Related Courseware Sites
Avi Rubin's Courses on Network Security
Free Network Security eBooks
Georgia Tech Course on Network Security
MIT OpenCourseWare: Network and Computer Security
MIT Paper on Security Problems with Internet Architecture (pdf)
Portland State Univ. Course on Network Security
Univ. of TN Course on Computer and Network Security
Educational Sites
Alan Gahtan's Cyberlaw Encyclopedia
- good links
CARIS - Center for Advanced Research in
InfoSec at University of Illinois
CERIAS - Purdue's Center for
Education & Research in Information Assurance & Security
CERT/CC - Carnegie Mellon's Coordination
Center for Internet Security Expertise
C3S
Center for Computer & Communications Security - also
at Carnegie Mellon
Critical Infrastructure Project - joint project of George Mason & James
Madison U.
CISSP Certification - online study guides
available
Colleges with Courses in
Digital/Computer Forensics - from
E-Evidence Info Center
Complete List of College Crypto and
Security Courses - for U.S. and worldwide
Dartmouth College ISTS -
Institute for Security Technology Studies
George Mason University &
GMU
Technology & Law - an InfoSec Center & think tank
George Washington University
- Off-programs related to InfoSec
Georgia Tech Information Security Center
- College of Computing and Info Security Center
I3P
Institute for Information Infrastructure Protection - a consortium group at
Dartmouth
Indiana Univ. of PA -
Center of Excellence in Information Assurance
Institute of Police Technology -
popular Florida courses in computer crime investigation
ISS advICE -
database on infosec and anti-hacker techniques
ITLabsOnline - helpful resources found
here
John Hopkins Security Informatics Institute
- an industry-academe partnership
Kennesaw State Cybercrime Institute
- SCI Southeast Cybercrime Institute
MIT Lab for Computer Science &
Ron Rivest's Group - InfoSec and
Cryptography Pages
National Defense University - their many
Centers on Information and Technology
New York University Institute for Civil
Infrastructure Systems - joint project with Cornell et. al.
Oregon State Information Security
Laboratory - College of Computing, Math, & Engineering
Southwestern Comm.
College Cybercrime Technology Program - syllabi and
lecture
notes
Univ. of California Davis
- Computer Security Laboratory
UNC-Charlotte IT
course offerings - in security, privacy, and other topics
Univ.of New Haven - syllabi for two
or three courses usually available
Univ. of Tulsa - Center for Information
SecurityGovernment Sites
CERT (Computer Emergency Readiness Team) -
coordinates attacks against the nation
CIAO (Critical Infrastructure Assurance Office)
- coordinates top twenty list of vulnerabilities
DISA (Defense Information Systems Agency) -
Air Force, Army, & Navy IS
DOJ Cybercrime Bureau -
a department of Justice website with a kid's page
EC InfoSec home page -
European Commission InfoSec site
FedCIRC - great source for incident
notes and intrusion detection tips
FBI - the Federal Bureau of Investigation
InterPol - their Technocrime Prevention page, with checklist
Lawrence Livermore National Laboratory -
cutting edge research in energy science
Los Alamos National Laboratory -
futuristic applied research
NIPC (National Infrastructure Protection Center)
- Infraguard and where most incidents reported
Pacific Northwest National Laboratory -
technological innovation
GAO Cyber-Security Assessments - yearly risk
assessments in pdf and htm format
NIH Center for Security Information
- includes advisories and other links
NIST Computer Security Division and CSRC -
Department of Commerce sites
North Carolina InfraGard - our state
partnership and the National Chapter
NPS CISR - Navy Postgraduate School
Center for InfoSec Research
Office of Homeland Security -
America's newest cabinet level agency
Sandia National Laboratory - emerging
technologies that respond to national security threats
White House National Strategy to
Secure Cyberspace - the official strategy of the U.S.Industrial, Organization, or Private Sector Sites
CVE - Common Vulnerabilities and Exposures
from MITRE Corp.
