"Learn New Skills & Increase Your Earning Power With FREE Computer Training!
Follow us on Our Twitter page!
Up 1 Level
Free Security and Cryptography Training and Tutorials
Search over 150,000 Free Computer Training and Tutorials at Edcomp.com:
Best New Free Computer IT Training and Tutorial Resources blog
Free Computer and IT Books blog
Free Web Development Training and Tutorials blog
Free Training blog for Photoshop, Flash, Dreamweaver, FrontPage, and Adobe Macromedia Apps
Free Microsoft Office Training and Tutorials blog
http://docs.rinet.ru:8080/LomamVse/
http://www.empowermentzone.com/security.zip
Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network
http://www.quanmongmo.net/computer/firewall/
Firewalls Complete (free online book)
http://www.comptechdoc.org/independent/security/begin/index.html
Beginners Security Guide
http://www.verisign.com/resources/gd/buildEcommerce/buildEcommerce.pdf
http://www.verisign.com/resources/gd/buildEcommerce/buildEcommerce.html
Building an E-Commerce Trust Infrastructure - SSL Server
Certificates and Online Payment Services - published by Verisign.
http://www.verisign.com/resources/gd/secureBusiness/secureBusiness.pdf
http://www.verisign.com/resources/gd/secureBusiness/secureBusiness.html
Guide to Securing Your Web Site For Business
http://nsa1.www.conxion.com/win2k/download.htm
NSA Windows 2000 Security Recommendation Guides
http://ossr.phpwebhosting.com/...lid=94
Hardening Windows 2000 (20 page pdf)
http://www.oucs.ox.ac.uk/windows/winnt/security/
Windows NT and 2000 Security
Oxford University Computer Services ran a four hour workshop on NT and 2000 security, here are the slides:
http://www.instis.org/
Institute of Information Security
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
Steps for Recovering from a UNIX or NT System Compromise
http://web.archive.org/web/20010803003012/http://www.books.mcgraw-hill.com/betabooks/july01/theriault/ch03.htm
Planning Your Security - free chapter from Oracle Security
Handbook
Network Security - A Beginner's Guide - 2 free chapters:
E-Commerce Security Needs:
http://web.archive.org/web/20010617121104/http://www.books.mcgraw-hill.com/betabooks/apr01/maiwald/chap11.html
Encryption:
http://web.archive.org/web/20010617121104/http://www.books.mcgraw-hill.com/betabooks/apr01/maiwald/chap12.html
http://www.networkcomputing.com/shared/printArticle?article=nc/1305/1305ws1full.html&pub=nwc
Modular Authentication for Linux
http://www.linuxsecurity.com/docs/LDP/Security-Quickstart-HOWTO
Linux Security Quick-Start HOWTO
http://www.linuxsecurity.com/docs/
L:inux Security Top 10 Documents
http://www.linuxsecurity.com/docs/QuickRefCard.pdf
Linux Security 2-page Quick Reference Card
http://java.oreilly.com/news/javasecurity_0601.html
Ten Tips for Working with Java's Security Infrastructure
http://www.ibiblio.org/mdw/HOWTO/Security-HOWTO.html
Linux Security HOWTO - This document is a general overview of security issues
that face the administrator of Linux systems.
Here are a couple of white papers recently released by the IBM T.J. Watson Research Center in January of 2002 concerning the state of Linux Security for Enterprise systems.
http://oss.software.ibm.com/developerworks/opensource/linux/whitepapers/security/les_summary.pdf
Linux Security for the Enterprise: Executive Summaryhttp://oss.software.ibm.com/developerworks/opensource/linux/whitepapers/security/les_whitepaper.pdf
Security Requirements for the Deployment of the Linux Kernel in Enterprise Systems
http://www-1.ibm.com/linux/Securing_Linux_Servers_xSP_hilf_external.pdf
Securing Linux Servers for Service Providers
http://www.itworld.com/Sec/2211/swol-0196-firewall/pfindex.html
Firewall Design
http://www.it.kth.se/~rom/ntsecindex.html
NT Security - Frequently Asked Questions
http://www.cs.nps.navy.mil/curricula/tracks/security/cs_131.html
Computer Security Class, has good
course notes
http://fir.catalysis.nsk.su/~sabitov/Docs/SECURITY/security/
Security documents
http://project.honeynet.org/papers/
These white papers are a result of the Honeynet Project. They discuss the
tools, tactics, and motives of the blackhat community.
