|
|
 |
Security Resource Library
Note: All of the resources on this page are credited to FIRST's (Forum of Incident Response and Security Teams) Security Tools and Techniques Resource Library of October 1994. All of the papers, computer-related laws, and other information was collected from anonymous FTP sites around the world by FIRST.
An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied, Bill Cheswick. AT&T Bell Laboratories. 11pp (.pdf)
Computer Emergency Response - An International Problem, Richard D. Pethia & Kenneth R. van Wyk. Computer Emergency Response Team / Coordinations Center, Software Engineering Institute, Carnegie Mellon University. 8pp (.pdf)
Software Forensics: Can We Track Code To Its Authors?, Eugene Spafford & Stephen A. Weeber. Purdue Technical Report CSD-TR 92-010. SERC Technical Report SERC-TR 110-P. Department of Computer Sciences, Purdue University. 19 Feb 1992, 16pp (.pdf)
Security Breaches: Five Recent Incidents at Columbia University, Fuat Baran, Howard Kaye & Margarita Suarez. Columbia University Center for Computing Activities. 23pp (.pdf)
Computer Break-ins: A Case Study, Leendert van Doorn. Vrije Universiteit, Amsterdam, The Netherlands. 9pp (.pdf)
Automated Tools for Testing Computer System Vulnerability, W. Timothy Polk. 3 Dec 1992, 41pp (.ps)
Pseudo-Network Drivers and Virtual Networks, S.M. Bellovin. AT&T Bell Laboratories. 16pp (.pdf)
Coping with the Threat of Computer Security Incidents: A Primer from Prevention through Recovery, Russell L. Brand. 8 June 1990, 45pp (.ps)
An Overview of the PKCS Standards: A RSA Laboratories Technical Note, Burton S. Kaliski, Jr. An RSA Laboratories Technical Note. 1 Nov. 1993, 26pp (.pdf)
Some Examples of the PKCS Standards: An RSA Laboratories Technical Note, Burton S. Kaliski, Jr. An RSA Laboratories Technical Note. 1 Nov. 1993, 15pp (.pdf)
Codes, Keys and Conflicts: Issues in U.S. Crypto Policy, ACM U.S. Public Policy Committee. June 1994, 84pp (.ps)
A Cryptographic File System for Unix, Matt Blaze. AT&T Bell Laboratories. 8pp (.pdf)
A Layman's Guide to a Subset of ASN.1, BER, and DER, Burton S. Kaliski, Jr. An RSA Laboratories Technical Note. 1 Nov. 1993, 36pp (.ps)
sci.crypt FAQ 93/08/23 (.txt)
SKIPJACK Review, Ernest F. Brickell, Sandia National Laboratories. Dorothy E. Denning, Georgetown University. Stephen T. Kent, BBN Communications Corp. David P. Maher, AT&T. WalterTuchman, Amperif Corp. 28 July 1993 (.txt)
A Network Perimeter With Secure External Access, Frederick M. Avolio & Marcus J. Ranum. Trusted Information Systems, Inc. 11pp (.pdf)
Packet Filtering in an IP Router, Bruce Corbridge, Robert Henig, Charles Slater. Telebit Corp. 6pp (.pdf)
Thinking About Firewalls, Marcus J. Ranum. Trusted Information Systems, Inc. 10pp (.pdf)
An Internet Gatekeeper, Herve Schauer & Christophe Wolfhugel. Herve Schauer Consultants. 13pp (.pdf)
The Design of a Secure Internet Gateway, Bill Cheswick. AT&T Bell Laboratories. 6pp (.pdf)
Network (In)Security Through IP Packet Filtering, D. Brent Chapman. Great Circle Associates. 14pp (.pdf)
Simple and Flexible Datagram Access Controls for Unix-based Gateways, Jeffrey C. Mogul. Digital Western Research Laboratory. March 1989, 18pp (.ps)
TCP Wrapper: Network Monitoring, Access Controls, and Booby Traps, Wieste Venema. Mathematics and Computing Science, Eindhoven University of Technology, The Netherlands. 8pp (.pdf)
A Toolkit and Methods for Internet Firewalls, Marcus J. Ranum & Frederick M. Avolio. Trusted Information Systems, Inc. 8pp (.pdf)
An Architectural Overview of UNIX Network Security, Robert B. Reinhardt. 19 Sept. 1992, 9pp (.pdf)
Designing an Authentication System: a Dialogue in Four Scenes, Bill Bryant. Project Athena, Massachusetts Institute of Technology. 8 Feb. 1988, 14pp (.pdf)
