References:: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
Links to helpful or interesting information security documents.<br> | Links to helpful or interesting information security documents.<br> | ||
<br> | <br> | ||
:'''A Study In Scarlet: Exploiting Common Vulnerabilities in PHP Applications'''<br> | :[[Simple Traffic Analysis with Ethereal:|'''Simple Traffic Analysis with Ethereal''']]<br> | ||
:This paper describes how to use the Ethereal Display Filter to examine a capture log file. The data analyzed was recorded by port and the amount of packet traffic received. The attack patterns that emerged from the data analysis generally correspond with well published vulnerabilities from expected open ports on a server. Attackers also seem to have a variety of ways to get a server and or firewall to acknowledge traffic and verify a potential target.<br> | |||
:[[Media:simple-ethereal-analysis.pdf]] | |||
<br> | |||
:'''[[A Study In Scarlet: Exploiting Common Vulnerabilities in PHP Applications]]'''<br> | |||
:This paper discusses common security vulnerabilities in PHP applications.<br> | :This paper discusses common security vulnerabilities in PHP applications.<br> | ||
<br> | <br> | ||
:'''Advanced SQL Injection In SQL Server Applications (PDF)'''<br> | :'''[[Advanced SQL Injection In SQL Server Applications (PDF)]]'''<br> | ||
:This excellent paper by Next Generation Security Software discusses common SQL injection techniques used to subvert Web-based applications that rely on backend SQL databases, as well as protection mechanisms that can be implemented. Although the examples given are specific to Microsoft SQL Server, the principles apply to any SQL database.<br> | :This excellent paper by Next Generation Security Software discusses common SQL injection techniques used to subvert Web-based applications that rely on backend SQL databases, as well as protection mechanisms that can be implemented. Although the examples given are specific to Microsoft SQL Server, the principles apply to any SQL database.<br> | ||
<br> | <br> | ||
:'''American Bar Association Digital Signature Guidelines'''<br> | :'''[[American Bar Association Digital Signature Guidelines]]'''<br> | ||
:These Digital Signature Guidelines have been drafted by the Information Security Committee of the Electronic Commerce Division, Section of Science and Technology of the American Bar Association. The Committee explores legal and information security aspects of electronic commerce and other issues related to information technology. The Information Security Committee is comprised of lawyers, government policy and management professionals, information technology and security professionals, notaries from various legal systems, trade facilitation experts, and others.<br> | :These Digital Signature Guidelines have been drafted by the Information Security Committee of the Electronic Commerce Division, Section of Science and Technology of the American Bar Association. The Committee explores legal and information security aspects of electronic commerce and other issues related to information technology. The Information Security Committee is comprised of lawyers, government policy and management professionals, information technology and security professionals, notaries from various legal systems, trade facilitation experts, and others.<br> | ||
<br> | <br> | ||
:'''Auditing Firewalls: A Practical Guide'''<br> | :'''[[Auditing Firewalls: A Practical Guide]]'''<br> | ||
:Offers advice on the how and why of auditing firewalls, including a discussion of policy, design, audit, and tools.<br> | :Offers advice on the how and why of auditing firewalls, including a discussion of policy, design, audit, and tools.<br> | ||
<br> | <br> | ||
:'''Basic Steps in Forensic Analysis of UNIX Systems'''<br> | :'''[[Basic Steps in Forensic Analysis of UNIX Systems]]'''<br> | ||
:Considerations for conducting a successful forensic analysis of compromised UNIX systems.<br> | :Considerations for conducting a successful forensic analysis of compromised UNIX systems.<br> | ||
<br> | <br> | ||
:'''Best Practice Active Directory Design for Managing Windows Networks'''<br> | :'''[[Best Practice Active Directory Design for Managing Windows Networks]]'''<br> | ||
:This document focuses on Windows 2000 Active Directory Forest design and structure. Although not a security-specific document, this paper does offer useful guidance on determining which Active Directory trust model is appropriate for an organization.<br> | :This document focuses on Windows 2000 Active Directory Forest design and structure. Although not a security-specific document, this paper does offer useful guidance on determining which Active Directory trust model is appropriate for an organization.<br> | ||
<br> | <br> | ||
:'''Delivering eBusiness Solutions: Creating Secure Software (PDF)'''<br> | :'''[[Delivering eBusiness Solutions: Creating Secure Software (PDF)]]'''<br> | ||
:This paper is intended to help developers understand how different coding errors can be exploited by an attacker to gain unauthorized access to a computer system. In addition, design considerations for minimizing the impact of such errors is discussed.<br> | :This paper is intended to help developers understand how different coding errors can be exploited by an attacker to gain unauthorized access to a computer system. In addition, design considerations for minimizing the impact of such errors is discussed.<br> | ||