Presentations are also available.
http://research.microsoft.com/lampson/Slides/SecurityAbstract.htm
Computer Security in the Real World - slides from Butler Lampson, Microsoft
http://www.enteract.com/~lspitz/pubs.html
Lance's Security Papers - several good computer security white papers.
http://httpd.apache.org/docs/misc/security_tips.html
Apache HTTP Server Version 1.3 Security Tips for Server Configuration -
Some hints and tips on security issues in setting up a web server. Some of the
suggestions will be general, others specific to Apache.
http://www.unixreview.com/articles/2001/0106/0106m/0106m.htm
LIDS (Linux Intrusion Detection System) and Mandatory Access Control (MAC) on
Linux
http://ossr.phpwebhosting.com/...lid=39
Intrusion Detection
http://www.itworld.com/Comp/3380/swol-1020-unix101/
Security basics, Part 1 -
Understanding file attribute bits and modes (Unix Insider)
http://www.itworld.com/AppDev/1177/swol-1201-unix101/
Security basics, Part 2 -
More advice on file attribute bits and modes (Unix Insider)
http://www.visi.com/crypto/
Rick Smith's Web Site - contains articles,
presentations, and related materials on information security.
http://csrc.nist.gov/publications/nistpubs/index.html
Excellent Free Security Publications
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
Guidelines on Firewalls and Firewall Policy (1,208 kb)
http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf
Introduction to Public Key Technology and the Federal PKI
Infrastructure (261,376 bytes)
http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf
Intrusion Detection Systems (IDS) (871,060 bytes)
http://csrc.nist.gov/publications/nistpubs/800-27/sp800-27.pdf
Engineering Principles for Information Technology Security (A
Baseline for Achieving Security) (183,214 bytes)
http://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdf
Security Self-Assessment Guide for Information Technology Systems
(458,936 bytes)
http://csrc.nist.gov/publications/nistpubs/800-18/Planguide.PDF
Guide for Developing Security Plans for Information Technology
Systems (314,006 bytes)
http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf
Generally Accepted Principles and Practices for Securing Information
Technology Systems (192326 bytes)
http://csrc.nist.gov/publications/nistpubs/800-10/800-10.pdf
Keeping Your Site Comfortably Secure: An Introduction to Internet
Firewalls (1,109,869 bytes)
http://www.linuxsecurity.com/resource_files/network_security/sd-7.pdf
The 60 Minute Network Security Guide November 1st, 2001 - This SNAC Guide
addresses security "best practices" from the National Security
Agency's Systems and Network Attack Center. It includes information on security
policies, passwords, host security, buffer overflows, rootkits, and more.
The Computer Security Rainbow
Books Collection:
| Aqua - A Guide to Understanding Security Modeling in Trusted Systems | zip |
| Blue - Trusted Product Evaluation Questionnaire | zip |
| Brown - Guide To Understanding Trusted Facility Management | zip |
| Burgandy - A Guide to Understanding Design Documentation in Trusted Systems | zip |
| Dark Lavender - A Guide to Understanding Trusted Distribution in Trusted Systems | zip |
| Green - Department of Defense Password Management Guideline | zip |
| Grey - Trusted Unix Working Group | zip |
| Light Blue - Understanding Identification and Authentication in Trusted Systems | zip |
| Orange - Department of Defense Trusted Computer System Evaluation Criteria | zip |
| Neon Orange - Guide to Understanding Configuration Management in Trusted Systems | zip |
| Peach - Guide to Writing the Security Features User's Guide for Trusted Systems | zip |
| Pink - Rating Maintenance Phase Program Document Version 2 | zip |
| Purple - Guidelines for Formal Verification Systems | zip |
| Red - Trusted Network Interpretation Environments Guideline | zip |
| Deep Red - Computer Security Subsystem Interpretation of the TCSEC | zip |
| Venice Blue | zip |
| Yellow - | zip |
Firewall Learning Resources:
http://www.interhack.net/pubs/fwfaq/
Internet Firewalls: Frequently Asked Questions
This is an updated text format of the above page:
http://www.faqs.org/faqs/firewalls-faq/
http://www.networkmagazine.com/article/NMG20010103S0010
Getting Personal with Firewalls
http://www.infosyssec.com/infosyssec/firew1.htm
Firewall Security and the Internet - many good resources listed and linked on this page
http://www.cerias.purdue.edu/coast/firewalls/fw-body.html
Internet Firewalls - Resources
http://csrc.ncsl.nist.gov/
Computer Security Resource Center
http://www.iss.net/customer_care/resource_center/whitepapers/
Computer Security White Papers - Security specialist ISS has a large range of
white papers available for free download from its site. Whether you want
to know about secure e-business, setting up a VPN, or just about anything,
you'll probably find it here.
