Follow us on Our Twitter page!
Up 1 Level
Free Security and Cryptography Training and Tutorials
Search over 150,000 Free Computer Training and Tutorials at Edcomp.com:
Best New Free Computer IT Training and Tutorial Resources blog
Free Computer and IT Books blog
Free Web Development Training and Tutorials blog
Free Training blog for Photoshop, Flash, Dreamweaver, FrontPage, and Adobe Macromedia Apps
Free Microsoft Office Training and Tutorials blog
Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network
Firewalls Complete (free online book)
Beginners Security Guide
Building an E-Commerce Trust Infrastructure - SSL Server Certificates and Online Payment Services - published by Verisign.
Guide to Securing Your Web Site For Business
NSA Windows 2000 Security Recommendation Guides
Hardening Windows 2000 (20 page pdf)
Windows NT and 2000 Security
Oxford University Computer Services ran a four hour workshop on NT and 2000 security, here are the slides:
Institute of Information Security
Steps for Recovering from a UNIX or NT System Compromise
Planning Your Security - free chapter from Oracle Security Handbook
Network Security - A Beginner's Guide - 2 free chapters:
E-Commerce Security Needs:
Modular Authentication for Linux
Linux Security Quick-Start HOWTO
L:inux Security Top 10 Documents
Linux Security 2-page Quick Reference Card
Ten Tips for Working with Java's Security Infrastructure
Linux Security HOWTO - This document is a general overview of security issues that face the administrator of Linux systems.
Here are a couple of white papers recently released by the IBM T.J. Watson Research Center in January of 2002 concerning the state of Linux Security for Enterprise systems.
Linux Security for the Enterprise: Executive Summary
Security Requirements for the Deployment of the Linux Kernel in Enterprise Systems
Securing Linux Servers for Service Providers
NT Security - Frequently Asked Questions
Computer Security Class, has good course notes
These white papers are a result of the Honeynet Project. They discuss the tools, tactics, and motives of the blackhat community. Presentations are also available.
Computer Security in the Real World - slides from Butler Lampson, Microsoft
Lance's Security Papers - several good computer security white papers.
Apache HTTP Server Version 1.3 Security Tips for Server Configuration - Some hints and tips on security issues in setting up a web server. Some of the suggestions will be general, others specific to Apache.
LIDS (Linux Intrusion Detection System) and Mandatory Access Control (MAC) on Linux
Security basics, Part 1 - Understanding file attribute bits and modes (Unix Insider)
Security basics, Part 2 - More advice on file attribute bits and modes (Unix Insider)
Rick Smith's Web Site - contains articles, presentations, and related materials on information security.
Excellent Free Security Publications
Guidelines on Firewalls and Firewall Policy (1,208 kb)
Introduction to Public Key Technology and the Federal PKI
Infrastructure (261,376 bytes)
Intrusion Detection Systems (IDS) (871,060 bytes)
Engineering Principles for Information Technology Security (A
Baseline for Achieving Security) (183,214 bytes)
Security Self-Assessment Guide for Information Technology Systems
Guide for Developing Security Plans for Information Technology
Systems (314,006 bytes)
Generally Accepted Principles and Practices for Securing Information
Technology Systems (192326 bytes)
Keeping Your Site Comfortably Secure: An Introduction to Internet
Firewalls (1,109,869 bytes)
The 60 Minute Network Security Guide November 1st, 2001 - This SNAC Guide addresses security "best practices" from the National Security Agency's Systems and Network Attack Center. It includes information on security policies, passwords, host security, buffer overflows, rootkits, and more.
