[prev in list] [next in list] [prev in thread] [next in thread]
List: best-of-security
Subject: BoS: Re: Merits
From: proff () suburbia ! net
Date: 1997-07-31 18:48:11
[Download RAW message or body]
> Can anybody point me in the direction of some sound documentation on the
> Advantages and dis-advantages of some of some of the more well known
> packaged firewall products compared to Applications such as Socks 4/5.
I'm not going to claim that this is the perfect list for you, but a lot
of people have asked for this document since I first posted it. I guess
they're putting it up at freebsd.org. In the meantime, however, this
will get you started. Eventually, by the way, this (and about two and a
half times again) of a bibiliography will go up at http://www.gnss.com.
My partner and I are going to build a huge server there. In about a
month or so. (It will be searchable, blah, blah. Oh yes...and free, of
course.) Unfortunately, in this batch, I don't really have anything that
directly compares all firewalls to SOCKS technology specifically, but
this will get you on that road. Here's the list, in descending order.
All have some form of either comparison, a summary of features, wish
lists, etc.(I haven't updated the links for some of M.J. Ranum's stuff,
so, Mr. Ranum, if you're out there, you may wish to inform him - and me
- of those new links.) The list follows:
Rating of application layer proxies. Michael Richardson. Wed Nov 13
13:54:09 EST 1996.
http://www.sandelman.ottawa.on.ca/SSW/proxyrating/proxyrating.html
Comparison: Firewalls. June 17, 1996. LanTimes. Comprehensive
comparison
of a wide variety of firewall products.
http://www.lantimes.com/lantimes/usetech/compare/pcfirewl.html
PCWEEK Intranet and Internet Firewall Strategies. Ed Amoroso & Ron
Sharp, Ziff Davies
Firewall Performance Measurement Techniques: A Scientific Approach.
Marcus Ranum. February 4, 1996 (Last Known Date of Mod.)
http://www.v-one.com/pubs/perf/approaches.htm
Internet Firewalls and Network Security. Chris Hare, Karanjit
Siyan. 2nd Edition. New Riders Pub. August 1,1996.
ISBN:
1562056328
Internet Firewalls. Scott Fuller, Kevin Pagan. Ventana Communications
Group Inc. January 1997. ISBN: 1566045061
Building Internet Firewalls. D. Brent Chapman, Elizabeth D. Zwicky.
O'Reilly & Associates (ORA). September 1,1995. ISBN: 1565921240
Firewalls and Internet Security : Repelling the Wily Hacker.
Addison-Wesley Professional Computing. William R. Cheswick, Steven M.
Bellovin. June 1,1994. ISBN: 0201633574
Actually Useful Internet Security Techniques. Larry J. Hughes, Jr. New
Riders Publishing, ISBN 1-56205-508-9
Internet Security Resource Library : Internet Firewalls and Network
Security, Internet Security Techniques, Implementing Internet Security.
New Riders. December 1995. ISBN: 1562055062
Firewalls FAQ. Marcus J. Ranum.
http://www.cis.ohio-state.edu/hypertext/faq/usenet/firewalls-faq/faq.html
NCSA Firewall Policy Guide. Compiled by Stephen Cobb, Director of
Special Projects. National Computer Security Association.
http://www.ncsa.com/fwpg_p1.html
There Be Dragons. Steven M. Bellovin. "To appear in Proceedings of the
Third Usenix UNIX Security Symposium, Baltimore, September 1992." AT&T
Bell Laboratories, Murray Hill, NJ. August 15, 1992
Keeping your site comfortably secure: An Introduction to Internet
Firewalls. John P. Wack and Lisa J. Carnahan. National Institute
ofStandards and Technology. John Wack Thursday, Feb 9 18:17:09 EST
1995.
http://csrc.ncsl.nist.gov/nistpubs/800-10/
SQL*Net and Firewalls. David Sidwell & Oracle Corporation.
http://www.zeuros.co.uk/firewall/library/oracle-and-fw.pdf
Covert Channels in the TCP/IP Protocol Suite. Craig Rowland. Rotherwick
& Psionics Software Systems Inc.
http://www.zeuros.co.uk/firewall/papers.htm
If You Can Reach Them, They Can Reach You. A PC Week Online Special
Report, June 19, 1995. William Dutcher.
http://www.pcweek.com/sr/0619/tfire.html
Packet Filtering for Firewall Systems. February 1995. CERT (and
Carnegie
Mellon University.) ftp://info.cert.org/pub/tech_tips/packet_filtering
Network Firewalls. Steven M. Bellovin and William R. Cheswick.
ieeecm, 32(9), pp. 50-57, September 1994.