http://www.forensics-intl.com/info.html
NTI Information & Reference - This information has been posted to provide a
ready source of information on various topics which are related to computer
evidence, computer forensics, document discovery, computer incident response
and computer security risk management issues.
http://www.securit.com/references.html
Security and Encryption-related References on the Web
http://www.checksum.org/download/cryptography.pdf
Cryptography - the myths
http://avirubin.com/courses.html
Linked list of crypto and security courses, many have free lecture notes and
resources
http://techguide.zdnet.com/cat/security/encryption/index.shtml
Encryption White Papers
http://techguide.zdnet.com/cat/security/antivirus/index.shtml
Anti Virus white Papers
http://techguide.zdnet.com/cat/security/firewall/index.shtml
Firewall White Papers
http://www.avolio.com/papers.html
Internet Security White Papers
Linux NetFilter - IPTables Documentation and Tutorials:
http://netfilter.samba.org/netfilter-faq.html
netfilter/iptables FAQhttp://netfilter.samba.org/unreliable-guides/netfilter-hacking-HOWTO/index.html
Linux netfilter Hacking HOWTOhttp://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
Linux 2.4 Packet Filtering HOWTOhttp://netfilter.samba.org/unreliable-guides/NAT-HOWTO/index.html
Linux 2.4 NAT HOWTOHarald Welte has the following useful netfilter-related hacking documents:
- http://www.gnumonks.org/ftp/pub/doc/conntrack+nat.html
- http://www.gnumonks.org/ftp/pub/doc/packet-journey-2.4.html
- http://www.gnumonks.org/ftp/pub/doc/skb-doc.html
There is also a copy of the slides of Rusty's LinuxWorld Tutorial online, or a better version contributed by Marcomas at libero.it.
There is also Rusty's tutorial from Xuventude Galicia Net, Santiago, in Magicpoint.
The second (serious) part of Rusty's Random Hacking Talk given in linux.conf.au Australia, La Coruna University Spain, and Aberystwyth Wales. Also in Magicpoint: read the comments for the much more information.
ftp://ftp.hacktic.nl/pub/crypto
Cryptography Archives
http://www.securityfocus.com/
SecurityFocus.com is designed to facilitate discussion on security related
topics, create security awareness, and to provide the Internet's largest and
most comprehensive database of security knowledge and resources to the public.
http://www.bluekestrel.com/ipspoof.txt
IP-spoofing Demystified - Trust-Relationship Exploitation
http://www.thinkquest.org/library/lib/site_sum.html?lib_id=1720&team_id=27158
Data Encryption - This tutorial explores data encryption � including its long
history, the methodology, the technical side and its role in today's use.
http://ossr.phpwebhosting.com/...lid=97
Public-Key Cryptography (329kb)
http://www.gocsi.com/links.htm
These sites contain information and resources useful to computer security
professionals
http://www.netsurf.com/nsf/v01/01/update.html
On Computer and Network Security - 2 revised and updated issues from Netsurfer
Focus
http://www.alw.nih.gov/Security/security.html
Computer Security Information - organized by source and each section is
organized by topic.
