages advert-insert comp sec teaser from
SAIC -- with only dribbles of cryptography. The puffery
appears to be artfully fattened and out-of-date. Like most
security porkers, SAIC sells its nitrated sec services
dearly (security by deep pockets of the fearful engorgers)
while feigning Net public-spirit to mask IP search and
steal. In a telling slight, SAIC does not cite outturned-
pockets, beef jerky Cypherpunks.
_______________________________________________________
URL: http://mls.saic.com/library.html [which links to the
listed contents]
SECURITY LIBRARY
The SAIC Security Library contains security-related
infomation and programs from around the Net. SAIC does
not verify or endorse such files or any use thereof.
Notices and Upcoming Events [Not included here]
Advisories and Alerts
Newsgroups
Documents
Programs
Other Security Sites
_______________________________________________________
URL: http://mls.saic.com/alerts.html
SECURITY ADVISORIES AND ALERTS
Alerts
* Sun Security Alerts
* CERT - Computer Emergency Response Team
* ASSIST - Automated Systems Security Incident
Support Team
* AUSERT - Australian Security Emergency Response
Team
* NASIRC - NASA Automated Systems Incident Response
Capability
* DDN - Defense Data Network
* FIRST - Forum of Incident Response and Security
Teams
Advisories
* 8lgm Advisories
* Bugtraq Archives, threaded
* CERT Advisories
* CIAC - Computer Incident Advisory Capability
_______________________________________________________
URL: http://mls.saic.com/docs.html
SECURITY DOCUMENTS
These documents are from the Net and cover a wide area of
topics concerning computer security. They are for the
education and legitimate use of computer security
techniques only. All non-FAQ documents are in PostScript
format unless otherwise noted.
______________________________________________________
Frequently Asked Questions
* Basic Computer Security
* Firewalls
* Setting Up Anonymous FTP
* What To Do If Your Machine Is Compromised
* Security Patches
* Vendor Contacts
* Pretty Good Privacy (PGP)
* #hack FAQ
* Cryptography FAQ
_______________________________________________________
Firewalls
Introductory Papers
* Internet Firewalls - An Introduction (August 1994,
221K)
* Keeping Your Site Comfortably Secure: An
Introduction to Internet Firewalls (Undated, 1.8M)
General Firewall Documents
* A Network Firewall (June 1992, 374K)
* A Toolkit and Methods for Internet Firewalls
(Undated, 185K)
* Proper Care and Feeding of Firewalls (November
1994, 121K)
* A Network Perimeter with Secure External Access
(Undated, 268K)
* An Internet Gatekeeper (Undated, 149K)
* Thinking About Firewalls (Undated, 109K)
* X Through Firewalls, and Other Application Relays
(May 1993, 430K)
_______________________________________________________
WWW Security
* Security and the World Wide Web (June 1994, 10K
HTML)
* NCSA on Mosaic Security Issues(December 1994, 1.6K
HTML)
* Shen: A Security Scheme for the Web (Undated, 1.7K
HTML)
* Using PGP/PEM Encryption (Undated, 7.6K HTML)
* Secure HTTP (Undated, 2.2K HTML)
_______________________________________________________
Intrusion Detection
* A Software Architecture to support Misuse
Intrusion Detection (March 1995, 250K)
* An Application of Pattern Matching in Intrusion
Detection (June 1994, 674K)
* Algorithm for Distrubuted Recognition and
Accountability (Undated, 209K)
* A Pattern Matching Model for Misuse Intrusion
Detection (Undated, 191K)
* AI Approach to Intrusion Detection (June 1994,
168K)
* Intrusion Detection In Computers (January 1991,
12K text)
* USTAT - A Real-time Intrusion Detection System for
UNIX (November 1992, 1.3M)
_______________________________________________________
Improving your UNIX Security
Technical Tips
* Setting up Sun Security (March 1992, 7K text)