Session-Layer Encryption. Matt Blaze and Steve Bellovin. Proceedings of
the USENIX Security Workshop, June 1995.
A Network Perimeter With Secure External Access. An extraordinary paper
that details the implementation of a firewall purportedly at the White
House. (Yes, the one at 1600 Pennsylvania Avenue.) Frederick M. Avolio;
Marcus J. Ranum. (Trusted Information Systems, Incorporated). Glenwood,
MD. January 25, 1994.
http://www.alw.nih.gov/Security/FIRST/papers/firewall/isoc94.ps
Packets Found on an Internet. Interesting Analysis of packets appearing
at the Application Gateway of AT&T. Steven M. Bellovin. Lambda. August
23, 1993. ftp://ftp.research.att.com/dist/smb/packets.ps
Using Screend to implement TCP/IP Security Policies. Jeff Mogul.
Rotherwick and Digital.
http://www.zeuros.co.uk/firewall/library/screend.ps
Firewall Application Notes. Good document that starts out by describing
how to build a firewall. It also addresses application proxies,
Sendmail
in relation to firewalls and the characteristics of a bastion host.
Livingston Enterprises, Inc.
http://www.telstra.com.au/pub/docs/security/firewall-1.1.ps.Z
X Through the Firewall, and Other Application Relays. Treese/Wolman
Digital Equipment Corp. Cambridge Research Lab. (October, 1993?).
ftp://crl.dec.com/pub/DEC/CRL/tech-reports/93.10.ps.Z
Intrusion Protection for Networks 171. BYTE Magazine. April, 1995.
Benchmarking Methodology for Network Interconnect Devices. RFC 1944. S.
Bradner & J. McQuaid. ftp://ds.internic.net/rfc/rfc1944.txt
WARDING OFF THE CYBERSPACE INVADERS. Business Week. 03/13/95. Amy
Cortese in New York, with bureau reports
Vulnerability in Cisco Routers used as Firewalls. Computer Incident
Advisory Capability Advisory: Number D-15. May 12, 1993 1500 PDT.
http://ciac.llnl.gov/ciac/bulletins/d-15.shtml
WAN-Hacking with AutoHack - Auditing Security behind the Firewall. Alec
D.E. Muffett. (network Security Group, Sun Microsystems, United
Kingdom.) Written by the author of Crack, the famous password cracking
program. Extraordinary document that deals with methods of auditing
security from behind a firewall. (And auditing of a network so large
that it contained tens of thousands of hosts!) June 6, 1995.
http://www.telstra.com.au/pub/docs/security/muffett-autohack.ps
Windows NT Firewalls Are Born. February 4, 1997. PC Magazine.
http://www.pcmagazine.com/features/firewall/_open.htm
Group of 15 Firewalls Hold Up Under Security Scrutiny. Stephen
Lawson June 1996.
InfoWorld.
http://www.infoworld.com/cgi-bin/displayStory.pl?96067.firewall.htm
IP v6 Release and Firewalls. Uwe Ellermann. 14th Worldwide Congress on
Computer and Communications Security. Protection, pp. 341-354, June
1996.
The SunScreen Product Line Overview. (Sun Microsystems.)
http://www.sun.com/security/overview.html
Product Overview for IBM Internet Connection Secured Network Gateway
for
AIX, Version 2.2. (IBM Firewall Information.)
http://www.ics.raleigh.ibm.com/firewall/overview.htm
The Eagle Firewall Family. (Raptor Firewall Information.)
http://www.raptor.com/products/brochure/40broch.html
Secure Computing Firewall™ for NT. Overview. (Secure Computing).
http://www.sctc.com/NT/HTML/overview.html
Check Point FireWall-1 Introduction. (Checkpoint Technologies Firewall
Information.) http://www.checkpoint.com/products/firewall/intro.html
Cisco PIX Firewall. (Cisco Systems Firewall Information.)
http://www.cisco.com/univercd/data/doc/cintrnet/prod_cat/pcpix.htm
Protecting the Fortress From Within and Without. R. Scott Raynovich.
