Operating System Security

Resources by Government and Non-Profit Organizations

CERT, Australian CERT, DFN CERT
good introductory and general documents; always a bit late in their advisories; DFN CERT has fewer resources than the other two
SANS Institute
A "Cooperative Education & Research Organization": news, white papers, tools
CIAC (US DOE)
nice site with databases of viruses, hoaxes, chain letters, security tools ...
US DOJ
legal aspects; court cases
NIST CSRC
Computer Security Resource Center at the National Institute of Standards: extensive resources and search engine
Center for Internet Security
The main aim seems to be to implement a testable benchmark: "A key element currently missing in Internet security is widely available, non-proprietary benchmarks specifying in operational detail how your networked systems should be configured and operated for acceptable levels of security."

Academic Resources

COAST
probably the best academic resource on computer security

Tutorials/FAQs

Firewall Handbuch für LINUX 2.0 und 2.2
The World Wide Web Security FAQ

News and Tools

LinuxSecurity.com
full service for Linux: alerts, news, docs, tools
Attrition
web site defacements (and all the other stuff, too)
Security Focus
comprehensive, includes bugtraq archive
packet storm
uptodate vulnerabilities and exploits
the freefire list
comprehensive list of security-related software (Bernd Eckenfels)
L0pht - now atstake.com
advisories and tools, somewhat specialized on Micro$oft software
insecure.org
news, tools, and exploits
Rootshell
news, exploits, documentation (somewhat stale?)
Phrack
2600
hackernews - now also at atstake.com
Project Gamma
Astalavista
security search engine
Iron Box Technologies
DefCon
annual hacker conference
WhiteHats.com
hackers.org.za

Intelligence Agencies

NSA
CIA

Indexes

webfringe
an excellent index of security-related web sites with ratings and comments

Historic Links (partly dead links)

Hacking in Progress '97
hacktic
http://www.bikkel.com/~demoniz/
Unphamiliar Territory (UPT)
Hackerz
LoU
dis

Mail and WWW Encryption and Authentification

Introductions to S/MIME, SSL, X.509, and PKI systems

Introduction to SSL
Das OpenSSL Handbuch (DFN)
Aufbau und Betrieb einer Zertifizierungsinstanz - DFN-PCA Handbuch (PDF)
Set up your own Certification Authority using free software
slightly outdated (1998), but still basically valid
PKCS#12 FAQ
by Stephen Henson. The pkcs12 program is now part of OpenSSL.
S/MIME and OpenPGP
a July 1999 statement of the IMC on the status of the standardization efforts of the two competing standards
Encryption and Security-related Resources
German mirror of a comprehensive list by Peter Gutmann

CA Indexes

pki-page.org - comprehensive list, originally from dfn.de
Netscape's CA list

CAs giving out zero-cost X.509-certificates

Trustcenter Hamburg
Thawte

Encrypting Data Locally

Possible reasons for the need to encrypt data locally:

Loopback Encryption
The use of the crypto modules of the "international" Linux kernel is described by The Linux Encryption-HOWTO. Ciphers: AES aka Rijndael, Twofish, Serpent, MARS, RC6, DFC, Blowfish, IDEA, 3DES, RC5.
TCFS
The Transparent Cryptographic File System is like an "encrypted NFS", works in kernel space, is (almost) completely transparent to the user. Ciphers: 3DES, (beta: RC5, Blowfish).
FSFS
Stefan Ludwig's Fairly Secure File System, see the Diploma thesis Verschlüsselung von Dateisystemen unter Linux (Nov 2000).
FiST, CryptFS
Erez Zadok's File System Translator, can be used to build CryptFS, needs kernel patches. (Version 0.0.4 of Jan 2001.) Ciphers: Blowfish.
PPDD
Allan Latham's practical privacy disc (device) driver for Linux. (Version 1.2 of Jan 2000.) See also the PPDD How-to by Doobee R Tzeck.
CFS
Matt Blaze's Crypto File System, works in user space, portable (no fiddling with the kernel), is said to be relatively slow. Last version was 1.4.0BETA, seems to be discontinued. See the Cryptographic File System under Linux HOW-TO (1996).
StegFS
Steganographic Filesystem by Andrew McDonald. (Version 1.1.4 of Feb 2001.) Due to its inherent restriction, in may not be practical for many purposes: "REMEMBER: On a StegFS file system, in some situations, you may not be able to recover files. FILES MAY BE PERMANENTLY LOST."
SFS
The steganographic file system, last updated Aug 1999. Stale?
Indexes
Encrypting your Disks with Linux is a nice overview article by Doobee R Tzeck (Oct 1999).

last reviewed March 19, 2001, Stefan Jaschke
Disclaimer