Computer Security Institute -
a professional association that holds conferences
CyberSecurity Institute - a
biz site listing core competencies in computer forensics
E-Evidence Info - big list
of links in computer forensics
FIRST - a Forum of government, business, and
academic incident responders
Forensics NL - big list of computer
forensics and cybercrime resources
Infosyssec: The Security Portal for IT Professionals - a private think tank
Intense School - Microsoft's famous
"boot camps" for IT security professionals
Jane's Information Group/Security
Section - focus on terrorism and information technology
Markle Foundation National Security
Task Force - publishes good recommendations
Microsoft Research -
innovations in a variety of mathematically possible waysMicrosoft
Technet - be sure to see the Security>Bulletins and Support>Knowledge Base
MIS Training Institute - provides courses and
more in Audit and Information Security training
Mitretek Systems - a well-known
think tank in criminal justice engineering
National Security Institute - provider
with a lot of educational resources online
NIST List of Computer
Security Organizations - professional associations and conferences
RAND Corporation - a well known think tank in
public policy
SANS Institute - perhaps the
premiere cyber-defense institute; intrusion detection specialists
World Research Group - holders of training
workshops on computer forensicsIndividual Home Pages
Computer Forensics World - a
community of professionals
Dorothy Denning's home page
- Georgetown InfoSec guru
Fred Cohen's home page - a consultant's tools,
talks, and idea on strategic intelligence
George Smith's "Crypt" newsletter
- a self-styled computer security critic
Kent Anderson's PoliticalHacking
- a blog on politically motivated computer crime
Nathan Smith's Computer
Forensic Tech - another personal home page builder
Rik Farrow's Spirit.com - ports, firewalls,
and web server security advice
Ron Rivest's home page -
MIT's cryptography and security expert
The WWW security FAQ -
longtime Internet favoritePublisher Websites
Cipher - the IEEE Computer
Security newsletter
Computer Crime Research Center - a
daily news site about computer crime
CNet Builder Buzz: Server Insecurity - includes antihacker downloads
CyberEthics - website for the
book
Digital
Investigation - website for the journal with sample articles
Dr. Dobb's Journal - sophisticated tech
magazine for computer professionals
First Monday - a completely free online
scholarly journal about the Internet
Journal of Computer
Security's CS database - searchable bibliographies
Lists of Computer Forensics Books reviewed - by an Amazon.com member
MSNBC Technology Front Page
- Hacks, Attacks, Bugs, and Vulnerabilities
Network Magazine - sophisticated
tech magazine for enterprise solutions
Security in the News
- excellent, up-to-date newsletter out of Dartmouth
SC Magazine - largest
circulating InfoSec magazine and its
InfoSecurity News
Security Focus Magazine - tracks
vulnerabilities, bugs, glitches, and flaws
Thomson Course Technology - InfoSec
courseware and booksSpecialized Resources:
Authentication Issues
Granularity and Extensibility of Access Control - choosing a control scheme
Kerberos - the network
authentication scheme explained
Facial Biometrics / Recognition
- modern-day mugshots
International Biometric Group - an
international focal point
The Biometric Consortium - a focal point
for U.S. research and testing
The Face Recognition
Home Page - tutorials and resourcesEncryption Issues
Beginner's
Cryptography Page - keepers of the CryptRing
Cryptography:
Ron Rivest's MIT Site - pointers to other sites on the Web
Cryptography: The
Study of Encryption - a comprehensive mega-site on encryption
Cryptography and Liberty
- country-by-country policies on encryption
Data Encryption Techniques-
an overview for beginners
International Association for Cryptologic
Research - a professional association
TruSecure - an information security
assurance provider
ZDNet
Developer - their Backend Security section
RSA Security - a major player in the
crypto field
IP Level Encryption - discussion of an
emerging technology
S/MIME & PGP-a comparison of
the two technologiesHacking Issues
2600 Magazine - one of the oldest hacking
news sites on the Net
AntiOnline - hackers know your
weaknesses, shouldn't you?