April 1996. LAN Times. http://www.wcmh.com/lantimes/96apr/604c051a.html
Internet Firewalls: An Introduction. Firewall White Paper. NMI Internet
Expert Services. PO Box 8258. Portland, ME 04104-8258.
http://www.netmaine.com/netmaine/whitepaper.html
Features of the Centri(TM) Firewall. (Centri Firewall Information.)
http://www.gi.net/security/centrifirewall/features.html
Five Reasons Why an Application Gateway is the Most Secure Firewall.
(Global Internet.)
http://www.gi.net/security/centrifirewall/fivereasons.html
An Introduction to Intrusion Detection. Aurobindo Sundaram. Last
Apparent Date of Modification: October 26, 1996.
http://www.techmanager.com/nov96/intrus.html
Intrusion Detection for Network Infrastructures. S. Cheung, K.N.
Levitt,
C. Ko. 1995 IEEE Symposium on Security and Privacy, Oakland, CA, May
1995. http://seclab.cs.ucdavis.edu/papers/clk95.ps
Network Intrusion Detection. Biswanath Mukherjee and L. Todd Heberlein
and Karl N. Levitt. IEEE Network, May 1994.
Fraud and Intrusion Detection in Financial Information Systems. S.
Stolfo and P. Chan and D. Wei and W. Lee and A. Prodromidis.
4th
ACM Computer and Communications Security Conference, 1997.
http://www.cs.columbia.edu/~sal/hpapers/acmpaper.ps.gz
A Pattern-Oriented Intrusion-Detection Model and Its Applications.
Shiuhpyng W. Shieh and Virgil D. Gligor. Research in Security and
Privacy, IEEECSP, May 1991.
Detecting Unusual Program Behavior Using the Statistical Component of
the Next-generation Intrusion Detection Expert System (NIDES). Debra
Anderson, Teresa F. Lunt, Harold Javitz, Ann Tamaru, and Alfonso
Valdes.
SRI-CSL-95-06, May 1995. (Available in hard copy only.) Abstract:
http://www.csl.sri.com/tr-abstracts.html#csl9506
Intrusion Detection Systems (IDS): A Survey of Existing Systems and A
Proposed Distributed IDS Architecture. S.R. Snapp, J. Brentano, G.V.
Dias, T.L. Goan, T. Grance, L.T. Heberlein, C. Ho, K.N. Levitt, B.
Mukherjee, D.L. Mansur, K.L. Pon, and S.E. Smaha. Technical Report
CSE-91-7, Division of Computer Science, University of California,
Davis,
February 1991. http://seclab.cs.ucdavis.edu/papers/bd96.ps
A Methodology for Testing Intrusion Detection Systems. N. F. Puketza,
K.
Zhang, M. Chung, B. Mukherjee, R. A. Olsson. IEEE Transactions on
Software Engineering, Vol.22, No.10, October 1996.
http://seclab.cs.ucdavis.edu/papers/tse96.ps
GrIDS -- A Graph-Based Intrusion Detection System for Large Networks.
S.
Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J.
Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle. The 19th National
Information Systems Security Conference.
http://seclab.cs.ucdavis.edu/papers/nissc96.ps
NetKuang--A Multi-Host Configuration Vulnerability Checker. D. Zerkle,
K. Levitt , Proc. of the 6th USENIX Security Symposium. San Jose,
California. 1996. http://seclab.cs.ucdavis.edu/papers/zl96.ps
Simulating Concurrent Intrusions for Testing Intrusion Detection
Systems: Parallelizing Intrusions. M. Chung, N. Puketza, R.A. Olsson,
B.
Mukherjee. Proc. of the 1995 National Information Systems Security
Conference. Baltimore, Maryland. 1995.
http://seclab.cs.ucdavis.edu/papers/cpo95.ps
Holding Intruders Accountable on the Internet. S. Staniford-Chen, and
L.T. Heberlein. Proc. of the 1995 IEEE Symposium on Security and
Privacy, Oakland, CA, 8-10 May 1995.
http://seclab.cs.ucdavis.edu/~stanifor/seclab_only/notes/ieee_conf_94/revision/submitted.ps
Machine Learning and Intrusion Detection: Current and Future
Directions.
