Be sure to check out our new Blogs and discover all the new Free Training!

Free Computer IT Training Courses Tutorials

 

 

 

"Learn New Skills & Increase Your Earning Power With FREE Computer Training!

Follow us on Our Twitter page!

Up 1 LevelUp 1 Level

 

Free Security and Cryptography Training and Tutorials

 

Search over 150,000 Free Computer Training and Tutorials at Edcomp.com:

Best New Free Computer IT Training and Tutorial Resources blog

Free Computer and IT Books blog

Free Web Development Training and Tutorials blog

Free Training blog for Photoshop, Flash, Dreamweaver, FrontPage, and Adobe Macromedia Apps

Free Microsoft Office Training and Tutorials blog

 

 

 

http://docs.rinet.ru:8080/LomamVse/
http://www.empowermentzone.com/security.zip
Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network

http://www.quanmongmo.net/computer/firewall/
Firewalls Complete (free online book)

http://www.comptechdoc.org/independent/security/begin/index.html
Beginners Security Guide

http://www.verisign.com/resources/gd/buildEcommerce/buildEcommerce.pdf
http://www.verisign.com/resources/gd/buildEcommerce/buildEcommerce.html
Building an E-Commerce Trust Infrastructure - SSL Server Certificates and Online Payment Services - published by Verisign.

http://www.verisign.com/resources/gd/secureBusiness/secureBusiness.pdf
http://www.verisign.com/resources/gd/secureBusiness/secureBusiness.html
Guide to Securing Your Web Site For Business

http://nsa1.www.conxion.com/win2k/download.htm
NSA Windows 2000 Security Recommendation Guides

http://ossr.phpwebhosting.com/...lid=94
Hardening Windows 2000 (20 page pdf)

http://www.securityfocus.com/
Security Focus, a great site to keep current on security for all OS platforms

http://www.oucs.ox.ac.uk/windows/winnt/security/
Windows NT and 2000 Security

Oxford University Computer Services ran a four hour workshop on NT and 2000 security, here are the slides:

http://www.instis.org/
Institute of Information Security

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
Steps for Recovering from a UNIX or NT System Compromise

http://web.archive.org/web/20010803003012/http://www.books.mcgraw-hill.com/betabooks/july01/theriault/ch03.htm
Planning Your Security - free chapter from Oracle Security Handbook

Network Security - A Beginner's Guide - 2 free chapters:
E-Commerce Security Needs:
http://web.archive.org/web/20010617121104/http://www.books.mcgraw-hill.com/betabooks/apr01/maiwald/chap11.html

Encryption:
http://web.archive.org/web/20010617121104/http://www.books.mcgraw-hill.com/betabooks/apr01/maiwald/chap12.html

http://www.networkcomputing.com/shared/printArticle?article=nc/1305/1305ws1full.html&pub=nwc
Modular Authentication for Linux

http://www.linuxsecurity.com/docs/LDP/Security-Quickstart-HOWTO
Linux Security Quick-Start HOWTO

http://www.linuxsecurity.com/docs/
L:inux Security Top 10 Documents

http://www.linuxsecurity.com/docs/QuickRefCard.pdf
Linux Security 2-page Quick Reference Card

http://java.oreilly.com/news/javasecurity_0601.html
Ten Tips for Working with Java's Security Infrastructure

http://www.ibiblio.org/mdw/HOWTO/Security-HOWTO.html
Linux Security HOWTO - This document is a general overview of security issues that face the administrator of Linux systems.

