Authentication, Broadband Local Access & Security, Cryptography, eBusiness, eCommerce, ePrivacy, Denial of Service (DOS) Attacks eCrime, Endpoint Security, Admission Control Firewalls, Forensics, Hacking, Identity Management, Incident Response & Advisory Centers, Intrusion Detection, Traffic Analysis, Anti-hacking, Operating System Security Portals, Info Sites & Publications, PKI, Security (Overview, General, Opinion), Security and the DNS, Secure Electronic Mail and spam, Secure Remote Access, Secure Application Access, SSH, SSL, VPNs, Web Server Security, Wireless LAN Security
Authentication
Authentication Tokens: Balancing the Security Risks with Business Requirements by Joe Grand
Policy-based Authentication and Authorization Secure Access to the Network Infrastructure by Jeff Hayes
Choosing Strong Passwords by Eric Shultze
Identity Confirmed by Fred Avolio
Smart Cards and Biometrics: Your Key to PKI by D. Corcoran, D. Sims, and B. Hillhouse
WWW Authentication by Kurt Seifried
Biometrics: Threat or Menace? by Stephen Kent
Cryptography
Cryptographic Protection for the 21st Century by Elaine Barker
Cryptography an online UIC graduate course by D.J. Bernstein>
Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure (SDSI) by Ronald L. Rivest and Butler Lampson
Cryptography & The Internet by Steve Bellovin
Deploying Crypto, What Are You Waiting For? by Fredrick M. Avolio
Peter Gutmann's godzilla crypto tutorial Privacy Implications of Digital Signatures by Roger Clarke
PKI
Establishing Identity Without Certification Authorities by C.Ellison
Public-Key Infrastructure (X.509) (pkix) IETF
Understanding Certificates and PKI by Dave Piscitello
We Need a Public Key Infrastructure by Lisa Phifer
Conventional Public Key Infrastructure: An Artefact Ill-Fitted to the Needs of the Information Societyby Roger Clarke
Understanding Certificates and PKI by Dave Piscitello
We Need a Public Key Infrastructure by Lisa Phifer
Identity Management
A case for Identity Management by dave Piscitello
Enterprise Identity And Access Management Technical White Paper by Jiri Ludvik
The Emerging Infrastructure for Identity and Access Management by Jamie Lewis
Intrusion Detection, Traffic Analysis, Anti-hacking
Carnivore and Open Source Software by Steve Bellovin
Triangulation in Attack Analysis(Part I, Part II) by J.L. Stutzman
Tripwire Literature Room hosted by Tripwire, Inc.
Honeypot Farms by Lance Spitzner
Honeypots: Sweet Idea, Sticky Business by Dave Piscitello
Your First Penetration Test by Dave Piscitello
Honeytokens: The Other Honeypot by Lance Spitzner
Intrusion Detection and DDOS Protection by David Piscitello
Tapping, Tapping On My Network Door by Steve Bellovin
What Broadcast Traffic Reveals by Dave Piscitello
There Be Dragonsby Steve BellovinTo Build A Honeypot by Lance Spitzner
Tracking intruders by Rik Farrow
Network Intrusion Detection Signatures (Part 2), by Karen Kent Frederick>
Passive Network Traffic Analysis: Understanding a Network Through PassiveMonitoring
Primer on Predictive Analysis by J.L. Stutzman
Studying Normal Traffic(Part 1), by Karen Kent Frederick
Studying Normal Traffic: FTP Traffic (Part 2), by Karen Kent Frederick
Studying Normal Traffic: TCP Headers (Part 3), by Karen Kent Frederick
Wiretapping the Net by Steve Bellovin
Intrusion detection...or prevention? by Dave Piscitello
Hacking
A Taxonomy of Internet Attacks maintained by Marcus Ranum
Abnormal IP Packets by Karen Kent Frederick
Advanced Host Detection: Techniques To Validate Host-Connectivity by dethy
