Computer security. With many people switching their systems to a broadband network, the need for computer security education has grown. This lens provides an overview of computer security topics as well as links to resources I use to keep the systems I manage at home and at work secure.
I have taken most of my computer security training from the SANS Institute. For those wondering, I have completed Firewalls, Perimeter Protection and VPNs, Intrusion Detection, Incident Handling and Hacker Techniques, Windows Security, LAMP Secure Online Presence, Wireless Network Auditing and am currently taking web application penetration testing.
News: Use Secunia PSI free tool to check security issues on your PC.
Keep up with the latest security information
Got a Security Policy? - A policy will guide decisions about how to implement security.
A security policy communicates the company's vision of security, it provides an easy-to-use source of security requirements and is a flexible document which must be updated regularly.
- SANS Security Policy Project
The ultimate goal of this SANS project is to offer everything you need for rapid development and implementation of information security policies. You'll find a great set of resources posted here already including policy templates for twenty-four impo
- Site Security Handbook
RFC 2196 documents a Site Security Handbook that is a guide to developing computer security policies and procedures for sites that have systems on the Internet.
ISO 27002 and formerly 17799, is a detailed security standard. It is organised into ten major sections, each covering a different topic or area; Business Continuity Planning, System Access Control, System Development and maintenance, physical and env
The National Institute for Standards and Technology has publicly available security documents. Review NIST 800-53 Recommended Security Controls for Federal Information Systems which is a very detailed document explaining security controls covering 17
Security Information Event Management SIEM
Managing all of the security information that exist across all of our systems is not an easy task and we can get easily overwhelmed. Find a SIEM solution to help.
LogRhythm The leader in SIEM technology according to Gartner.
Secure your hosts
- Center for Internet Security
The Center for Internet Security maintains a site with benchmarking and scoring tools for many different operating systems. They have great documentation on how to secure your hosts, with detailed instructions and explinations of why each step should
- Secure Your Laptop!
Lundquist's Guide To Not Getting Fired for Losing Your Laptop. Eric Lundquist makes many very important points about what data you should keep on your laptop and additional steps you can take to keep the data safe and confidential in this article.
- Home PC Security Tips
For those of you who are looking for information on securing your home PC, or would like to know who to call for help with your home system, checkout Kim Kamando's site and Radio show.
- Remove Personal Information from your systems PII
Identity finder is a free application you can use to see what sensitive information is on your system so you can remove it.
- AVG is a free Anti Virus Product
AVG's newest security product provides real-time protection against online threats for free-forever. There are millions of poisoned web pages out there. Let AVG LinkScanner check them out first. If a link is dangerous, you'll be protected
- Spybot Search and Destroy
Open source tool to deal with spyware.
- MalwareBytes Anti Malware
Great application to check for malware on your PCs.
- Secunia Personal Software Inspector
Your Microsoft apps might be up to date with windows update but what about all of your other applications? Secunia PSI will help you identify other security issues.
Free Anti-virus using the cloud to deal with unknown threats.
- Sophos Free Mac OS X Anti-virus solution
Macs need to be protected.
Perimeter Secuity - Firewalls, Screened Subnets
The best approach to security is defense-in-depth. Many layers exist from the public internet to your host or servers, these are often defined as the perimeter, network, host, application then the data layers. Each of these layers should have some form of protection in place.
- Defense in Depth
The term defense in depth comes from the military.
- How Firewalls work
Firewalls come in many different configurations which provide different levels of support. They are often called packet filtering, stateful or proxy firewalls. Many different free firewalls exist, for example, ipf, ipchains, m0n0wall, and sonic wall
Monitor your hosts and network
It is important to monitor your hosts and network so you will know what normal system behavior looks like. Once this is known, you can set up detectors to look for, and alert you to anomalous behavior.
- Nagios Host Monitoring
Nagios is gaining popularity as a good open source monitoring solution.
A network graphing solution using PHP and MySQL.
- Tripwire - Now Open Source
Open Source TripwireÂ® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems. The project is based on code originally contributed by Tripwire, Inc. in 2000.
Osiris is a Host Integrity Monitoring System that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email
Samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operat
Sisyphus is a log analysis application for high performance computing systems.
Security Check Lists
Intrusion Detection Systems - Are you paranoid?
If you do not watch the activity on your network, you will not know who is knocking.
Auditing your network (Ethical Hacking) - Have you looked yet?
Ethical hacking refers to a testing activity done by an individual who is authorized to audit a network. Always have paperwork which identifies your authorization to use software and test for vulnerabilities on your network.
SNORT is one of the most popular IDS tools.
If you are going to snort, you may as well use ACID. ACID is a php web console you can use to search and process Snort results.
