CS 225 Home Page
Computer and Network Security
Fall 2006
This course examines both the theory and practice of computer and network security.
Topics include cryptography, the Internet, viruses, crackers, sniffers, back doors,
network attacks, trojan horses, intrusion detection, and firewalls. Examples
of attacks and how to protect against them will be drawn from both the Windows and
Unix/Linux worlds. Hands on exercises are included.
Further Course Information
Resources and Links
Security
- Anti-Phishing Working Group
- @Stake Security News Network
- Browser Fun
List of browser bugs and hacks.
- Build Security In
Sponsored by Dept of Homeland Security, National Cyber Security Division.
- CastleCops
-
Center for Education and Research in Information Assurance and Security
- The Center for Internet Security
Of special note
are their free benchmarks for evaluating the security of most major operating systems,
including Windows 2000 and Linux.
- CERT Coordination Center
Reports on Internet security problems,
emails security alerts, etc.
- Chkrootkit
Web site provides software to look for
evidence of a rootkit.
- Computer Incident Advisory Capability
Run by the
Department of Energy.
- Computer System and Network Security
- Counter Hack. Ed Skoudis. Prentice Hall PTR (2002).
- CounterHack.net
Web site by Ed Skoudis.
See his challenges and scenarios in particular.
- CSO Online
Advertised as "the resource for
security executives".
- E-Secure-DB
Global IT security database.
- eSecurity Online
Provides security tools,
advisories, etc.
- Exploiting Software: How to Break Code. Greg Hoglund and Gary McGraw.
Addison-Wesley Professional (2004).
- Federal Computer Incident Response Center
- Firewalls and Internet Security: Repelling the Wily Hacker
- French Security Incident Response Team
(English version)
- Full Disclosure
- Fyodor's list of the top 100 security tools
- Hack in the Box Security Conference
- The Honeynet Project
See the challenges and whitepapers
in particular.
- ICSA Labs
- iDefense
- Incidents.org
Monitors Internet threats.
- Information Security Magazine
- Information Systems Security Association
- Infosyssec
Advertised as
"The Security Portal for Information System Security Professionals".
- Institute for Security Technology Studies
At Dartmouth College.
- Interactive illustrations of buffer overflow and other
security topics
An NSF-funded project at Embry-Riddle Aeronautical University.
- International Information Systems Security
Certification Consortium
- Internet Security Alliance
- K-OTik Security Survey
- Linux Security.com
- Malware FAQ
From SANS.
- Malware: Fighting Malicious Code Ed Skoudis with Lenny Zeltser. Prentice Hall PTR (2004).
- Malware Search
By H. D. Moore of Metasploit fame.
- MegaSecurity.org
- Metasploit Project
- Microsoft Security & Privacy Page
- National Infrastructure Protection Center
- Nessus.org
- Open Source Vulnerability Database
- Openwall Project
Home of John the Ripper and other security software.
- Open Web Application Security Project
- Oxid.it
Supplies the well-known Cain & Abel password-cracking
software and other tools.
- Packet Storm Security
- Remote-exploit.org
- Rootkit.nl
Web site provides software to look for evidence
of a rootkit.
- SamSpade.org
- SANS: System Administration, Networking and Security Institute
This site has great security alerts, training courses, free online security materials,
the SANS/FBI top 20 vulnerability list, etc. Be sure to
look under the "about" link to find the reading room and other resources.
- Secunia
- Secure Coding: Principles and Practice
- Security Administrator
Focuses on Windows operating systems.
- Security Corporation
- Security Focus
- SecuritySpace.com
- SleuthKit.org
Provides tools for computer forensics.
- Snort.org
Home of the famous open source intrusion detection software.
- TruSecure Corporation
- US-CERT
The US Computer Emergency Readiness Team.
- Whitehats
Features security news, new intrusion detection
signatures, security tools, etc.
- Wietse's tools and papers
From the creator of TCP wrappers.
|
Hacker/Cracker
Be warned that some of the language and opinions expressed in these web sites may be offensive.
Internet Safety
Computer and Network Security Related
- Cisco: Learning and Events
- CyLab at CMU
- Department of Homeland Security
- DNSstuff: DNS tools, DNS hosting tests,
WHOIS, traceroute, ping, and other network and domain name tools. Registration and a fee
are required for using some of these tools.
- Gibson Research
- Iana.org list of port numbers
- InformIT.com
This site has technical articles,
often chapters from books, on many topics, including security and networking.
- Internet Software Consortium
Look here for information about
vulnerabilities in BIND.
- Internet Traffic Report
- InterNIC
- Password Safe
Open source software at Sourceforge.net for securely storing passwords.
- PC World.com
Look for their current section on security.
- The PKI Page
Public key encryption, certificates, etc.
- Robtex Swiss Army Knife Internet Tool
- RSA Labs' Cryptography FAQ
- Sendmail.org
Sendmail vulnerabilities and patches can be
found here.
- Sys Admin Magazine
Unix/Linux system administration,
including security.
- Sysinternals Freeware
Great utility software for
analyzing malware, etc.
-
Vulnerabilities in e-voting machines
Is hacking the vote possible?
- Windows Process Library
Very helpful in figuring out if you have a malicious process in your process list.
|
Thanks to all who helped to create this course.
|
Maintained by: Br. David Carlson
Last updated: January 03, 2008
Disclaimer
|
|