<br> | <br> | ||
:'''Frequently Seen Ports And Their Meaning'''<br> | :'''[[Frequently Seen Ports And Their Meaning]]'''<br> | ||
:List of frequently seen TCP and UDP ports and what they mean. The goal of this port table is to point to further resources for more information.<br> | :List of frequently seen TCP and UDP ports and what they mean. The goal of this port table is to point to further resources for more information.<br> | ||
<br> | <br> | ||
:'''Guide to Developing Computing Policy Documents'''<br> | :'''[[Guide to Developing Computing Policy Documents]]'''<br> | ||
:Part of the System Administration Guild (SAGE) series of publications entitled Short Topics in System Administration. The booklet provides justifications for why a site needs policies and suggests what a policy document should contain. Contains a useful template for a computing policy document.<br> | :Part of the System Administration Guild (SAGE) series of publications entitled Short Topics in System Administration. The booklet provides justifications for why a site needs policies and suggests what a policy document should contain. Contains a useful template for a computing policy document.<br> | ||
<br> | <br> | ||
:'''Hack Proofing Lotus Domino'''<br> | :'''[[Hack Proofing Lotus Domino]]'''<br> | ||
:This paper details how attackers can subvert a Lotus Notes database through Lotus Domino, as well as how to mitigate the risk.<br> | :This paper details how attackers can subvert a Lotus Notes database through Lotus Domino, as well as how to mitigate the risk.<br> | ||
<br> | <br> | ||
:'''Home Network Security'''<br> | :'''[[Home Network Security]]'''<br> | ||
:This document, provided by CERT, gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always-on" or broadband access services (such as cable modems and DSL). Much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem).<br> | :This document, provided by CERT, gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always-on" or broadband access services (such as cable modems and DSL). Much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem).<br> | ||
<br> | <br> | ||
:'''How to Write Secure Code'''<br> | :'''[[How to Write Secure Code]]'''<br> | ||
:In the process of writing and auditing their code, the Shmoo Group has become increasingly upset at the lack of documentation about writing secure code. To try and fix that, and hopefully make life easier for others in the process, they've compiled a list of secure coding resources that they've stumbled across.<br> | :In the process of writing and auditing their code, the Shmoo Group has become increasingly upset at the lack of documentation about writing secure code. To try and fix that, and hopefully make life easier for others in the process, they've compiled a list of secure coding resources that they've stumbled across.<br> | ||
<br> | <br> | ||
:'''Improving Security on Cisco Routers'''<br> | :'''[[Improving Security on Cisco Routers]]'''<br> | ||
:This document is an informal discussion of some Cisco configuration settings that network administrators should consider changing on their routers, especially on their border routers, in order to improve security. This document is about basic, "boilerplate" configuration items that are almost universally applicable in IP networks, and about a few unexpected items of which you should be aware.<br> | :This document is an informal discussion of some Cisco configuration settings that network administrators should consider changing on their routers, especially on their border routers, in order to improve security. This document is about basic, "boilerplate" configuration items that are almost universally applicable in IP networks, and about a few unexpected items of which you should be aware.<br> | ||
<br> | <br> | ||
:'''Introduction To Network Security'''<br> | :'''[[Introduction To Network Security]]'''<br> | ||
:Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become "wired", an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.<br> | :Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become "wired", an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.<br> | ||
<br> | <br> | ||
:'''NIST Special Publication 800-12 An Introduction to Computer Security: The NIST Handbook'''<br> | :'''[[NIST Special Publication 800-12 An Introduction to Computer Security: The NIST Handbook]]'''<br> | ||
:This Handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. It is recognized that the computer security field continues to evolve.<br> | :This Handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. It is recognized that the computer security field continues to evolve.<br> | ||
<br> | <br> | ||
:'''NIST Special Publication 800-XX Internet Security Policy: A Technical Guide'''<br> | :'''[[NIST Special Publication 800-XX Internet Security Policy: A Technical Guide]]'''<br> | ||
:Developed to provide organizations with guidance on how to create a coherent Internet-specific information security policy. Addresses the most critical current topics and provides sample policy statements for low-, medium-, and high-risk environments.<br> | :Developed to provide organizations with guidance on how to create a coherent Internet-specific information security policy. Addresses the most critical current topics and provides sample policy statements for low-, medium-, and high-risk environments.<br> | ||