An Evening With Berferd, in which a Hacker is Lured, Endured, and Studied by Bill Cheswick
Anatomy of a Cross-Site Scripting Attack by Dave Piscitello
Blackhat Archives at 8200.org
Bug Hunting: The Seven Ways of the Security Samurai by Ivan Arce
Cross Site Scripting FAQ at CGIsecurity.com
Enumerating Hosts behind NAT by Steve Bellovin
Evolution of Cross Site Scripting by iDefense
How Web Spoofing Works by Brad Johnson
ICMP Use in Scanning by Orf Arkin
Identifying ICMP Hackery Tools Used In The Wild Today by Orf Arkin
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas Ptacek
Know Your Enemy:The Tools and Methodologies of the Script Kiddie by Lance Spitzner
KnowYour Enemy: Tracking their moves by Lance Spitzner
Know Your Enemy: They Gain Root by Lance Spitzner
Know Your Enemy: A Forensic Analysis by the Honeynet Project
Know Your Enemy: Motives by the Honeynet Project
Know Your Enemy: Worms at War by the Honeynet Project
Know Your Enemy: Passive Fingerprinting by the Honeynet Project
Know Your Enemy: Honeynets by the Honeynet Project
Know Your Enemy: Statistics by the Honeynet Project
Remote OS detection via TCP/IP Stack FingerPrinting by Fyodor
Send ICMP Nasty Garbage (SING) a Source Forge project
X - Remote ICMP Based OS Fingerprinting Techniques by Orf Arkin
Xprobe2:The Next Generation of Active Operating System Fingerprinting by Orf Arkin
A TCP/UDP Ports database in an /etc/services format by Kurt Seifried
Forensics
Digital Discovery and Recovery by Mike Dockery
LogAnalysis.org
Electronic Evidence Gatheringby Henry B. Wolfe
Internet Forensics: Common Tools by Bill Hancock
What's that entry in my log? by Dave Piscitello
ICMP Ports List by Kurt Seifried
Interaction InfoSec Chris Tobkin's pen-test, hacking & ID page
Ports Used by Trojans Simovitz Consulting
The Internet Ports Database
VPNs
Virtual Private Networks (Primer) by Lee Chae
Firewalls and Virtual Private Networks by Fred Avolio
How to stay in front of VPN management by Tim Greene
Multi-Vendor VPNs: The Quest for Interoperability by Lisa Phifer
Security Parameters for Site-to-Site VPNs by Dave Piscitello
The Core Competence VPN FAQ Page
VPN Services: The Real Deal on Costs by Daniel M. Gasparro
VPNs: Virtually Anything? by Lisa Phifer
Explaining the Gap between Specification and Actual Performance for IPsec VPN Systems Ray Savarda and Matt Karash
Realm-Specific IP for VPNs and Beyond by Lisa Phifer
Debugging IPsec VPNs by Lisa Phifer
SSH, SSL
Getting started with SSH by Kimmo Suominen
Secure Sockets Layer at Netscape
SSH: From Secure Administration to Virtual Private Networking by Lisa Phifer
SSL and S-HTTP (Primer) by Anita Karve
Ssh (Secure Shell) FAQ Frequently asked questions
Secure Remote Access, Secure Application Access
Securing Teleworker Networks by Lisa Phifer
Simplifying Secure Remote Access: SSL VPNs by Lisa Phifer and Dave Piscitello
Secure Remote Access with IPsec Lisa Phifer and David Piscitello
VPNs: Low-Cost Solution For Remote Dial-Up Access by Lisa Phifer and David Piscitello
VPN Client Administration by Lisa Phifer
Twelve Steps to Secure Remote Access Using IPsec by Lisa Phifer & Dave Piscitello
Protocols for Remote Access VPNs by Lisa Phifer
Protocols for Remote Access VPN Services by Lisa Phifer
Dial VPNs: Revenue Opportunity or Headache? by Lisa Phifer
Stretching 'VPN' to Fit Web-Based Intranets? by Lisa Phifer
Slipping NAT past IPsec by Lisa Phifer
IP Security and NAT: Oil and Water? by Lisa Phifer
Stretching VPNs for Web-based Access by Lisa Phifer
Pushing IPsec Through NATby Lisa Phifer
The Trouble with NAT by Lisa Phifer
Firewalls
Access control: Beyond Firewalls by Stephen Reed
