Security Related Links

Table of Contents

• Resources and Sites of Interest
• Security and Best Practices Checklists
• Survivability and Resiliency
• Incident Management
  • Incident Handling and Response
  • Forensics
• Operating Systems
  • Unix Security
  • Windows Security
• Firewalls, IDS and Other Defense Mechanisms
  • Egress Filtering
  • Firewalls
  • Intrusion Detection
  • Honeynets and Honeypots
  • Crypto
• Applications and Protocols
  • WWW Security
  • DNS
  • NTP
  • TCP/IP
  • Mail Relay
  • Secure Programming
• Internet Standards
  • RFCs
  • Internet Drafts
• Malicious Code and other Attacks
  • Denial of Service
  • Social Engineering
  • Spam
  • Hoaxes and Virus

Resources and Sites of Interest

• SSAC Reports and Advisories, ICANN
• The Twenty Most Critical Internet Security Vulnerabilities (Updated) -- The Experts' Consensus, SANS Institute
• Know Your Enemy: The Tools and Methodologies of the Script Kiddie, The Honeynet Project
• Botnets as a Vehicle for Online Crime, CERT
• Improving Computer Security through Network Design, AusCERT
• Talisker Security Wizardry Portal
• SANS Institute
• COAST Hotlist: Computer Security, Law and Privacy, CERIAS, Purdue University
• Internet Storm Center, SANS Institute
• SecurityFocus

Security and Best Practices Checklists

• UNIX and Linux Security Checklist v3.0, AusCERT
• Práticas de Segurança para Administradores de Redes Internet -- Checklist, CERT.br
• Checklist para Usuários Finais: Cartilha de Segurança para Internet, CERT.br
• Windows Intruder Detection Checklist, CERT
• Secure Unix Programming Checklist, AusCERT

Survivability and Resiliency

• Survivable Systems Engineering, CERT
• Survivable Network System Analysis: A Case Study, CERT
• Defense in Depth: Foundations for Secure and Resilient IT Enterprises, CERT
• Survivable Systems Analysis Method, CERT

Incident Handling and Response

• Computer Security Incident Response Team (CSIRT) FAQ, CERT
• Computer Security Incident Response Team (CSIRT) FAQ (Versão em Português), CERT.br
• A Common Language for Computer Security Incidents, CERT
• CSIRT Resources (Portuguese and English), CERT.br
• Incident Management Capability Metrics, CERT
• Incident Management Mission Diagnostic Method, CERT

Forensics

• First Responders Guide to Computer Forensics, CERT
• First Responders Guide to Computer Forensics: Advanced Topics, CERT
• Computer Forensics Analysis Class -- Class handouts from the full-day class on UNIX computer forensics analysis given by Dan Farmer and Wietse Venema on August 6th, 1999.
• The Coroner's Toolkit (TCT) -- collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in.
• The Sleuth Kit (TSK) -- a collection of UNIX-based command line tools that allow you to investigate a computer.
• The Autopsy Forensic Browser -- a graphical interface to the command line digital investigation tools in The Sleuth Kit.

Unix Security

• Enhancing Security of Unix Systems, AusCERT
• comp.security.unix Newsgroup FAQs
• comp.os.linux.security FAQ
• Linux Security Documentation
• LASG -- Linux Administrators Security Guide
• Linux Security HOWTO
• Unix Guru Universe
• AIX FAQ
• Unix Sysadim Resources

Windows Security

• Windows NT Configuration Guidelines, AusCERT
• Microsoft Security
• WinDump: tcpdump for Windows
• Windows Intruder Detection Checklist, CERT

Egress Filtering

• Egress Filtering - Keeping the Internet Safe from Your Systems (PDF)
• Egress Filtering FAQ: What is Egress Filtering and How Can I Implement It? (PDF), SANS Institute
• ID FAQ - Why Egress Filtering Can Benefit Your Organization

Firewalls

• Internet Firewalls: Frequently Asked Questions
• COAST Firewall Resources
• NIST Publication: Guidelines on Firewalls and Firewall Policy

Intrusion Detection

• Intrusion Detection FAQ
• COAST Intrusion Detection Resources
• Snort -- The Lightweight Network Intrusion Detection System
• "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" by Tim Newsham and Tom Ptacek. PostScript, 731KB.
• "Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events" by Richard Bejtlich. (PDF)
• Draft: NIST Special Publication on Intrusion Detection Systems
• Log Analysis Resources