The Computer Security Rainbow Books Collection:
|Aqua - A Guide to Understanding Security Modeling in Trusted Systems||zip|
|Blue - Trusted Product Evaluation Questionnaire||zip|
|Brown - Guide To Understanding Trusted Facility Management||zip|
|Burgandy - A Guide to Understanding Design Documentation in Trusted Systems||zip|
|Dark Lavender - A Guide to Understanding Trusted Distribution in Trusted Systems||zip|
|Green - Department of Defense Password Management Guideline||zip|
|Grey - Trusted Unix Working Group||zip|
|Light Blue - Understanding Identification and Authentication in Trusted Systems||zip|
|Orange - Department of Defense Trusted Computer System Evaluation Criteria||zip|
|Neon Orange - Guide to Understanding Configuration Management in Trusted Systems||zip|
|Peach - Guide to Writing the Security Features User's Guide for Trusted Systems||zip|
|Pink - Rating Maintenance Phase Program Document Version 2||zip|
|Purple - Guidelines for Formal Verification Systems||zip|
|Red - Trusted Network Interpretation Environments Guideline||zip|
|Deep Red - Computer Security Subsystem Interpretation of the TCSEC||zip|
Firewall Learning Resources:
Internet Firewalls: Frequently Asked Questions
This is an updated text format of the above page:
Getting Personal with Firewalls
Firewall Security and the Internet - many good resources listed and linked on this page
Internet Firewalls - Resources
Computer Security Resource Center
Computer Security White Papers - Security specialist ISS has a large range of white papers available for free download from its site. Whether you want to know about secure e-business, setting up a VPN, or just about anything, you'll probably find it here.
NTI Information & Reference - This information has been posted to provide a ready source of information on various topics which are related to computer evidence, computer forensics, document discovery, computer incident response and computer security risk management issues.
Security and Encryption-related References on the Web
Cryptography - the myths
Linked list of crypto and security courses, many have free lecture notes and resources
Encryption White Papers
Anti Virus white Papers
Firewall White Papers
Internet Security White Papers
Linux NetFilter - IPTables Documentation and Tutorials:
Linux netfilter Hacking HOWTO
Linux 2.4 Packet Filtering HOWTO
Linux 2.4 NAT HOWTO
Harald Welte has the following useful netfilter-related hacking documents:
There is also a copy of the slides of Rusty's LinuxWorld Tutorial online, or a better version contributed by Marcomas at libero.it.
There is also Rusty's tutorial from Xuventude Galicia Net, Santiago, in Magicpoint.
The second (serious) part of Rusty's Random Hacking Talk given in linux.conf.au Australia, La Coruna University Spain, and Aberystwyth Wales. Also in Magicpoint: read the comments for the much more information.
SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public.
IP-spoofing Demystified - Trust-Relationship Exploitation
Data Encryption - This tutorial explores data encryption including its long history, the methodology, the technical side and its role in today's use.
Public-Key Cryptography (329kb)
These sites contain information and resources useful to computer security professionals
On Computer and Network Security - 2 revised and updated issues from Netsurfer Focus
Computer Security Information - organized by source and each section is organized by topic.
Computer Security Information - Table of Contents
Computer Security FAQs
Computer Security Tutorials from Webmonkey
Linux Security Tutorials
CSI Firewall Archives - includes papers by security experts
Secure Programming - The purpose of this document is to educate the reader on secure programming practices.
The Web Security Landscape
AS400 Security Articles
How to Build and Run a Firewall - We take a look at some of the issues involved in choosing, setting-up and running a firewall.
Windows 2000 Encrypting File System - EFS is a new feature which provides a fast and transparent way to secure files. Only the user who encrypted the files can obtain access to them, but carefully-designed safeguards are provided.
How to Conduct a Security Audit - Information security encompasses more than just IT systems - people who use the systems can also inadvertently open security loopholes. A security audit aims to detect and highlight any problem areas within the IT infrastructure and staff behaviors.
Understanding Intrusion Detection Systems - You can use firewalls, secure logins, one-shot passwords and encrypted IDs and still not know if your system has been violated. The emerging field of intrusion detection offers some surprisingly low-tech solutions to a high-tech problem.
Securing Windows NT - Careful configuration and monitoring of NT, especially Internet-facing NT machines, can make the difference between a secure system and one which is open to security breaches. We explain the steps you need to take.