AuditMyPC.com - free firewall tests and
port scans
Computer Undergroung Digest (Cu
Digest)- a popular magazine during the 90s
Digicrime - a full service criminal
computer hacking organization
Fyodor's Exploit World - an
archive of ALL the exploits
Hackers.Com - live hacker chats and security
tips
@Stake.com -security advisories from a
hacker's point of view
Nomad Mobile Research Centre - advisories,
FAQs, and files
Phrack Magazine - home page for the largest
IRC group of hackers
Root Shell - UNIX-based resource links
Infowarfare Issues
Al Fundaburk's
Infowarfare site - he used to work at NC Wesleyan
Institute for Advanced Study of Information Warfare- as
vicious-looking as it sounds
Infowar.com - a store, museum, archive,
and library all rolled into one Law and Legal isues
Berkeley Journal of
Computers and the Law-your basic law school journal
Copyright and
Multimedia Law - a fascinating topic and website
Crypto Law Survey
- a dissertation on the law enforcement problems of cryptography
Cyberspace Law
- article abstracts viewable only
Electronic Frontier Foundation - a major
player on cyberspace issues
Government Crypto Policy -
Center for Democracy and Technology
Harvard Journal of Law and
Technology - some free stuff online
Proposals for
regulating Public's right to use Databases - publicdomain.org
Stanford Technology
Law Review -cyberspace speech controversiesPlanning Issues
Atomic Tangerine-a
vendor/portal website
Computer Security
Information and FAQ - helpful page from the NIH
Netsurfer Focus on
Computer & Network Security - a magazine-like website
Higher Education
Security Policies-a survey
Interpol Computer Security Checklist - helpful advice from Interpol
MIT Information Security
Office Web Page - sample policies to emulate
Network Engineering Mistakes - a free
virtual seminar program
NIST Computer Security Resource
Clearinghouse - a major website resource
SANS Model
Computer Security Policies - free online tutorials
Stanford University Information Security Office - a good many
policies to sample
Prevention Issues
Building Internet
Firewalls Tutorial - Brent Chapman's one-day tutorial
Firewalls Mailing List
- archived discussions at GNAC
IT Security Toolbox - a
wealth of information and discussion groups
PresiNET - an Internet management
solutions company
The Rotherwick Firewall
Resource - UK site
Talisker's Intrusion Detection
Systems List - UK siteProtocols and Standards Issues
Comprehensive
List of Public Key and Certificate Links- the PKI PageCGSB
Independent Audit Standard - an auditing service company
Baseline Software's Security Policies
- a library of policies made easy
Internet Engineering Task Force -
discussion of IPSEC
International Telecommunication Union - X protocols
MD5 - MIT's working
group on MD5 algorithm
MIME Security with PGP - a request for
comment paper
PGP Message Exchange Formats - another
request for comment paper
Point to Point Tunnelling Protocol - 3Com's tech specs
Secure Electronic
Transactions- e-commerce merchandising protocolsVirus Issues
Computer Virus Myths - a beginner's guide to hoaxes and legends
AVP Virus Encyclopaedia - a
sophisticated classification encyclopedia
Computer Virus Information and Resources
Page - at the Univ. of N. Texas
Datafellows (F-Prot) Virus Database
Page - the F-Secure virus info center
SaferSite -makers of Pest Patrol, which
cleans up remnants of virii
Symantec Virus Database Page-the
Symantec (IBN, Norton) virus info center
Trend Micro Antivirus Page-the
Trend (PC-cillin) virus info center
Virus
Bulletin -an online journal with wildlists of who found what
WildList - more up-to-date collection of
wildlists
Viruslist.com-an
encyclopedia/news site in Russian and English
Vulnerability Issues
CERT/CC Top Ten List of Exploits - advisories
and incident notes
Common Vulnerabilities and Exposures - definitions
and examples of both
File Extensions - to look up
unknown file extensions
File Extensions "Dot what?" - a huge database
of extension information
Security Focus - home of Bugtraq and
a library of articles
The Encyclopedia of Computer
Security - more than just a glossary, tutorials tooSPECIFIC LINKS USED IN LECTURE NOTES
Lecture #1: Network Security Overview