Kerberos: An Authentication Service for Open Network Systems, Jennifer G. Steiner & Jeffrey I. Schiller, Project Athena, Massachusetts Institute of Technology. Clifford Neuman, Department of Computer Science, University of Washington. 30 March 1988, 15pp (.pdf)
Limitations of the Kerberos Authentication System, Steven M. Bellovin & Michael Merritt. AT&T Bell Laboratories. 1991, 16pp (.pdf)
Long Running Jobs in an Authenticated Environment, A.D. Rubin & P. Honeyman. CITI Technical Report 93-1. 29 March 1993, 8pp (.pdf)
The Canadian Trusted Computer Product Evaluation Criteria, Canadian System Security Centre Communications Security Establishment, Government of Canada. Jan. 1993, 114pp (.pdf)
Federal Criteria for Information Technology Security Volume I: Protection of Profile Development, National Institute of Standards and Technology & National Security Agency. Dec. 1992, 211pp (.ps)
Horses and Barn Doors: Evolution of Corporate Guidelines for Internet Usage, Sally Hambridge & Jeffrey C. Sedayao. Intel Corp. Nov. 1993, 8pp (.pdf)
Some Musings on Ethics and Computer Break-Ins, Eugene H. Spafford. Department of Computer Sciences, Purdue University. 8pp (.pdf)
Security Article Extracts Legalities, Simson Garfinkel. 1987, 25pp (.ps)
Defamation Liability of Computerized Bulletin Board Operators and Problems of Proof, John R. Kahn. CHTLJ Comment, Computer Law Seminar, Upper Division Writing. Feb. 1989 (.txt)
Frequently Asked Questions About Copyright, Terry Carroll. 6 Jan. 1994 (.txt)
Computer Security and the Law, Gary S. Morris. GSM Associates (.txt)
Cubby, Inc. v. CompuServe, Inc., United States District Court, No 90 Civ. 6571. 29 Oct. 1991 (.txt)
Electronic Communications Privacy Act of 1986, 100 Stat. 1848, Public Law 99-508--Oct. 21, 1986. 99th Congress (.txt)
Family Educational Right to Privacy Act, 20 United States Court S. 123g (.txt)
Legal Issues, A Site Manger's Nightmare, Stephen E. Hansen. Stanford University (.txt)
Internet Libel: Is the Provider Responsible?, Mike Godwin. Internet World, Nov./Dec. 1993 (.txt)
Computer Electronic Mail and Privacy, Ruel T. Hernandez. 11 Jan. 1987 (.txt)
Revised Computer Crime Sentencing Guidelines, Jack King (.txt)
Computer Fraud and Abuse Statute: 1030. Fraud and related activity in connection with computers (.txt)
Foiling the Cracker: A Survey of, and Improvements to, Password Security, Daniel V. Klein. Software Engineering Institute, Carnegie Mellon University. 11pp (.pdf)
Observing Reusable Password Choices, Eugene H. Spafford. Purdue Technical Report CSD-TR 92-049, Department of Computer Sciences, Purdue University. 31 July 1992, 14pp (.pdf)
OPUS: Preventing Weak Password Choices, Eugene H. Spafford. Purdue Technical Report CSD-TR 92-028, Department of Computer Sciences, Purdue University. June 1991, 12pp (.pdf)
Password Security: A Case History, Robert Morris & Ken Thompson. 6pp (.pdf)
The S/Key(TM) One-Time Password System, Neil M. Haller. Bellcore. 8pp (.pdf)
Department of Defense Password Management Guideline, Department of Defense Computer Security Center, CSC-STD-002-85. 12 April 1985 (.txt)
Announcing the Standard for Automated Password Generator, Federal Information Processing Standards Publication 181. 5 Oct. 1993 (.txt)
User Authentication and Related Topics: An Annotated Bibliography, Eugene H. Spafford & Stephen A. Weeber. Purdue Technical Report CSD-TR-91-086. 18pp (.ps)
Security Problems in the TCP/IP Protocol Suite, S.M. Bellovin. AT&T Bell Laboratories. Computer Communication Review, April 1989, 17pp (.pdf)
A UNIX Network Protocol Security Study: Network Information Service, David K. Hess, David R. Spafford, & Udo W. Pooch. Texas A&M University. 5pp (.pdf)