<br> | <br> | ||
:'''Ports And Protocols Used By Microsoft Windows Products'''<br> | :'''[[Ports And Protocols Used By Microsoft Windows Products]]'''<br> | ||
:Ports and protocols commonly used by Microsoft products, including Windows 2000, Windows NT, Windows Terminal Server, and Exchange.<br> | :Ports and protocols commonly used by Microsoft products, including Windows 2000, Windows NT, Windows Terminal Server, and Exchange.<br> | ||
<br> | <br> | ||
:'''Ports Used By Trojan Horse Programs'''<br> | :'''[[Ports Used By Trojan Horse Programs]]'''<br> | ||
:This chart lists the TCP and UDP port numbers frequently associated with common trojan horse programs.<br> | :This chart lists the TCP and UDP port numbers frequently associated with common trojan horse programs.<br> | ||
<br> | <br> | ||
:'''Rootkits: Hiding a Successful System Compromise'''<br> | :'''[[Rootkits: Hiding a Successful System Compromise]]'''<br> | ||
:This paper provides a general treatment of UNIX rootkits, including background on what rootkits are, how they operate, how they can be detected, and how placement of rootkits can be prevented. This paper is targetted towards entry to mid-level security and system administrators.<br> | :This paper provides a general treatment of UNIX rootkits, including background on what rootkits are, how they operate, how they can be detected, and how placement of rootkits can be prevented. This paper is targetted towards entry to mid-level security and system administrators.<br> | ||
<br> | <br> | ||
:'''SANS How To Eliminate The Ten Most Critical Internet Security Threats'''<br> | :'''[[SANS How To Eliminate The Ten Most Critical Internet Security Threats]]'''<br> | ||
:This list documents the ten most often exploited Internet security flaws along with the actions needed to rid systems of these vulnerabilities.<br> | :This list documents the ten most often exploited Internet security flaws along with the actions needed to rid systems of these vulnerabilities.<br> | ||
<br> | <br> | ||
:'''SANS Model Security Policies'''<br> | :'''[[SANS Model Security Policies]]'''<br> | ||
:Compiled by Michele Crabb-Guel as part of her classic SANS course on "Building An Effective Security Infrastructure."<br> | :Compiled by Michele Crabb-Guel as part of her classic SANS course on "Building An Effective Security Infrastructure."<br> | ||
<br> | <br> | ||
:'''Safeguarding Your Technology: Practical Guidelines for Electronic Education'''<br> | :'''[[Safeguarding Your Technology: Practical Guidelines for Electronic Education]]'''<br> | ||
:A well-organized handbook developed by the National Center for Education Statistics and discussing a variety of security issues.<br> | :A well-organized handbook developed by the National Center for Education Statistics and discussing a variety of security issues.<br> | ||
<br> | <br> | ||
:'''Secure Programming for Linux and UNIX HOWTO'''<br> | :'''[[Secure Programming for Linux and UNIX HOWTO]]'''<br> | ||
:This book provides a set of design and implementation guidelines for writing secure programs for Linux and UNIX systems. Specific guidelines for C, C++, Java, Perl, Python, TCL, and Ada95 are included.<br> | :This book provides a set of design and implementation guidelines for writing secure programs for Linux and UNIX systems. Specific guidelines for C, C++, Java, Perl, Python, TCL, and Ada95 are included.<br> | ||
<br> | <br> | ||
:'''Security Aspects of Napster and Gnutella'''<br> | :'''[[Security Aspects of Napster and Gnutella]]'''<br> | ||
:A presentation by noted Internet security expert Steven Bellovin on the security impacts of Napster and Gnutella.<br> | :A presentation by noted Internet security expert Steven Bellovin on the security impacts of Napster and Gnutella.<br> | ||
<br> | <br> | ||
:'''Security Code Review Guidelines'''<br> | :'''[[Security Code Review Guidelines]]'''<br> | ||
:Before security-related programs are deployed, the source code should should be reviewed for deficiencies in the areas of security, reliability, and operations. This document is dual purposed; first it is a guideline and checklist for security groups performing the code review; second, it is an attempt to provide development teams with information about what is being looked for in a review.<br> | :Before security-related programs are deployed, the source code should should be reviewed for deficiencies in the areas of security, reliability, and operations. This document is dual purposed; first it is a guideline and checklist for security groups performing the code review; second, it is an attempt to provide development teams with information about what is being looked for in a review.<br> | ||
<br> | <br> | ||
:'''Site Security Handbook -- RFC 1244 July 1991'''<br> | :'''[[Site Security Handbook -- RFC 1244 July 1991]]'''<br> | ||
:The original version of the Site Security Handbook. While this version has been replaced by RFC 2196 and much of its information is dated, it still contains some useful discussion related to policy issues.<br> | :The original version of the Site Security Handbook. While this version has been replaced by RFC 2196 and much of its information is dated, it still contains some useful discussion related to policy issues.<br> | ||
<br> | <br> | ||
