This is a list of IT-Security resources on Freefire.org

  Send News to 

Sections

• Hardening - Operating System and Application Hardening, Secure Configuration, Host Security.

Resources

1. What is Free?
   • [html] GNU GNU's Not Unix! The Free Software Foundation.
   • [html] Open Source The Open Source Initiative
   • [html] Freshmeat New Linux Software
2. General Firewall and Security Information
   • Risks, Policy, Procedures, Contingency Planning
     • [html] Security Self-Assesment This questionair for US agencies developed and maintained by NIST ASSET by CSRC is a good starting point for baseline security, even if you are not a governmental institution. This questionair is especially interesting, since there is a Windows Public Domain tool available to answer the questions and generate various reports (NIST ASSET). See the ITL Buletin: Security Self-Assessment ([html) for a short introduction.
     • [html] ITL Buletin: Contingency Planning This buletin is an introduction to the topic of contingency planning and a short summary of the NIST Special Publication 800-34 Contingency Planning Guide for IT Systems ([PDF]).
     • [html] ITL Buletin: Risk Management This buletin is an introduction to the topic of risk management and a short summary of the NIST Special Publication 800-30 Risk Management Guide For Information Technology Systems ([PDF]).
     • [html] IT-Standards: BS-7799 & ISO-17799 Overview from isosecuritysolutions.com on those management system standards.
   • Security Analysis / Pen Testing
     • [html] OSSTMM Open Source Security Testing Methodology Manual.
   • Vulnerabilities and Advisories
     • [html] CVE Common Vulnerabilities and Exposures: CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
     • [html] Open Source Vulnerability Database The OSVDB is a community project to collect OS and Application Vulnerabilities. The Database is freely available.
   • Unsorted
     • [html] Internet Firewalls: Frequently Asked Questions (comp.security.firewalls)
     • [html] Linux Firewall-HOWTO (HOWTO Index)
     • [html] Reflections on Trusting Trust from Ken Thompson
     • [html] Unofficial TEMPEST reduce electromagnetic emanations
     • [html] Pages on cryptology from Werner Koch (GNU PG)
     • [html] Firewall Evaluation Checklists for commercial products
     • [html] DCOM with Firewalls The protocol and how it can be used through firewalls from Michael Nelson.
     • [html] The Rotherwick Firewall Resource - Point of Attack
     • [html] The Risks of Key Recovery
     • [html] Networking References big site for Network Professionals from Irwin Lazar (including the TCP/IP FAQ)
     • [html] Linux Security KB on SecurityPortal from the former author of the Redhat Security Cookbook
     • [html] CERTs security improvement Improving the Security of Networked Systems
     • [html] Securing Internet Information Servers
     • [html] SSL certificates overview of SSL certification using SSLeay package
     • [html] Excerpts from the CSI Editorial Archive a lot of IT-Security articles
     • [html] Hardening Page Some simple instructions to make a Unix System more secure
     • [html] TAMUs security solution on the drawbridge web site you can read about the solutions TAMU is using for security.
     • [html] Hardening NT and other documents (Spoofing, C2, FTP Bounce, Netbios) on networkcommand.com
     • [html] securing BIND 4.x and 8.x running the Name service Daemon in chroot() environment
     • [html] ircbounce how-to for using bnc a IRC bounce (port redirector) program
     • [html] Netscape Certs specification on certificates from Netscape
     • [html] Creating Redundant Linux Servers a paper (including some information on how to use fake)
     • [html] E-Mail security through procmail a paper with samples
     • [html] (German) all about GAK,ADK,CMR,KRA,TIS,NAI Kai Raven is giving some info on Cooperate Message Recovery in PGP and the effects of this.
     • [html] Microsoft Security Advisor including the famous Bulletins :)
     • [html] FWTK FAQ A lot of information and the Patches for transparent support
     • [ftp] Tishina Security Archives
     • [html] Encryption and Compression at CORA the Computer Science Research Paper Search Engine
     • [html] Astalavista daily updated search engine for computer security related material.
     • [html] Disinformation "DisInformation was designed to be the search service of choice for individuals looking for information on current affairs, politics, new science and the 'hidden information,' that seldom seems to slip through the cracks of the corporate owned media conglomerates."
     • [html] The Insider The Journal for Resource Protection Professionals (by www.ticm.com)
     • [html] NT Security - Frequently Asked Questions
     • [html] Linux VPN Masquerading page by John Hardin about masquerading GRE PPT and IPsec clients/servers
     • [html] S/Key and other Tokens on Palm Pilot by Tramm Huson
     • [html] FW1 FAQ by PhoneBoy
     • [html] Firewall Handbuch für Linux 2.2 in German by Guido Stepken
     • [html] Common Criteria Project Here you will find the latest information about the Common Criteria for IT Security Evaluation (CC), plus CC-related documents made available for information and public comment. Other documents that bear on the development of internationally-accepted standards for IT security functional and assurance requirements and evaluation will also be posted or linked from time to time.
     • [html] BSI the German "Bundesamt für Sicherheit in der Informationstechnik". Useful information (mostly German): Firewall Reviews, IT Grundschutzhandbuch
     • [html] Building a Windows NT bastion host in practice paper by Stefan Norberg
     • [html] Lance Spitzner's Whitepapers and Publications a good Starting point to read. The "Know Your Enemy" lets you understand the tools and methodologies of the black hats. Some more papers on Armoring Linux, Solaris and NT and also stuff about FW1.
     • [html] The Linux Administrator's Security Guide
