 |
Network Security Research
General Computer Security Information
http://www.sans.org/resources/popular.php - SANS Popular Resources on Computer Security
http://www1.umn.edu/oit/security/resources/OIT__26762_REGION1.html -Security Resources at University of Minnesota
http://iase.disa.mil/stigs/stig/index.html - Security Technical Implementation Guides (STIGS) from DISA
WebServer Security
Google - web server security and ppt
CGI Security
CGI Security : Better Safe than Sorry http://www.irt.org/articles/js184/index.htm#origins_consequences
Ettercap and ARP Spoofing - WARNING - can cause damage to network -
You can capture password on a switched network -
http://ettercap.sourceforge.net/ - the software
http://www.wireshark.org/ - the other software
http://www.securitypronews.com/securitypronews-24-20030623EtterCapARPSpoofingandBeyond.html - how to use the software
Expose VoIP Problems Using Wireshark - http://www.linuxjournal.com/article/9398
Security Guide for Red Had Enterprise Linux 4
http://www.linuxtopia.org/online_books/centos_linux_guides/centos_linux_security_guide/index.html
Centos Linux
NSA SE Linux
http://www.redhat.com/docs/manuals/linux/ - Red Hat Manuals to include security
Security Guides for Windows IIS
http://www.nsa.gov/snac/os/win2k/iis_5_v1_4.pdf - NSA Secuirty Guide for IIS 5.0
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/dcec9cb2-9270-4ea5-8556-46528fea058d.mspx?mfr=true -
Microsoft Security Best Practices for ISS 6.0
http://www.first.org/resources/guides/#bp11 - First.org Security Library - see the Hardening guide for WebServer in DMZ
http://www.windowsecurity.com/articles/Locking_Down_IIS_60_with_NET_The_Default_Security_Wizard.html - Lock Down IIS 6.0
http://bizsecurity.about.com/od/internetsecurity/ss/secureiissteps_4.htm - Securing IIS 6.0 for DMZ
http://labmice.techtarget.com/windows2003/IIS/default.htm - ISS Resources
http://iase.disa.mil/stigs/stig/Web-Server-STIG-V6R1.pdf - Web Server STIG from DISA
Security Guides for Apache
http://labmice.techtarget.com/windows2003/IIS/default.htm - 20 steps to securing Apache
http://www.securityfocus.com/infocus/1694 - Securing Apache: Step by Step at Security Focus
http://www.sitepoint.com/article/securing-apache-2-server-ssl - Securing your Apache Server with SSL html - Security Tips for Apache
http://www.apachesecurity.net/ - Apache Security O'Reilly Book Excerpts
http://linuxgazette.net/143/pfeiffer.html - Securing Apache with mod_security
http://tldp.org/HOWTO/SSL-RedHat-HOWTO.html - How to Build a Secure Apache Server
Diagnostic Tools
http://usertools.plus.net/tutorials/id/21 - Telnet As a Diagnostic Tool
http://www.acunetix.com/vulnerability-scanner/vulnerabilityscanner5.exe - Acunetix Dowload
http://www.acunetix.com/vulnerability-scanner/demos/scanwizard.html - Flash Demo of Acunetix
http://www.acunetix.com/security-audit/siteauditreport.pdf - sample report Acunetix
Hack Examples
http://www.geocities.com/floydian_99/aut3.html Autopsy of a Web Hack - older but still good for
http://www.nullcube.com/software/cubictemp/doc/subs/xss.html - Cross Site Scripting (XSS)
http://www.cgisecurity.com/articles/xss-faq.shtml - more XSS
IPSec VPN for IPCop
www.unob.cz/spi/data2005/ppt/Gyllenhammar.ppt
Open VPN Server
http://thinkhole.org/wp/2006/03/28/ipcop-openvpn-howto/
Open VPN Server Configuration
http://www.zerina.de/?q=documentation/howto-roadwarrior
http://www.just-servers.co.uk/ipcop/vpn/html/vpn.html#win2k-winxp-connection
http://digg.com/linux_unix/HOWTO:_Setup_your_own_VPN_with_IPCop_and_OpenVPN_
http://swik.net/ipcop+vpn
Windows Tools
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx - Process Explorer
http://www.foundstone.com/us/resources/proddesc/fport.htm - Fport from Foundstone
General
http://www.darknet.org.uk/ - Hacker How-to for learning
http://artofinfosec.com/ - Security Podcasts
http://www.theiia.org/certification/certified-internal-auditor/ - The Institute of Intenal Auditors - great white papers on IT Audits
Security Podcasts
http://www.grc.com/securitynow.htm - TechTV Leo Laporte's Security Now
http://pauldotcom.com/ - PaulDotCom
http://www.csoonline.com/podcasts/ - CSO Magazine Podcasts
http://www.mckeay.net/ - Network Security Blog
http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1146071,00.html - Security Wire Weekly
http://www.chrisbrunner.com/2006/10/15/securitytechnologyhackingphreaking-podcasts-that-dont-suck/ - Chris Bruner's List of Computer Security Podcasts That Don't Suck
http://www.computer.org/portal/site/security/menuitem.6f7b2414551cb84651286b108bcd45f3/index.jsp?&pName=security_level1_article&path=security/podcasts&file=index.xml&xsl=article.xsl& - IEEE Security and Privacy Podcasts
http://www.sophos.com/security/podcasts/ - Sophos Podcasts
http://www.cert.org/podcast/ - CERT Podcasts
http://www.itradio.com.au/security/ - Risky Business from Australia
http://crypto-gram.libsyn.com/ - Crypto-Gram Security Podcasts
http://netsecpodcast.com/ - NetSec Podcasts
http://www.symantec.com/about/news/podcasts/index.jsp - Symantec Public Security Library