J. Frank. Proc. of the 17th National Computer Security Conference,
October 1994.
Another Intrusion Detection Bibliography.
http://doe-is.llnl.gov/nitb/refs/bibs/bib1.html
Intrusion Detection Bibliography.
http://www.cs.purdue.edu/coast/intrusion-detection/ids_bib.html
Intrusion Detection Systems. This list concentrates primarily on
discussions about methods of intrusion or intrusion detection.
Target: majordomo@uow.edu.au
Command: subscribe ids (In BODY of message)
The WWW Security List. Members of this list discuss all techniques to
maintain (or subvert) WWW security. (Things involving secure methods
of
HTML, HTTP and CGI.)
Target: www-security-request@nsmx.rutgers.edu
Command: SUBSCRIBE www-security your_email_address (In BODY of message)
The Sneakers List. This list discusses methods of circumventing
firewall
and general security. This list is reserved for lawful tests and
techniques.
Target: majordomo@CS.YALE.EDU
Command: SUBSCRIBE Sneakers (In BODY of message)
The Secure HTTP List. This list is devoted to the discussion of S-HTTP
and techniques to facilitate this new form of security for WWW
transactions.
Target: shttp-talk-request@OpenMarket.com
Command: SUBSCRIBE (In BODY of message)
The NT Security List. This list is devoted to discussing all techniques
of security related to the Microsoft Windows NT operating system.
(Individuals also discuss security aspects of other Microsoft operating
systems as well.)
Target: request-ntsecurity@iss.net
Command: subscribe ntsecurity (In BODY of message)
The Bugtraq List. This list is for posting or discussing bugs in
various
operating systems, those UNIX is the most often discussed. The
information here can be quite explicit. If you are looking to learn the
fine aspects (and cutting edge news) in UNIX security, this list is for
you.
Target: LISTSERV@NETSPACE.ORG
Command: SUBSCRIBE BUGTRAQ(In BODY of message)
Password Security: A Case History. Robert Morris and Ken Thompson.
http://www.sevenlocks.com/papers/password/pwstudy.ps
Site Security Handbook (update and Idraft version; June 1996, CMU.
Draft-ietf-ssh-handbook-03.txt.) Barbara Fraser.
http://www.internic.net/internet-drafts/draft-ietf-ssh-handbook-03.txt.
Improving the Security of Your Site by Breaking Into It. Dan Farmer &
Wietse Venema. (1995) http://www.craftwork.com/papers/security.html.
Making Your Setup More Secure. NCSA Tutorial Pages.
http://hoohoo.ncsa.uiuc.edu/docs/tutorials/security.html.
The Secure HyperText Transfer Protocol. E. Rescorla, A. Schiffman (EIT)
July 1995.
http://www.eit.com/creations/s-http/draft-ietf-wts-shttp-00.txt.
The SSL Protocol. (IDraft) Alan O. Freier & Philip Karlton (Netscape
Communications) with Paul C. Kocher.
http://home.netscape.com/eng/ssl3/ssl-toc.html.
Writing, Supporting, and Evaluating TripWire. A Publicly Available
Security Tool; Kim/Spafford. http://www.raptor.com/lib/9419.ps
The Design and Implementation of TripWire. A Filesystem Integrity
Checker; Kim/Spafford. Location: http://www.raptor.com/lib/9371.ps
X Window System Security. Ben Gross & Baba Buehler. Beckman Institute
System Services.
http://www.beckman.uiuc.edu/groups/biss/VirtualLibrary/xsecurity.html.
Last Apparent Date of Modification: January 11, 1996.
On the (in)Security of the Windowing System X. Marc VanHeyningen of
Indiana University. http://www.cs.indiana.edu/X/security/intro.html.
September 14, 1994.
Security in the X11 Environment. Pangolin. University of Bristol, UK.
January, 1995. http://sw.cse.bris.ac.uk/public/Xsecurity.html.