Application Gateways and Stateful Inspection by Fred Avolio
Building your firewall by Carole Fennelly (3 parts)
CSI Firewall Product Search Center maintained by Rik Farrow
Distributed, Host-Resident Firewalls by Avi Fogel
Firewall Configuration Problems by Rik Farrow
Firewalling Your Personal Perimeter by David Willis
Firewalls: Don't Get Burnedby David Newman, Helen Holzbaur, and Kathleen Bishop
Firewalls Performance Measurement Project index maintained by Marcus Ranum
Firewalls Overview by Kurt Seifried
Firewalls: Evolve or Die by Kurt Seifried
Fortifying your Firewall by Peter Morrissey
How and When to Use 1:1 NAT by David Piscitello
How NOT to build a firewall by Richard Power (Marcus Ranum interview)
How to Perform Effective Firewall Testing by E. Eugene Schultz
How to Pick a Firewall with the Right Stuff by Rik Farrow
How to Pick an Internet Firewall by Marcus Ranum
Interdepartmental Firewalls: Where to Put Them (and Why) by David Piscitello
NIST Guidelines on Firewalls and Firewall Policy
Linux Security: Firewalls
NT Firewalls: Tough Enough by David Newman, Helen Holzbaur, and Michael Carter
On the Topic of Firewall Testing by Marcus Ranum
Personal Firewalls by Mandy Andress
Routing and Your Firewall ( Part I,, Part II) by Dave Piscitello
The Internet Firewalls FAQ by Marcus Ranum
Testing firewalls and IDS with Ftester by Andrea Barisani
The Design of a Secure Internet Gateway by W. Cheswick
The Ultimate Firewall by Marcus Ranum
Thinking About Firewalls V2.0: Beyond Perimeter Security by Marcus Ranum How Computer Security Works: Firewalls by W. Cheswick and S. Bellovin
Implementing a Distributed Firewall by Steve Bellovin, S. Ioannidis, A. Keromytis, and J. Smith
IETF Firewall Working Group
IThe Nefarious ANY by Fred Avolio
The Failure of Firewalls - A Critical Look at an Information Security Panacea by Rob Thomas
Unverified Fields - A Problem with Firewalls & Firewall Technologyby Ofir Arkin
Secure Electronic Mail and spam
Corporate.Net Secure Electronic-Mail: Return To Sender? by David Willis
E-mail Security: Why Don't We Bother? by Fred Avolio
eMailman Security pages
Tom McCune's page for PrettyGood Privacy
Revealing Email Headers by Rik Farrow
Test: Spam in the wild by Joel Snyder
Tracing Electronic Mail by Fred Avolio
WSS Puts Its Stamp On E-Mail Security by Gregory Yerxa
Phishing and Identity Theft Core Competence
The case for secure email by Erik Kangas
The Secure Email Zone
Can someone read my email? by Steve Bellovin
SANS secure email resources
The Phishing Guide by Gunter Ollman
Recognizing and Responding to Spoof Email Messages by Dave Piscitello
Anatomy of a Phishing Expedition by Dave Piscitello
eBusiness, eCommerce, Privacy
Crime and Abuse in e-Business by Neil Mitchison and Robin Urry
Electronic Commerce and Security by Marcus Ranum
Questions to Ask Before Going Online by Marcus Ranum
The Nuts and Bolts of Business-to-Business E-Commerce by Brian Walsh
Your E-commerce Site: Build, Buy or Rent? by Brian Walsh
Incident Response & Advisory Centers
Cert(sm) Coordination Center. CERT studies Internet security vulnerabilities, provides incident response services, publishes security alerts, researches security and survivability, and develops information to help you improve security at your site.
Center for Education and Research in Information Assurance and Integrity. CERIAS provides innovation and leadership in technology for the protection of information and information resources, and in the development and enhancement of expertise in information assurance and security.
