bc.jpg (21214 bytes) >>> Good reads <<<<<

IT Security expertise
w w w . b o r a n . c o m


Interesting Security articles/tips that I come across are listed here...

Some Personal (politics, philosophy etc.) may also be of interest..

Quick links: 20012002

2003 

Jun 20: Serious Paragliding accident: 4 months in hospital.... this page won't be updated for a while..

Jun 8

The Enemy Within: Firewalls and Backdoors, by Bob Rudis,  and Phil Kostenbader
A good summary of backdoors and the limits of firewall protection..

Microsft & DRM: Digital Rights Management

May 2003

Rsync: + SSH minimalist on Windows, Discussions, Faq-O-Matic

Understanding a Network Through Passive Monitoring by Kevin Timm
Useful example on analysis of tcpdump logs.

Securing Apache: Step-by-Step by Artur Maj  (useful example with chroot'ing tips)

Top 75 Security Tools (poll of nmap users)

XP: Tweaking, enhanced command-line monitoring utilities

Introduction to Simple Oracle Auditing by Pete Finnigan

Auditing Web Site Authentication #1 by Mark Burnett

Load Balancers As Firewalls, by Tony Bourke (from 2001, but interesting)

Apr 2003

Auditing Web Site Authentication #1 by Mark Burnett

Specter: a Commercial Honeypot Solution for Windows Lance Spitzner

Cryptographic File Systems, Part Two: Implementation, Ido Dubrawsky

OpenSSH securID patches that support next token
scponly looks interesting for restricting ssh file transfers.
OpenSSH 3.6 and 3.6.1  released

Incident Response Tools For Unix, Part One: System Tools by Holt Sorenson
A handy summary of UNIX tools for budding Security Administrators.

Why Am I Getting All This Spam? Center for Democracy & Technology

Tim. Bray: Why XML Doesn't Suck, XML Is Too Hard For Programmers

Mar 2003

Forensics example: Snort + dtspcd + trojaned /bin/login

VNC on Windows + stunnel/SSL

Best Practices for Secure Development, Razvan Peteanu.

Burning the bridge: Cisco IOS exploits

Unofficial SuSE FAQ   

Very Secure ftp server: vsftpd (and easy to use as well!).

Feb 2003

BSD: Creating systrace policies

MySQL security

Is the U.S. Turning Into a Surveillance Society?

SNMP FAQ, CERT tips on snmp, Presentation by Lucent

SunScreen, Part Two: Policies, Rules, and NAT
Comment: finally some decent articles on the sunscreen. A pity the examples use the GUI and not the command line.

Jan 2003

Sunscreen Part one: introduction, by Ido Dubrawsky

Security Quick-Start HOWTO for Red Hat Linux

Securing Outlook, Part Two: Many Choices to Make

Strikeback, Part Deux, by Tim Mullen
Intelligence Gathering: Watching a Honeypot at Work, by Toby Miller

SANS: Security Policy Project, Reading Room

Netcat overview
Nmapwin
TightVNC is an  improved version of VNC (speed/compression/GUI), and RealVNC is the continuation of the original version. The commercial TridiaVNC Pro looks interesting too, with file transfer and SSL encryption.
Dell Inspiron 8x00 fan control utility


2002 Summary

'Twas the Night Before Christmas, 2002, Tim Mullen

Microsoft & Windows

Solaris

IDS:

Tools

WLAN/WiFi

General

 

Consider two non techie books I discovered in 2002: The Rogue State and Crimes and Mercies. See the non-techie section below.


2001 Summary

CISCO Router Tool & Benchmark http://www.cisecurity.org/bench_cisco.html

Microsoft

Sun

SSH

HP: Precompiled free software, for HP http://hpux.asknet.de (a bit like www.Sunfreeware.com for Solaris)

System administration

Humor

IDS & Attacks

General


SeŠn Boran, Last Update: 10 mai, 2004