|
< Resources >
This appendix lists resources ( 
articles, 
books, 
vendors, 
websites whatever was mentioned in the regular chapters) by key
words in alphabetic order.
Vendors:
McAfee
Symantec
Articles:
Building
a Secure Web Server with OpenSSL
Installation
of a Secure Web Server
Security
and Apache: An Essential Primer
Web Sites:
25
Ways to Secure your Web Server
Commonsense
Guide to Apache Security
Security
and Apache: An Essential Primer
Security
Tips for Server Configuration
Books:
Designing
Secure Web-Based Applications by Michael Howard
Vendors:
Sanctum Inc.
Web Sites:
SESAME
Project
Articles:
Kerberos
FAQs
Kerberos
documentation
Single Sign-On (SSO) information [WEBSITE]
Books:
Kerberos:
A Network Authentication System by Brian Tung
Smart
Card Handbook by Wolfgang Effing and Kenneth Cox
Vendors:
Schlumberger,
a major smart card manufacturer
iButton
Web Sites:
RSA
SecurID site
Smart
Card informational site
American
Express Blue Card site
ActivCard site
Vendors and Products:
Internet Security
Systems (ISS) (www.iss.net) Developed the SAFESuite line of
scanning products that includes Internet Scanner and System Scanner.
Internet Scanner is available for both Linux and Windows systems.
Intrusion.com
(www.intrusion.com) Kane Security Analyst provides a basis for auditing
a system against a series of best practices.
WebTrends
(www.webtrends.com) WebTrends Security Analyzer scans Linux and
Windows servers, firewalls, and routers, and looks for Linux and
Windows configuration issues as well as known vulnerabilities.
Cerberus
Internet Scanner (available at http://www.cerberus-infosec.com)
David Litchfield developed this powerful, free scanning tool that
looks for 126 Web vulnerabilities.
Web Sites:
List
of vulnerability scanners
Reviews
of vulnerability scanners
Articles:
The Tao of
Backup
Vendors:
Drive Image
and Drive Keeper
Ghost
SnapServer
Veritas
Articles:
CIO magazine article discussing the Build/Buy
Battle from a business perspective
Network
Computing feature reviewing several integrated security suites
Articles:
A
Look at the Buffer-Overflow Hack
Tao
of a Buffer Overflow by Dildog
UNIX
Security: the Buffer Overflow Problem
Articles:
SecurityPortal article discussing various
surveys of computer crime
Books:
Secrets
& Lies: Digital Security in a Networked World by Bruce Schneier
Discusses, in a very readable, non-technical way, the security issues
facing today's business environment
Hacking
Exposed: Network Security Secrets and Solutions by Joel Scambray,
Stuart McClure, and George Kurtz Provides detailed information on
the types of attacks you will face
Web Sites:
Computer Security
Institute (www.gocsi.com) Releases an annual study called the
"Computer Crime and Security Survey"
Attrition
Tracks Web site defacements
Articles:
CryptoGram
newsletter
Books:
The
Code Book by Simon Singh Offers a look into the world of cryptography
and codes, from ancient texts through computer encryption
Applied
Cryptography by Bruce Schneier
Web Sites:
Rijndael
information
General crypto
information also at http://www.infosyssec.com/infosyssec/cry1.htm
Crypto
tutorial
Public-key
cryptograhy information site
Vendors:
BrainTree
ISS
Protegrity
Web Sites:
Database
security theory
Database
security focus
See also Public Key Infrastructure (PKI).
Articles:
Discussion
of e-signatures
Good overviews of digital certificates:
http://www.financeoutlook.com/pki.htm
http://home.netscape.com/security/techbriefs/certificates/
http://www.internetweek.com/indepth/indepth121399.htm
Digital
certificate technology overview
PKI
white paper
Analysis
of PGP
PGP manuals
Books:
Digital
Certificates, Applied Internet Security by Jalal Feghhi, Jalil
Feghhi, and Peter Williams
Web Sites:
Digital
signature guidelines
A
certificate authority service (CREN's)
Verisign
Entrust
Pretty
Good Privacy (PGP) freeware distribution page
Pretty Good Privacy
(PGP) commercial distribution page
Articles:
BIND
DNS hardening
Chroot-BIND
Howto
Books:
DNS
and BIND by Cricket Liu, Paul Albitz, Mike Loukides.