CISSP and GIAC (certifications)
American Society for Industrial Security
Auerbach Publications
Computer Security Institute
Computer Security Resource Center (CSRC)
Computer Security Technology Center
Federal Computer Weekly
High-Tech Crime Network
Information Security Magazine
InfoWorld's Security Audit Resource Guide
Links at the Centre for Software Reliability
Links on Software Reliability, Safety, and Metrics
Network Security Library
Security Management Magazine
Sample pages of Mission Critical
Author Ken Laudon's website
Lecture #1a: Introduction to Critical Infrastructure Protection
Selected Provisions of the USA PATRIOT Act
FEMA
The Position of Cyber-czar
NIPC
InfraGard
List of ISACS and (links also here)
Presidential Decision Directive 63
FedCIRC
CESA
National Strategy for the Physical Protection of Critical Infrastructures and Key Assets (pdf)
Homeland Security Presidential Directive 7
Financial Services ISAC; 2003 GAO Report (pdf)
Chemical Sector ISAC; Chemical Sector Cybersecurity Forum
NASCIO; 2001 GAO Report (pdf)
ESISAC; North American Electric Reliability Council
EMR ISAC
FEMA's Fire Administration website
Food Industry ISAC webpage
CDC's Public Health Emergency Response Guide
Educause; Office of Safe & Drug-Free Schools
IT ISAC; Information Technology Association of America
Financial Services ISAC; Real Estate ISAC
National Petroleum Council
Surface Transportation ISAC; Association of American Railroads
Water ISAC; Association of Metropolitan Water Agencies
John Robb and his article on design flaws
Support Anti-terrorism by Fostering Effective Technologies Act of 2002
American Water Works Association
An Assessment (Report Card) on Homeland Security (pdf)
www.theblackbooks.com
Commonwealth Institute Resources on Critical Infrastructure Protection
ContingencyPlanning.com
CRS Backgrounder Report on Critical Infrastructure Policy (pdf)
CRS Report on the Definition & Identification of Critical Infrastructures (pdf)
Dept. of Defense CIP Plan
DHS Organization for Infrastructure Protection
DHS Webpage for Critical Infrastructure
Executive Order on Critical Infrastructure Protection
George Mason University CIP Project
John Robb's Global Guerrillas Website
Larry Wortzel's Paper on Securing America's Critical Infrastructures
Legal Issues & Challenges of Critical Infrastructure Protection (pdf)
National Infrastructure Institute (NI2)
National Strategy for Physical Protection of Critical Infrastructure & Key Assets (pdf)
National Strategy to Secure Cyberspace (pdf)
NIST Partnerships in Specific Industry Sectors
The Infrastructure Security Partnership
USFA-FEMA Website for What CIP is About
Sample Excerpt of Reforming Infrastructure
Lecture #2: Risk Analysis and Security Policies
A Survey of Higher Education Computer Security Policies
Business Continuity Planning
Glendale Systems Computer Security Policy Model
Interpol IT Crime Prevention Checklist
SANS Model Computer Security Policies
SC: InfoSecurity Magazine Online
The Only Safe Computer is a Dead Computer
Sample pages of E-Policy
Author's list of web security books
Lecture #2a: Modus Operandi of Hacking
CERT
CVS
SANS
FBI
Prof. Marc Rogers website
Sociology of CyberSpace
Hacking Exposed
Wget
Teleport Pro
Webferret, NeoTrace and other apps
SEC Edgar database
Internic WhoIs Lookup
Sam Spade
Article on IP Scanning
TCP and UDP Ports
Cheops
nmap
Pinger
WS_Ping ProPack
Netscan
Stobe
SATAN
SuperScan
NTOScanner
ipEye
WinScan
Fscan
Snort
scanlogd
PortSentry
Logcheck
Genius
Netcat
Hackers Hall of Fame
How to Become a Hacker
How to Own the Internet in Your Spare Time
New Hacker's Dictionary
Psychology and Computer Crime
Tips on Banner Grabbing Countermeasures
Tips on Defending against Port Scans
Lecture #2b: Cybercrime and Cyberlaw
Lecture on Privacy and Cyberspace Law
corporate espionage
CAIDA's map of Internet
Dictionary of Cyberpunk Slang
Lectures on Theft, fraud, and consumer fraud
CardCops
EscrowFraud.com
Director Freeh's testimony 2000
National Infrastructure Protection Center
Hacking and Industrial Espionage
Research study at Carnegie Mellon
Cybercrime, Justice, Law and Society
Cyberpunk Top 100 Sites
Cyberspace and the American Dream
Cyberterrorism: How Real is the Threat?
