Computer Security

Keep up with the latest security information

CERT

CERT tracks current security alerts and know vulnerabilities.

Security Focus

Another site which posts articles on computer security as well as new vulnerabilities.

French Security Incident Response Team

Sometimes International sources know about problems before they show up in the United States.

Got a Security Policy?

A policy will guide decisions about how to implement security.

SANS Security Policy Project

The ultimate goal of this SANS project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four important security requirements.

Site Security Handbook

RFC 2196 documents a Site Security Handbook that is a guide to developing computer security policies and procedures for sites that have systems on the Internet.

ISO27002/ISO17799

ISO 27002 and formerly 17799, is a detailed security standard. It is organised into ten major sections, each covering a different topic or area; Business Continuity Planning, System Access Control, System Development and maintenance, physical and environmental security, compliance, personal security, security organizations, computer and operations management, asset classification and control and security policy.

NIST

The National Institute for Standards and Technology has publicly available security documents. Review NIST 800-53 Recommended Security Controls for Federal Information Systems which is a very detailed document explaining security controls covering 17 categories.

Secure your hosts

Center for Internet Security

The Center for Internet Security maintains a site with benchmarking and scoring tools for many different operating systems. They have great documentation on how to secure your hosts, with detailed instructions and explinations of why each step should be taken.

*** If you have never seen the documents produced by the Center for Internet Security, do yourself a favor and review one. They are the best I have seen on securing operating systems. ***

Secure Your Laptop!

Lundquist's Guide To Not Getting Fired for Losing Your Laptop. Eric Lundquist makes many very important points about what data you should keep on your laptop and additional steps you can take to keep the data safe and confidential in this article.

Home PC Security Tips

For those of you who are looking for information on securing your home PC, or would like to know who to call for help with your home system, checkout Kim Kamando's site and Radio show.

Remove Personal Information from your systems PII

Identity finder is a free application you can use to see what sensitive information is on your system so you can remove it.

Spyware, Viruses

AVG is a free Anti Virus Product

AVG's newest security product provides real-time protection against online threats for free-forever. There are millions of poisoned web pages out there. Let AVG LinkScanner check them out first. If a link is dangerous, you'll be protected

Spybot Search and Destroy

Open source tool to deal with spyware.

MalwareBytes Anti Malware

Great application to check for malware on your PCs.

Secunia Personal Software Inspector

Your Microsoft apps might be up to date with windows update but what about all of your other applications? Secunia PSI will help you identify other security issues.

Comodo

Free Anti-virus using the cloud to deal with unknown threats.

Sophos Free Mac OS X Anti-virus solution

Macs need to be protected.

Perimeter Secuity

Firewalls, Screened Subnets

Defense in Depth

The term defense in depth comes from the military.

How Firewalls work

Firewalls come in many different configurations which provide different levels of support. They are often called packet filtering, stateful or proxy firewalls. Many different free firewalls exist, for example, ipf, ipchains, m0n0wall, and sonic wall to name just a few.

Monitor your hosts and network

Nagios Host Monitoring

Nagios is gaining popularity as a good open source monitoring solution.

Cacti

A network graphing solution using PHP and MySQL.

Tripwire - Now Open Source

Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.

Osiris

Osiris is a Host Integrity Monitoring System that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email these logs to the administrator. Hosts are periodically scanned and, if desired, the records can be maintained for forensic purposes. Osiris keeps an administrator apprised of possible attacks and/or nasty little trojans. The purpose here is to isolate changes that indicate a break-in or a compromised system. Osiris makes use of OpenSSL for encryption and authentication in all components.

SamHain

Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.

Sisyphus

Sisyphus is a log analysis application for high performance computing systems.

Security Check Lists

Linux Security Checklist

Have you checked your servers?

Soalris Security Checklist

Verify your Solaris hosts.

Intrusion Detection Systems

Are you paranoid?

SNORT

SNORT is one of the most popular IDS tools.

ACID

If you are going to snort, you may as well use ACID. ACID is a php web console you can use to search and process Snort results.

BASE

BASE is another web based application useful when analyzing SNORT results.

OSSEC Host Based Intrusion Detection

Free Open Source Product.

