Computer Security

Keep up with the latest security information

• CERT
  CERT tracks current security alerts and know vulnerabilities.
• Security Focus
  Another site which posts articles on computer security as well as new vulnerabilities.
• French Security Incident Response Team
  Sometimes International sources know about problems before they show up in the United States.

• SANS Security Policy Project
  The ultimate goal of this SANS project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four impo
• Site Security Handbook
  RFC 2196 documents a Site Security Handbook that is a guide to developing computer security policies and procedures for sites that have systems on the Internet.
• ISO27002/ISO17799
  ISO 27002 and formerly 17799, is a detailed security standard. It is organised into ten major sections, each covering a different topic or area; Business Continuity Planning, System Access Control, System Development and maintenance, physical and env
• NIST
  The National Institute for Standards and Technology has publicly available security documents. Review NIST 800-53 Recommended Security Controls for Federal Information Systems which is a very detailed document explaining security controls covering 17

Secure your hosts

• Center for Internet Security
  The Center for Internet Security maintains a site with benchmarking and scoring tools for many different operating systems. They have great documentation on how to secure your hosts, with detailed instructions and explinations of why each step should
• Secure Your Laptop!
  Lundquist's Guide To Not Getting Fired for Losing Your Laptop. Eric Lundquist makes many very important points about what data you should keep on your laptop and additional steps you can take to keep the data safe and confidential in this article.
• Home PC Security Tips
  For those of you who are looking for information on securing your home PC, or would like to know who to call for help with your home system, checkout Kim Kamando's site and Radio show.
• Remove Personal Information from your systems PII
  Identity finder is a free application you can use to see what sensitive information is on your system so you can remove it.

Spyware, Viruses

• AVG is a free Anti Virus Product
  AVG's newest security product provides real-time protection against online threats for free-forever. There are millions of poisoned web pages out there. Let AVG LinkScanner check them out first. If a link is dangerous, you'll be protected
• Spybot Search and Destroy
  Open source tool to deal with spyware.
• MalwareBytes Anti Malware
  Great application to check for malware on your PCs.
• Secunia Personal Software Inspector
  Your Microsoft apps might be up to date with windows update but what about all of your other applications? Secunia PSI will help you identify other security issues.
• Comodo
  Free Anti-virus using the cloud to deal with unknown threats.
• Sophos Free Mac OS X Anti-virus solution
  Macs need to be protected.

• Defense in Depth
  The term defense in depth comes from the military.
• How Firewalls work
  Firewalls come in many different configurations which provide different levels of support. They are often called packet filtering, stateful or proxy firewalls. Many different free firewalls exist, for example, ipf, ipchains, m0n0wall, and sonic wall

• Nagios Host Monitoring
  Nagios is gaining popularity as a good open source monitoring solution.
• Cacti
  A network graphing solution using PHP and MySQL.
• Tripwire - Now Open Source
  Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.
• Osiris
  Osiris is a Host Integrity Monitoring System that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email
• SamHain
  Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operat
• Sisyphus
  Sisyphus is a log analysis application for high performance computing systems.

Security Check Lists

• Linux Security Checklist
  Have you checked your servers?
• Solaris Security Checklist
  Verify your Solaris hosts.

• SNORT
  SNORT is one of the most popular IDS tools.
• ACID
  If you are going to snort, you may as well use ACID. ACID is a php web console you can use to search and process Snort results.
• BASE
  BASE is another web based application useful when analyzing SNORT results.
• OSSEC Host Based Intrusion Detection
  Free Open Source Product.
• Bro
  Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network traffic to extract its application-level semantics

• OWASP
  The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP's Webgoat product will help teach you about how hackers attack web services. Their Webscarab too
• Nessus
  Nessus is a free, very popular network auditing tool. A new version exists for MAC OS X.
• NMAP from Insecure.org
  The insecure.org site provides the nmap tool as well as the new list of the top 100 security tools.
• Ethical Hacking
  Ethicalhacker.net provides information and resources for auditing networks.
• The Metasploit Project
  Metasploit is a powerful tool which can help test expoits on a network.
• SQL Injection Cheat Sheet
  Do your applications filter user input to remove bad input characters? Have you tried to use sql injection against your applications to see what information you can extract. An SQL cheat sheet is handy to remember the techniques to use when testing i
• XSS Cheat Sheet
  RSnake has put together a Cross Site Scripting Cheat Sheet.
• Network Security Toolkit
  A handy resource.
• Center for Internet Security
  A great resource with instructions to harden most operating systems. They explain how to turn off features and explains why you might do it.

• John the Ripper
  John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on vario
• PW Dump
  Windows 2000/XP/2003/Vista/2008 NTLM and LanMan Password Grabber By fizzgig and the foofus.net Team
• FG Dump
  A Tool For Mass Password Auditing of Windows Systems

• Intruder Detection Checklist PDF
  Hopefully you already have your own checklist, if not, look at available checklists and see what information your checklist should cover.
• National Institute of Standards and technology
  NIST 800-61 is the document covering the topic of incident handling.
• SANS Intrusion Discovery Cheat Sheet
  SANS provides a Intrusion Discovery cheat sheet for UNIX administrators which can help you remember many of the items you should look for if you suspect an intrusion.
• Nmap Nessus PDF cheat Sheet
  A PDF nmap and Nessus cheatsheet
• Tools and Hardware for Incident Response
  The Incident Response Book published by O'Reilly contains a lot of information. The Chapter Seven sample provides a list of tools and hardware that you will want to be familiar with or have in your response bag.
• Have a Jump Bag
  Be sure you are prepared to respond appropriately to computer incidents by having a jump bag.

• Wireless security information.
  I cover many wireless security issues on my wardriving squidoo lens.

TCP/IP - What you must know.

• TCP/IP wikipedia
  The wikipedia is a nice place to start your research of the TCP/IP Protocol.
• SANS TCP/IP Cheat Sheet.
  I keep a copy of this document with me as well as stuck to my cubicle.
• OmniPeek
  WildPackets has recently released OmniPeek in response to the release of WireShark. There are many nice features built into this tool and I am starting to prefer to use it, rather than ethereal or wireshark.
• WireShark (Ethereal)
  A network protocol analyzer which is very useful for analyzing problems or incidents on the network, formerly known as Ethereal. Keep this free product up to date.
• tcpdump
  Many UNIX systems support tcpdump as the tool to use to watch network traffic on a host or network. If tcpdump is not available check for snoop.
• Windump
  Windump is my tool of choice on a windows platform.

Help the good guys!

• Dshield
  Contribute your firewall reports to DShield and help the internet community know what activities are taking place on the internet. The internet storm center has graphs of the activities reported to DShield.
• 10 Most Wanted
  Dshield's report of the top 10 offenders.

• Set up a Honeypot
  A honey pot is a system placed on the network with the intention of letting crackers interact with the system. Logs are kept of the actions taking place on the host with the intention of learning what exploits are being used in the wild. Wireless h
• Tarpits are stickier
  The idea of the tarpit is to set up a host which will answer all request made to it on any port, but never complete the conversation. When the host that is trying to establish the connection checks back with the tarpit, the tarpit responds back say