:'''Site Security Handbook -- RFC 2196 September 1997'''<br> | :'''[[Site Security Handbook -- RFC 2196 September 1997]]'''<br> | ||
:Very useful guide to developing computer security policies and procedures for sites that have systems on the Internet. Subjects covered include policy content and format, technical discussions of the more common vulnerabilities faced today, suggested policy countermeasures, and incident response planning. An excellent list of references is also included.<br> | :Very useful guide to developing computer security policies and procedures for sites that have systems on the Internet. Subjects covered include policy content and format, technical discussions of the more common vulnerabilities faced today, suggested policy countermeasures, and incident response planning. An excellent list of references is also included.<br> | ||
<br> | <br> | ||
:'''Suggested Methods of Using PHP Securely'''<br> | :'''[[Suggested Methods of Using PHP Securely]]'''<br> | ||
:PHP is a simple scripting language that allows developers to quickly integrate active content into their Web application. This document offers suggestions for avoiding common PHP security issues.<br> | :PHP is a simple scripting language that allows developers to quickly integrate active content into their Web application. This document offers suggestions for avoiding common PHP security issues.<br> | ||
<br> | <br> | ||
:'''System Security: A Management Perspective'''<br> | :'''[[System Security: A Management Perspective]]'''<br> | ||
:Another booklet in the SAGE series, this publication discusses many of the activities that are required to support a security policy development effort such as security planning, identifying threats and assets, and evaluating effectiveness of safeguards.<br> | :Another booklet in the SAGE series, this publication discusses many of the activities that are required to support a security policy development effort such as security planning, identifying threats and assets, and evaluating effectiveness of safeguards.<br> | ||
<br> | <br> | ||
:'''User’s Security Handbook -- RFC 2504 February 1999'''<br> | :'''[[User’s Security Handbook -- RFC 2504 February 1999]]'''<br> | ||
:This document is intended as a companion to the Site Security Handbook. It presents hints and guidelines and do’s and don’ts for end users to keep their networks and systems secure.<br> | :This document is intended as a companion to the Site Security Handbook. It presents hints and guidelines and do’s and don’ts for end users to keep their networks and systems secure.<br> | ||
<br> | <br> |
Latest revision as of 12:47, 25 April 2007
References
Links to helpful or interesting information security documents.
- Simple Traffic Analysis with Ethereal
- This paper describes how to use the Ethereal Display Filter to examine a capture log file. The data analyzed was recorded by port and the amount of packet traffic received. The attack patterns that emerged from the data analysis generally correspond with well published vulnerabilities from expected open ports on a server. Attackers also seem to have a variety of ways to get a server and or firewall to acknowledge traffic and verify a potential target.
- Media:simple-ethereal-analysis.pdf
- A Study In Scarlet: Exploiting Common Vulnerabilities in PHP Applications
- This paper discusses common security vulnerabilities in PHP applications.
- Advanced SQL Injection In SQL Server Applications (PDF)
- This excellent paper by Next Generation Security Software discusses common SQL injection techniques used to subvert Web-based applications that rely on backend SQL databases, as well as protection mechanisms that can be implemented. Although the examples given are specific to Microsoft SQL Server, the principles apply to any SQL database.
- American Bar Association Digital Signature Guidelines
- These Digital Signature Guidelines have been drafted by the Information Security Committee of the Electronic Commerce Division, Section of Science and Technology of the American Bar Association. The Committee explores legal and information security aspects of electronic commerce and other issues related to information technology. The Information Security Committee is comprised of lawyers, government policy and management professionals, information technology and security professionals, notaries from various legal systems, trade facilitation experts, and others.
- Auditing Firewalls: A Practical Guide
- Offers advice on the how and why of auditing firewalls, including a discussion of policy, design, audit, and tools.
- Basic Steps in Forensic Analysis of UNIX Systems
- Considerations for conducting a successful forensic analysis of compromised UNIX systems.
- Best Practice Active Directory Design for Managing Windows Networks
- This document focuses on Windows 2000 Active Directory Forest design and structure. Although not a security-specific document, this paper does offer useful guidance on determining which Active Directory trust model is appropriate for an organization.
- Delivering eBusiness Solutions: Creating Secure Software (PDF)
- This paper is intended to help developers understand how different coding errors can be exploited by an attacker to gain unauthorized access to a computer system. In addition, design considerations for minimizing the impact of such errors is discussed.