Common Vulnerabilities & Exposures Web Page. A dictionary for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. Hosted by Mitre.
COAST Homepage. COAST (Computer Operations, Audit, and Security Technology) is a multiple project, multiple investigator laboratory in computer security research in the Computer Science Department at Purdue University. COAST publishes a newsletter and hosts a calendar of security events.
Federal Bureau of Investigation Evidence Response Team. FBI personnel who specialize in organizing and conducting major evidence recovery operations. They manage the identification, collection, and preservation of evidence at crime scenes. ERTs are prepared to respond to major case situations in an efficient fashion to ensure that critical evidence is identified and gathered for forensic analysis.
Federal Bureau of Investigation National Infrastructure Protection Center. NIPC's mission is to serve as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures. These include telecommunications, energy, banking and finance, water systems, government operations, and emergency services.
Forum of Incident Response and Security Teams (FIRST). FIRST fosters cooperation and coordination in incident prevention among a variety of computer security incident response teams from government, commercial, and academic organizations to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.
The Information Systems Audit and Control Association & Foundation. ISACA defines standards, guidelines and procedures for IS Auditing and standards and ethics for Information Systems Control Professionals.
The Center for Internet Security. CIS provides guidelines, policy templates, and assessment software to assist organizations and individuals in improving host security.
The Information Warfare Site. This site is an online resource that aims to stimulate debate about a range of subjects from information security to information operations and e-commerce. It is the aim of the site to develop a special emphasis on Europe.
National Security Administration. NSA provides a series of Security Recommendation Guides. We'd tell you more, but then we'd have to shoot you.
The WildList Organization. WildList is a premier source of information on viruses found spreading In the Wild.
Virtual Private Network Consortium. VPNC is the international trade association for manufacturers in the VPN market.
Portals, Info Sites & Publications
2600 offers security related news and subscriptions to this well-known magazine.
All-Internet-Security.com Directory is an established and active marketplace for free, shareware and Internet Security resources.
The Beginner'sCryptography Page offers an introduction to cryptographic techniques and provides a wealth of links to other online cryptography resources.
Crypto-gram is a monthly email newsletter on cryptography from Bruce Schneier, discusses current issues in cryptography.
Fyodor's Good Reading List is an intersting and eclectic collection of security relatedresources.
The Hacker News Network provides daily updated information security news and commentary.
The Internet Protocol Journal published by Cisco Systems. serves as an informational and educational resource for engineering professionals involved in the design, development, and operation of public and private internets and intranets.
InteractiveInfoSec is a very good place for novices to security. The "see a hacker", "Be a Hacker" and "Stop a Hacker" are very good instructionals for those who want to Know the Enemy (thank you, Lance Spitzner).
The Journal of Internet Security provides a DeLiberation Extranet to inform professionals and support discussions of electronic banking and commerce issues.
NewOrder is a resource for people to help avoid being hacked, security and exploiting related files and links.
Rik Farrow's Network Defense columns, from Network Magazines, are archived here.
Open Web Application Security Project (OWASP) is an open source community resource to advance knowledge about web application and web services security issues. Among the many projects, OWASP has produced a Guide to Building Secure Web Applications, and hosts many columns on web application and server security.
Packet Storm claims to be the largest and most up to date library of information security information in the world. Packet Storm is a security resource that provides the mechanism for both the underground and the corporate communities to converge and direct their efforts towards sharing security information.
TechTarget's SearchSecurity.com offers a comprehensive Security specific search engine.
SecuriTeam.comis a security news web site containing all the newest security information from various mailing lists, hacker channels and our own tools and knowledge.
The Internet Security Conference (TISC) is a conference archive and host to the Insight Security newsletter.
Windows & .NET Magazine's Security Administrator section of discusses NT/W2K/XP security issues, tips, and new products. It's a good source for learning the latest NT security breaches and corresponding hot fixes.
SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public. offersThis portal has an large collection of free tools.
SecurityNews.org professes to provide Security News for Security Professionals. In addition to news stories, you'll find links to other security related material.
TALISKER'S NETWORK SECURITY TOOLS PAGE offers a plethora of security tools and software.