Security in Open Systems. (NIST) John Barkley, Editor. (With Lisa
Carnahan, Richard Kuhn, Robert Bagwill, Anastase Nakassis, Michael
Ransom, John Wack, Karen Olsen, Paul Markovitz and Shu-Jen Chang.) US
Department of Commerce. Section: The X Window System: Bagwill, Robert.
http://csrc.ncsl.nist.gov/nistpubs/800-7/node62.html#SECTION06200000000000000000.
Security Enhancements of the DEC MLS+ System; The Trusted X Window
System. November, 1995.
http://ftp.digital.com/pub/Digital/info/SPD/46-21-XX.txt
Evolution of a Trusted B3 Window System Prototype. J. Epstein, J. Mc
Hugh, R.Psacle, C. Martin, D. Rothnie, H. Orman, A. Marmor-Squires,
M.Branstad, and B. Danner, , In
Proceeding of the 1992 IEEE Symposium on Security and Privacy, 1992.
A Prototype B3 Trusted X Window System. J. Epstein, J. Mc Hugh, R.
Pascale, H. Orman, G. Benson, C.Martin, A. Marmor-Squires, B.Danner,
and
M. Branstad, The Proceedings of the 7th Computer Security Applications
Conference, December, 1991.
Improving X Windows Security. UNIX World, (Volume IX, Number 12)
December 1992. Linda Mui.
Security and the X Window System. UNIX World, 9(1), p. 103. January
1992. Dennis Sheldrick.
The X Window System. Scheifler, Robert W. & Gettys, Jim. ACM
Transactions on Graphics. Vol.5, No. 2 (April 1986), pp. 79-109.
http://www.acm.org/pubs/toc/Abstracts/0730-0301/24053.html.
X Window Terminals. Digital Technical Journal of Digital Equipment
Corporation, 3(4), pp. 26-36, Fall 1991. Björn Engberg and Thomas
Porcher.
ftp://ftp.digital.com/pub/Digital/info/DTJ/v3n4/X_Window_Terminals_01jul1992DTJ402P8.ps.
Information Security: Computer Attacks at Department of Defense Pose
Increasing Risks; General Accounting Office. Report on Failed Security
at US Defense Sites.
http://www.epic.org/security/GAO_OMB_security.html
Defense Directive 5200.28. "Security requirements for Automated
Information Systems." Document describing some antiquated government
standards for security.
http://140.229.1.16:9000/htdocs/teinfo/directives/soft/5200.28.html
The Evaluated Products List (EPL). A list of products that have been
evaluated for security ratings, based on DOD guidelines.
http://www.radium.ncsc.mil/tpep/epl/index.html
INTERNIC, or the Network Information Center. INTERNIC provides
comprehensive databases on networking information. These databases
contain the larger portion of collected knowledge on the design and
scope of the Internet. (Of main importance here is the database of RFC
documents.)
http://ds0.internic.net/ds/dspg1intdoc.html
The Rand Corporation. Security resources of various sorts. Also: very
engrossing "early" documents on the Internet’s design.
http://www.rand.org/publications/electronic/
Connected: An Internet Encyclopedia. (Incredible on-line resource for
RFC documents and related information, apparently painstaking
translated
into HTML.)
http://www.freesoft.org/Connected/RFC/826/
The Computer Emergency Response Team. (CERT) An organization that
assists sites in responding to network security violations, break-ins
and so forth. Great source of information, particularly for
vulnerabilities.
http://www.cert.org.
Security Survey of Key Internet Hosts & Various Semi-Relevant
Reflections. D. Farmer. Fascinating independent stud conducted by one
of
the authors of the now famous SATAN program. The survey involved
approximately 2200 sites. The results are disturbing.
http://www.trouble.org/survey/
CIAC. (U.S. Department of Energy's Computer Incident Advisory
Capability.) The CIAC provides computer security services to employees
and contractors of the United States Department of Energy, but the site
is open to the public as well. There are many tools and documents at
this location.
http://ciac.llnl.gov/
The National Computer Security Association. This site contains a great
deal of valuable security information, including reports, papers,
advisories and analyses of various computer security products and
techniques.
http://www.ncsa.com/
Short Courses in Information Systems Security at George Mason
University. This site contains information about security courses.
