- own papers (german language)
- other papers & resources
- Applied Cryptography
- Unix Computer Security Checklist AUSCERT, Australian Computer Emergency Response Team; 1995; ASCII Text; 89k A comprehensive checklist for securing your Unix box.
- Packets Found on an Internet Bellovin, Steven M.; 1993; GZip’d Postscript; 32k A very interesting paper describing the various attacks, probes, and miscellaneous packets floating past AT&T Bell Labs‘ net connection.
- Security Problems in the TCP/IP Protocol Suite Bellovin, Steven M.; 1989; GZip’d Postscript; 10k A broad overview of problems within TCP/IP itself, as well as many common application layer protocols which rely on TCP/IP.
- There Be Dragons Bellovin, Steven M.; 1992; GZip’d Postscript; 58k Another Bellovin paper discussing the various attacks made on att.research.com. This paper is also the source for this page’s title.
- An Advanced 4.3BSD IPC Tutorial Berkeley CSRG; date unknown; GZip’d Postscript; 60k This paper describes the IPC facilities new to 4.3BSD. It was written by the CSRG as a supplement to the manpages.
- NFS Tracing by Passive Network Monitoring Blaze, Matt; 1992; ASCII Text Blaze, now famous for cracking the Clipper chip while at Bell Labs, wrote this paper while he was a PhD candidate at Princeton.
- Network (In)Security Through IP Packet Filtering Chapman, D. Brent; 1992; GZip’d Postscript; 46k Why packet filtering is a difficult to use and not always secure method of securing a network.
- An Evening with Berferd Cheswick, Bill; 1991; GZip’d Postscript; 32k A cracker from Norway is "lured, endured, and studied." (But not caught!)
- Design of a Secure Internet Gateway Cheswick, Bill; 1990; GZip’d Postscript; 17k Details the history and design of AT&T’s Internet gateway.
- Improving the Security of your Unix System Curry, David, SRI International; 1990; GZip’d Postscript; 99k This is the somewhat well known SRI Report on Unix Security. It’s a good solid starting place for securing a Unix box.
- With Microscope & Tweezers Eichin & Rochlis; 1989; GZip’d Postscript.gz; 99k An analysis of the Morris Internet Worm of 1988 from MIT’s perspective.
- The COPS Security Checker System Farmer & Spafford; 1994; GZip’d Postscript; 45k The original Usenix paper from 1990 republished by CERT in 1994.
- COPS and Robbers Farmer, Dan; 1991; ASCII Text This paper discusses a bit of general security and then goes into detail regarding Unix system misconfigurations, specifically ones that COPS checks for.
- Improving The Security of Your System by Breaking Into It Farmer & Venema; date unknown; HTML An excellent text by Dan Farmer and Wietse Venema. If you haven’t read this before, here’s your opportunity.
- A Unix Network Protocol Security Study: NIS Hess, Safford, & Pooch; date unknown; GZip’d Postscipt; 20k Outlines NIS and its design faults regarding security.
- A Simple Active Attack Against TCP Joncheray, Laurent; 1995; GZip’d Postscript; 90k This paper describes an active attack against TCP which allows re-direction (hijacking) of the TCP stream.
- Foiling the Cracker Klein, Daniel; GZip’d Postscript; 38k A Survey of, and Improvements to, Password Security. Basically a treatise on how to select proper passwords.
- A Weakness in the 4.2BSD Unix TCP/IP Software Morris, Robert T; 1985; GZip’d Postscript; 10k This paper describes the much ballyhooed method by which one may forge packets with TCP/IP. Morris wrote this in 1985. It only took the media 10 years to make a stink about it!
- Covering Your Tracks Phrack Vol. 4, Issue #43; GZip’d Postscript; 16k A Phrack article describing the unix system logs and how it is possible to reduce the footprint and visibility of unauthorized access.
- Cracking Shadowed Password Files Phrack Vol. 5 Issue #46 GZip’d Postscript; 19k A Phrack article describing how to use the system call password function to bypass the shadow password file.
- Thinking About Firewalls Ranum, Marcus; Gzip’d Postscript; 30k A general overview of firewalls, with tips on how to select one to meet your needs.
- An Introduction to Internet Firewalls Wack & Carnahan for NIST; Gzip’d Postscript; 600k This is a special publication of the National Institute of Standards and Technology which provides a solid introduction to firewalls concepts and uses.
- TCP Wrapper Venema, Wietse; Gzip’d Postscript; 13k Wietse’s paper describing his TCP Wrapper concept, the basis for the TCP Wrappers security and logging suite.