The TruSecure white paper library offers a variety of technical, strategic, and non-technical papers on information security.
VPNlabs is an open community for researching, reviewing, and discussing Virtual Private Networks. Find VPN software and VPN news, download free personal firewalls, and troubleshoot your existing VPN solution.
eCrime
The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond (2006)
Crimeware: Understanding New Attacks and Defenses (2008) by Markus Jacobson
Understanding and Countering the Phishing Threat
Online identity theft: Phishing technology, chokepoints and countermeasures
A Call for Action: Report from National Consumers League Anti-Phishing Retreat
Convention on Cybercrime, Council of Europe
Stanford Draft (Sofaer/Goodman)
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants
Security (Overview, General, Opinion)
A Computer and Network Security Primer by Fred Avolio
A Multi-Dimensional Approach to Internet Security by Fred Avolio
A Network Perimeter with Secure External Access by Fred Avolio and Marcus Ranum
Are You Prepared In The Event Of A Disaster? by Mark T. Edmead
Best Practices in Network Security by Fred Avolio
Conducting A Security Audit by Bill Hayes
CSI/FBI Computer Crime and Security Survey at CSI
Cross Platform Security Analysis by Anton Chuvakin
Enough Already, Time to get Serious About Hacking by Marcus Ranum
Event Correlation in Security by Anton Chuvakin
Federal Cybersecurity: Get a Backbone by Marcus Ranum
The Electronic Frontier: The Challenge Of Unlawful Conduct Involving the Use of the Internet (no attribution)
Guarding the Crown Jewels - An Overview of Computer & Internet Security by Curt Wilson
Hammering Out a Secure Framework by Mike Fratto
Have a Cocktail: Computer Security Today by Marcus Ranum
Information Risk Assessment: Practices of Leading Organizations United States General Accounting Office
Log Analysis Resources maintained by Tina Bird and Marcus Ranum
Managing Electronic Records and Evidence by Jeffrey H. Matsuura
Managing security and complexity on a tight release schedule and other high-level ramblings by Marcus J. Ranum
Network 10: The next Y2K problem? by Marcus Ranum
Network Address Translation: Hiding in Plain Sight by Mike Fratto
Protecting Network Infrastructure at the Protocol Level by Curt Wilson
Security Basics Forum at SecurityFocus.com
Selling Security Hype by Marcus Ranum
Social Engineering: The Threat and The Solution by Chris Tobkin
The Sad and Increasingly Deplorable State of Internet Security by Stephen Kent and David Piscitello
The State of Systems Security by Ron Dufresne
Threats, Vulnerabilities and Real-World Responses: The Foundations of the TruSecure Process by M. E. Kabay
What I Worry About by Marcus J. Ranum
Vulnerability Assessment Survey at SecurityFocus.com
Best Practices for Securing Enterprise Networks by Dave Piscitello and Lisa Phifer
Rethinking Network Security by Lisa Phifer
Broadband Local Access & Security
CLECs Should Be Proactive In Security by David M. Piscitello
EtherLECs and Security by David M. Piscitello
Extending the Perimeter: Protecting the Telecommuter and the Road Warrior (Part 1, Part 2) by Fred Avolio
Firewalls & DSL by David M. Piscitello
Host and Network Security in the Internet Age: DSL, @Home, ISDN, etc. by David Dittrich
Residential Broadband Access and the Teleworker: Security Considerations for the IT Manager by David Piscitello
Security and xDSL 4 part series, by David Piscitello
Securing Residential Broadband Connections:The Personal Firewall Approach by Lisa Phifer
Why Metro Area EtherLECs Should (Still) Worry about DDOS Attacks by David M. Piscitello
