READING LIST

Deliberately Insecure Websites

Irongeek
http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applications-for-learning-web-app-security

Samurai
http://samurai.inguardians.com

 

LEGALETHICS

"CO Computer Crime", CO 18-5.5-101
http://nsi.org/Library/Compsec/computerlaw/Colorado.txt

"Electronic Communication Privacy Act", USC 18-121, sections 2701-2711
 http://assembler.law.cornell.edu/uscode/html/uscode18/usc_sup_01_18_10_I_20_121.html

Federal Search & Seizure Guidelines
http://www.cybercrime.gov

"Property and Speech: Who Owns What You Say in Cyberspace", John Perry Barlow, CACM, 12/95, Vol.38 No. 12, P19-22
http://portal.acm.org/citation.cfm?doid=219663.219673

"The Economic Espionage Act: Touring the Minefields", Andrew Grosso, CACM, 8/00, Vol.43 No. 8, P15-18
http://doi.acm.org/10.1145/353360.353380

"Personalization and Privacy", Eugene Volokh, CACM, 8/00, Vol.43 No. 8, P84-88
http://doi.acm.org/10.1145/345124.345155

"The Ethical and Legal Quandary of Email Privacy", J.C.Sipior & B.T. Ward, CACM, 12/95, Vol.38 No. 12, P48-54,
http://doi.acm.org/10.1145/219663.219679

"Cyberprivacy in the New Millenium", Hal Berghel, IEEE Computer, 1/01,  Vol. 34 No. 1, P132-134
http://www.speedofheat.com/hayne/BD413/Articles/Berghel.pdf

"Risks of Panic",  L. Weinstein, P. Neumann, CACM, 11/01, Vol. 44 No. 11, p. 152
http://doi.acm.org/10.1145/384150.384158

"The DMCA Needs Fixing", Vir V. Phoha, CACM, 12/01, Vol. 44 No. 12, p.33
http://www.speedofheat.com/hayne/BD480/Articles/p33-phoha.pdf

"Web Bugs", Kimberley Craig, SANS GIAC paper,
 http://rr.sans.org/covertchannels/bugs.php

"Cookies and Exploits", Jasmir Beciragic, SANS GIAC paper,
 http://rr.sans.org/covertchannels/cookies.php

"Cookies vs. Internet Privacy", Lee Walswick, SANS GIAC paper,
 http://rr.sans.org/covertchannels/internet_privacy.php
 

CRYPTOGRAPHY

"Crypto: Plain & Elegant" Part 1 and 2, Ben Rothke, Information Security, 7/98, 8/98
www.infosecuritymag.com/articles/1998/julycrypto.shtml - part 1
www.infosecuritymag.com/articles/1998/augcrypto.shtml - part 2

"The 1998 Crypto Year-in-Review", B. Schneier, Information Security, 1/99
www.infosecuritymag.com/articles/1999/crypto.shtml

"Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)", B. Schneier, Mudge, L0pht Industries.

PGP in a Networked, Muli-User Environment
http://rr.sans.org/covertchannels/PGP.php  
 

SECURITY MODELS

"The Changing Environment for Security Protocols", R.M. Needham, IEEE Network, May/June 1997, p.12-15
http://www.speedofheat.com/hayne/BD480/Articles/needham.pdf
 

AUTHENTICATION

"Smart Cards: How Secure Are They?", John Abbott, SANS Institute, March 1, 2002
http://rr.sans.org/authentic/smartcards.php  
 

RISK/ANALYSIS

"Modeling Security Threats",  Bruce Schneier, Dr. Dobb's Journal,  December, 1999
http://www.ddj.com/documents/s=896/ddj9912a/9912a.htm

"A Perspective on Threats in the Risk Analysis Process", Arthur Nichols, SANS GIAC paper,
 http://rr.sans.org/audit/risk_analysis.php

"Remailers Elude E-mail Surveillance", S.M. Cherry, IEEE Spectrum, 11/01, Vol.  38 No. 11, p.69

"Blanking on Rebellion: Where the Future is Nabster", B. Meeks, CACM,  11/01, Vol. 44 No. 11, p. 17
http://doi.acm.org/10.1145/384150.384154

