Resources re computer security.

See AboutThesePages.

Contents

Notes

Cleaning Up After a Crack

From civileme (Re: [expert] Hack attack or not?; 27 Jul 20020):

Put in CD#1 cd /mnt/cdrom rpm -ivh --force basesystem-8.2-1mdk.i586.rpm

This will generally blow away anything done to /bin /sbin or /lib

Use the now good ls and rgrep tools to scan other directories for martians--if you see any, by God, push the button.

Stopping DOS or Virus Spreading

Look for this thread -- one has a script (from Michael Viron), one has some suggested sites (from civileme) -- Re: [newbie] Can't block dos attack; 28 Jul 2002; civileme.

Tools

NIDS (Network Intrusion Detection Systems)

• snort

File Integrity Checkers

• tripwire
• AIDE

Resources

See ResourceRecommendations.

Recommended

• (rhk) Cracker Tools and Techniques: Faster, Stealthier...More Dangerous; July 2002; Edward Skoudis -- Not read, but looks useful -- diagrams, etc.
• (rhk) My Guide To Linux Security; Rob Tougher; viewed 2 Aug 2002 -- Nice short concise overview of things someone might do to keep their Linux box secure.
• (rhk) Issue 102: Paranoid Penguin: Stealthful Sniffing, Intrusion Detection and Logging; October 01, 2002; Mick Bauer -- "Attackers can't rewrite your log files if they can't connect to the log server. Learn the ways of stealth." -- looks fairly clever -- all your stuff is logged to a box without an IP address so it can't be tampered with after it is on that box.
• (rhk) The Rookery: Security Tools in Linux Distributions, Part I; 6 Oct 2002; Bobby S. Wen -- not read, but LinuxJournal articles are usually good -- "In part one of this two-part series, Bobby discusses various HIDS and NIDS that come with Red Hat distributions."
• (rhk) Top 75 Security Tools; May, 2003 — Haven't looked at, should be a good starting point.

Recommended for Special Purposes

• [[http://www.knowngoods.org/][known goods] maintains a database of md5sums for (selected) uncracked programs in various distros (including Mandrake 9.0) so you can make an attempt to determine whether you've been cracked even if you didn't run Tripwire, osiris, or something similar just after installation.

Recommended by Others

No Recommendation

Web Sites or Articles

• Seminal Papers in computer security
• Paranoid Penguin: Hardening Sendmail, Posted on Monday, April 01, 2002 by Mick Bauer
• Help Net Security
• Social Engineering, by Tekneke -- worth reading to scare you about what kind of people are out there
• The Distributed Honeypot Project
  • Incident Analysis of a Compromised RedHat Linux 6.2 Honeypot, Stephen Holcroft, April 2002
• Buffer Overflows – What Are They and What Can I Do About Them?, by Larry Rogers -- looks like it's worth reading. (Well, I guess I wouldn't put an item on this list that I found myself unless I thought it was worth either reading or referring back to!)
• Securing Slackware 8.0 -- 251 kb, Word, by Peter Seth DeVries, text - 111 kb, kword - 50kb, suggested (and translations?) by Chris Palmer
• Fun with Fingerprint Readers, on Bruce Schneier's CryptoGram Newsletter. (I thought I had seen the article somewhere else -- ahha, Bruce does have a link to the original.) A somewhat funny (but true) article about how a Japanese scientist has fooled all the high tech fingerprint scanners approximately 80% of the time using gelatin, and, if I'm not mistaken "Super Glue" (cyanoacrylate adhesive).
• Intrusion Detection Response, Anton Chuvakin, 04/22/2002 08:22 -- a quote:

In this paper, Anton looks at network intrusion systems, IDS-triggered countermeasures, what are they, how they can be triggered and when they should not be triggered.

The next four suggested by Chris Palmer, I have not read:

• System Administrator - Security Best Practices
• Security Lifecycle - Managing the Threat
• Basic Self-assessment: Go Hack Yourself
• An Explanation of Ports

• The Behaviors and Tools of Today's Hackers; JUN 18, 2002 -- includes a list of different types of attacks and the possibilities for damage.

Mail Lists

• Mandrake Security mail list: discuss@mandrakesecurePLEASENOSPAM.net
• Bruce Schneier's CRYPTO-GRAM newsletter (web site) -- Subscribe by sending a blank message to crypto-gram-subscribe@chaparraltreePLEASENOSPAM.com.

Not Recommended

Contributors

• RandyKramer - 23 Mar 2002
• <If you edit this page, add your name here, move this to the next line>

Page Ratings