http://www.alw.nih.gov/Security/tcontents.html
Computer Security Information - Table of Contents
http://www.faqs.org/faqs/computer-security/
Computer Security FAQs
http://hotwired.lycos.com/webmonkey/backend/security/
Computer Security Tutorials from Webmonkey
http://www.techtutorials.com/Linux/Security/
Linux Security Tutorials
http://www.spirit.com/CSI/archives.html
CSI Firewall Archives - includes papers by security experts
http://www.securityfocus.com/forums/secprog/secure-programming.html
Secure Programming - The purpose of this document is to educate the reader
on secure programming practices.
http://www.oreilly.com/catalog/websec/chapter/ch01.html
The Web Security Landscape
http://woevans.freeyellow.com/Articles.html
AS400 Security Articles
http://www.itp-journals.com/nasample/t1803.pdf
How to Build and Run a Firewall - We take a look at some of the issues involved in choosing, setting-up and running a firewall.http://www.itp-journals.com/nasample/T1532.PDF
Windows 2000 Encrypting File System - EFS is a new feature which provides a fast and transparent way to secure files. Only the user who encrypted the files can obtain access to them, but carefully-designed safeguards are provided.http://www.itp-journals.com/nasample/t04123.pdf
How to Conduct a Security Audit - Information security encompasses more than just IT systems - people who use the systems can also inadvertently open security loopholes. A security audit aims to detect and highlight any problem areas within the IT infrastructure and staff behaviors.http://www.itp-journals.com/nasample/t1523.pdf
Understanding Intrusion Detection Systems - You can use firewalls, secure logins, one-shot passwords and encrypted IDs and still not know if your system has been violated. The emerging field of intrusion detection offers some surprisingly low-tech solutions to a high-tech problem.http://www.itp-journals.com/nasample/t1715.pdf
Securing Windows NT - Careful configuration and monitoring of NT, especially Internet-facing NT machines, can make the difference between a secure system and one which is open to security breaches. We explain the steps you need to take.
http://www.oreilly.com/catalog/dns4/chapter/ch11.html
Unix Security Checklist
http://www.oreilly.com/catalog/fire2/chapter/ch13.html
Internet Services and Firewalls
http://www.oreilly.com/catalog/csb/chapter/ch03.html
Computer System Security and Access Controls
http://www.labmice.net/Security/default.htm
Windows 2000 Network and System Security
http://world.std.com/~franl/crypto.html
Cryptography: The Study of Encryption
http://www.wilders.org/
Wilders.org - This website is for all those who
don't have much knowledge concerning security and how to secure one's pc.
Linux Security Sites:
IBM Developerworks Security Tutorials:
::: Enabling XML Security :::
As XML security needs grow more complex, a number of standards are emerging to meet the growing demands. Here, veteran programmer and security expert Murdoch Mactaggart examines two of the most prominent standards -- XML encryption and XML signature.
http://www-106.ibm.com/developerworks/library/s-xmlsec.html/?n-x-9201::: developerWorks Focuses on Security :::
Everyone needs to think about the security of data and networks -- from casual coders to security directors for the world's largest corporations. In response to reader interest, developerWorks has put together this one-stop shop for reviewing your security measures or for taking a first look at methods to back up your data. You'll find valuable resources like Larry Loeb's analysis of the recent virus troubles, a pair of VPN tutorials, and a Java zone how-to on identifying users in your network.
http://www-106.ibm.com/developerworks/theme/?n-j-10111::: SKIP Security :::
Simple Key management for Internet Protocols (SKIP) is a sessionless method for managing keys in Public Key Encryption systems. Find out why SKIP is considered faster and more secure than more commonly used key methods.
http://www-106.ibm.com/developerworks/library/s-skip.html?n-s-8301
::: Common Threads: OpenSSH Key Management, Part 1 :::
Daniel Robbins, dW columnist and author of several Macmillan books on Linux, introduces the RSA and DSA authentication protocols, and shows you how to get them working over the network.