A Security Analysis of the NTP Protocol, Matt Bishop. Department of Mathematics and Computer Science, Dartmouth College. 20pp (.pdf)
A Weakness in the 4.2BSD UNIX TCP/IP Software, Robert T. Morris. AT&T Bell Laboratories. 25 Feb. 1985, 4pp (.pdf)
Hijacking AFS, P. Honeyman, L.B. Husston & M.T. Stolarchuk. CITI Technical Report 91-4. 28 Aug. 1991, 6 pp (.pdf)
Identification Protocol, M. St. Johns. U.S. Department of Defense. Feb. 1993 (.txt)
Secure Control of Transit Internetwork Traffic, Deborah Estrin & Gene Tsudik. Computer Science Department, University of Southern California. 12 Dec. 1990, 29pp (.ps)
Life Without Root, Steve Simmons. Industrial Technology Institute. Oct. 1990, 4pp (.pdf)
UNIX Password Security, Walter Belgers. 6 Dec. 1993, 7pp (.pdf)
On the Security of UNIX, Dennis M. Ritchie. 3pp (.pdf)
The "Session Tty" Manager, S.M. Bellovin. AT&T Bell Laboratories. 17pp (.pdf)
Improving the Security of Your UNIX System, David A. Curry, Systems Programmer, Information and Telecommunications Sciences and Technology Division. ITSTD-721-FR-90-21. April 1990, 57pp (.pdf)
UNIX Security Tools, Geoff Morrison. Division of Information Technology for the SCIRO Review of Computer Network Security. Nov. 1993, 35pp (.pdf)
Experiences With Tripwire: Using Integrity Checkers for Intrusion Detection, Gene H. Kim & Eugene H. Spafford. COAST Laboratory, Department of Computer Sciences, Purdue University. 21 Feb. 1994, 13pp (.pdf)
UNIX & Security, Eugen Mate Bacic, Sr. InfoSec Research Scientist, Canadian System Security Centre, Communications Security Establishment. 10pp (.ps)
UTnet Guide to UNIX System Security, Charles Spurgeon. The Network Information Center of the University of Texas at Austin (UT NIC). 1990, 7pp (.pdf)
The COPS Security Checker System, Daniel Farmer, Computer Emergency Response Team, Software Engineering Stitute, Carnegie Mellon University. Eugene H. Spafford, Software Engineering Research Center, Department of Computer Sciences, Purdue University. Purdue University Technical Report CSD-TR-993. 19 Sept. 1991, 14pp (.ps)
Improving the Security of Your Site by Breaking Into it, Dan Farmer, Sun Microsystems. Wietse Venema, Eindhoven University of Technology, Eindhoven, NL (.txt)
Detecting Intruders in Computer Systems, Teresa F. Lunt. Computer Science Laboratory, SRI International. 1993, 17pp (.ps)
Computer Viruses as Artificial Life, Eugene H. Spafford. Department of Computer Sciences, Purdue University. 23pp (.pdf)
The Internet Worm Program: An Analysis, Eugene H. Spafford. Department of Computer Sciences, Purdue University. 8 Dec. 1988, 41pp (.pdf)
The Internet Worm Incident, Eugene H. Spafford. Department of Computer Sciences, Purdue University. 19 Sept. 1991, 19pp (.pdf)
An Overview of Computer Viruses in a Research Environment, Matt Bishop. Department of Mathematics and Computer Science, Dartmouth College. 32pp (.pdf)
With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988, Mark W. Eichin & Jon A. Rochlis. Massachusetts Institute of Technology. 9 Feb. 1989, 29pp (.pdf)
A Tour of the Worm, Donn Seeley. Department of Computer Science, University of Utah. 15pp (.ps)
Frequently Asked Questions on VIRUS-L/comp.virus 18 Nov. 1992 (.txt)
Organizing a Corporate Anti-virus Effort (Establishing Computer Emergency Response Teams, CERT's), Alan Fedeli, Manager, Inter-Enterprise Systems, IBM Corporation. 28 Jan. 1991 (.txt)
Computer Security, U.S. General Accounting Office. June 1989 (.txt)
A Guide to the Selection of Anti-Virus Tools and Techniques, W.T. Polk & L.E. Bassham. National Institute of Standards and Technology, Computer Security Division. 2 Dec. 1992, 49pp (.ps)
|