Here are a couple of white papers recently released by the IBM T.J. Watson Research Center in January of 2002 concerning the state of Linux Security for Enterprise systems.

http://oss.software.ibm.com/developerworks/opensource/linux/whitepapers/security/les_summary.pdf
Linux Security for the Enterprise: Executive Summary

http://oss.software.ibm.com/developerworks/opensource/linux/whitepapers/security/les_whitepaper.pdf
Security Requirements for the Deployment of the Linux Kernel in Enterprise Systems

http://www-1.ibm.com/linux/Securing_Linux_Servers_xSP_hilf_external.pdf
Securing Linux Servers for Service Providers

http://www.itworld.com/Sec/2211/swol-0196-firewall/pfindex.html
Firewall Design

http://www.it.kth.se/~rom/ntsecindex.html
NT Security - Frequently Asked Questions

http://www.cs.nps.navy.mil/curricula/tracks/security/cs_131.html
Computer Security Class, has good course notes

http://fir.catalysis.nsk.su/~sabitov/Docs/SECURITY/security/
Security documents

http://project.honeynet.org/papers/
These white papers are a result of the Honeynet Project. They discuss the tools, tactics, and motives of the blackhat community. Presentations are also available.

http://research.microsoft.com/lampson/Slides/SecurityAbstract.htm
Computer Security in the Real World - slides from Butler Lampson, Microsoft

http://www.enteract.com/~lspitz/pubs.html
Lance's Security Papers - several good computer security white papers.

http://httpd.apache.org/docs/misc/security_tips.html
Apache HTTP Server Version 1.3 Security Tips for Server Configuration - Some hints and tips on security issues in setting up a web server. Some of the suggestions will be general, others specific to Apache.

http://www.unixreview.com/articles/2001/0106/0106m/0106m.htm
LIDS (Linux Intrusion Detection System) and Mandatory Access Control (MAC) on Linux

http://ossr.phpwebhosting.com/...lid=39
Intrusion Detection

http://www.itworld.com/Comp/3380/swol-1020-unix101/
Security basics, Part 1 - Understanding file attribute bits and modes (Unix Insider)
http://www.itworld.com/AppDev/1177/swol-1201-unix101/
Security basics, Part 2 - More advice on file attribute bits and modes (Unix Insider)

http://www.visi.com/crypto/
Rick Smith's Web Site - contains articles, presentations, and related materials on information security.

http://csrc.nist.gov/publications/nistpubs/index.html
Excellent Free Security Publications

http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
Guidelines on Firewalls and Firewall Policy (1,208 kb)

http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf
Introduction to Public Key Technology and the Federal PKI
Infrastructure (261,376 bytes)
http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf
Intrusion Detection Systems (IDS) (871,060 bytes)

http://csrc.nist.gov/publications/nistpubs/800-27/sp800-27.pdf
Engineering Principles for Information Technology Security (A
Baseline for Achieving Security) (183,214 bytes)

http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf
Security Self-Assessment Guide for Information Technology Systems
(458,936 bytes)

http://csrc.nist.gov/publications/nistpubs/800-18/Planguide.PDF
Guide for Developing Security Plans for Information Technology
Systems (314,006 bytes)

http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf
Generally Accepted Principles and Practices for Securing Information
Technology Systems (192326 bytes)

http://csrc.nist.gov/publications/nistpubs/800-10/800-10.pdf
Keeping Your Site Comfortably Secure: An Introduction to Internet
Firewalls (1,109,869 bytes)

http://www.linuxsecurity.com/resource_files/network_security/sd-7.pdf
The 60 Minute Network Security Guide November 1st, 2001 - This SNAC Guide addresses security "best practices" from the National Security Agency's Systems and Network Attack Center. It includes information on security policies, passwords, host security, buffer overflows, rootkits, and more.


The Computer Security Rainbow Books Collection:

Aqua - A Guide to Understanding Security Modeling in Trusted Systems zip
Blue - Trusted Product Evaluation Questionnaire zip
Brown - Guide To Understanding Trusted Facility Management zip
Burgandy - A Guide to Understanding Design Documentation in Trusted Systems zip
Dark Lavender - A Guide to Understanding Trusted Distribution in Trusted Systems zip
Green - Department of Defense Password Management Guideline zip
Grey - Trusted Unix Working Group zip
Light Blue - Understanding Identification and Authentication in Trusted Systems zip
Orange - Department of Defense Trusted Computer System Evaluation Criteria zip
Neon Orange - Guide to Understanding Configuration Management in Trusted Systems zip
Peach - Guide to Writing the Security Features User's Guide for Trusted Systems zip
Pink - Rating Maintenance Phase Program Document Version 2 zip
Purple - Guidelines for Formal Verification Systems zip
Red - Trusted Network Interpretation Environments Guideline zip
Deep Red - Computer Security Subsystem Interpretation of the TCSEC zip
Venice Blue  zip
Yellow - zip