http://www-106.ibm.com/developerworks/library/l-keyc.html?n-l-7261
::: Digital Signatures with SOAP :::
Jayanthi Suryanarayana describes how digital security systems such as the SSL protocol can provide the necessary means to protect your SOAP transactions while in transit. It is possible to implement some of those features to enable security in your Web services right now. This tutorial shows how to apply SSL to SOAP messages between Web services written in Java.
http://www-106.ibm.com/developerworks/education/r-wsdsst.html?n-x-6211::: Three-Pronged Solution for Identifying Users :::
In this second installment of his Securing Systems series, Joseph Sinclair demonstrates that the first step toward system security is revealing the ID of the user on the other end of the communications link. In this article, he discusses three familiar approaches for identifying users, highlights the strengths and weaknesses of each approach (and combinations of approaches), and provides some examples to help ensure that the safety of your system is not compromised.
http://www-106.ibm.com/developerworks/library/j-secure/?n-j-671::: Learning Digital Cryptology, Part 1 :::
This free dW tutorial introduces cryptography concepts, techniques, and mathematical foundations so you can speak the lingo and be
prepared for Parts 2 and 3 of this tutorial.
http://www-106.ibm.com/developerworks/education/r-scr.html?n-s-1181::: Security -- Firewalls, Part 2 :::
In her follow-up article on firewalls, Mandy Andress focuses on the specific technologies available -- packet filter, proxy, and stateful
inspection. She examines the pros and cons of each, as well as their advances, hybrids, features, and customization.
http://www-106.ibm.com/developerworks/library/s-fire2.html?n-s-4121::: Security -- IPSec Simplified :::
The IPSec standard allows users to implement security at the IP packet level. It's powerful, but it's also extremely complex, and if not
understood properly it can easily be misused. Joe Rudich explores IPSec's advantages -- and potential pitfalls.
http://www-106.ibm.com/developerworks/library/s-ipsec.html?n-s-451::: Security Implications of Open-Source Software :::
Does open source mean an open door? Examine all the arguments and decide for yourself.
http://www-106.ibm.com/developerworks/library/l-oss.html?n-l-3291::: Cryptology Concepts, Part 3 :::
This free, intermediate-level tutorial builds on the concepts presented in Parts 1 and 2 by examining cryptographic issues such as steganography, watermarking, digital signatures, and cryptanalysis, as well as "exotic" protocols like secret sharing and key escrow.
http://www-106.ibm.com/developerworks/education/r-scr3.html?n-s-3291::: 'Net Threats, Part 2 :::
With recent viruses causing headaches far and wide, the developer community is taking a long, careful look at how it prepares for such threats. Here, the author takes a look at how SirCam spreads its mischief -- and offers his take on what should be done about these threats.
http://www-106.ibm.com/developerworks/library/s-net2.html?n-s-10181
Free Chapters from cmpbooks.com:
http://www.cmpbooks.com/scripts/store/vsc/store/products/chapter/sa4ch13.htm...
Remote System Security: A SecureNet and SLIP Solution, chapter 13 from Unix Securityhttp://www.cmpbooks.com/scripts/store/vsc/store/products/chapter/ntsecch7.htm...
Auditing, chapter 7 from Windows NT security
http://www.ssh.fi/tech/crypto/
Cryptography A 2 Z
Introduction to Cryptography: http://www.ssh.fi/tech/crypto/intro.html
Algorithms: http://www.ssh.fi/tech/crypto/algorithms.html
Protocols and Standards: http://www.ssh.fi/tech/crypto/protocols.html
References: http://www.ssh.fi/tech/crypto/books.html
Links: http://www.ssh.fi/tech/crypto/sites.html
http://www.cryptome.org
Cryptome is a site which specialises in news and information about intelligence
matters. It also makes great reading for anyone with an interest in IT
security, as it provides ideal background material on what organizations and
governments around the world are doing to guard against the risk of
hacker attacks.
http://www.westcoast.com/securecomputing/thismonth.html
Secure Computing Magazine's articles all online
http://www.virtualschool.edu/mon/Crypto/index.html
Cryptography Resources
http://www.infosyssec.org/infosyssec/
Computer Security Information Resource Portal
http://fn2.freenet.edmonton.ab.ca/~jsavard/index.html
A Cryptographic Compendium - This series of pages has information about a large
number of cipher systems. So far, the coverage of cryptanalysis is quite
limited, though.