Articles:
http://jgvandyke-smime.se-com.com/
http://www.smartcomputing.com/editorial/article.asp
http://www.zdnet.com/pcmag/features/smime/_open.htm
Vendors:
Open PGP
PGP
Books:
Microsoft
Exchange 2000 Server: Administrator’s Companion by Walter Glenn
and Bill English
Web Sites:
Enhancing
Microsoft Exchange Server’s Security
The
MS Exchange Server Internet Connectivity and Security Web site
MS Exchange Server Security http://www.wrconsulting.com
and http://kitap.ankara.edu.tr/0789715031/index.htm
Outlook Patch http://www.ddj.com/articles
and http://www.infoworld.com
Articles:
EFS
EFS
best practices article
Microsoft's
white paper on Encrypting File System (EFS) for Windows 2000
Preparing
to implement EFS
Vendors:
Cyber-Ark
F-Secure
Gianus
PC Guardian
Articles:
Armoring
Linux
Armoring
NT
Armoring
Solaris
Discussions on specific firewall products [WEBSITE]
Firewalls
for the Rest of Us a NetworkMagazine article
Managed
Firewall Service Opportunities
Solaris
firewall hardening
TISC Insight article What
To Look for in a Managed Security Provider
Unix
firewall hardening
Books:
Building
Internet Firewalls by Elizabeth Zwicky and D. Brent Chapman
Contains general firewall configuration and architecture information
Linux
Firewalls by Robert Ziegler
Vendors:
CheckPoint
Cisco
A
CAPI/CVP solution
Cyberwall Plus
(host resident firewalls)
Tiny Software
(host resident firewalls)
Web Sites:
Netscreen
RapidStream
Salinas
Group
Digex
RipTech
Nmap
Firewalk
Ipchains
Pmfirewall
Floppyfw
TCP
wrappers
CAPI
Articles:
Information
Security Advisor article that discusses hiring hackers
Information
Week article that discusses hiring hackers
Articles:
The Tao of
Backup
Books:
Windows
NT Security Step by Step by Stephen Northcutt
Windows
2000 Security by Roberta Bragg
Windows
2000 Security Handbook by Philip Cox
Practical
Unix and Internet Security by Simson Garfinkel
Solaris
Security by Peter Gregory
Linux
System Security: The Administrator’s Guide to Open Source Security
Tools by Scott Mann
Linux
Security HowTo by Kevin Fenzi and Dave Wreski
Vendors:
System integrity checkers:
Tripwire www.tripwire.com
or www.tripwire.org
Wetstone
Technologies
Veracity
Cyberwall Plus
(host resident firewalls)
Tiny Software
(host resident firewalls)
System auditing:
NMAP
DumpSec
COPS
Nessus
Backup and recovery:
Drive Image
and Drive Keeper
Ghost
SnapServer
Veritas
Web Sites:
Security links:
http://www.hal-pc.org/~cbearden/links/security.html
http://www.sans.org/infosecFAQ/host_sec.htm
Detailed
implementation procedures for securing Windows NT workstations
NT
security FAQs
Windows
NT Security Guides
NT Security
Portal
NT
Workstation Security Checklist
NT
Server Checklist
Windows
2000 security improvement project
Windows
2000 Security Services
Windows
2000 Security Technical Reference
Windows
2000 Security Site
Solaris
Security FAQs
YASSP Solaris
security script
Unix
hardening for beginners
Linux
Administrator's Guide
Linux
security resources
Linux Administrator’s Security Guide http://www.securityportal.com/lasg/
or http://www.ibiblio.org
Unix
host security information
Bastille
Linux
Articles:
Security
Watch column on sniffing switched networks
Web Sites:
Hubs versus switches information:
http://www.techextreme.com
http://www.homepcnetwork.com/hdeartswtch.htm
http://www.ieng.com
Web Sites:
National
Security Agency's Centers of Excellence in Information Assurance
Education Program lists the schools participating in the program
designed to produce information security professionals
Johns
Hopkins Information Security Institute
Vendors:
Microsoft's
IIS Security Planning Tool
Microsoft
Internet Information Server 4.0 Security Checklist
Microsoft
Internet Information Server 5 Checklist
Microsoft
Windows 2000 ISS Configuration Tool for ISS5
Microsoft
Windows 2000 IIS-5.0 Hotfix Checking Tool
Web Sites:
http://website.lineone.net/~offthecuff/IIS%20Sy1.htm
http://www.shebeen.com/iis4_nt4sec.htm
http://www.securityfocus.com
http://www.microsoft.com/technet/security/iissec.asp
Articles:
IM
Vendors:
Groove
IMUnified's
Web site
Vendors:
Snort
Cisco
Secure IDS
RealSecure
Network ICE
Counterpane (monitoring
services)
NetSolve
(monitoring services)