Moreover, there are links a comprehensive bibliography of various
security related documents.
http://www.isse.gmu.edu:80/~gmuisi/
NCSA RECON. Spooks on the Net. The National Computer Security
Association’s "special" division. They offer a service where one can
search through thousands of downloaded messages passed amongst hackers
and crackers on BBS boards and the Internet. An incredible security
resource, but a commercial one.
http://www.isrecon.ncsa.com/public/faq/isrfaq.htm
Lucent Technologies. Courses on security from the folks who really know
security.
http://www.attsa.com/
Massachusetts Institute of Technology distribution site for United
States residents for Pretty Good Privacy (PGP). PGP provides some of
the
most powerful, military grade encryption currently available.
http://web.mit.edu/network/pgp.html
The Anonymous Remailer FAQ. A document that covers all aspects of
anonymous remailing techniques and tools.
http://www.well.com/user/abacard/remail.html
The Anonymous Remailer List. A comprehensive but often changing
(dynamic) list of anonymous remailers
http://www.cs.berkeley.edu/~raph/remailer-list.html
Microsoft ActiveX Security. This page addresses the security features
of
ActiveX.
http://www.microsoft.com/intdev/signcode/
Purdue University COAST Archive. One of the more comprehensive security
sites, containing many tools and documents of deep interest within the
security community.
http://www.cs.purdue.edu//coast/archive/
Raptor Systems. Makers of one of the better firewall products on the
Net
have established a fine security library.
http://www.raptor.com/library/library.html
The Risks Forum. A moderated digest of security and other risks in
computing. A great resource that is also searchable. You can tap the
better security minds on the Net.
http://catless.ncl.ac.uk/Risks
FIRST. (Forum of Incident Response and Security Teams). A
conglomeration
of many organizations undertaking security measures on the Internet. A
powerful organization and good starting place for sources.
http://www.first.org/
The CIAC Virus Database. The ultimate virus database on the Internet.
An
excellent resource to learn about various viruses that can effect your
platform.
http://ciac.llnl.gov/ciac/CIACVirusDatabase.html
Information Warfare and Information Security on the Web. A
comprehensive
lost of links and other resources concerning Information Warfare over
the Internet.
http://www.fas.org/irp/wwwinfo.html
Criminal Justice Studies of the Law Faculty of University of Leeds, The
United Kingdom. Site with interesting information on cryptography and
civil liberties.
http://www.leeds.ac.uk/law/pgs/yaman/cryptog.htm.
Federal Information Processing Standards Publication documents.
(Government guidelines.) National Institute of Standards and Technology
reports on DES encryption and related technologies.
http://csrc.nist.gov/fips/fips46-2.txt
Wordlists available at NCSA and elsewhere. (For use in testing the
strength of, or "cracking" UNIX passwords.)
http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html.
Department of Defense Password Management Guideline. (Treatment of
password security in classified environments.)
http://www.alw.nih.gov/Security/FIRST/papers/password/dodpwman.txt
Dr. Solomon’s. A site filled with virus information. Anyone concerned
with viruses (or anyone who just wants to know more about virus
technology,) should visit Dr. Solomon’s site.
http://www.drsolomon.com/vircen/allabout.html
The Seven Locks server. An eclectic collection of security resources,
including a number of papers that cannot be found elsewhere!
http://www.sevenlocks.com/CIACA-10.htm.[m1]
S/Key informational page. Provides information on S/Key and use of one
time passwords in authentication.
http://medg.lcs.mit.edu/people/wwinston/skey-overview.html.
A page devoted to ATP, the "Anti-Tampering Program". (In some ways,
similar to Tripwire or Hobgoblin.)
http://www.cryptonet.it/docs/atp.html
Bugtraq Archives. An archive of the popular mailing list, Bugtraq. This
is significant because Bugtraq is one of the most reliable source for
up-to-date reports on new found vulnerabilities in UNIX (and at times,
other operating systems.)
http://geek-girl.com/bugtraq/
Wang Federal. This company produces very high quality security
operating
systems and other security solutions. They are the leader in TEMPEST
technology.
http://www.wangfed.com
The Center for Secure Information Systems. This site, affiliated with
the Center at George Mason University, has some truly incredible
papers.
There is much research going on here; research of a cutting edge
nature.
