CS 225 Home Page
Computer Security
Fall 2010
This course examines both the theory and practice of computer and network security.
Topics include cryptography, spyware, viruses, sniffers, rootkits, back doors, network attacks (such as drive-by downloads),
Trojan horses, intrusion detection, and firewalls. Examples of attacks and how to protect
against them will be drawn from both the Windows and Unix/Linux worlds. Hands-on exercises are included.
Further Course Information
Help is Available
Note on Flu
Because of the possibility of H1N1 and other types of flu affecting us on campus, please practice good
hand washing, etc.
If you get the flu, please notify me by phone or e-mail and stay home for 24 hours after the fever has gone.
Check with me about what you miss. You will not be penalized for missing class in this situtation.
It is better to stay away from class and not spread the flu when you are ill.
Resources and Links
Security
- Anti-Phishing Working Group
- @Stake Security News Network
- Browser Fun
List of browser bugs and hacks.
- Build Security In
Sponsored by Dept of Homeland Security, National Cyber Security Division.
- CastleCops
-
Center for Education and Research in Information Assurance and Security
- The Center for Internet Security
Of special note
are their free benchmarks for evaluating the security of most major operating systems,
including Windows 2000 and Linux.
- CERT Coordination Center
Reports on Internet security problems,
emails security alerts, etc.
- Chkrootkit
Web site provides software to look for
evidence of a rootkit.
- Computer Incident Advisory Capability
Run by the
Department of Energy.
- Computer System and Network Security
- Counter Hack. Ed Skoudis. Prentice Hall PTR (2002).
- CounterHack.net
Web site by Ed Skoudis.
See his challenges and scenarios in particular.
- Cross Site Request
Forgery
- CSO Online
Advertised as "the resource for
security executives".
- CWE/SANS TOP 25 Most Dangerous Programming Errors
(with resources on how to avoid these).
- E-Secure-DB
Global IT security database.
- eSecurity Online
Provides security tools,
advisories, etc.
- Exploiting Software: How to Break Code. Greg Hoglund and Gary McGraw.
Addison-Wesley Professional (2004).
- Federal Computer Incident Response Center
- Firewalls and Internet Security: Repelling the Wily Hacker
- French Security Incident Response Team
(English version)
- Full Disclosure
- Fyodor's list of the top 100 security tools
- Hack in the Box Security Conference
- The Honeynet Project
See the challenges and whitepapers
in particular.
- ICSA Labs
- iDefense
- Incidents.org
Monitors Internet threats.
- Information Security Magazine
- Information Systems Security Association
- Infosyssec
Advertised as
"The Security Portal for Information System Security Professionals".
- Institute for Security Technology Studies
At Dartmouth College.
- Interactive illustrations of buffer overflow and other
security topics
An NSF-funded project at Embry-Riddle Aeronautical University.
- International Information Systems Security
Certification Consortium
- Internet Security Alliance
- Invisible Things Lab
Features the blue pill, the evil
maid attack, etc.
- IT Security Watch
Here is their summary of their mission: IT Security Watch audits the dynamic enterprise security landscape
and delivers you the latest and most valuable information security solutions. If you need answers about current
issues in email, internet, data, network or mobile security - or are looking for best practices on compliance,
security, or data retention policies - make IT Security Watch your first stop.
- K-OTik Security Survey
- Linux Security.com
- Malware FAQ
From SANS.
- Malware: Fighting Malicious Code Ed Skoudis with Lenny Zeltser. Prentice Hall PTR (2004).
- MegaSecurity.org
- Metasploit Project
- Microsoft Security & Privacy Page
- National Cyber-Forensics and Training Alliance
Note that they offer internships and are based in Pittsburgh.
- National Infrastructure Protection Center
- Nessus.org
- Open Source Vulnerability Database
- Openwall Project
Home of John the Ripper and other security software.
- Open Web Application Security Project
OWASP provides WebGoat and other resources.
- Oxid.it
Supplies the well-known Cain & Abel password-cracking
software and other tools.
- Packet Storm Security
- Professional Programming: Issues and Tools
This discusses security-related coding issues such as buffer overflows and mentions tools to help in writing more
secure code.
- Remote-exploit.org
- Rootkit.nl
Web site provides software to look for evidence
of a rootkit.
- SamSpade.org
- SANS: System Administration, Networking and Security Institute
This site has great security alerts, training courses, free online security materials,
the SANS/FBI top 20 vulnerability list, etc. Be sure to
look under the "about" link to find the reading room and other resources.
- Secunia
- Secure Coding: Principles and Practice
- Security Administrator
Focuses on Windows operating systems.
- Security Corporation
- Security Focus
- SecuritySpace.com
- SleuthKit.org
Provides tools for computer forensics.
- Snort.org
Home of the famous open source intrusion detection software.
- TruSecure Corporation
- US-CERT
The US Computer Emergency Readiness Team.
- Whitehats
Features security news, new intrusion detection
signatures, security tools, etc.
- Wietse's tools and papers
From the creator of TCP wrappers.
|
Hacker/Cracker
Be warned that some of the language and opinions expressed in these web sites may be offensive.
Internet Safety
Computer and Network Security Related
- Cisco: Learning and Events
- CyLab at CMU
- Department of Homeland Security
- DNSstuff: DNS tools, DNS hosting tests,
WHOIS, traceroute, ping, and other network and domain name tools. Registration and a fee
are required for using some of these tools.
- Gibson Research
- Iana.org list of port numbers
- InformIT.com
This site has technical articles,
often chapters from books, on many topics, including security and networking.
- Internet Software Consortium
Look here for information about
vulnerabilities in BIND.
- Internet Traffic Report
- InterNIC
- Password Safe
Open source software at Sourceforge.net for securely storing passwords.
- PC World.com
Look for their current section on security.
- The PKI Page
Public key encryption, certificates, etc.
- Robtex Swiss Army Knife Internet Tool
- RSA Labs' Cryptography FAQ
- Sendmail.org
Sendmail vulnerabilities and patches can be
found here.
- Sysinternals Freeware
Great utility software for
analyzing malware, etc.
- Veridion's Online Information Security
Dictionary
-
Vulnerabilities in e-voting machines
Is hacking the vote possible?
- Windows Process Library
Very helpful in figuring out if you have a malicious process in your process list.
|
Thanks to all who helped to create this course.
|