by Bernd Eckenfels, firstname.lastname@example.org,
2002-01-27 for Freefire.org
This is a list of IT-Security resources on Freefire.org
The following topics have their own page on frefire.org:
- Operating System and Application Hardening, Secure Configuration,
- What is Free?
- [html] GNU
GNU's Not Unix! The Free Software Foundation.
- [html] Open Source
The Open Source Initiative
- [html] Freshmeat
New Linux Software
- General Firewall and Security Information
- Risks, Policy, Procedures, Contingency Planning
This questionair for US agencies developed and maintained by NIST
ASSET by CSRC is a good starting point for baseline security, even
if you are not a governmental institution. This questionair is
especially interesting, since there is a Windows Public Domain tool
available to answer the questions and generate various reports (NIST
ASSET). See the ITL Buletin: Security Self-Assessment ([html)
for a short introduction.
ITL Buletin: Contingency Planning
This buletin is an introduction to the topic of contingency planning
and a short summary of the NIST Special Publication 800-34
Contingency Planning Guide for IT Systems ([PDF]).
ITL Buletin: Risk Management
This buletin is an introduction to the topic of risk management and
a short summary of the NIST Special Publication 800-30 Risk
Management Guide For Information Technology Systems ([PDF]).
IT-Standards: BS-7799 & ISO-17799
Overview from isosecuritysolutions.com on those management system
- Security Analysis / Pen Testing
Open Source Security Testing Methodology Manual.
- Vulnerabilities and Advisories
Common Vulnerabilities and Exposures: CVE aims to standardize the
names for all publicly known vulnerabilities and security exposures.
Open Source Vulnerability Database
The OSVDB is a community project to collect OS and Application
Vulnerabilities. The Database is freely available.
- [html] Internet Firewalls: Frequently Asked Questions (comp.security.firewalls)
- [html] Linux Firewall-HOWTO
- [html] Reflections on Trusting Trust from Ken Thompson
- [html] Unofficial TEMPEST reduce electromagnetic emanations
- [html] Pages on cryptology from Werner Koch (GNU PG)
- [html] Firewall Evaluation Checklists for commercial products
- [html] DCOM with Firewalls
The protocol and how it can be used through firewalls
from Michael Nelson.
- [html] The Rotherwick Firewall Resource - Point of Attack
- [html] The Risks of Key Recovery
- [html] Networking References
big site for Network Professionals from Irwin Lazar (including the TCP/IP FAQ)
- [html] Linux Security KB on
SecurityPortal from the former author of the Redhat Security Cookbook
- [html] CERTs security improvement
Improving the Security of Networked Systems
- [html] Securing Internet Information Servers
- [html] SSL certificates
overview of SSL certification using SSLeay package
- [html] Excerpts from the CSI Editorial Archive
a lot of IT-Security articles
- [html] Hardening Page
Some simple instructions to make a Unix System more secure
- [html] TAMUs security solution
on the drawbridge web site you can read about the solutions TAMU is using for security.
- [html] Hardening NT
and other documents (Spoofing, C2, FTP Bounce, Netbios) on networkcommand.com
- [html] securing BIND 4.x and 8.x
running the Name service Daemon in chroot() environment
- [html] ircbounce
how-to for using bnc a IRC bounce (port redirector) program
- [html] Netscape Certs
specification on certificates from Netscape
- [html] Creating Redundant Linux Servers
a paper (including some information on how to use fake)
- [html] E-Mail security through procmail
a paper with samples
- [html] (German) all about GAK,ADK,CMR,KRA,TIS,NAI
Kai Raven is giving some info on Cooperate Message Recovery in PGP and the effects of this.
- [html] Microsoft Security Advisor
including the famous Bulletins :)
- [html] FWTK FAQ
A lot of information and the Patches for transparent support
- [ftp] Tishina Security Archives
- [html] Encryption and Compression at CORA
the Computer Science Research Paper Search Engine
- [html] Astalavista
daily updated search engine for computer security related material.
- [html] Disinformation
"DisInformation was designed to be the search service of choice for
individuals looking for information on current affairs, politics, new
science and the 'hidden information,' that seldom seems to slip through the cracks
of the corporate owned media conglomerates."
- [html] The Insider
The Journal for Resource Protection Professionals (by www.ticm.com)
- [html] NT Security - Frequently Asked Questions
- [html] Linux VPN Masquerading page by John Hardin about masquerading GRE PPT and IPsec clients/servers
- [html] S/Key and other Tokens on Palm Pilot by Tramm Huson
- [html] FW1 FAQ by PhoneBoy
- [html] Firewall Handbuch für Linux 2.2 in German by Guido Stepken
- [html] Common Criteria Project
Here you will find the latest information about the Common Criteria for IT Security
Evaluation (CC), plus CC-related documents made available for information and public
comment. Other documents that bear on the development of internationally-accepted
standards for IT security functional and assurance requirements and evaluation will also be
posted or linked from time to time.
- [html] BSI
the German "Bundesamt für Sicherheit in der Informationstechnik".
Useful information (mostly German): Firewall Reviews, IT Grundschutzhandbuch
- [html] Building a Windows NT bastion host in practice
paper by Stefan Norberg
- [html] Lance Spitzner's Whitepapers and Publications
a good Starting point to read. The "Know Your Enemy" lets you
understand the tools and methodologies of the black hats. Some more papers on
Armoring Linux, Solaris and NT and also stuff about FW1.
- [html] The Linux Administrator's Security Guide
- [html] Unix Security
collection of papers and a link list from Matthew Deter.
- [html] DoS Analysis
David Dittrich's excellent analysis of different distributed DoS Tools and some talks about Unix Security, TCP/IP Vulnerabilities and Information Security.