Honeynets and Honeypots

• Honeypots e Honeynets: Definições e Aplicações, CERT.br
• The Honeynet Project
• Honeynet.BR Project
• Brazilian Honeypots Alliance -- Distributed Honeypots Project
• Honeypots: Definitions and Value, Lance Spitzner
• Books:
  • Know Your Enemy, 2nd Edition, The Honeynet Project
  • Honeypots: Tracking Hackers, Lance Spitzner
  • Virtual Honeypots: From Botnet Tracking to Intrusion detection., Niels Provos, Thorsten Holz

Crypto

• Cryptography FAQ
• Crypto-Gram Newsletter
• Cryptography and Security, Ronald L. Rivest
• Crypto Law Survey -- a survey of existing and proposed laws and regulations on cryptography

WWW Security

• The World Wide Web Security FAQ
• Writing secure CGI scripts
• Secure Programming in PHP, Thomas Oertli
• PHP Security Tips
• 8 Defensive Programming Best Practices to Prevent Breaking Your Sites, Manuel Lemos
• PHP Security
  • Part 1
  • Part 2
  • Part 3
• On the Security of PHP
  • Part 1
  • Part 2
• Ten Security Checks for PHP
  • Part 1
  • Part 2
• Top ten security vulnerabilities in web applications, OWASP
• PHP and the Top ten security vulnerabilities in web applications
• Cross-site scripting, IBM
• Cross Site Scripting Info, Apache
• Results of the Security in ActiveX Workshop, CERT
• CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests, CERT

DNS

• The Measurement Factory -- DNS Expertise
• DNSReport - See if there are problems with your DNS
• DNS Stuff
• Securing an Internet Name Server, CERT
• DNS Security Basics, DNS Stuff
• DNSstuff's Resource Center
• Security and Stability Advisory Committee (SSAC) Reading List
• DNS Amplification Attacks:
  • Recomendações para Evitar o Abuso de Servidores DNS Recursivos Abertos , CERT.br
  • SSAC Advisory SAC008 DNS Distributed Denial of Service (DDoS) Attacks (PDF), ICANN
  • The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0), US-CERT
  • Anatomy of Recent DNS Reflector Attacks from the Victim and Reflector Point of View, Verisign

NTP

• Latest information on Network Time Protocol (NTP) and other related clock synchronization products
• OpenNTPD

TCP/IP

• FAQs, tutorials, guides, web pages sites, and books about TCP/IP
• comp.protocols.tcp-ip Newsgroup FAQs

Mail Relay

• Anti-Relay: Stop Third-Party Mail Relay

Secure Programming

• Secure Coding Initiative, CERT
• Build Security In -- best practices, tools, guidelines, rules, principles, and other resources for software developers, US-CERT
• SANS Software Security Institute
• Secure Programming for Linux and Unix HOWTO
• Secure Unix Programming Checklist, AusCERT
• Secure UNIX Programming FAQ
• Writing secure CGI scripts
• The Software Security Project
• Splint - Secure Programming Lint
• Secure Programming in PHP, Thomas Oertli
• Selected Articles on Secure Programming
• Books, papers and articles -- from the appendix of the book "Secure Coding: Principles and Practices"

RFCs

Best Current Practices (BCP)

• RFC 1918 / BCP 5: Address Allocation for Private Internets
• RFC 2350 / BCP 21: Expectations for Computer Security Incident Response
• RFC 2505 / BCP 30: Anti-Spam Recommendations for SMTP MTAs
• RFC 2644 / BCP 34: Changing the Default for Directed Broadcasts in Routers
• RFC 2827 / BCP 38: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
• RFC 3013 / BCP 46: Recommended Internet Service Provider Security Services and Procedures
• RFC 3227 / BCP 55: Guidelines for Evidence Collection and Archiving
• RFC 3360 / BCP 60: Inappropriate TCP Resets Considered Harmful
• RFC 3365 / BCP 61: Strong Security Requirements for Internet Engineering Task Force Standard Protocols
• RFC 4086 / BCP 106: Randomness Requirements for Security
• RFC 4107 / BCP 107: Guidelines for Cryptographic Key Management
• RFC 5068 / BCP 134: Email Submission Operations: Access and Accountability Requirements
• RFC 5358 / BCP 140: Preventing Use of Recursive Nameservers in Reflector Attacks