BASE is another web based application useful when analyzing SNORT results.
- OSSEC Host Based Intrusion Detection
Free Open Source Product.
Bro is an open-source, Unix-based Network Intrusion Detection System (NIDS) that passively monitors network traffic and looks for suspicious activity. Bro detects intrusions by first parsing network traffic to extract its application-level semantics
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP's Webgoat product will help teach you about how hackers attack web services. Their Webscarab too
Nessus is a free, very popular network auditing tool. A new version exists for MAC OS X.
- NMAP from Insecure.org
The insecure.org site provides the nmap tool as well as the new list of the top 100 security tools.
- Ethical Hacking
Ethicalhacker.net provides information and resources for auditing networks.
- The Metasploit Project
Metasploit is a powerful tool which can help test expoits on a network.
- SQL Injection Cheat Sheet
Do your applications filter user input to remove bad input characters? Have you tried to use sql injection against your applications to see what information you can extract. An SQL cheat sheet is handy to remember the techniques to use when testing i
- XSS Cheat Sheet
RSnake has put together a Cross Site Scripting Cheat Sheet.
- Network Security Toolkit
A handy resource.
- Center for Internet Security
A great resource with instructions to harden most operating systems. They explain how to turn off features and explains why you might do it.
People are often the weakest link in security. Check the passwords associated with user accounts. Many tools are available for free.
- John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on vario
- PW Dump
Windows 2000/XP/2003/Vista/2008 NTLM and LanMan Password Grabber By fizzgig and the foofus.net Team
- FG Dump
A Tool For Mass Password Auditing of Windows Systems
Incident Response / Handling - Are you prepared?
The first step in incident handling is knowing what task has the highest priority, returning the systems to an operational state or collecting evidence in order to prosecute the attackers, if they can be found. The number one rule when collecting evidence is to always have two people collecting evidence removing the possible argument that the data collectors tampered with the evidence.
- Intruder Detection Checklist PDF
Hopefully you already have your own checklist, if not, look at available checklists and see what information your checklist should cover.
- National Institute of Standards and technology
NIST 800-61 is the document covering the topic of incident handling.
- SANS Intrusion Discovery Cheat Sheet
SANS provides a Intrusion Discovery cheat sheet for UNIX administrators which can help you remember many of the items you should look for if you suspect an intrusion.
- Nmap Nessus PDF cheat Sheet
A PDF nmap and Nessus cheatsheet
- Tools and Hardware for Incident Response
The Incident Response Book published by O'Reilly contains a lot of information. The Chapter Seven sample provides a list of tools and hardware that you will want to be familiar with or have in your response bag.
- Have a Jump Bag
Be sure you are prepared to respond appropriately to computer incidents by having a jump bag.
Wireless Security - How far does your signal go?
Most new computer systems either come with builtin wireless devices or have the option to add a wireless device when purchased. Given the convenience of a wireless network many users set the network up without understanding the security implications of running a wireless network.
- Wireless security information.
I cover many wireless security issues on my wardriving squidoo lens.
TCP/IP - What you must know.
- TCP/IP wikipedia
The wikipedia is a nice place to start your research of the TCP/IP Protocol.
- SANS TCP/IP Cheat Sheet.
I keep a copy of this document with me as well as stuck to my cubicle.
WildPackets has recently released OmniPeek in response to the release of WireShark. There are many nice features built into this tool and I am starting to prefer to use it, rather than ethereal or wireshark.
- WireShark (Ethereal)
A network protocol analyzer which is very useful for analyzing problems or incidents on the network, formerly known as Ethereal. Keep this free product up to date.
Many UNIX systems support tcpdump as the tool to use to watch network traffic on a host or network. If tcpdump is not available check for snoop.
Windump is my tool of choice on a windows platform.
Help the good guys!
Learn from the Bad Guys! - Set out some bait.
There are numerous open source tools available to set up fake servers to watch what techniques or exploits the crackers are using.
- Set up a Honeypot
A honey pot is a system placed on the network with the intention of letting crackers interact with the system. Logs are kept of the actions taking place on the host with the intention of learning what exploits are being used in the wild. Wireless h
- Tarpits are stickier
The idea of the tarpit is to set up a host which will answer all request made to it on any port, but never complete the conversation. When the host that is trying to establish the connection checks back with the tarpit, the tarpit responds back say
General Network Security Tip Book
Network and System Monitoring Book - Know how to monitor your network and systems.
I have always used the open source SNIPS product to monitor my hosts and network, but Nagios is quickly gaining popularity as the open source choice for network monitoring.
Perimeter Security and Firewall Books
Wireless Security Books
Intrusion Detection Books
Network Auditing Books
Publish your knowledge of computer security by building a lens. It's easy!