Firewall Learning Resources:

http://www.interhack.net/pubs/fwfaq/
Internet Firewalls: Frequently Asked Questions

This is an updated text format of the above page:
http://www.faqs.org/faqs/firewalls-faq/

http://www.networkmagazine.com/article/NMG20010103S0010
Getting Personal with Firewalls

http://www.infosyssec.com/infosyssec/firew1.htm
Firewall Security and the Internet - many good resources listed and linked on this page

http://www.cerias.purdue.edu/coast/firewalls/fw-body.html
Internet Firewalls - Resources

http://csrc.ncsl.nist.gov/
Computer Security Resource Center

http://www.iss.net/customer_care/resource_center/whitepapers/
Computer Security White Papers - Security specialist ISS has a large range of white papers available for free download from its site.  Whether you want to know about secure e-business, setting up a VPN, or just about anything, you'll probably find it here. 

http://www.forensics-intl.com/info.html

NTI Information & Reference - This information has been posted to provide a ready source of information on various topics which are related to computer evidence, computer forensics, document discovery, computer incident response and computer security risk management issues.

http://www.securit.com/references.html
Security and Encryption-related References on the Web

http://www.checksum.org/download/cryptography.pdf
Cryptography - the myths

http://avirubin.com/courses.html
Linked list of crypto and security courses, many have free lecture notes and resources

http://techguide.zdnet.com/cat/security/encryption/index.shtml
Encryption White Papers
http://techguide.zdnet.com/cat/security/antivirus/index.shtml

Anti Virus white Papers
http://techguide.zdnet.com/cat/security/firewall/index.shtml

Firewall White Papers

http://www.avolio.com/papers.html
Internet Security White Papers

Linux NetFilter - IPTables Documentation and Tutorials:

http://netfilter.samba.org/netfilter-faq.html
netfilter/iptables FAQ

http://netfilter.samba.org/unreliable-guides/netfilter-hacking-HOWTO/index.html
Linux netfilter Hacking HOWTO

http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
Linux 2.4 Packet Filtering HOWTO

http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/index.html
Linux 2.4 NAT HOWTO

Harald Welte has the following useful netfilter-related hacking documents:

There is also a copy of the slides of Rusty's LinuxWorld Tutorial online, or a better version contributed by Marcomas at libero.it.

There is also Rusty's tutorial from Xuventude Galicia Net, Santiago, in Magicpoint.

The second (serious) part of Rusty's Random Hacking Talk given in linux.conf.au Australia, La Coruna University Spain, and Aberystwyth Wales. Also in Magicpoint: read the comments for the much more information.

ftp://ftp.hacktic.nl/pub/crypto
Cryptography Archives

http://www.securityfocus.com/
SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public.

http://www.bluekestrel.com/ipspoof.txt
IP-spoofing Demystified - Trust-Relationship Exploitation

http://www.thinkquest.org/library/lib/site_sum.html?lib_id=1720&team_id=27158
Data Encryption - This tutorial explores data encryption including its long history, the methodology, the technical side and its role in today's use.

http://ossr.phpwebhosting.com/...lid=97
Public-Key Cryptography (329kb)

http://www.gocsi.com/links.htm
These sites contain information and resources useful to computer security professionals

http://www.netsurf.com/nsf/v01/01/update.html
On Computer and Network Security - 2 revised and updated issues from Netsurfer Focus

http://www.alw.nih.gov/Security/security.html
Computer Security Information - organized by source and each section is organized by topic.
http://www.alw.nih.gov/Security/tcontents.html