- [txt] Share Firewalls (paper)
- shared firewalls (ISP based) vulnerabilities by email@example.com
- [html] SG24-4564-00 Safe Surfing: How to Build a Secure WWW
- [html] GG24-4433-00 Elements of Security: AIX 4.1
- [html] SG24-2577-02 Protect and Survive Using IBM Firewall 3.1 for AIX
- [html] Building a Bastion Host Using HP-UX Kevin Steves, HP Consulting, Sweden
- [txt] RFC2828 Internet Security Glossary
- [html] Whitehats Network Security Resource
- [html] de.comp.security.firewall FAQ
German Firewalls FAQ from Lutz Donnerhacke
- [html] WWW Security FAQ maintained at THE W3C
- [html] VNC over SSH for Windows and Unix
- [html] Netmeeting masqueraded
German How-to masquerade Netmeeting PCs behind a Linux Box
- [pdf] Ultimate Network Security Device
Risk Based NT Config Windows NT Security Checklist that is designed
to provide security administrators with a method of configuring an
installation based on the agreed security risk profile of the target system.
The security configuration document divides recommendations
into levels "Premium", "Standard", and "Basic". -Leigh Purdie,
- [html] Gateway
Certification Guide for the Australian Defense Signals Directorate.
Complete Guide covering Risk Assessment, Policy Development, Design,
Management and Certification.
- [html] PROTOS
Security Testing of Protocol Implementations (e.g. LDAP, WAP), good basics
on Vulnerabilities in Network Protocols.
- [html] Mixter's Security Whitepapers educate
yourself with Mixter's excellent Security Papers. (German Version)
- [html] SANS resources
Some articles about security, for example the NSA Glossary of Terms used in
Security and Incident Handling.
- [html] 8wire > security
"Online Resource for the Networking Profesional". Covers a broad range, not
- [html] Beenden von Systemdiensten
Best (german) article on how to close all Windows 2000 and Windows XP Ports.
- [html] Capabilities Links
Random Links from Jörg Bornschein on Capabilities.
- Link lists, IT-Security Projects
- [html] Security and Encryption-related Resources and Links
this is a extremely long, complete and good list by
(UK 2,manual update)
(US, self extracting DOS)
- [html] Security in Usage of Online Service (SINUS) an der UNI ZH.
- [html] Matt's Unix Security Page
- [html] debwall - Firewalls based on Debian GNU/Linux
- [html] Unix Network Monitoring Tools
- [html] EFF "Security/Computer Security" Archive
interesting technical and political papers and links
- [html] SRP
Secure Remote Password Project in Stanford
- [html] Computer Security Information
by Jessica Kelley
- [html] COAST Hotlist:
Computer Security, Law & Privacy
- [html] Pretty Secure Linux
will create a pretty secure Linux Distribution
- [html] The NAT Page
lists some NAT-able Solutions
- [html] NT and Unix Integration
Solutions for Account and Password sharing
- [html] Unix Guru Universe
A lot of useful Links for Unix System Administrators
- [html] CERIAS
Purdue University's Center for Education and Research in Information Assurance and Security
- [html] SecurityPortal commercial portal site about security (jobs, products, research, news)
- [html] Security Search Engine new commercial search engine and security portal site
- [html] AVERT Virus Alert
- [html] Sicherheit-Im-Internet
Sicherheit in der Informationsgesellschaft,
eine Initiative des Bundesministeriums für Wirtschaft und Technologie, des
Bundesministeriums des Inneren und des BSI (German)
- [html] Bifrost Network Project
Project building a Linux Appliance Firewall
- [html] eXRoads Security Section on this Search Engine
- [html] Cryptonomicon.net
Web Log with events and news from the Crypto scene.
- [html] Building Debian Firewalls
Articles on how to configure Debian for Firewalling and Security Servers.
- Security- and Hacker- Organizations
- [html] IBM ERS Security Links
- [html] CERT
- [html] Rootshell
H/P/A Organization with always new exploits
- [html] rhino9
H/P/A Organization with interesting packages
- [html] 2600 Magazine
H/P/A Magazine (hosting the Phrack eZine, too)
- [html] Bugtraq
BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities.
- [ftp] ADM CreW
FTP Directory with files from the ADM CreW (Exploits, Scanners, Papers)
- [html] Cult Of The Dead Cow
An Organization well know for their "Back Orifice" Tool
- [html] DEF CON
Conventions of the computer underground, anually in Las Vegas
- [html] Rhino9
H/P/A which offers among others a cool win share scanner with brute-force password attack
- [html] !Hispahack
H/P/A hosted in the domain of the CCC, pages in hispanic.
- [html] GHA
Surf to a group called German Hacker Organization
- [html] HNN - Hacker News Network
"Our first mission is to deliver the real news from the computer underground for the computer underground. The reporting will not be dumbed down to match the computer illiteracy of the average TV viewer.
Our second mission is to report the activities of the underground without the biases of the mainstream media. You will not see the terms "hacker" and "criminal" used interchangeably, nor the phrases "brilliant misguided youth" and "script kiddie"."
- [html] Packet Storm
Kroll-O'Gara Information Security Group took this over from Ken Williams.
Its a commercial maintained site but with Freeware in it.
- [html] PHI H/P/A: Protecting Hackers International
support for new hackers
- [html] Columbia 2032 H/P/A Group with a eZine
- [html] dmoz: Computer:Security:Firewalls largest human edited directory of the web
- [html] THC: The Hacker's choice security specialists united
© Copyright 2001, Bernd Eckenfels, firstname.lastname@example.org, Germany
History of Changes: changes.txt