* Miscellaneous Security Tips (October 1992, 23K
text)
* CERT Generic Security Tips (July 1992, 17K text)
* UNIX Site Security Handbook (July 1991, 253K text)
Finding and Fixing Your Security Problems
* Improving the Security Of Your Site By Breaking
Into It (Undated, 51K text)
* Finding Holes in Your System (October 1993, 16K
text)
* Improving the Security of Your UNIX System (April
1990, 274K)
* Becoming An Uebercracker to Stop Uebercrackers
(December 1993, 9K text)
_______________________________________________________
The Internet Worm
* A Report on the Internet Worm (November 1988, 16K
text)
* Technical Report on the Internet Worm Incident
(September 1991, 173K)
* The Internet Worm Program: An Analysis (December
1988, 283K)
* A Tour of the Worm (Undated, 166K)
_______________________________________________________
Tales of Computer Attacks and Countermeasures
* Five Incidents At Columbia University (Undated,
93K)
* "An Evening With Berferd" (Undated, 82K)
* Internet Attack on Texas A&M (1993, 294K)
* "There Be Dragons" (August 1992, 185K)
* Computer Break-ins: A Case Study (Undated, 94K)
* System Admin Horror Stories (1992, 148K text)
_______________________________________________________
Networking
TCP/IP Security
* TCP Wrapper Security (Undated, 59K)
* A Weakness in the 4.2BSD TCP/IP Software (February
1985, 27K)
* Security Problems in the TCP/IP Protocol Suite
(April 1989, 107K)
* Network (In)Security Through IP Packet Filtering
(September 1992, 123K)
General Networking Documents
* Architecture and Implementation of Network-Layer
Security under UNIX (Undated, 124K)
* Information Security And Privacy In Networks
(Undated, 809K .tar file)
* Paving the Road to Network Security (May 1994,
162K)
* NFS Tracing By Passive Network Monitoring
(Undated, 170K)
* Addressing Weaknesses in the DNS Protocol
(August
1993, 406K)
* Countering Abuse of Name-Based Authentication
(Undated, 243K)
* An Architectural Overview of UNIX Network Security
(May 1993, 50K text)
* NIS Security Warning (December 1991, 7.5K)
_______________________________________________________
Trusted Systems
* The Orange Book (August 1983, 264K text)
* Understanding Configuration Management in Trusted
Systems (March 1988, 138K text)
* Understanding DAC in Trusted Systems (September
1987, 87K text)
* Understanding Facility Management in Trusted
Systems (June 1989, 106K text)
* Understanding Trusted Distribution in Trusted
Systems (December 1988, 55K text)
* Understanding Audit in Trusted Systems (July 1987,
56K text)
_______________________________________________________
Newsletters
* COAST Newsletter
* Privacy Forum
* Cipher - Electronic Newsletter of the IEEE
Technical Committee on Security and Privacy
_______________________________________________________
Miscellaneous Documents
* Security Term Glossary (Undated, 70K text)
* Open Systems Security - An Architectural Framework
(June 1991, 300K text)
* Password Security: A Case History (Undated, 36K)
* Extracts from various security articles (Undated,
61K text)
* Coping with the Threat of Computer Security
Incidents (June 1990, 102K text)
* Threat Assessment of Malicious Code and Human
Threats (October 1992, 231K)
* Tty Security - a Tty Session Manager (Undated,
98K)
* Electromagnetic Emanation Eavesdropping (1989, 45K
text)
* GAO Report on Internet Security (June 1989, 104K
text)
* ACM SIG on Security, Audit, and Control
_______________________________________________________
URL: http://mls.saic.com/programs.html
SECURITY PROGRAMS
These programs are from various locations around the Net;
SAIC does not verify their functionality and/or
consequences of use. All programs are for assumed legal
uses and education. Unless noted, all programs are
intended for UNIX platforms.