- Safe Internet Programming: Publications
- Installation of the TIS Firewall Toolkit on Linux
- Security-Papers FhG
- The Hacker Crackdown by Bruce Sterling
- O’Reilly Security Book info
- Computer Security Basics by Russell and Gangemi
- Practical Unix Security by Garfinkel and Spafford
- Web Security
- PGP: Pretty Good Privacy by Garfinkel
- Oracle Security
- Stopping Spam by Alan Schwartz & Simson Garfinkel
- Computer Crime: A Crimefighter’s Handbook by Icove, Seger & VonStorch
- Building Internet Firewalls by Chapman and Zwicky
- Building Internet Firewalls, Second Edition by Chapman, Zwicky and Cooper
- Securing Windows NT/2000 Servers for the Internet by Stefan Norberg
- Java Cryptography by Jonathan Knudsen
- Alldas.de Library Info
- PGP: Source Code and Internals by Phil Zimmermann
- The Official PGP User’s Guide by Phil Zimmermann
- Cryptography Theory and Practice
- Wietse’s tools and papers
- 2600 Magazine
- SecurityTracker.com – Keep Track of the Lastest Vulnerabilities!
- Garry Kessler’s Security URLs
- Security-Finder Verlag Dashöfer
- SecurityPortal
- Infosyssecurity Portal The Security Portal for Information System Security Professionals
- onlinesicherheit.de free security source
- The Security Search Engine – Firewalls, Antivirus, Intrusion Detection, Vulnerabilities, Advisories and Auditing Software.
- Search Checkpoint FireWall-1 and Other Security Archives (Raptor, Nessus, IPFilter, Stonebeat etc.)
- Privacy Resources (Web Anonymizers, Remailers etc.)
- www.datenschutz.de
- Computer Security Information
- Sys-Security.com – Because Security is not Trivial
- www.rootshell.com used to be a good online resource
- Attrition.org
- Packetstorm Packetstorm is a non-profit organization kept alive for the sole purpose of helping secure the World’s networks.
- SecurityFocus Bugtraq-Archives and lots of papers and infos
- Replay Domestic Encryption Server
- www.sicherheit-im-internet.de
- ITtoolbox Security ITtoolbox Security offers forums for technical discussion, an integrated directory, white papers and daily news geared towards Security professionals and users of Security products.
- X-Force
- IT Security Cookbook
- Internet/Network Security
- dugsong@monkey.org
- security in cable networks
- MCI security page
- Common Vulnerabilities and Exposures
- DII COE Security Checklist Version 2.0
- Mail Abuse Protection System
- Get the spammer!
- WWW SNMP MIB Browser
- Tips and tricks for ISPs
- DNS tools
- Internet Attacks with DDos and Dos Strategies
- Security und Hackerszene
- TAKEDOWN
- Great Circle Associates Home Page
- Tech Tips for Improving Security
- The Freefire Project Support for Developers of Free Security Solutions
- Securemac.com Macintosh Security Site
- IWS The Information Warfare Site
- nur-sicherheit.de Aktions-Portal für IT-Security, Sicherheitstechnisk, Arbeitssicherheit (geman)
- Whitehats Whitehats, Inc. manages also arachNIDS
- Alldas.de IT-Security information network Attacker Statistics
- The hacker’s choice
- eSecurityOnline
- Astalavista Group
- WWW-Server
- WWW-Clients
- Java / Netscape / MSIE Cache Exploit – Jan ’97
- Security in Mosaic
- HotJava: The Security Story
- The Java Security FAQ
- HotJava Security
- WWW browser stress testing
- NCSA httpd/Mosaic: Using PGP/PEM auth
- Security in Netscape/SSL
- Breaking SSL with RC40
- Applying brute force against SSL
- Netscape Security (problems)
- Browser Crasher
- JAVASCRIPT SECURITY BUGS
- Georgi Guninski Security Research (IE-Bug of the month)
- c’t – Browser-Check
- The Nasty JavaScript Tricks: Warning!
- The Cookie Eaters: Cookie Collection Project
- Unpatched IE security holes
- FAQs
- UNIX Reference Desk
- The Solaris Security FAQ
- ssh (Secure Shell) FAQ
- PGP 2.6.2 FAQ, Buglist, Fixes, and Improvements
- WWW-Security-FAQ
- RSA’s Frequently Asked Questions on Cryptography
- FAQ: Computer Security Frequently Asked Questions (Usenet)
- ISS FAQ collection
- Usenet security FAQs
- FireWall-1 FAQ Page
- The alt.2600/#hack FAQ Introduction
- Datenschutz Informationen
- Web Hack FAQ
- NT Hack FAQ
- Netware Hack FAQ
- Antirus