- Frequently Seen Ports And Their Meaning
- List of frequently seen TCP and UDP ports and what they mean. The goal of this port table is to point to further resources for more information.
- Guide to Developing Computing Policy Documents
- Part of the System Administration Guild (SAGE) series of publications entitled Short Topics in System Administration. The booklet provides justifications for why a site needs policies and suggests what a policy document should contain. Contains a useful template for a computing policy document.
- Hack Proofing Lotus Domino
- This paper details how attackers can subvert a Lotus Notes database through Lotus Domino, as well as how to mitigate the risk.
- Home Network Security
- This document, provided by CERT, gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always-on" or broadband access services (such as cable modems and DSL). Much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem).
- How to Write Secure Code
- In the process of writing and auditing their code, the Shmoo Group has become increasingly upset at the lack of documentation about writing secure code. To try and fix that, and hopefully make life easier for others in the process, they've compiled a list of secure coding resources that they've stumbled across.
- Improving Security on Cisco Routers
- This document is an informal discussion of some Cisco configuration settings that network administrators should consider changing on their routers, especially on their border routers, in order to improve security. This document is about basic, "boilerplate" configuration items that are almost universally applicable in IP networks, and about a few unexpected items of which you should be aware.
- Introduction To Network Security
- Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become "wired", an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.
- NIST Special Publication 800-12 An Introduction to Computer Security: The NIST Handbook
- This Handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. It is recognized that the computer security field continues to evolve.
- NIST Special Publication 800-XX Internet Security Policy: A Technical Guide
- Developed to provide organizations with guidance on how to create a coherent Internet-specific information security policy. Addresses the most critical current topics and provides sample policy statements for low-, medium-, and high-risk environments.
- Ports And Protocols Used By Microsoft Windows Products
- Ports and protocols commonly used by Microsoft products, including Windows 2000, Windows NT, Windows Terminal Server, and Exchange.
- Ports Used By Trojan Horse Programs
- This chart lists the TCP and UDP port numbers frequently associated with common trojan horse programs.
- Rootkits: Hiding a Successful System Compromise
- This paper provides a general treatment of UNIX rootkits, including background on what rootkits are, how they operate, how they can be detected, and how placement of rootkits can be prevented. This paper is targetted towards entry to mid-level security and system administrators.
- SANS How To Eliminate The Ten Most Critical Internet Security Threats
- This list documents the ten most often exploited Internet security flaws along with the actions needed to rid systems of these vulnerabilities.
- SANS Model Security Policies
- Compiled by Michele Crabb-Guel as part of her classic SANS course on "Building An Effective Security Infrastructure."
- Safeguarding Your Technology: Practical Guidelines for Electronic Education
- A well-organized handbook developed by the National Center for Education Statistics and discussing a variety of security issues.
- Secure Programming for Linux and UNIX HOWTO
- This book provides a set of design and implementation guidelines for writing secure programs for Linux and UNIX systems. Specific guidelines for C, C++, Java, Perl, Python, TCL, and Ada95 are included.
- Security Aspects of Napster and Gnutella
- A presentation by noted Internet security expert Steven Bellovin on the security impacts of Napster and Gnutella.
- Security Code Review Guidelines
- Before security-related programs are deployed, the source code should should be reviewed for deficiencies in the areas of security, reliability, and operations. This document is dual purposed; first it is a guideline and checklist for security groups performing the code review; second, it is an attempt to provide development teams with information about what is being looked for in a review.
- Site Security Handbook -- RFC 1244 July 1991
- The original version of the Site Security Handbook. While this version has been replaced by RFC 2196 and much of its information is dated, it still contains some useful discussion related to policy issues.
- Site Security Handbook -- RFC 2196 September 1997
- Very useful guide to developing computer security policies and procedures for sites that have systems on the Internet. Subjects covered include policy content and format, technical discussions of the more common vulnerabilities faced today, suggested policy countermeasures, and incident response planning. An excellent list of references is also included.
- Suggested Methods of Using PHP Securely
- PHP is a simple scripting language that allows developers to quickly integrate active content into their Web application. This document offers suggestions for avoiding common PHP security issues.
- System Security: A Management Perspective
- Another booklet in the SAGE series, this publication discusses many of the activities that are required to support a security policy development effort such as security planning, identifying threats and assets, and evaluating effectiveness of safeguards.
- User’s Security Handbook -- RFC 2504 February 1999
- This document is intended as a companion to the Site Security Handbook. It presents hints and guidelines and do’s and don’ts for end users to keep their networks and systems secure.