Unix Security Checklist
Internet Services and Firewalls
Computer System Security and Access Controls
Windows 2000 Network and System Security
Cryptography: The Study of Encryption
Wilders.org - This website is for all those who don't have much knowledge concerning security and how to secure one's pc.
Linux Security Sites:
IBM Developerworks Security Tutorials:
::: Enabling XML Security :::
As XML security needs grow more complex, a number of standards are emerging to meet the growing demands. Here, veteran programmer and security expert Murdoch Mactaggart examines two of the most prominent standards -- XML encryption and XML signature.
::: developerWorks Focuses on Security :::
Everyone needs to think about the security of data and networks -- from casual coders to security directors for the world's largest corporations. In response to reader interest, developerWorks has put together this one-stop shop for reviewing your security measures or for taking a first look at methods to back up your data. You'll find valuable resources like Larry Loeb's analysis of the recent virus troubles, a pair of VPN tutorials, and a Java zone how-to on identifying users in your network.
::: SKIP Security :::
Simple Key management for Internet Protocols (SKIP) is a sessionless method for managing keys in Public Key Encryption systems. Find out why SKIP is considered faster and more secure than more commonly used key methods.
::: Common Threads: OpenSSH Key Management, Part 1 :::
Daniel Robbins, dW columnist and author of several Macmillan books on Linux, introduces the RSA and DSA authentication protocols, and shows you how to get them working over the network.
::: Digital Signatures with SOAP :::
Jayanthi Suryanarayana describes how digital security systems such as the SSL protocol can provide the necessary means to protect your SOAP transactions while in transit. It is possible to implement some of those features to enable security in your Web services right now. This tutorial shows how to apply SSL to SOAP messages between Web services written in Java.
::: Three-Pronged Solution for Identifying Users :::
In this second installment of his Securing Systems series, Joseph Sinclair demonstrates that the first step toward system security is revealing the ID of the user on the other end of the communications link. In this article, he discusses three familiar approaches for identifying users, highlights the strengths and weaknesses of each approach (and combinations of approaches), and provides some examples to help ensure that the safety of your system is not compromised.
::: Learning Digital Cryptology, Part 1 :::
This free dW tutorial introduces cryptography concepts, techniques, and mathematical foundations so you can speak the lingo and be
prepared for Parts 2 and 3 of this tutorial.
::: Security -- Firewalls, Part 2 :::
In her follow-up article on firewalls, Mandy Andress focuses on the specific technologies available -- packet filter, proxy, and stateful
inspection. She examines the pros and cons of each, as well as their advances, hybrids, features, and customization.
::: Security -- IPSec Simplified :::
The IPSec standard allows users to implement security at the IP packet level. It's powerful, but it's also extremely complex, and if not
understood properly it can easily be misused. Joe Rudich explores IPSec's advantages -- and potential pitfalls.
::: Security Implications of Open-Source Software :::
Does open source mean an open door? Examine all the arguments and decide for yourself.
::: Cryptology Concepts, Part 3 :::
This free, intermediate-level tutorial builds on the concepts presented in Parts 1 and 2 by examining cryptographic issues such as steganography, watermarking, digital signatures, and cryptanalysis, as well as "exotic" protocols like secret sharing and key escrow.
::: 'Net Threats, Part 2 :::
With recent viruses causing headaches far and wide, the developer community is taking a long, careful look at how it prepares for such threats. Here, the author takes a look at how SirCam spreads its mischief -- and offers his take on what should be done about these threats.
Free Chapters from cmpbooks.com:
Remote System Security: A SecureNet and SLIP Solution, chapter 13 from Unix Security
Auditing, chapter 7 from Windows NT security
Cryptography A 2 Z
Introduction to Cryptography: http://www.ssh.fi/tech/crypto/intro.html
Protocols and Standards: http://www.ssh.fi/tech/crypto/protocols.html
Cryptome is a site which specialises in news and information about intelligence matters. It also makes great reading for anyone with an interest in IT security, as it provides ideal background material on what organizations and governments around the world are doing to guard against the risk of
Secure Computing Magazine's articles all online
Computer Security Information Resource Portal
A Cryptographic Compendium - This series of pages has information about a large number of cipher systems. So far, the coverage of cryptanalysis is quite limited, though.