Security Guidelines for your broadband network Microsoft
The true killer application for broadband local access by Dave Piscitello
Securing the broadband network by Sushilkumar Nahar
Securing the broadband Internet Netscreen
Endpoint Security, Admission Control
PC Disk Encryption: A Lesson Learned and Recommendations by Fredrick M. Avolio
Server vs. Client-based Protection by David Piscitello
Stored File Encryption: Boiled Eggs And Scrambled Data by Phil Carden
Antivirus Resources Core Competence
Spyware Resources Core Competence
Endpoint security and admission control: necessary but not sufficient by Dave Piscitello
Take Stock of Enpoint and Admission Control Now" by Dave Piscitello
Five Steps to Enforcing Your Endpoint Security by Frederick Felman
Wireless endpoint security: Tie up the loose ends by Douglas Schweitzer
Agentless Endpoint Security Brad Feld
What is a blended threat? by Dave Piscitello
Security and the DNS
DNSSEC Security Extensions
BIND news and DNS alternatives by Jeremy Reed
DNS Abuse by !Hispahack
DNS Configuration, Management and Troubleshooting by Joel Snyder
DNS may be giving away your secrets by Rik Farrow
MaraDNS: Working Towards a More Secure DNS by Sam Trenholme
Protecting yourself, hiding your DNS entries a CPIO Project
Secure BIND Template Version 2.1 by Rob Thomas
Securing an Internet Name Server by Cricket Liu
Softpanorama DNS Security Page
Add "Protect Domain Name" To The Security Checklist
DNS Pharming
Is Your Caching Resolver Polluting the Internet?
Anatomy of a DNS DDoS Amplification Attack
It's Time for Enterprises to Take on DNS SECurity
Worrisome Threat of DNS DDoS Attacks
The dark side of name DNS error resolution
Denial of Service (DOS) Attacks
A stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, and others
Internet Denial of Service: Attack and Defense Mechanisms by Jelena Mirkovic, Sven Dietrich, David Dittrich, Peter Reiher
CERT/CC Denial of Service
Understanding Denial-of-Service Attacks
Trends in Denial of Service Attacks
How a 'denial of service' attack works - CNET News
A trinoo/TFN/stacheldraht agent scanner (C source code, BETA) by Dave Dittrich, Marcus Ranum, George Weaver, David Brumley, and others
AntiCode
AntiOnline
Distributed Denial of Service Attacks by Rik Farrow>
Why Metro Area EtherLECs Should (Still) Worry about DDOS Attacks by David Piscitello
How a denial-of-service attack works - Security- msnbc.com
Defending against a Denial-of-Service Attack on TCP
What is a Denial of Service (DoS) attack?
Preventing Denial of Service Attacks
Distributed Denial of Service (DDoS) Attacks/tools by David Dittrich
Egress Filtering by Mark T. Edmead
Egress Routing
Anatomy of an Amplified Distributed Denial of Service Attack by David Piscitello
DNS Distributed Denial of Service (DDoS) Attacks (SAC008)
Future denial of service attacks by Kurt Seifried
Strategies to Protect Against Distributed Denial of Service
Hacker News Network
How to Spot Source Address Spoofing by Rik Farrow
Information on network ingress filtering, RFC 2267
The Worrisome Threat of DNS DDoS Attacks by David Piscitello
Distributed Denial of Service Attacks
Quality of Service for Denial of Service Attack Prevention by Steve Kohalmi, Randy Charland
Network Defense Richard Power & Rik Farrow's archive of Network Magazine columns
Some TCP/IP Vulnerabilities: Weaknesses, attack tools, defenses by David Dittrich
SYN cookies by D. J. Bernstein
The "stacheldraht" distributed denial of service attack tool by David Dittrich
The "Tribe Flood Network" distributed denial of service attack tool by David Dittrich
The DoS Project's "trinoo" distributed denial of service attack tool by David Dittrich