Computer Security Information - Table of Contents

http://www.faqs.org/faqs/computer-security/
Computer Security FAQs

http://hotwired.lycos.com/webmonkey/backend/security/
Computer Security Tutorials from Webmonkey

http://www.techtutorials.com/Linux/Security/
Linux Security Tutorials

http://www.spirit.com/CSI/archives.html
CSI Firewall Archives - includes papers by security experts

http://www.securityfocus.com/forums/secprog/secure-programming.html
Secure Programming - The purpose of this document is to educate the reader on secure programming practices.

http://www.oreilly.com/catalog/websec/chapter/ch01.html
The Web Security Landscape

http://woevans.freeyellow.com/Articles.html
AS400 Security Articles

http://www.itp-journals.com/:

http://www.itp-journals.com/nasample/t1803.pdf
How to Build and Run a Firewall - We take a look at some of the issues involved in choosing, setting-up and running a firewall.

http://www.itp-journals.com/nasample/T1532.PDF
Windows 2000 Encrypting File System - EFS is a new feature which provides a fast and transparent way to secure files. Only the user who encrypted the files can obtain access to them, but carefully-designed safeguards are provided.

http://www.itp-journals.com/nasample/t04123.pdf
How to Conduct a Security Audit - Information security encompasses more than just IT systems - people who use the systems can also inadvertently open security loopholes. A security audit aims to detect and highlight any problem areas within the IT infrastructure and staff behaviors.

http://www.itp-journals.com/nasample/t1523.pdf
Understanding Intrusion Detection Systems - You can use firewalls, secure logins, one-shot passwords and encrypted IDs and still not know if your system has been violated. The emerging field of intrusion detection offers some surprisingly low-tech solutions to a high-tech problem.

http://www.itp-journals.com/nasample/t1715.pdf
Securing Windows NT - Careful configuration and monitoring of NT, especially Internet-facing NT machines, can make the difference between a secure system and one which is open to security breaches. We explain the steps you need to take.

http://www.oreilly.com/catalog/dns4/chapter/ch11.html
Unix Security Checklist

http://www.oreilly.com/catalog/fire2/chapter/ch13.html
Internet Services and Firewalls

http://www.oreilly.com/catalog/csb/chapter/ch03.html
Computer System Security and Access Controls

http://www.labmice.net/Security/default.htm
Windows 2000 Network and System Security

http://world.std.com/~franl/crypto.html

Cryptography: The Study of Encryption

http://www.wilders.org/
Wilders.org - This website is for all those who don't have much knowledge concerning security and how to secure one's pc.

Linux Security Sites:

IBM Developerworks Security Tutorials:

::: Enabling XML Security     :::
As XML security needs grow more complex, a number of standards are emerging to meet the growing demands. Here, veteran programmer and security expert Murdoch Mactaggart examines two of the most prominent standards -- XML encryption and XML signature.
http://www-106.ibm.com/developerworks/library/s-xmlsec.html/?n-x-9201

::: developerWorks Focuses on Security :::
Everyone needs to think about the security of data and networks -- from casual coders to security directors for the world's largest corporations. In response to reader interest, developerWorks has put together this one-stop shop for reviewing your security measures or for taking a first look at methods to back up your data. You'll find valuable resources like Larry Loeb's analysis of the recent virus troubles, a pair of VPN tutorials, and a Java zone how-to on identifying users in your network.
http://www-106.ibm.com/developerworks/theme/?n-j-10111

::: SKIP Security :::
Simple Key management for Internet Protocols (SKIP) is a sessionless method for managing keys in Public Key Encryption systems. Find out why SKIP is considered faster and more secure than more commonly used key methods.
http://www-106.ibm.com/developerworks/library/s-skip.html?n-s-8301

::: Common Threads: OpenSSH Key Management, Part 1 :::
Daniel Robbins, dW columnist and author of several Macmillan books on Linux, introduces the RSA and DSA authentication protocols, and shows you how to get them working over the network.
http://www-106.ibm.com/developerworks/library/l-keyc.html?n-l-7261

::: Digital Signatures with SOAP :::
Jayanthi Suryanarayana describes how digital security systems such as the SSL protocol can provide the necessary means to protect your SOAP transactions while in transit. It is possible to implement some of those features to enable security in your Web services right now. This tutorial shows how to apply SSL to SOAP messages between Web services written in Java.
http://www-106.ibm.com/developerworks/education/r-wsdsst.html?n-x-6211