DHS National Infrastructure Protection Center
Federal Guidelines for Searching & Seizing Computers (1994)
Federal Guidelines for Searching & Seizing Computers (2001)
Hacking and Industrial Espionage
InfoSec and InfoWar Portal
Institute for Advanced Study of Information Warfare
MSNBC's Hacker Diaries
National Cybercrime Training Partnership
National Strategy to Secure Cyberspace
Prof. Rob Kling's Social Informatics web page
The Modus Operandi of Hacking
The Zapatista Social Netwar in Mexico
U.S. Dept. of Justice Cybercrime Section
What is CyberTerrorism?
White House National Strategy to Secure Cyberspace
Dorothy Denning's article on Activism, Hacktivism, and Cyberterrorism
EFF article on Cyberspace
Lawrence Lessig's website
Lecture #2c: Privacy and Cyberspace Law
Prof. Lessig at Stanford Law School
Wikiproject Cyberlaw
About.com Law:CyberSpace Law
Center for Democracy and Technology
CyberSpace Law for Non-Lawyers
Electronic Frontier Foundation (EFF) home page
Electronic Privacy Information Center (EPIC) home page
FindLaw's CyberSpace Law Center
First Amendment Issues in CyberSpace
John Marshall Law School CyberSpace Law Center
Legal Issues in Computer Operator Liability
Privacy.org news site
Privacy Rights Clearinghouse
Right to Privacy Website forum
San Diego Law Review article on Information Privacy
Search & Seizure in CyberSpace Law
Social Science Research Network's Lessons in CyberSpace Law
Society for Computers and Law
UCLA Online Institute for CyberSpace Law and Policy
U.S. DOJ CyberCrime Section home page
U.S. DOJ on Privacy Issues in the High-Tech Context
Yahoo's List of Privacy Links
Lecture #2d: Cyberterrorism and Cybervigilantism
Laird v. Tatum
Patriot Debates website
Posse Comitatus Act of 1878
Gilmore Commission
www.northcom.mil
Pentagon Strategy on Homeland Defense and Civil Support (pdf)
Defense Science Board Report on DOD Roles and Missions in Homeland Security pdf
DOD Directive 5240.1-R and 5105.67
Lecture on Stuational Awareness
ORCON
DHS & FEMA
National Response Team
National Guard Bureau's J5 (IA) Unit
National Response Center
FEMA's Emergency Management Institute
Defense Production Act of 1950
PDD-63
Executive Order 12656
Mount Weather & Greenbrier Resort
FBI definition of cyberterrorism, NIPC definition & CSIS definition (pdf)
ELIGIBLE RECEIVER
Gartner Research "digital Pearl Harbor" scenario
US position on the Council of Europe's proposed Cybercrime Convention
National Security Response to Computer Intrustions (Note: Not official US. Government Policy)
Knauff v. Schaughnessy (1950) & Kwong Hai Chew v. Colding (1953)
Jay v. Boyd
McGehee v. CIA
Korematsu v. US
Hirabayashi v. U.S.
9-11 Commission: Terrorist Attacks on US
A Plague on Your City: Observations from TOPOFF (pdf)
Air War College Resources on Homeland Security
ANSER Homeland Security Institute
Center for Democracy Comment on the Defense Production Act
Citizen's Guide to Using the FOIA and Privacy Act of 1974
Cyberterrorism: How Real is the Threat?