Denial of Service (DoS) Attack Resources
Operating System Security
Linux Security
Center for Internet SEcurity - Linux Benchmarks
Anti-Trojan and Trojan Detection with In-Kernel Digital Signature testing of Executables by Michael Williams
The Linux Security HOWTO Another Paper on Linux Security by Bronc Buster
Basic Steps in Forensic Analysis of Unix Systems by Dave Dittrich
Hacking Linux and How to Stop It by Craig Ozancin
Linux firewalling with ipchains by Vincent Danen
Making UNIX Servers More Secure by Rik Farrow
Secure interprocess communication by D. J. Bernstein
Tuning Solaris for FireWall-1 by Rob Thomas
Linux Security Cookbook - O'Reilly Media
Unix Auditor's Practical Handbook by K. K. Mookhey
Unix Computer Security Checklist
A Linux Security Toolkit
Yo Linux Security Tools
Linux Administrator's Guide
Hacking Linux Exposed
UNIX IP Stack Tuning Guide by Rob Thomas
UNIX Security by guidob
Security (Builds)
Debian Security
Securing Debian - Manual
Debian Linux Security
Debian Security Audit Project
Gentoo Linux Documentation -- Gentoo Linux Security
Gentoo Linux Documentation -- Gentoo Linux Security Advisories
Red Hat Security
Security Features - FedoraProject
Security Quick-Start HOWTO for Red Hat Linux
SUSE Linux Enterprise Security
Ubuntu Security Forums
Security on Ubuntu
The Big Ol' Ubuntu Security Resource - IT Security
A Complete List of Windows Event Identifiers
Cracking User Passwords in Windows 2000
A Starting guide to armoring NT by Lance Spitzner
How to Make Windows 2000 and NT 4 Passwords Uncrackable by Joel Kleppinger
NTBug Traq
NTSecurity.Net
NTToolbox.com
Automated NT Vulnerability Testing by Dave Piscitello
Microsoft Security Bulletins at Microsoft TechNet
searchNT.com
Securing your Operating System: Guidelines for Hardening Windows 2000
A friendly alternative to registry editing by Dave Piscitello
The Microsoft Security Advisor
Security Settings in Windows Server 2003 and Windows XP at Microsoft TechNet
Windows NT Passwords by Bill Wall
Windows 2000 Magazine Online at Microsoft TechNet
Windows 2000 Security Hardening Guide at Microsoft TechNet
Windows 2000: An Early Security Perspective by James Michael Stewart and Ed Tittel
Windows 2000's VPN-Related Security Issues by Lisa Phifer
Windows 2000 Vulnerabilities by Phil Cox
Windows Server 2003 Security Guide at Microsoft TechNet
Stepping up to XP: What to expect at your firewall by Dave Piscitello
Securing XP Desktops: Account and Auditing Policies by Dave Piscitello
Securing XP Desktops: Controlling Local Use and Network Access by Dave Piscitello
Pros and Cons of Windows 7 Security - PC World Business Center
A Guide to Windows 7 Security - PC World Business Center
Windows 7 Security
Windows 7 Security Features
Windows 7 Security Compliance Management Toolkit
Windows 7 Security Enhancements
Wireless LAN Security
Lisa Phifer's WLAN Corner is now hosting the most recent resources, these resources are here for historical purposes. Comprehensive lists of recent wireless and mobility articles by Lisa can also be found at the Core Competence Technology Corner,Wi-Fi Planet ISP-Planet and TechTarget articles lists.
IEEE 802.11 Wireless Standards
IEEE 802.11 TGi Enhanced Security proposals
IEEE 802.1x Port-Based Network Access Control Standards
IETF PPP Extensions WG
Wireless LAN Organization Security White Papers
Bay Area Wireless User Group WiLDing Project
Wireless Anarchy
802.11 Security: Attacks and risks by Bruce Potter and Bob Fleck
All About War Driving
Assessing WLAN Security Threats by Gerry Blackwell
Air Safety by Lisa Phifer
An Initial Security Analysis of the IEEE 802.1X Protocol by Arbaugh, et. al.