::: Three-Pronged Solution for Identifying Users :::
In this second installment of his Securing Systems series, Joseph Sinclair demonstrates that the first step toward system security is revealing the ID of the user on the other end of the communications link. In this article, he discusses three familiar approaches for identifying users, highlights the strengths and weaknesses of each approach (and combinations of approaches), and provides some examples to help ensure that the safety of your system is not compromised.
http://www-106.ibm.com/developerworks/library/j-secure/?n-j-671

::: Learning Digital Cryptology, Part 1 :::
This free dW tutorial introduces cryptography concepts, techniques, and mathematical foundations so you can speak the lingo and be
prepared for Parts 2 and 3 of this tutorial.
http://www-106.ibm.com/developerworks/education/r-scr.html?n-s-1181

::: Security -- Firewalls, Part 2 :::
In her follow-up article on firewalls, Mandy Andress focuses on the specific technologies available -- packet filter, proxy, and stateful
inspection. She examines the pros and cons of each, as well as their advances, hybrids, features, and customization.
http://www-106.ibm.com/developerworks/library/s-fire2.html?n-s-4121

::: Security -- IPSec Simplified :::
The IPSec standard allows users to implement security at the IP packet level. It's powerful, but it's also extremely complex, and if not
understood properly it can easily be misused. Joe Rudich explores IPSec's advantages -- and potential pitfalls.
http://www-106.ibm.com/developerworks/library/s-ipsec.html?n-s-451

::: Security Implications of Open-Source Software :::
Does open source mean an open door? Examine all the arguments and decide for yourself.
http://www-106.ibm.com/developerworks/library/l-oss.html?n-l-3291

::: Cryptology Concepts, Part 3 :::
This free, intermediate-level tutorial builds on the concepts presented in Parts 1 and 2 by examining cryptographic issues such as steganography, watermarking, digital signatures, and cryptanalysis, as well as "exotic" protocols like secret sharing and key escrow.
http://www-106.ibm.com/developerworks/education/r-scr3.html?n-s-3291

::: 'Net Threats, Part 2 :::
With recent viruses causing headaches far and wide, the developer community is taking a long, careful look at how it prepares for such threats. Here, the author takes a look at how SirCam spreads its mischief -- and offers his take on what should be done about these threats.
http://www-106.ibm.com/developerworks/library/s-net2.html?n-s-10181

Free Chapters from cmpbooks.com:

http://www.cmpbooks.com/scripts/store/vsc/store/products/chapter/sa4ch13.htm...
Remote System Security: A SecureNet and SLIP Solution, chapter 13 from Unix Security

http://www.cmpbooks.com/scripts/store/vsc/store/products/chapter/ntsecch7.htm...
Auditing, chapter 7 from Windows NT security

http://www.ssh.fi/tech/crypto/
Cryptography A 2 Z
Introduction to Cryptography: http://www.ssh.fi/tech/crypto/intro.html
Algorithms: http://www.ssh.fi/tech/crypto/algorithms.html
Protocols and Standards: http://www.ssh.fi/tech/crypto/protocols.html
References: http://www.ssh.fi/tech/crypto/books.html
Links: http://www.ssh.fi/tech/crypto/sites.html

http://www.cryptome.org
Cryptome is a site which specialises in news and information about intelligence matters.  It also makes great reading for anyone with an interest in IT security, as it provides ideal background material on what organizations and governments around the world are doing to guard against the risk of
hacker attacks.

http://www.westcoast.com/securecomputing/thismonth.html
Secure Computing Magazine's articles all online

http://www.virtualschool.edu/mon/Crypto/index.html
Cryptography Resources

http://www.infosyssec.org/infosyssec/
Computer Security Information Resource Portal

http://fn2.freenet.edmonton.ab.ca/~jsavard/index.html
A Cryptographic Compendium - This series of pages has information about a large number of cipher systems. So far, the coverage of cryptanalysis is quite limited, though.