     • [html] Unix Security collection of papers and a link list from Matthew Deter.
     • [html] DoS Analysis David Dittrich's excellent analysis of different distributed DoS Tools and some talks about Unix Security, TCP/IP Vulnerabilities and Information Security.
     • [txt] Share Firewalls (paper) - shared firewalls (ISP based) vulnerabilities by codex@bogus.net
     • [html] SG24-4564-00 Safe Surfing: How to Build a Secure WWW
     • [html] GG24-4433-00 Elements of Security: AIX 4.1
     • [html] SG24-2577-02 Protect and Survive Using IBM Firewall 3.1 for AIX
     • [html] Building a Bastion Host Using HP-UX Kevin Steves, HP Consulting, Sweden
     • [txt] RFC2828 Internet Security Glossary
     • [html] Whitehats Network Security Resource
     • [html] de.comp.security.firewall FAQ German Firewalls FAQ from Lutz Donnerhacke
     • [html] WWW Security FAQ maintained at THE W3C
     • [html] VNC over SSH for Windows and Unix
     • [html] Netmeeting masqueraded German How-to masquerade Netmeeting PCs behind a Linux Box
     • [pdf] Ultimate Network Security Device
     • [html] Risk Based NT Config Windows NT Security Checklist that is designed to provide security administrators with a method of configuring an installation based on the agreed security risk profile of the target system. The security configuration document divides recommendations into levels "Premium", "Standard", and "Basic". -Leigh Purdie, Intersectalliance
     • [html] Gateway Certification Guide for the Australian Defense Signals Directorate. Complete Guide covering Risk Assessment, Policy Development, Design, Management and Certification.
     • [html] PROTOS Security Testing of Protocol Implementations (e.g. LDAP, WAP), good basics on Vulnerabilities in Network Protocols.
     • [html] Mixter's Security Whitepapers educate yourself with Mixter's excellent Security Papers. (German Version)
     • [html] SANS resources Some articles about security, for example the NSA Glossary of Terms used in Security and Incident Handling.
     • [html] 8wire > security "Online Resource for the Networking Profesional". Covers a broad range, not too technical. them.
     • [html] Beenden von Systemdiensten Best (german) article on how to close all Windows 2000 and Windows XP Ports. <Frank Kaune>
     • [html] Capabilities Links Random Links from Jörg Bornschein on Capabilities.
3. Link lists, IT-Security Projects
   • [html] Security and Encryption-related Resources and Links this is a extremely long, complete and good list by Peter Gutmann with mirrors: (UK 1,autoupdate) (UK 2,manual update) (US, self extracting DOS)
   • [html] Security in Usage of Online Service (SINUS) an der UNI ZH.
   • [html] Matt's Unix Security Page
   • [html] debwall - Firewalls based on Debian GNU/Linux
   • [html] Unix Network Monitoring Tools
   • [html] EFF "Security/Computer Security" Archive interesting technical and political papers and links
   • [html] SRP Secure Remote Password Project in Stanford
   • [html] Computer Security Information by Jessica Kelley
   • [html] COAST Hotlist: Computer Security, Law & Privacy
   • [html] Pretty Secure Linux will create a pretty secure Linux Distribution
   • [html] The NAT Page lists some NAT-able Solutions
   • [html] NT and Unix Integration Solutions for Account and Password sharing
   • [html] Unix Guru Universe A lot of useful Links for Unix System Administrators
   • [html] CERIAS Purdue University's Center for Education and Research in Information Assurance and Security
   • [html] SecurityPortal commercial portal site about security (jobs, products, research, news)
   • [html] Security Search Engine new commercial search engine and security portal site
   • [html] AVERT Virus Alert
   • [html] Sicherheit-Im-Internet Sicherheit in der Informationsgesellschaft, eine Initiative des Bundesministeriums für Wirtschaft und Technologie, des Bundesministeriums des Inneren und des BSI (German)
   • [html] Bifrost Network Project Project building a Linux Appliance Firewall
   • [html] eXRoads Security Section on this Search Engine
   • [html] Cryptonomicon.net Web Log with events and news from the Crypto scene.
   • [html] Building Debian Firewalls Articles on how to configure Debian for Firewalling and Security Servers.
4. Security- and Hacker- Organizations
   • [html] IBM ERS Security Links
   • [html] CERT
   • [html] Rootshell H/P/A Organization with always new exploits
   • [html] rhino9 H/P/A Organization with interesting packages
   • [html] 2600 Magazine H/P/A Magazine (hosting the Phrack eZine, too)
   • [html] Bugtraq BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities.
   • [ftp] ADM CreW FTP Directory with files from the ADM CreW (Exploits, Scanners, Papers)
   • [html] Cult Of The Dead Cow An Organization well know for their "Back Orifice" Tool
   • [html] DEF CON Conventions of the computer underground, anually in Las Vegas
   • [html] Rhino9 H/P/A which offers among others a cool win share scanner with brute-force password attack
   • [html] !Hispahack H/P/A hosted in the domain of the CCC, pages in hispanic.
   • [html] GHA Surf to a group called German Hacker Organization
   • [html] HNN - Hacker News Network "Our first mission is to deliver the real news from the computer underground for the computer underground. The reporting will not be dumbed down to match the computer illiteracy of the average TV viewer.
     Our second mission is to report the activities of the underground without the biases of the mainstream media. You will not see the terms "hacker" and "criminal" used interchangeably, nor the phrases "brilliant misguided youth" and "script kiddie"."
   • [html] Packet Storm Kroll-O'Gara Information Security Group took this over from Ken Williams. Its a commercial maintained site but with Freeware in it.
   • [html] PHI H/P/A: Protecting Hackers International support for new hackers
   • [html] Columbia 2032 H/P/A Group with a eZine
   • [html] dmoz: Computer:Security:Firewalls largest human edited directory of the web
   • [html] THC: The Hacker's choice security specialists united

  Send News to