Department of Homeland Security (DHS)
Department of Homeland Security (DHS) Role Overseas
DOD Directive 3025.15 (Military Assistance to Civil Authorities)
DOD Directive 5105.67 (Counterintelligence Field Activity)
DOD Directive 5240.1-R (Intelligence Affecting US Persons)
Gilmore Commission: Domestic Response to WMD
Homeland Security & US Civil-Military Relations
Homeland Security: The New Role for Defense
Church Commission: Improper Surveillance of American Citizens
Journal of Homeland Security
Journal of Homeland Security & Emergency Management
Myth of Posse Comitatus
National Academic Consortium for Homeland Security
National Strategy to Secure Cyberspace
Navy Postgraduate School White Paper on Cyberterror (pdf)
Northcom's Statement on the Difference between Homeland Security & Homeland Defense
Pentagon Strategy on Homeland Defense and Civil Support (pdf)
Putting Cyberterrorism in Context
RAND Corp. Homeland Security Program Homepage
RAND Report on Preparing US Army for Homeland Security
Robert T. Stafford Disaster Relief & Emergency Assistance Act
Role of National Guard in Homeland Security
The Need for a Goldwater-Nichols Act II
Thesis on Enhancement of the Civil Reserve Air Fleet
Wartime Rights, Civil Liberties, and Reparations
Wikipedia Entry on Continuity of Operations Plan
Wikipedia Entry on Korematsu v. United States
Prof. Becker's article on the Waco Incident
The National Strategy for Homeland Security
Sample excerpt of Waltz' Information Warfare
Cybervigilantism
Border Rescue/Ranch Rescue, USA
Franklin Zimring on the Vigilante Mindset (doc)
SPL Center's Intelligence Report/Vigilante Watch
The Crime of Cyber-Vigilantism
The Spirit of Vengeance (Excerpt from Karl Menninger)
Thoughts on Revenge and Retribution
Vigilantes and Policing in Nigeria (doc)
Vigilantism Revisited: A Legal and Economic Analysis (pdf)
Lecture #3: Authentication and Encryption
IETF (Internet Engineering Task Force)
CAPTCHA Tests and example
About.com Internet/Network Security
Beginner's Cryptography Links
Cryptography FAQ
DNS Systems: Wikipedia
Electronic Frontier Foundation
International Association for Cryptologic Research
Introduction to Network Security
IP Spoofing: An Introduction
Network Security Library
Network Security Technologies, Inc.
PacketStorm's Social Engineering Page
Phil Zimmerman and PGP
RSA Security's FAQ
SANS Reading Room on Social Engineering
Sniffer Technologies, Inc.
SolarWinds
Steganography and Digital Watermarking
The Alan Turing Homepage
The Complete Social Engineering FAQ
The Official Bletchley Park Web site
Yahoo Security and Encryption Page
sample chapters of Handbook
sample pages of Mitnick's book
author's review site for Applied Cryptography
Lecture #3a: Informants, Surveillance, and Undercover Operations
Communications Assistance for Law Enforcement Act (CALEA)
Tor and Anonymizer
Association of Undercover Officers
California Narcotic Officers Association
Competitive Intelligence and Internet Information Gathering
Constitutional Guide to Using Cellmate Informants
Governmentality and the War on Terror: FBI Project Carnivore
Home Page of Prof. Gary Marx
How to Spot Undercover Agents
International Association of Law Enforcement Intelligence Analysts
International Association of Undercover Officers
Investigative Resources and Public Records on the Internet
Law of Undercover Operations
National Association of Legal Investigators
Police Use of Confidential Informants
Trace Anybody Online (Net-Trace People Search)
Undercover School Operations
Use of Informants in FBI Domestic Intelligence Operations (Cointelpro)
Lecture #4: Networking and Operating Systems
Hundreds of algorithms
op-codes
PCGuide to IRQ channels
MSDN
Modifying the Basic Skeleton of Any Windows Program
Basic Tutorial on Visual Basic
Dictionary of Algorithms and Data Structures
Electronic Colloquium on Computational Complexity
PC Guide to System Resources
Post-Assembly Inspection Procedures
Troubleshooting Motherboards
What is BIOS and CMOS?