Local (load directly to disk; gzip tar files unless
noted)
* COPS - Bulletproof your system from intruders
* Crack - Password cracker
* Cryptography File System (CFS) - Encrypted
filesystems for SunOS
* Internet Security Scanner (ISS) - Checks UNIX
sites for vulnerabilities
* ifstatus - Checks interfaces for promiscuous mode
* probe_ports - Finds open ports on UNIX systems
* Secure-Sun Check - Shell script to check several
common SunOS vulnerabilities (no compression)
Remote
* Arpwatch - Ethernet monitor, keeps track of
ethernet/IP address pairings
* Chalance - Intercept-proof password authentication
* chrootuid - Run network programs in a mininal
environment
* CBW - Code Breaker's Workbench
* Courtney - Identifies the use of SATAN
* Dig - Sends domain name query packets to name
servers
* DNSWalk
* Drawbridge - A bridging filter from TAMU
* Kerberos - Provides secure networking
* MegaPatch - Large number of SunOS patches in one
bundle
* Netlog - TCP/UDP traffic logging system
* PGP - Pretty Good Privacy
* Portmap - Portmapper replacement, with access
control
* SATAN - Checks computers/networks for security
vulnerabilities
* Securelib - Protects RPC daemons
* screend - Filters IP packets
* Smrsh - Sendmail restricted shell
* Socks - Allows Internet access to firewalled
machines
* SRA - Secure RPC Authentication for Telnet and FTP
* TAMU - Texas A&M Security Tool Package
* tcpdump - captures protocol packets from networks
* TCP Wrapper - ACLs for network services
* Tiger - Scans your UNIX system for security
problems
* TIS Firewall Toolkit - Firewall package from TIS
* Tripwire - Watch for system file changes
* Watcher - Watches your system for security
problems
_______________________________________________________
URL: http://mls.saic.com/sites.html
OTHER SECURITY SITES
Cryptography
* International Assoc. for Cryptologic Research
* Cryptography Web Page at UMBC
* Cryptography Export Control Archives
* Lawrie's Cryptography Bibliography
* RSA Data Security, Inc.
* Quadralay's Cryptography Archive
* Cryptography, PGP, and Your Privacy
* PGP Web Page
Firewall Vendors and Information
* Harris Computer Systems
* Sun Microsystems (SunScreen)
* Trusted Information Systems
* Cohesive Systems
* Sea Change Corp.
* Raptor Systems
* Greatcircle Firewall Server
* Virtual-One Network Environment Corp (V-ONE)
* CheckPoint Software Technologies Ltd.
* Firewalls.R.Us
Security Gophers
* InterNIC's Computer and Network Security
* NIST Security
* Security, Audit & Control (SIGSAC)
World Wide Web Security
* WWW Security Mailing List Archive
* WWW Security at Rutgers University
Intrusion Detection
* Intrusion Detection Systems Archives (threaded)
PC Security
* Safetynet, Inc.
Various Security Sites
* Computer Security Research Lab at UC Davis
* Computer Security at chalmers.se
* Harris Computer Systems
* Szymon Sokol's Security Site
* The Uebercracker's Web Site
* COAST Project and Laboratory
* Computer Underground Digest Archive
* Security News Clippings Archive
* EINet's Computer Virus and Security Page
* Crimelab
* Phrack Magazine Home Page
* TANSU's Security Reference Index
* Digital Equipment's Secure Systems Index
* Bellcore Security Products
* Texas A&M security tools
* ftp.win.tue.nl
* NIST Computer Security Resource Clearinghouse
* Christopher Menegay's Security Page
* Security Papers at Johns Hopkins University
* Dartmouth Security Tools
* CERT FTP Archive
* Computer Systems Consulting
* Computer Systems Consulting (Local Files)
* MIT's Athena Project
* Yahoo's Security and Encryption Page
* NIST Computer Security
* ALW Unix Security Information
* ALW's List of Unix Security Programs
* ESNet FTP site
* Bennet Yee's Security Page
* Various security FTP pointers
_______________________________________________________
Send questions and comments to [email protected].