The link below send you directly to the publications page, but you
really should explore the entire site.
http://www.isse.gmu.edu/~csis/publication.html
SRI International. Some very highbrow technical information. The
technical reports here are of extreme value. However, you must have at
least a fleeting background in security to even grasp some of the
concepts. Nevertheless, a great resource.
http://www.sri.com/
The Security Reference Index. This site, maintained by the folks at
telstra.com, is a comprehensive pointer page to many security
resources.
http://www.telstra.com.au/info/security.html
Wietse Venema’s Tools Page. This page, Maintained by Wietse Venema
(co-author of SATAN and author of TCP_Wrapper and many, other security
tools), filled papers, tools and general information. It is a
must-visit
for any UNIX system administrator.
ftp://ftp.win.tue.nl/pub/security/index.html
United States. Congress. House. Committee on Science, Space, and
Technology. Subcommittee on Science. Internet security : Hearing
Before
the Subcommittee on Science of the Committee on Science, Space, and
Technology. U.S. House of Representatives, One Hundred Third Congress,
second session, March 22, 1994. Washington. U.S. G.P.O. For sale by
the U.S. G.P.O., Supt. of Docs., Congressional Sales Office, 1994.
UNIX Unleashed. SAMS Publishing, 1994. ISBN: 0-672-30402-3.
Internet QuickKIT. Brad Miser. HAYDEN. ISBN: 1568302401
Bots and Other Internet Beasties. SAMS.NET. Joseph Williams. ISBN:
1575210169 (1996)
The Internet Unleashed 1996. SAMS.NET. SAMS Development Group. ISBN:
157521041X. (1995)
Microsoft Internet Information Server 2 Unleashed. Arthur Knowles.
SAMS.NET. ISBN: 1575211092. (1996)
Designing and Implementing Microsoft Internet Information Server.
SAMS.NET. ISBN: 1575211688. (1996)
Internet Research Companion. Que Education and Training. Geoffrey
McKim.
ISBN: 1575760509. (1996)
An Interactive Guide to the Internet. Que Education and Training. J.
Michael BLocher, Vito Amato & Jon Storslee. ISBN: 1575763540. (1996)
Internet Security for Business. New York. Wiley, 1996. xi, 452 p. :
ill. ; 24 cm. LC CALL NUMBER: HD30.38 .I57 1996
Managing Windows NT Server 4. NRP. Howard F. Hilliker. ISBN:
1562055763.
(1996)
Internet 1997 Unleashed, Second Edition. SAMS.NET. Jill Ellsworth,
Billy
Barron, et al. ISBN: 1575211858. (1996)
Windows NT Server 4 Security, Troubleshooting, and Optimization. NRP.
ISBN: 1562056018. (1996)
Apache Server Survival Guide. SAMS.NET. Manuel Alberto Ricart. ISBN:
1575211750. (1996)
Internet Firewalls and Network Security, Second Edition. NRP. Chris
Hare
and Karanjit S. Siyan, Ph.D. ISBN: 1562056328. (1996)
PC Week Intranet and Internet Firewalls Strategies. ZDPRESS. Ed Amoroso
& Ronald Sharp. ISBN: 1562764225. (1996)
Internet Security Professional Reference. NRP. Chris Hare, et al. ISBN:
1562055577. (1996)
NetWare Security. NRP. William Steen. ISBN: 1562055453. (1996)
Internet Security Resource Library. NRP. Box-set. ISBN: 1562055062.
(1996)
LINUX System Administrator's Survival Guide. SAMS. Timothy Parker, Ph.
D. ISBN: 0672308509. (1996)
Internet Commerce. NRP. Andrew Dahl and Leslie Lesnick. ISBN:
1562054961. (1995)
Windows NT Server 4 Security, Troubleshooting, and Optimization. NRP.
ISBN: 1562056018. (1996)
E-Mail Security: How To Keep Your Electronic Messages Private. Bruce
Schneier. John Wiley & Sons Inc. 605 Third Ave. New York, NY 10158.
ISBN: 0-471-05318-X
Protection and Security on the Information Superhighway. Frederick B.
Cohen. John Wiley & Sons Inc. 605 Third Ave. New York, NY 10158. ISBN:
0-471-11389-1
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic