College of Engineering & CS Wright State University Dayton, Ohio 45435-0001

CEG 499/699: Internet Security References to Security Papers and Sites Prabhaker Mateti

http://netsecurity.about.com/  About.com's  Guide to Internet/Network Security.  Well done!

CERIAS at Purdue University (Center for Education and Research in Information Assurance and Security) is named one of the first National Centers of Academic Excellence in Information Assurance by the Department of Defense. It is a center for multidisciplinary research and education in areas of information security (computer security, network security, and communications security), and information assurance.

Peter Gutmann,  "Encryption and Security-related Resources",   http://www.cs.auckland. ac.nz/~pgut001/links.html A a major security resource link farm (currently around 410K) collection of links to security and encryption products, companies, papers, conferences, e-commerce and digital cash, security and intelligence agencies, smart cards, digital certificates and CA's, standards and publications, security problems and holes, and anything else vaguely related to encryption and security.

Rootshell  Used to be good, but has not been updated for a few months.

www.phrack.com is a hacker site.  If we can put aside our prejudices regarding who and what hackers are, we will see that this site is a source of solid technical information that can be used by bad guys for malicious purposes, and the good guys to protect their own computer systems.

antionline.com

www.antioffline.com Rival to the above.

The SANS (System Administration, Networking, and Security) Institute is a research and education organization.  http://www.sans.org/

Fred Cohen and Associates, "50 Ways Series", http://all.net/journal/50/top.html  Fred Cohen is an early researcher in the security field.  The all.net site is an excellent source of information.

http://www.cplus.fr/html/cyberculture/crime/HTMLS/cybercrime.htm

Windows NT Security Exploits This page will attempt to list all known NT Exploits used in hacking NT security, and application security related to an NT system.

alt.hackers A newsgroup where hackers discuss what they do best. Here hackers gather to share information about hacking and cracking.

Noted and Notorious Hacker Feats  Byte magazine article of  September 1995 / 20th Anniversary. Hackerdom is divided into two parts: technologically adept and clever people, who could write a computer game in a night, and, sadly, irresponsible slime balls, who hijack computer and phone systems for the heck of it. This is a look at some of the amazing stunts that have been pulled by both hackers and crackers.

Hacker Defense Foundation is a Not-for-Profit foundation dedicated and committed to the advancement of the hacking community, through education, of the social, political, and legal implications of the uses of technology, and seeks to enlighten the public and law enforcement about hacking community, through education, that hackers are not the lawless goons that law enforcement, the news media, and Hollywood would try to portray them as.  The Hacker's Defense Foundation does not condone, support, or defend criminal acts.

Computer Break-Ins: A Case Study
Computer break-ins are getting more common every day. Log files and even program binaries are changed, making it very hard for the system administrators to assess the damage and track down the intruders. This paper describes the modus operandi of hackers based on multiple hacking attempts that occurred during this year at some department computers. Special attention is paid to the methods they use to break into computer systems and what they do once they are in.

Phrack Magazine Phrack is one of the largest and oldest electronic magazines which publishes articles about hacking and phreaking.

2600: The Hacker Quarterly Home of the hacking magazine.  2600 is one of the oldest hacking groups.

COAST Hotlist
One of the most comprehensive indexes to information on computer security, cryptography, viruses and privacy on the Net.

The Happy Hacker Home Page
Written in non-technical language, this web site is dedicated to education about security issues and harmless hacking without breaking laws.

The Social Organization of The Computer Underground
This paper examines the social organization of the "computer underground" (CU). The CU is composed of actors in three roles, "computer hackers," "phone phreaks," and "software pirates." These roles have frequently been ignored or confused in media and other accounts of CU activity. By utilizing a data set culled from CU channels of communication this paper provides an ethnographic account of computer underground organization.

