Operating System Security
Resources by Government and Non-Profit Organizations
- CERT, Australian CERT, DFN CERT
- good introductory and
general documents; always a bit late in their advisories; DFN CERT has fewer
resources than the other two
- SANS Institute
- A
"Cooperative Education & Research Organization": news, white papers,
tools
- CIAC (US DOE)
- nice
site with databases of viruses, hoaxes, chain letters, security tools ...
- US DOJ
- legal aspects; court cases
- NIST CSRC
- Computer Security Resource Center at the National Institute of
Standards: extensive resources and search engine
- Center for Internet
Security
- The main aim seems to be to implement a testable
benchmark: "A key element currently missing in Internet security is widely
available, non-proprietary benchmarks specifying in operational detail how your
networked systems should be configured and operated for acceptable levels of
security."
Academic Resources
- COAST
-
probably the best academic resource on computer security
Tutorials/FAQs
- Firewall
Handbuch für LINUX 2.0 und 2.2
- The
World Wide Web Security FAQ
News and Tools
- LinuxSecurity.com
- full service for Linux: alerts, news, docs, tools
- Attrition
- web site
defacements (and all the other stuff, too)
- Security
Focus
- comprehensive, includes bugtraq archive
- packet
storm
- uptodate vulnerabilities and exploits
- the
freefire list
- comprehensive list of security-related software (Bernd
Eckenfels)
- L0pht - now atstake.com
- advisories and tools, somewhat specialized on Micro$oft software
- insecure.org
- news, tools, and exploits
- Rootshell
- news, exploits, documentation (somewhat stale?)
- Phrack
- 2600
- hackernews - now also at atstake.com
- Project
Gamma
- Astalavista
- security search engine
- Iron Box Technologies
- DefCon
- annual hacker conference
- WhiteHats.com
- hackers.org.za
Intelligence Agencies
- NSA
- CIA
Indexes
- webfringe
- an excellent index of security-related web sites with ratings and
comments
Historic Links (partly dead links)
- Hacking in Progress '97
- hacktic
- http://www.bikkel.com/~demoniz/
- Unphamiliar
Territory (UPT)
- Hackerz
- LoU
- dis
Mail and WWW Encryption and Authentification
Introductions to S/MIME, SSL, X.509, and PKI systems
- Introduction
to SSL
- Das
OpenSSL Handbuch (DFN)
- Aufbau
und Betrieb einer Zertifizierungsinstanz - DFN-PCA Handbuch (PDF)
- Set up your own
Certification Authority using free software
- slightly outdated (1998), but
still basically valid
- PKCS#12 FAQ
- by Stephen Henson. The pkcs12 program is now part of OpenSSL.
- S/MIME and
OpenPGP
- a July 1999 statement of the IMC on the status of the
standardization efforts of the two competing standards
- Encryption and
Security-related Resources
- German mirror of a comprehensive list by Peter Gutmann
CA Indexes
- pki-page.org -
comprehensive list, originally from dfn.de
- Netscape's CA
list
CAs giving out zero-cost X.509-certificates
- Trustcenter Hamburg
- Thawte
Encrypting Data Locally
Possible reasons for the need to encrypt data locally:
- Enhance the security of insecure file system services (like
NFS).
- Protect private information that you want to become never ever public
(like a complete personal archive of all financial accounting and E-mail
correspondence over years). Rare but possible compromises of physical security
are:
- a notebook is stolen,
- a cracker, worm, or virus gains control over the desktop
machine, or
- the computer is seized by law enforcement.
- Limit the access to sensitive information by system administrators
(root).
- Loopback
Encryption
- The use of the crypto modules of the
"international" Linux kernel is described by The Linux
Encryption-HOWTO. Ciphers: AES aka Rijndael, Twofish, Serpent, MARS, RC6,
DFC, Blowfish, IDEA, 3DES, RC5.
- TCFS
- The
Transparent Cryptographic File System is like an "encrypted NFS", works
in kernel space, is (almost) completely transparent to the user. Ciphers:
3DES, (beta: RC5, Blowfish).
- FSFS
- Stefan
Ludwig's Fairly Secure File System, see the Diploma thesis Verschlüsselung
von Dateisystemen unter Linux (Nov 2000).
- FiST,
CryptFS
- Erez Zadok's
File System Translator, can be used to build CryptFS, needs kernel
patches. (Version 0.0.4 of Jan 2001.) Ciphers: Blowfish.
- PPDD
- Allan Latham's practical
privacy disc (device) driver for Linux. (Version 1.2 of Jan 2000.) See also
the PPDD How-to by Doobee R Tzeck.
- CFS
- Matt Blaze's Crypto File System, works
in user space, portable (no fiddling with the kernel), is said to be relatively
slow. Last version was 1.4.0BETA, seems to be discontinued. See the Cryptographic File
System under Linux HOW-TO (1996).
- StegFS
- Steganographic Filesystem by Andrew
McDonald. (Version 1.1.4 of Feb 2001.) Due to its inherent restriction, in
may not be practical for many purposes: "REMEMBER: On a StegFS file system, in some
situations, you may not be able to recover files. FILES MAY BE PERMANENTLY
LOST."
- SFS
- The
steganographic file system, last updated Aug 1999. Stale?
- Indexes
- Encrypting
your Disks with Linux is a nice overview article by Doobee R Tzeck (Oct
1999).
last reviewed March 19, 2001, Stefan Jaschke
Disclaimer