Bill Arbaugh's Wireless Security Page
Antennas Enhance WLAN Security by Trevor Marshall
Cigital's ARP Poisoning Paper
Configuring Service Set Identifiers by Lisa Phifer
Consolidation Control Using WLAN Switches by Lisa Phifer
Controlling Wireless LAN Access with 802.1x by Lisa Phifer
Enable 802.1x security in Windows 2000 by Serdar Yegulal
GSM Security Website
Intel's WPA DOS Attack paper
Isolate Your Wireless Network by Dave Piscitello
Large Fat Bloke's 802.11 Page
Locking Down the Airwaves by Dave Piscitello
Microsoft Column on WPA in Windows
Safe WLAN Deployment Checklist by Lisa Phifer
Securing the Small All Wireless Network by Lisa Phifer
Security of the WEP algorithm by Borisov, Goldberg, and Wagner
Security out of Thin Air by Dave Piscitello and Lisa Phifer
Sniffing the Air for Trouble by Lisa Phifer
Stopping WiFi Intruders by Lisa Phifer
Talisker WLAN Security Tools List
Ten Common Questions (and Answers) about Wireless LANs by Lisa Phifer
The Myth of Hiding SSIDs by Robert Moskowitz
The X Factor by Diana Kelley
Tools and Tactics for Safer WLAN Deployment by Dave Piscitello
Understanding Wireless Antennas, (Part I) , (Part II) by Lisa Phifer
Unofficial 802.11 Security Web Page by Bernard Aboba
Weaknesses in the Key Scheduling Algorithm of RC4 by Fluhrer, Mantin, and Shamir
Wi-Fi Planet
Wi-Fi Protected Access Q and A
Wireless ARP Poisoning by Robert Fleck
Wireless in the Enterprise index of TechTarget WiFi articles
WLAN Hotspot Best Practices by Dave Pollino
Wireless Security: A Contradiction in Terms? by Rik Farrow
WLAN security checklist by Brian Clark
Your 802.11 Wireless Network Has No Clothes by Arbaugh, et. al.
Application Stream Hacking, Application Security, Application Protection
A Semantic Attack on URLs by Bruce Schneier
Advanced SQL Injection by Chris Anley
Blind SQL Injectionby Kevin Spett
Blocking Instant Messaging by David Piscitello
CGISecurity's Web Application Document Library
Creating Arbitrary Shellcode in Unicode Expanded Strings by Chris Anley
Exploiting and Protecting Oracle by Pete Finnigan
External Operating System Commands: Backdoor or feature? Hacking with SAP R/3 by Stefan Hoelzner
HTML Form Protocol Attack by Jochen Topf
Hackproofing Oracle Application Server by David Litchfield
Hackproofing Lotus Domino Web Server by David Litchfield
Introduction to LDAP Security by Sacha Faust
FAQ: SQL Injection Attacks Byron Acohido
Oracle Security papers (collection of 65) by Pete Finnigan
Securing the Apache Web Server by Rik Farrow
Security and Peer-to-Peer Applications by Dave Piscitello
Session Fixation Vulnerability in Web-based Applications by Mitja Kolsek
SQL Injection and Oracle, (Part I), (Part II) by Pete Finnigan
The Importance of Application Security by Matthew Levine
Where is Application Protection best applied? by Dave Piscitello
URL Encoded Attacks: Attacks using the common web browser by Gunter Ollmann
Web Application and LDAP Injection by Sacha Faust
Application Proxies Watchguard Technologies
Application Layer Protection by Andrew Conry-Murray
Application Security - Next Layer of Protection by Keith Pasley
Web application security fundamentals Microsoft
Application Layer Filtering (ALF) by Deb Shinder
Improving Web Application Security MSDN
Secure a web application, Java style by Michael Cymerman
Web Server Security
Affordable Web Server Vunlerability Assessment by Dave Piscitello
How to Harden Your Microsoft Web Server (Basics) by Dave Piscitello
How To Secure MS Internet Information Server at Security Wizards (secwiz)
IIS Security and Programming Countermeasures by Jason Coombs
OWASP Guide to Building Secure Web Application and Web Services
Penetration Testing for Web Applications (Part I,Part II, Part III) by Jody Melbourne and David Jorm
Prevention of the OWASP Top 10 in PERL by Daniel Goscomb
Review: Syhunt Web Security Suite by Dave Piscitello
Web Access Security by Chris King
Web Application Security by Eren Reschef, Perfecto Technologies
About Applications Microsoft IIS
Comments