From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search


Links to helpful or interesting information security documents.

Simple Traffic Analysis with Ethereal
This paper describes how to use the Ethereal Display Filter to examine a capture log file. The data analyzed was recorded by port and the amount of packet traffic received. The attack patterns that emerged from the data analysis generally correspond with well published vulnerabilities from expected open ports on a server. Attackers also seem to have a variety of ways to get a server and or firewall to acknowledge traffic and verify a potential target.

A Study In Scarlet: Exploiting Common Vulnerabilities in PHP Applications
This paper discusses common security vulnerabilities in PHP applications.

Advanced SQL Injection In SQL Server Applications (PDF)
This excellent paper by Next Generation Security Software discusses common SQL injection techniques used to subvert Web-based applications that rely on backend SQL databases, as well as protection mechanisms that can be implemented. Although the examples given are specific to Microsoft SQL Server, the principles apply to any SQL database.

American Bar Association Digital Signature Guidelines
These Digital Signature Guidelines have been drafted by the Information Security Committee of the Electronic Commerce Division, Section of Science and Technology of the American Bar Association. The Committee explores legal and information security aspects of electronic commerce and other issues related to information technology. The Information Security Committee is comprised of lawyers, government policy and management professionals, information technology and security professionals, notaries from various legal systems, trade facilitation experts, and others.

Auditing Firewalls: A Practical Guide
Offers advice on the how and why of auditing firewalls, including a discussion of policy, design, audit, and tools.

Basic Steps in Forensic Analysis of UNIX Systems
Considerations for conducting a successful forensic analysis of compromised UNIX systems.

Best Practice Active Directory Design for Managing Windows Networks
This document focuses on Windows 2000 Active Directory Forest design and structure. Although not a security-specific document, this paper does offer useful guidance on determining which Active Directory trust model is appropriate for an organization.

Delivering eBusiness Solutions: Creating Secure Software (PDF)
This paper is intended to help developers understand how different coding errors can be exploited by an attacker to gain unauthorized access to a computer system. In addition, design considerations for minimizing the impact of such errors is discussed.

Frequently Seen Ports And Their Meaning
List of frequently seen TCP and UDP ports and what they mean. The goal of this port table is to point to further resources for more information.

Guide to Developing Computing Policy Documents
Part of the System Administration Guild (SAGE) series of publications entitled Short Topics in System Administration. The booklet provides justifications for why a site needs policies and suggests what a policy document should contain. Contains a useful template for a computing policy document.

Hack Proofing Lotus Domino
This paper details how attackers can subvert a Lotus Notes database through Lotus Domino, as well as how to mitigate the risk.

Home Network Security
This document, provided by CERT, gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always-on" or broadband access services (such as cable modems and DSL). Much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem).

How to Write Secure Code
In the process of writing and auditing their code, the Shmoo Group has become increasingly upset at the lack of documentation about writing secure code. To try and fix that, and hopefully make life easier for others in the process, they've compiled a list of secure coding resources that they've stumbled across.

Improving Security on Cisco Routers
This document is an informal discussion of some Cisco configuration settings that network administrators should consider changing on their routers, especially on their border routers, in order to improve security. This document is about basic, "boilerplate" configuration items that are almost universally applicable in IP networks, and about a few unexpected items of which you should be aware.

Introduction To Network Security
Network security is a complicated subject, historically only tackled by well-trained and experienced experts. However, as more and more people become "wired", an increasing number of people need to understand the basics of security in a networked world. This document was written with the basic computer user and information systems manager in mind, explaining the concepts needed to read through the hype in the marketplace and understand risks and how to deal with them.

NIST Special Publication 800-12 An Introduction to Computer Security: The NIST Handbook
This Handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations. It is recognized that the computer security field continues to evolve.

NIST Special Publication 800-XX Internet Security Policy: A Technical Guide
Developed to provide organizations with guidance on how to create a coherent Internet-specific information security policy. Addresses the most critical current topics and provides sample policy statements for low-, medium-, and high-risk environments.

Ports And Protocols Used By Microsoft Windows Products
Ports and protocols commonly used by Microsoft products, including Windows 2000, Windows NT, Windows Terminal Server, and Exchange.

Ports Used By Trojan Horse Programs
This chart lists the TCP and UDP port numbers frequently associated with common trojan horse programs.

Rootkits: Hiding a Successful System Compromise
This paper provides a general treatment of UNIX rootkits, including background on what rootkits are, how they operate, how they can be detected, and how placement of rootkits can be prevented. This paper is targetted towards entry to mid-level security and system administrators.

SANS How To Eliminate The Ten Most Critical Internet Security Threats
This list documents the ten most often exploited Internet security flaws along with the actions needed to rid systems of these vulnerabilities.

SANS Model Security Policies
Compiled by Michele Crabb-Guel as part of her classic SANS course on "Building An Effective Security Infrastructure."

Safeguarding Your Technology: Practical Guidelines for Electronic Education
A well-organized handbook developed by the National Center for Education Statistics and discussing a variety of security issues.

Secure Programming for Linux and UNIX HOWTO
This book provides a set of design and implementation guidelines for writing secure programs for Linux and UNIX systems. Specific guidelines for C, C++, Java, Perl, Python, TCL, and Ada95 are included.

Security Aspects of Napster and Gnutella
A presentation by noted Internet security expert Steven Bellovin on the security impacts of Napster and Gnutella.

Security Code Review Guidelines
Before security-related programs are deployed, the source code should should be reviewed for deficiencies in the areas of security, reliability, and operations. This document is dual purposed; first it is a guideline and checklist for security groups performing the code review; second, it is an attempt to provide development teams with information about what is being looked for in a review.

Site Security Handbook -- RFC 1244 July 1991
The original version of the Site Security Handbook. While this version has been replaced by RFC 2196 and much of its information is dated, it still contains some useful discussion related to policy issues.

Site Security Handbook -- RFC 2196 September 1997
Very useful guide to developing computer security policies and procedures for sites that have systems on the Internet. Subjects covered include policy content and format, technical discussions of the more common vulnerabilities faced today, suggested policy countermeasures, and incident response planning. An excellent list of references is also included.

Suggested Methods of Using PHP Securely
PHP is a simple scripting language that allows developers to quickly integrate active content into their Web application. This document offers suggestions for avoiding common PHP security issues.

System Security: A Management Perspective
Another booklet in the SAGE series, this publication discusses many of the activities that are required to support a security policy development effort such as security planning, identifying threats and assets, and evaluating effectiveness of safeguards.

User’s Security Handbook -- RFC 2504 February 1999
This document is intended as a companion to the Site Security Handbook. It presents hints and guidelines and do’s and don’ts for end users to keep their networks and systems secure.