http://www.genusa.com/iis/security.html
Security - A ton of security links, many especially for Microsoft. [Mar. 28, 1998]

http://www.15seconds.com/focus/Security.htm
Security Section - Covers security related issue for the Internet Information Server, Active Server Pages, and ISAPI applications, including authentication, NTLM, and SSL.

http://msdn.microsoft.com/workshop/server/feature/server033198.asp
The Basics of Security - cover predominantly Active Server Pages technology (ASP), Microsoft Internet Information Server (IIS) and Microsoft Site Server.

http://docs.rinet.ru/LomamVse
A Hackers' Guide to protecting your internet site and network

Roundtable on Information Security Policy:
(
Short version Long version)
Ten experts discuss a range of information security policy questions. For example, who should establish security policy -- individual organizations, standards bodies, government, international federations? What's the state of the practice today, and what do you envision for the future?; and more...

Defending Yourself: The Role of Intrusion Detection Systems
by John McHugh, Alan Christie, and Julia Allen
What is the role of intrusion detection systems in an organization's overall defensive posture? This article provides guidelines for IDS deployment, operation, and maintenance.


-------------------------------------------
Becoming a Security Professional
By Dan Blacharski

Networks are more open than ever; viruses are proliferating; break-ins
are occurring at a rapid clip. Wily hackers, ne'er-do-wells, and
disgruntled employees bent on destruction and revenge have
unintentionally created a whole new job category - the network security
manager. Although getting hired as a network security manager once
required little more than interest in the subject and some hacking
experience, employers seeking security people now desire professional
certifications.

Unlike many other IT certifications, a security certification usually
requires significant field experience as well as training. Of course,
the experience does not necessarily need to be as a security manager.
Most small-to medium-sized companies don't employ dedicated security
personnel and simply add security to the system administrator's duties.

Most firewall companies now offer vendor-specific certification
programs, although vendor-neutral certifications are also widely
available and much sought after. Here's a run-down of some of the most
widely recognized security certification programs:

* CCSE (Check Point Certified Systems Engineer) -- A variety of
certified testing centers offer Check Point's
(http://www.checkpoint.com) certification, which validates your
knowledge of Check Point's VPN-1/Firewall-1 series of security
products. The CCSE requires the CCSA (Check Point Certified
Systems Administrator), which demonstrates familiarity with
installing and implementing the Firewall-1 product.

* Cisco Security Specialist -- If you already have a CCNA (Cisco
Certified Network Associate), then you can test for the Cisco
Security Specialist designation
(http://www.cisco.com). It indicates your proficiency in
designing, installing, and supporting Cisco-based security
solutions. Cisco recommends four rather intensive courses before
testing for the designation, which include: Managing Cisco
Network Security, Cisco Secure PIX Firewall (Advanced), Cisco
Secure Intrusion Detection System, and Cisco Secure VPN.

* System Administration, Networking, and Security Institute Global
Incident and Analysis Center Certification (SANS GIAC) - In
addition to their educational opportunities and security alerts,
this research organization (http://www.sans.org/giactc.htm)
offers certification/training programs for beginning-to-advanced
professionals. Their "KickStart" program helps professionals with
little-to-no security background quickly get up to speed. The
GIAC Security Engineer designation is for more advanced
professionals with demonstrated proficiency in all levels of
security.

* CISSP (Certified Information Systems Security Professional) --
The International Information Systems Security Certifications
Consortium (http://www.isc2.org) offers training, exams, and an
online study guide. Despite being the most common certification,
putting CISSP after your name vaults you into the elite of
security professionals. The rigorous exam draws from a "common
body of knowledge" covering various aspects of security. This all-
encompassing certification requires that you really know your
stuff.

* Brainbench -- The venerable Brainbench
(http://www.brainbench.com) offers certifications on virtually
everything, including Network Security, Internet Security, and
Check Point Firewall-1 Administration. Some are now costing
a fee, some are still offered for free.


Please suggest more sites for this page and report broken links to Jeff Love at