http://www.genusa.com/iis/security.html
Security - A ton of security links, many especially for Microsoft. [Mar. 28,
1998]
http://www.15seconds.com/focus/Security.htm
Security Section - Covers security related issue for the Internet Information
Server, Active Server Pages, and ISAPI applications, including authentication,
NTLM, and SSL.
http://msdn.microsoft.com/workshop/server/feature/server033198.asp
The Basics of Security - cover predominantly Active Server Pages technology
(ASP), Microsoft Internet Information Server (IIS) and Microsoft Site Server.
http://docs.rinet.ru/LomamVse
A Hackers' Guide to protecting your internet site and network
Roundtable on Information Security Policy:
(Short
version Long
version)
Ten experts discuss a range of information security policy questions. For
example, who should establish security policy -- individual organizations,
standards bodies, government, international federations? What's the state of
the practice today, and what do you envision for the future?; and more...
Defending Yourself: The
Role of Intrusion Detection Systems
by John McHugh, Alan Christie, and Julia Allen
What is the role of intrusion detection systems in an organization's
overall defensive posture? This article provides guidelines for IDS
deployment, operation, and maintenance.
-------------------------------------------
Becoming a Security Professional
By Dan Blacharski
Networks are more open than ever; viruses are proliferating; break-ins
are occurring at a rapid clip. Wily hackers, ne'er-do-wells, and
disgruntled employees bent on destruction and revenge have
unintentionally created a whole new job category - the network security
manager. Although getting hired as a network security manager once
required little more than interest in the subject and some hacking
experience, employers seeking security people now desire professional
certifications.
Unlike many other IT certifications, a security certification usually
requires significant field experience as well as training. Of course,
the experience does not necessarily need to be as a security manager.
Most small-to medium-sized companies don't employ dedicated security
personnel and simply add security to the system administrator's duties.
Most firewall companies now offer vendor-specific certification
programs, although vendor-neutral certifications are also widely
available and much sought after. Here's a run-down of some of the most
widely recognized security certification programs:
* CCSE (Check Point Certified Systems Engineer) -- A variety of
certified testing centers offer Check Point's
(http://www.checkpoint.com) certification,
which validates your
knowledge of Check Point's VPN-1/Firewall-1 series of security
products. The CCSE requires the CCSA (Check Point Certified
Systems Administrator), which demonstrates familiarity with
installing and implementing the Firewall-1 product.
* Cisco Security Specialist -- If you already have a CCNA (Cisco
Certified Network Associate), then you can test for the Cisco
Security Specialist designation
(http://www.cisco.com). It indicates your
proficiency in
designing, installing, and supporting Cisco-based security
solutions. Cisco recommends four rather intensive courses before
testing for the designation, which include: Managing Cisco
Network Security, Cisco Secure PIX Firewall (Advanced), Cisco
Secure Intrusion Detection System, and Cisco Secure VPN.
* System Administration, Networking, and Security Institute Global
Incident and Analysis Center Certification (SANS GIAC) - In
addition to their educational opportunities and security alerts,
this research organization (http://www.sans.org/giactc.htm)
offers certification/training programs for beginning-to-advanced
professionals. Their "KickStart" program helps professionals with
little-to-no security background quickly get up to speed. The
GIAC Security Engineer designation is for more advanced
professionals with demonstrated proficiency in all levels of
security.
* CISSP (Certified Information Systems Security Professional) --
The International Information Systems Security Certifications
Consortium (http://www.isc2.org) offers
training, exams, and an
online study guide. Despite being the most common certification,
putting CISSP after your name vaults you into the elite of
security professionals. The rigorous exam draws from a "common
body of knowledge" covering various aspects of security. This all-
encompassing certification requires that you really know your
stuff.
* Brainbench -- The venerable Brainbench
(http://www.brainbench.com) offers
certifications on virtually
everything, including Network Security, Internet Security, and
Check Point Firewall-1 Administration. Some are now costing
a fee, some are still offered for free.