"The Platform for Privacy Preferences", L.F.  Cranor, CACM, 2/99, Vol. 42 No. 2, p.48
http://doi.acm.org/10.1145/543482.543506

"The Privacy Hoax", B.N. Meeks, CACM, 2/99, Vol.48 No. 2, p. 60
http://doi.acm.org/10.1145/293411.293425
 

THREATS

"Buffer Overflows for Dummies", J. Nelisen, SANS GIAC Paper
http://rr.sans.org/threats/dummies.php

"SSL Man-in-the-Middle Attacks", Peter Burkholder, SANS GIAC Paper
http://rr.sans.org/threats/man_in_the_middle.php

"The Instant Messaging Menace: Security Problems in the Enterprise and Some Solutions", D. Frase, SANS GIAC Paper
http://rr.sans.org/threats/IM_menace.php

"ICMP Attacks Illustrated", C. Low, SANS GIAC Paper
http://rr.sans.org/threats/ICMP_attacks.php

"Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks ", R. Wagner, SANS GIAC Paper
http://rr.sans.org/threats/address.php

"Analysis of FTP Hijack", P. Huynh, SANS GIAC Paper
http://rr.sans.org/threats/FTP_hijack.php

"Unicode Vulnerability How & Why? ", A. Brannan, SANS GIAC Paper
http://rr.sans.org/threats/unicode.php
 

HONEYPOTS

"Honeynet Project", Honeynet.org
http://project.honeynet.org/
 

INTRUDER DETECTION

"The Twenty Most Critical Internet Security Vulnerabilities (Updated)", SANS Institute, 2002
 http://www.sans.org/top20.htm

"How to Eliminate the Ten Most Critical Internet Security Threats", SANS Institute, 2001
http://www.sans.org/topten.htm

"Risks in Email Security", A Levi, Cetin Kaya Koc,  CACM, 8/01, Vol.44 No. 8, p.112
http://doi.acm.org/10.1145/381641.381666

"Covert Shells", J. Christian Smith, SANS GIAC paper,
 http://rr.sans.org/covertchannels/covert_shells.htm

"Inverse Mapping Using Disguised TCP Resets", Minna Kangasluoma, SANS GIAC paper,
 http://rr.sans.org/audit/inverse_map.htm

"Getting More Out of ICMP", Pete Schuyler, SANS GIAC paper,
 http://rr.sans.org/audit/more_ICMP.htm
 

INCIDENT RESPONSE

"Incident Handling Step by Step: Unix Trojan Programs - Version 2.1", Zirkle,Drake, Dittrich, SANS Institute,
 http://www.incidents.org/react/trojan.php
 

FIREWALLS

"Thinking About Firewalls", M.J. Ranum, Trusted Information Systems

"Unverified Fields - A Problem with Firewalls and Firewall Technology Today", Ofir Arkin, Sys-Security Group,

CASE STUDIES

"Gaining Access Using Application and Operating System Attacks - Part 1", Ed Skoudis, Information Security Bulletin, 10/2001, p.15
http://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0608/ISB0608ES.pdf

"Gaining Access Using Application and Operating System Attacks - Part 2", Ed Skoudis, Information Security Bulletin, 11/2001, p.23
http://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0609/ISB0609ES.pdf

"IIS Web Servers: It's Time to Just Be Careful", Eugene Schultz, Information Security Bulletin, 11/2001, p. 17
http://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0609/ISB0609GS.pdf

"The Code Red Worm", Hal Berghel, CACM, 12/2001, Vol. 44 No. 12, P.15
http://dx.doi.org/10.1145/501327.501328

"Code Red (II)", SANS Institute,
 http://www.incidents.org/react/code_redII.php

"Nimda - The "Swiss Army Knife" Worm", Eugene Schultz, Information Security Bulletin, 11/2001, p. 33

"Nimda Worm/Virus Report -- Final", SANS Institute,
 http://www.incidents.org/react/nimda.pdf

"Nimda Explained, and What You Can Do to Protect Your Sytem(s)", Greg Dzurinda, SANS GIAC paper,
 http://www.sans.org/infosecFAQ/malicious/nimda2.htm