Security - A ton of security links, many especially for Microsoft. [Mar. 28, 1998]
Security Section - Covers security related issue for the Internet Information Server, Active Server Pages, and ISAPI applications, including authentication, NTLM, and SSL.
The Basics of Security - cover predominantly Active Server Pages technology (ASP), Microsoft Internet Information Server (IIS) and Microsoft Site Server.
A Hackers' Guide to protecting your internet site and network
Roundtable on Information Security Policy:
(Short version Long version)
Ten experts discuss a range of information security policy questions. For example, who should establish security policy -- individual organizations, standards bodies, government, international federations? What's the state of the practice today, and what do you envision for the future?; and more...
Defending Yourself: The Role of Intrusion Detection Systems
by John McHugh, Alan Christie, and Julia Allen
What is the role of intrusion detection systems in an organization's overall defensive posture? This article provides guidelines for IDS deployment, operation, and maintenance.
Becoming a Security Professional
By Dan Blacharski
Networks are more open than ever; viruses are proliferating; break-ins
are occurring at a rapid clip. Wily hackers, ne'er-do-wells, and
disgruntled employees bent on destruction and revenge have
unintentionally created a whole new job category - the network security
manager. Although getting hired as a network security manager once
required little more than interest in the subject and some hacking
experience, employers seeking security people now desire professional
Unlike many other IT certifications, a security certification usually
requires significant field experience as well as training. Of course,
the experience does not necessarily need to be as a security manager.
Most small-to medium-sized companies don't employ dedicated security
personnel and simply add security to the system administrator's duties.
Most firewall companies now offer vendor-specific certification
programs, although vendor-neutral certifications are also widely
available and much sought after. Here's a run-down of some of the most
widely recognized security certification programs:
* CCSE (Check Point Certified Systems Engineer) -- A variety of
certified testing centers offer Check Point's
(http://www.checkpoint.com) certification, which validates your
knowledge of Check Point's VPN-1/Firewall-1 series of security
products. The CCSE requires the CCSA (Check Point Certified
Systems Administrator), which demonstrates familiarity with
installing and implementing the Firewall-1 product.
* Cisco Security Specialist -- If you already have a CCNA (Cisco
Certified Network Associate), then you can test for the Cisco
Security Specialist designation
(http://www.cisco.com). It indicates your proficiency in
designing, installing, and supporting Cisco-based security
solutions. Cisco recommends four rather intensive courses before
testing for the designation, which include: Managing Cisco
Network Security, Cisco Secure PIX Firewall (Advanced), Cisco
Secure Intrusion Detection System, and Cisco Secure VPN.
* System Administration, Networking, and Security Institute Global
Incident and Analysis Center Certification (SANS GIAC) - In
addition to their educational opportunities and security alerts,
this research organization (http://www.sans.org/giactc.htm)
offers certification/training programs for beginning-to-advanced
professionals. Their "KickStart" program helps professionals with
little-to-no security background quickly get up to speed. The
GIAC Security Engineer designation is for more advanced
professionals with demonstrated proficiency in all levels of
* CISSP (Certified Information Systems Security Professional) --
The International Information Systems Security Certifications
Consortium (http://www.isc2.org) offers training, exams, and an
online study guide. Despite being the most common certification,
putting CISSP after your name vaults you into the elite of
security professionals. The rigorous exam draws from a "common
body of knowledge" covering various aspects of security. This all-
encompassing certification requires that you really know your
* Brainbench -- The venerable Brainbench
(http://www.brainbench.com) offers certifications on virtually
everything, including Network Security, Internet Security, and
Check Point Firewall-1 Administration. Some are now costing
a fee, some are still offered for free.