Bro

Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network traffic to extract its application-level semantics and then executing event-oriented analyzers that compare the activity with patterns deemed troublesome. Its analysis includes detection of specific attacks (including those defined by signatures, but also those defined in terms of events) and unusual activities (e.g., certain hosts connecting to certain services, or patterns of failed connection attempts).

Auditing your network (Ethical Hacking)

Have you looked yet?

OWASP

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP's Webgoat product will help teach you about how hackers attack web services. Their Webscarab tool is also quite useful. Check out their valuable content, find a local chapter and help build this community.

Nessus

Nessus is a free, very popular network auditing tool. A new version exists for MAC OS X.

NMAP from Insecure.org

The insecure.org site provides the nmap tool as well as the new list of the top 100 security tools.

Ethical Hacking

Ethicalhacker.net provides information and resources for auditing networks.

The Metasploit Project

Metasploit is a powerful tool which can help test expoits on a network.

SQL Injection Cheat Sheet

Do your applications filter user input to remove bad input characters? Have you tried to use sql injection against your applications to see what information you can extract. An SQL cheat sheet is handy to remember the techniques to use when testing injection attacks.

XSS Cheat Sheet

RSnake has put together a Cross Site Scripting Cheat Sheet.

Network Security Toolkit

A handy resource.

Center for Internet Security

A great resource with instructions to harden most operating systems. They explain how to turn off features and explains why you might do it.

Password Verification

John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus many more with contributed patches.

PW Dump

Windows 2000/XP/2003/Vista/2008 NTLM and LanMan Password Grabber
By fizzgig and the foofus.net Team

FG Dump

A Tool For Mass Password Auditing of Windows Systems

Incident Response / Handling

Are you prepared?

Intruder Detection Checklist PDF

Hopefully you already have your own checklist, if not, look at available checklists and see what information your checklist should cover.

National Institute of Standards and technology

NIST 800-61 is the document covering the topic of incident handling.

SANS Intrusion Discovery Cheat Sheet

SANS provides a Intrusion Discovery cheat sheet for UNIX administrators which can help you remember many of the items you should look for if you suspect an intrusion.

Nmap Nessus PDF cheat Sheet

A PDF nmap and Nessus cheatsheet

Tools and Hardware for Incident Response

The Incident Response Book published by O'Reilly contains a lot of information. The Chapter Seven sample provides a list of tools and hardware that you will want to be familiar with or have in your response bag.

Have a Jump Bag

Be sure you are prepared to respond appropriately to computer incidents by having a jump bag.

Wireless Security

How far does your signal go?

Wireless security information.

I cover many wireless security issues on my wardriving squidoo lens.

TCP/IP

What you must know.

TCP/IP wikipedia

The wikipedia is a nice place to start your research of the TCP/IP Protocol.

SANS TCP/IP Cheat Sheet.

I keep a copy of this document with me as well as stuck to my cubicle.

OmniPeek

WildPackets has recently released OmniPeek in response to the release of WireShark. There are many nice features built into this tool and I am starting to prefer to use it, rather than ethereal or wireshark.

WireShark (Ethereal)

A network protocol analyzer which is very useful for analyzing problems or incidents on the network, formerly known as Ethereal. Keep this free product up to date.

tcpdump

Many UNIX systems support tcpdump as the tool to use to watch network traffic on a host or network. If tcpdump is not available check for snoop.

Windump

Windump is my tool of choice on a windows platform.

Help the good guys!

Dshield

Contribute your firewall reports to DShield and help the internet community know what activities are taking place on the internet. The internet storm center has graphs of the activities reported to DShield.

10 Most Wanted

Dshield's report of the top 10 offenders.

Learn from the Bad Guys!

Set out some bait.

Set up a Honeypot

A honey pot is a system placed on the network with the intention of letting crackers interact with the system. Logs are kept of the actions taking place on the host with the intention of learning what exploits are being used in the wild.

Wireless honeypots can also be setup to catch wireless crackers.

Tarpits are stickier

The idea of the tarpit is to set up a host which will answer all request made to it on any port, but never complete the conversation. When the host that is trying to establish the connection checks back with the tarpit, the tarpit responds back saying it will eventually finish the connection. Little does the external host know, but the tarpit will never allow the session to be set up. The idea is to tie up hosts acting badly on the network. These are fun to watch but many people do not consider them an extra layer of security.