Standards

• RFC 2142: Mailbox Names for Common Services, Roles and Functions
• RFC 2246: The TLS Protocol Version 1.0
• RFC 2476: Message Submission
• RFC 2554: SMTP Service Extension for Authentication
• RFC 3168: The Addition of Explicit Congestion Notification (ECN) to IP
• RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
• RFC 3369: Cryptographic Message Syntax (CMS)
• RFC 3370: Cryptographic Message Syntax (CMS) Algorithms
• RFC 3834: Recommendations for Automatic Responses to Electronic Mail
• RFC 4033: DNS Security Introduction and Requirements
• RFC 4034: Resource Records for the DNS Security Extensions
• RFC 4035: Protocol Modifications for the DNS Security Extensions
• RFC 4051: Additional XML Security Uniform Resource Identifiers (URIs)
• RFC 4055: Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• RFC 4056: Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS)
• RFC 4109: Algorithms for Internet Key Exchange version 1 (IKEv1)
• RFC 4217: Securing FTP with TLS
• RFC 4250: The Secure Shell (SSH) Protocol Assigned Numbers
• RFC 4251: The Secure Shell (SSH) Protocol Architecture
• RFC 4252: The Secure Shell (SSH) Authentication Protocol
• RFC 4253: The Secure Shell (SSH) Transport Layer Protocol
• RFC 4254: The Secure Shell (SSH) Connection Protocol
• RFC 4255: Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
• RFC 4256: Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
• RFC 4301: Security Architecture for the Internet Protocol
• RFC 4302: IP Authentication Header
• RFC 4303: IP Encapsulating Security Payload (ESP)
• RFC 4308: Cryptographic Suites for IPsec
• RFC 4344: The Secure Shell (SSH) Transport Layer Encryption Modes
• RFC 4346: The Transport Layer Security (TLS) Protocol Version 1.1
• RFC 4359: The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH)
• RFC 4366: Transport Layer Security (TLS) Extensions
• RFC 4409: Message Submission for Mail
• RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
• RFC 4871: DomainKeys Identified Mail (DKIM) Signatures
• RFC 4959: IMAP Extension for Simple Authentication and Security Layer (SASL) Initial Client Response
• RFC 4985: Internet X.509 Public Key Infrastructure Subject Alternative Name for Expression of Service Name
• RFC 5070: The Incident Object Description Exchange Format
• RFC 5321: Simple Mail Transfer Protocol
• RFC 5322: Internet Message Format

Informational

• RFC 1281: Guidelines for the Secure Operation of the Internet
• RFC 1321: The MD5 Message-Digest Algorithm
• RFC 1470: Tools for Monitoring and Debugging TCP/IP Internets and Interconnected Devices
• RFC 1750: Randomness Recommendations for Security
• RFC 2076: Common Internet Message Headers
• RFC 2196: Site Security Handbook
• RFC 2411: IP Security Document Roadmap
• RFC 2504: Users Security Handbook
• RFC 2577: FTP Security Considerations
• RFC 2979: Behavior of and Requirements for Internet Firewalls
• RFC 3067: TERENA's Incident Object Description and Exchange Format Requirements
• RFC 3098: How to Advertise Responsibly Using E-Mail and Newsgroups or - how NOT to $$$$$ MAKE ENEMIES FAST! $$$$$
• RFC 3164: The BSD syslog Protocol
• RFC 3174: US Secure Hash Algorithm 1 (SHA1)
• RFC 3330: Special-Use IPv4 Addresses
• RFC 3511: Benchmarking Methodology for Firewall Performance
• RFC 3631: Security Mechanisms for the Internet
• RFC 3833: Threat Analysis of the Domain Name System (DNS)
• RFC 3871: Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure
• RFC 3964: Security Considerations for 6to4
• RFC 4096: Policy-Mandated Labels Such as "Adv:" in Email Subject Headers Considered Ineffective At Best
• RFC 4270: Attacks on Cryptographic Hashes in Internet Protocols
• RFC 4272: BGP Security Vulnerabilities Analysis
• RFC 4381: Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs)
• RFC 4641: DNSSEC Operational Practices
• RFC 4686: Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
• RFC 4766: Intrusion Detection Message Exchange Requirements
• RFC 4772: Security Implications of Using the Data Encryption Standard (DES)
• RFC 4778: Current Operational Security Practices in Internet Service Provider Environments
• RFC 4890: Recommendations for Filtering ICMPv6 Messages in Firewalls
• RFC 4891: Using IPsec to Secure IPv6-in-IPv4 Tunnels
• RFC 4942: IPv6 Transition/Coexistence Security Considerations
• RFC 4986: Requirements Related to DNS Security (DNSSEC) Trust Anchor Rollover
• RFC 4949: Internet Security Glossary, Version 2