People

The United States Vs. Craig Neidorf
Craig Neidorf was a college student accused of fraud and interstate transportation of stolen property as a result of a document published in his electronic newsletter, Phrack. The case ended after four days of trial when the government dropped its charges. The charges against Neidorf came as part of a two-year investigation into illegal activity, during which the government seized over 40 systems and 23,000 disks.

The Official Kevin Mitnick Site
This web page is dedicated to the most famous computer hacker of all time, Kevin Mitnick, who was imprisoned without trial. This page is dedicated to freeing Kevin Mitnick.

Building a Linux firewall
Learn about the three types of firewalls, application proxy gateway, circuit level relay, and packet filter.

S.u.S.E. Firewall Mini HOWTO
How to compile the kernel for firewall support for the S.u.S.E. version of Linux. Should work for other versions as well.

Firewalling and Proxy Server HOWTO
This is another HOWTO on firewalling that includes proxy server documentation also.

Firewalls Mailing List  There is a wealth of information on firewalls from the Linux community.

IP Masquerading Web Site  IP masquerading is an essential part of firewalling and allows you to share an Internet connection as well. All of the information you'll ever need on IP masquerading.

Linux Bridge+Firewall Mini-HOWTO version 1.1.3
Using a bridge instead of a hub, with firewall support.

Linux firewall facilities for kernel-level packet screening
A paper explaining Linux firewalls and IP masquerading.

Linux Firewall Package
A short basic article on Linux firewalls.

One Host "Karate" Firewall Howto
Instructions on how to recompile your kernel for simple firewall support.

The Anonymizer
Many people surf the web under the illusion that their actions are private and anonymous. Unfortunately, it isn't so. Every time you visit a site, you leave a calling card that reveals where you're coming from, what kind of computer you have, and other details. Most sites keep logs of all your visits. In many cases, this logging may constitute a violation of your privacy.

PGP

Ways Hackers Can Get Your Password
This useful guide explains ways that hackers can retrieve your password and is a useful tool to avoid getting your password stolen.

Ssh - The Secure Shell Program
Information about secure shell, it's implementation and usage.

Debian Security Information
A good list of security issues maintained by Debian.

Linux Security Alerts
A list in HTML format of Linux security alerts. Maintained by RedHat.

Linux Secuirty Archive
A mailing list archive in HTML format maintained by Sonic.Net.

Linux Security Home Page
The so called "official" Linux security page.

Linux Security HOW-TO Page
A comprehensive HOW-TO on Linux security and specific examples of how to better secure your Linux system.

Linux Security Wishlist
Security features that are not in Linux, but we wish that they were.

RedHat Linux Security Mailing List Archives
A Linux security mailing list maintained by RedHat that goes back to 1995. It is searchable.

RedHat Linux Secuiryt Alert Mailing List Archive
Security alerts mailing list also maintained by RedHat. Back to 1995.

Vulnerability Engine
The place to go for kernel and security patches for Linux, AIX, FreeBSD, Solaris and many more OS's.

• Local Area Networks A basic intro by Mateti.  What is NIC? What is 192.168.*.*? Etc.
• http://www.cs.columbia.edu/netbook/ THE NETWORK BOOK, Professor Yechiam Yemini, Columbia University, New York, NY 10027. This book is a textbook aimed at juniors and seniors.  The first few chapters are highly readable.
• The New Hacker's Dictionary
  This document is a collection of slang terms used by various subcultures of computer hackers. Though some technical material is included for background and flavor, it is not a technical dictionary; what we describe here is the language hackers use among themselves for fun, social communication, and technical debate system files, as required.
• The Happy Hacker: A Guide to Mostly Harmless Hacking Third Edition, Nov. 1999 by Carolyn P. Meinel
• http://netsecurity.about.com/compute/netsecurity/   About.com Guide to Internet/Network Security.
• Type an acronym or term in one of the input boxes below, and then press return or the lookup button to look it up in the two "know-it-all" places.
  

  what is

  TechEncyclopedia

   
• The computer-security/sniffers FAQ is good overall source.

• NetSniffer is a small packet sniffer for Windows NT.