"BackGate Kit Analysis and Defense", Matt Scarborough, SANS Institute,
 http://www.incidents.org/react/unicode.php

"Analysis of a fingerd replacement", Arrigo Triulzi, SANS Institute,
 http://www.incidents.org/react/fingerd.php

"Problem Areas for the IP Security Protocols", S.M. Bellovin, Usenix Security Symposium, 1996,

"A Simple Active Attack Against TCP", Laurent Joncheray, Merit Network, Inc.
http://courseware.vt.edu/marchany/ECE5984/Papers/joncheray.ps

"Network Security via Reverse Engineering of TCP Code: Vulnerability Analysis and Proposed Solutions", B. Guha, B. Mukherjee, IEEE Network, July/August 1997, P.40-48
http://courseware.vt.edu/marchany/ECE5984/Papers/guha.pdf

"The FTP Bounce Attack", Hobbit.ps
http://courseware.vt.edu/marchany/ECE5984/Papers/ftp.bounce.attack.txt

"The Tao of Windows Buffer Overflow", Dildog
http://www.cultdeadcow.com/cDc_files/cDc-351/
 

DDOS

"Denial of Service", Steve Gibson, GRC
http://grc.com/dos/winxp.htm

"Raw Sockets in XP", Steve Gibson, GRC
http://grc.com/dos/winxp.htm#rawsockets

"The DoS Project's "trinoo" distributed denial of service attack tool", David Dittrich, University of Washington
http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt

"The "Tribe Flood Network" distributed denial of service attack tool" David Dittrich, University of Washington
http://staff.washington.edu/dittrich/misc/tfn.analysis.txt

"The "stacheldraht" distributed denial of service attack tool", David Dittrich, University of Washington
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.txt

"The "mstream" distributed denial of service attack tool", David Dittrich, University of Washington
http://staff.washington.edu/dittrich/misc/mstream.analysis.txt

"Consensus Roadmap for Defeating Distributed Denial of Service Attacks", White House Partnership for Critical Infrastructure Security,
http://www.sans.org/ddos_roadmap.htm

"Help Denial of Service Attacks: Step by Step",  SANS Institute,
http://www.sans.org/dosstep/index.htm

"TFN2k - An Analysis",  Jason Barlow, Woody Thrower, AXENT Security Team,
http://packetstorm.securify.com/distributed/TFN2k_Analysis-1.3.txt

"Distributed Denial of Service Attacks", Steve Bellovin, AT&T
http://www.research.att.com/~smb/talks/nanog-dos/index.htm

"An Analysis of the SHAFT Distributed Denial of Service Tool", Sven Dietrich, NASA Goddard Space Flight Center,
http://netsec.gsfc.nasa.gov/~spock/shaft_analysis.txt

DDOS tools and analysis articles can be found at http://packetstormsecurity.org/distributed 

"Distributed Reflection Denial of Service", Steve Gibson, GRC
http://grc.com/dos/drdos.htm

"Denial of Service", Steve Gibson, GRC
http://grc.com/dos/winxp.htm

 

FORENSICS

"Forensic Analysis of a Live Linux System", Mariusz Burdach.
http://www.securityfocus.com/infocus/1769 (Part One), http://www.securityfocus.com/infocus/1773 (Part Two)

"Forensic Tools and Techniques for Investigating Internet Break-ins", Dr. Bill Hancock, CISSP, Exodus Communications, Inc.
http://www.exodus.net/drbill

"Tracking Them Down: Real-Time Forensics and Tracking", Charles Neal, Dr. Bill Hancock, Exodus Communications, Inc.
http://www.exodus.net/drbill

"Anatomy of Malice", Stephen Cass, IEEE Spectrum, 11/01, Vol. 38 No. 11, p.56

"ICMP Usage in Scanning - The Complete Know-How", Ofir Arkin, Sys-Security Group,
 http://courseware.vt.edu/marchany/ECE5984/Papers/ICMP_Scanning_v3.0.pdf

"Basic Steps in Forensic Analysis of Unix Systems", David Dittrich, Univ. of Washington, 2000
http://staff.washington.edu/dittrich/misc/forensics/