Experimental

• RFC 4406: Sender ID: Authenticating E-Mail
• RFC 4408: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1
• RFC 4765: The Intrusion Detection Message Exchange Format (IDMEF)
• RFC 4767: The Intrusion Detection Exchange Protocol (IDXP)

Internet Drafts

• "Security Through Obscurity Considered Dangerous", February, 2002
• "Guidelines for Mandating the Use of IPsec Version 2", August, 2008
• "Extensions to the IODEF-Document Class for Phishing, Fraud, and Other Crimeware", July, 2008
• "Real-time Inter-network Defense", November, 2008

Denial of Service

• Denial of Service (DoS) Attack Resources
• Managing the Threat of Denial of Service Attacks, CERT
• Distributed Denial of Service (DDoS) Attacks/tools, Washington University
• Consensus Roadmap for Defeating Distributed Denial of Service Attacks, SANS Institute
• Help Defeat Distributed Denial of Service Attacks: Step-by-Step, SANS Institute
• Defining Strategies to Protect Against TCP SYN Denial of Service Attacks, CISCO
• Trends in Denial of Service Attack Technology, CERT
• DNS Amplification Attacks:
  • Recomendações para Evitar o Abuso de Servidores DNS Recursivos Abertos , CERT.br
  • SSAC Advisory SAC008 DNS Distributed Denial of Service (DDoS) Attacks, ICANN
  • The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0), US-CERT
  • Anatomy of Recent DNS Reflector Attacks from the Victim and Reflector Point of View, Verisign

Social Engineering

• Social Engineering Fundamentals, Part I: Hacker Tactics, SecurityFocus
• Social Engineering Fundamentals, Part II: Combat Strategies, SecurityFocus

Spam

• Antispam.br
• Tecnologias e Políticas para Combate ao Spam, CERT.br/CGI.br
• Messaging Anti-Abuse Working Group (MAAWG)
• MAAWG Recommendation - Managing Port25
• MAAWG Email Metrics Program: The Network Operators' Perspective
• Important Considerations for Implementers of SPF and/or Sender ID
• The Mail Abuse Prevention System
• The Network Abuse Clearinghouse
• CAUCE, The Coalition Against Unsolicited Commercial Email
• When Spam Burns You: Why Bulk E-mail is Bad Business
• Spam Laws
• O Pesadelo do Spam
• Faça uma campanha de marketing por email livre de spam
• Anti-Spam Technical Alliance Technology and Policy Proposal
• Related RFCs:
  • RFC 2476: Message Submission
  • RFC 2505 / BCP 30: Anti-Spam Recommendations for SMTP MTAs
  • RFC 2554: SMTP Service Extension for Authentication
  • RFC 3098: How to Advertise Responsibly Using E-Mail and Newsgroups or - how NOT to $$$$$ MAKE ENEMIES FAST! $$$$$
  • RFC 3207: SMTP Service Extension for Secure SMTP over Transport Layer Security
  • RFC 4096: Policy-Mandated Labels Such as "Adv:" in Email Subject Headers Considered Ineffective At Best
  • RFC 4406: Sender ID: Authenticating E-Mail
  • RFC 4408: Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1
  • RFC 4409: Message Submission for Mail
  • RFC 4686: Analysis of Threats Motivating DomainKeys Identified Mail (DKIM)
  • RFC 4871: DomainKeys Identified Mail (DKIM) Signatures
  • RFC 5068 / BCP 134: Email Submission Operations: Access and Accountability Requirements

Hoaxes and Virus

• CIAC HoaxBusters, CIAC
• Internet Chain Letters, CIAC
• comp.virus Newsgroup FAQs, faqs.org
• Computer Virus Myths
• Symantec Security Response, Symantec
• McAfee Virus Information, McAfee
• F-Secure Virus Description Database, F-Secure
• Sophos Security Information: Viruses, Spam, Trojans, Hoaxes, Spyware and Adware, Sophos
• CERT Coordination Center Computer Virus Resources, CERT