The Living Internet - The Most Comprehensive Resource about the Net
Prof. Comer's Online CD-Rom for Computer Networks and Internets
Prof. Stalling's Networking Links and Course Resources
WinSock Programmer's FAQ
Lecture #5: Firewall, VPN, and Wireless Security
Lojack, ZTrace, CyberAngel, and CompuTrace
Safeware
CA-2001-13
Wikipedia List of Notable Viruses and Worms
IPv4 and IPv6
Cisco Systems Products Page
http://www.cwne.com/cwna/ (Wireless certification)
U.S. Frequency Allocation Chart
SSIDs
Wi-Fi Planet's Tutorial on WEP Security
AiroPeek and Airmagnet
Wimetrics and Kismet
Analysis of the Code Red II Worm
Beginner's Guide to Preventing Data Theft from Stolen Laptops
CSI/FBI 2005 Computer Crime & Security Survey (pdf)
CSI/FBI 2004 Computer Crime & Security Survey (pdf)
CSI/FBI 2003 Computer Crime & Security Survey (pdf)
How Stuff Works: VPN
InfosysSec: VPN
Microsoft TechNet: Proxy Services
Microsoft TechNet: VPN Resources
PCMag Encyclopedia: Firewall
Reference Page for IP-Subnet Masking Numbers
RFC2460: The Internet Protocols
TaoSecurity Blog
Wi-Fi Planet.com
Wikipedia: Firewall (Networking)
Wikipedia: Notable Viruses and Worms
Wikipedia: Subnetworks (Subnets)
http://hackingexposedcisco.com/
Lecture #6: Intrusion Detection, Incident Response & Integrity Control
Anton Chuvakin's Blog
Snort
Bleeding Edge Snort
Intrusion
CarnegieMellon's CERT-certified Computer Security Incident Handler
Dorothy Denning's paper: An Intrusion Detection Model (rtf),
A Look at whisker's anti-IDS tactics
daemons (background processes)
Tripwire
Internet Security Systems
Honeyd
Honeypots, Intrusion Detection and Incident Handling
HoneyNet Project
IETF working group on IDS
DShield's List of Most Abused IP Addresses
Gibson Research Corporation
SANS manual on incident handling
LogAnalysis.org
Norton Personal Firewall
Sygate
Tiny
ZoneAlarm
Abuse.net Domain Name Lookup Database
CERT Incident Notes
COAST Intrusion Detection Hotlist
CSIRT.WS: Computer Security Incident Response Team: World site
jOlt.com: a humorous look at host security
Michael Sobirey's Intrusion Detection Systems page
ISS AdvICE Database
Network Intrusion Detection Systems FAQ
Port Numbers Database
SecurityFocus IDS Page
Security Issues Related to Porn Sites
Talisker Intrusion Detection Page
Technical Incursion Countermeasures
U.S. Navy Computer Incident Response Guidebook
Sample pages to Intrusion Signatures and Analysis
Sample pages to Intrusion Detection Book 1
Sample pages to Intrusion Detection Book 2
Boomarang
Ecora
BugTraq, CERT, NTBugTraq, and XForce
Microsoft List of Antivirus Partners and Microsoft's Security Antivirus Center
Symantec, McAfee, and Trend Micro (the Big 3)
Wikipedia: Backup
Wikipedia: Data Recovery
Wikipedia: Intrusion Detection System
Lecture #7: Malware, Adware, Riskware, and Spam
http://www.websense.com
http://www.surfcontrol.com
http://www.sans.org/infosecFAQ/win2000/win2000_list.htm
http://www.sans.org/infosecFAQ/win/win_list.htm
A Collection of Nigerian Scam Mails
An Excerpt from George Smith's The Virus Creation Labs
Infosyssec Virus, Trojan, and Hoax Research Center
Internet Week Magazine
SANS Global Incident Response Center
Symantec AntiVirus Security Center
Trisys
WinWhatWhere
SpectorSoft
FTC's hotline
Cookie Central
Sample Web Bug
Web Bug Report
Adware, Spyware, and Unwanted Malware Removal
IDG.net
Internet Security Downloads
PCworld.com/
Privacy Foundation
Scamletters
Scumware: A New Threat
Securityfocus.com
Senator Edward's Spyware Control Act
SpyChecker
Securityfocus.com/
ZDNet What is Spyware?