Entercept Security
Technologies (intrusion resistant products) Available for Windows
NT, 2000, and Solaris systems
StJude
New open-source product still in its infancy, but promising to become
a true intrusion resistant solution
Web Sites:
Extensive
list of intrusion detection products
Network
intrusion detection systems FAQs
IDS
FAQs
Articles:
Using
Perl to analyze log files
Vendors:
WebTrends
Articles:
Client-side
security
How
To Use Security Zones in Internet Explorer
http://www.ddj.com/articles/2000/0075/0075b/0075b.htm
http://www.infoworld.com
Vendors:
Finjan
Articles:
Managed
Firewall Service Opportunities
TISC Insight article, What
To Look for in a Managed Security Provider
Web Sites:
Salinas
Group
Digex
RipTech
Articles:
PC
Magazine articles about securing your network
Security
Watch column on sniffing switched networks
Books:
Designing
Network Security by Merike Kaeo
Secure
Computers and Network Analysis, Design, and Implementation by
Eric Fisch and Gregory White
Web Sites:
Hubs versus switches information:
http://www.techextreme.com/hardware/networking
http://www.homepcnetwork.com/hdeartswtch.htm
http://www.ieng.com
VLANs and security:
http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
http://www.shmoo.com/mail/bugtraq/sep99/msg00188.html
Articles:
How
Personal Firewalls Work
Solutions
Test
your system security
Vendors:
infoExpress
Network ICE:
www.networkice.com
Symantec
Tiny Software
Articles:
Series
of articles on physical security
System
Theft
Books:
Computer
Security Handbook, Third Edition by Arthur E. Hutt
Vendors:
CompuTrace
Kryptonite
Lucira
Minatronics
Targus
TrackIT
Web Sites:
Physical
security checklist
Articles:
There's
a good article on policy management
Vendors:
Netegrity
Securant
Web Sites:
Three sites that provide reports of frequency
of exploits on the Internet:
CERT (Computer
Emergency Response Team)
SANS (System
Administration, Networking, and Security) Institute
The
Bugtraq database
Articles:
Digital
certificate technology overview
PKI
whitepaper
Books:
PKI:
A Wiley Tech Brief by Tom Austin
Understanding
Public-Key Infrastructure by Carlisle Adams and Steve Lloyd
Web Sites:
Verisign
Entrust
Certificate authority
service (CREN's)
Discussion of various PKI products [WEBSITE]
Articles:
Notes
on SSH programs and uses
List
of articles on remote management
PPTP
issues
iPass
Books:
Windows
NT/2000 Thin Client Solutions by Todd W. Mathers
Windows
2000 Virtual Private Networking by Thaddeus Fortenberry
A
Technical Guide to IPSec Virtual Private Networks by Jim Tiller
Web Sites:
Microsoft's
RAS Web page
Securelogix
TeleSweep
SSH
FAQs
SSH How-To:
http://p25ext.lanl.gov/ssh/ssh-howto.html
http://www.isp-planet.com/equipment/ssh_intro.html
Putty,
a free Windows SSHclient
PcAnywhere
VNC
Terminal services
tips and utilities
Citrix MetaFrame
Windows
Terminal Services
PPTP,
L2TP, and IPsec Microsoft Online Seminar
VPN
overview
Architecture help:
http://www.cisco.com
http://www.helmig.com/j_helmig/vpn.htm
Microsoft
Online VPN seminar
Discussion
of Secure PPTP
Articles:
List
of articles on remote management
Web Sites:
PcAnywhere
VNC
Articles:
Enhancing Shareholder
Wealth by Better Managing Business Risk
Report
summarizing coordinated conclusions from two studies by Review
of Canadian Best Practices in Risk Management (PMN) and Best Practices
in Risk Management: Private and Public Sectors Internationally (KPMG)
Paper
exploring tensions among innovation, values, and risk-taking
that public managers face in making decisions about uncertain outcomes
Document
offering solutions to 13 important questions on risk management
U.S.
General Accounting Office's Executive Guide on Information Security
Management (May 1998)
USGAO's
supplement to that document (November 1999)
Books:
Sendmail
by Bryan Costales
Web Sites:
Securing
Sendmail
Sendmail
security
Articles:
Notes
on SSH programs and uses
Another great “how to” on SSH can be found at
Web Sites:
SSH FAQs:
http://www.employees.org/~satch/ssh/faq/
http://www.tigerlair.com/ssh/faq/ssh-faq.html
SSH How-To:
http://p25ext.lanl.gov/ssh/ssh-howto.html
http://www.isp-planet.com/equipment/ssh_intro.html
Putty,
a free Windows SSH client
| 