Wikipedia: Cookie
http://mackraz.com/trickybit/readreceipt/ (web bug in action)
Web Bug Report
Adware and Bad Things It Does
Adware, Spyware, and other Unwanted Malware Removal
An Excerpt from George Smith's The Virus Creation Labs
IDG.net and Internet Security Downloads
Infosyssec Virus, Trojan, and Hoax Research Center
Internet Week Magazine
Microsoft Spyware: Security at Home
Rogue/Suspect Anti-Spyware Products & Web Sites
SANS Global Incident Response Center
Symantec AntiVirus Security Center
Top 100 Network Tools
Viruslist.com
ZDNet What is Spyware?
sample pages of Net Spies
Lecture #8: Operating System Security
Smashing the Stack for Fun and Profit
Tao of Windows Buffer Overflow
John Savill's Windows NT/2000/XP FAQ.com
LabMice's Windows 2000/XP/.NET Resource Index
List of Common Back Doors and their Default Ports by Filename
NTBugTraq's Security Exploits and Bugs in Windows NT
Paul Thurrott's Supersite for Windows 2000/XP
Understanding Windows NT Domains and Profiles
Unix, Linux, and Network Security (compared to Windows)
Windows Registry Tweaks, Tricks, and Hacks
Sample pages of Windows Security Handbook
Sample pages of Designing Secure Apps
Sample pages of Intrusion Detection
Sample pages of Hacking Windows 2000
Sample pages of Security Handbook
Sample pages of Inside Windows 2000
(Unix)
Bell Labs
AT&T Research
Lucent Technologies
Berkeley Software Distribution
Sun Microsystems
Compaq Corporation
Silicon Graphics
Hewlett Packard
NIST
The Open Group
John the Ripper
knark
SANS backgrounder on Kernel Rootkits
PacketStorm Security's list of rootkits
FBI (NIPC Advisory on UNIX DDos)
Coroner's Toolkit
Hacking Linux Exposed
In-Depth Guide to Hacking UNIX
Linux Intrusion Detection System (LIDS)
Linux Online (www.linux.org)
Unix: A Hacking Tutorial
Unix Backdoor Exploits
Unix Guru Universe
Unix Insider
Useful UNIX Hacking Commands
Internet Edition of Unix Unleashed
Companion site to Hacking Linux Exposed
(Macintosh)
All OSX: Macintosh News and Products
Apple Computer Official Security Page
AppleLinks: Ultimate Macintosh Resource
Apple Computer, Inc.
History of Apple Computers
Complete Guide to Mac/Windows Interoperability
Viruses and the Macintosh
VeriSign Corp
keytool
AirSnort
Bluetooth
All OSX: Macintosh News and Products
Apple Computer Official Security Page
AppleLinks: Ultimate Macintosh Resource
Mac Addict Magazine
MacCentral
MacDesign Online
MacHack: The Annual Conference
MacInTouch Home Page
MacOS Rumors
MacSense Aero Products
MacTech Magazine
MacWorld: The Product Experts
mSec: Mac OS Security Tools
OSX Zone
SecureMac.com
The MacAnalysis Security Audit Tool
TSG's MacSecurity.org
VersionTracker and MacFix
Companion website to The Macintosh Bible
Companion website to Macintosh Internet Security
(SSL)
Digital certificates
The PKI Page
VeriSign Corp
keytools
(Wireless)
AirSnort
Bluetooth
O'Reilly Wireless Developer Network
The Unofficial 802.11 Security Page
Lecture #8a: Disaster Data Recovery and Computer Forensics
Whois and BetterWhois
Webtracer
greylisting
CRC32 Checksum
MD5 Algorithm
Encase
SafeBack
Code Blue
Norton Ghost
PDBlock
Paul Oliver's File Format Glossary
File Extensions
Sweepers and scrubbers
Admissibility of Electronic Evidence
Anderson's Importance of Documentation in Computer Evidence Processing
Federal Guidelines for Searching and Seizing Computers
Forensic Science Resources in a Criminal Fact Investigation
Hard Disk Logical Structures and File Systems
Knowledge Solution's Digital Evidence & Computer Crime Resources
Overview of Securing a Computer Incident Crime Scene
Searching & Seizing Computer Evidence in Criminal Investigation
Michael Anderson's New Technologies, Inc.
Sample pages of PC Technician Book
Sample pages of Hardware Bible
EnCase
Guidance Software, Inc.
Maresware
AccessData Corporation
Rainbow Technologies
Learning by Doing
GIAC Article on Computer Forensics Procedures
NIJ Test Results on Computer Forensic Tools