Security Reading

From MyWiki

Contents 1 General Papers and Articles 2 General Books 3 Email Lists 4 Tutorials 5 Important Web Sites 6 Web Applications 7 NIST Standards 8 Forensics 9 Forensics Tools

General Papers and Articles

• Wikipedia on Computer Security - a good place to start.
• Ross Anderson, How to Cheat at the Lottery Paper discussing issues of security design.
• Bruce Schneier, Cryptography: The Importance of Not Being Different - why not rolling your own security is a good thing.

General Books

• Ross Anderson, Security Engineering - Good book on design and implementation.
  • Now available online
  • Second editor also available.
• Secrets & Lies by Bruce Schneier - Very good book which covers a majority of topics in security.
• Beyond Fear by Bruce Schneier - Covers five steps that should be taken when designing or evaluating security systems. Has many examples outside of computer security which can give interesting insights.
• Bruce Schneier, Applied Cryptography - While heavily oriented towards cryptography, has good basics on design and implementation.
• Handbook of Applied Cryptography - Online encyclopedic description of applied modern cryptography.

Email Lists

• Bruce Scheier publishes Crypto-Gram, a free monthly email letter that is worth reading.
• IEEE Cipher is another great monthly letter.

Tutorials

• Dartmouth' s Institute for Security Technology Studies: http://www.ists.dartmouth.edu/cybersecurity-classroom.php
• GIAC Secure Software Programmer (GSSP) Certification Exam: http://www.sans.org/gssp/
• UIUC's FERPA Tutorial: http://www.oar.uiuc.edu/staff/ferpa_tutorial/index.html
• Practical Aspects of Modern Cryptography, taught by Josh Benaloh, Brian LaMacchia, and John Manferdelli at the University of Washington. The page includes links to lecture notes and video of the classes.

Important Web Sites

• For security news, you should read SecurityFocus News. I suggest using an RSS reader to keep up2date.
• These sites provide good lists of security related conferences: Site 1 and Site 2

• Computer Forensics, Cybercrime and Steganography Resources. This site has everything forensics, book suggestions, tools, mail lists, links, papers, etc.
  • http://www.forensics.nl/

Web Applications

• Know your Enemy: Web Application Threats Using Honeypots to learn about HTTP-based attacks http://www.honeynet.org/papers/webapp/index.html

NIST Standards

• Guide to Secure Web Services: http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf

Forensics

• File System Forensic Analysis by Brian Carrier (author of The Sleuthkit)
  • http://www.digital-evidence.org/fsfa/
  • http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172/ref=pd_sim_b_title_1
• Windows Forensic Analysis by Harlan Carvey
  • http://www.amazon.com/Windows-Forensic-Analysis-Including-Toolkit/dp/159749156X
• Digital Investigation
  • http://www.sciencedirect.com available from an NCSA/UIUC IP address
  • Or you can proxy thru the UI Library Gateway http://www.library.uiuc.edu/proxy/

Forensics Tools

This is supposed to be a Reading List - we should move tools elsewhere --Vwelch 09:45, 14 March 2008 (CDT)

• The Sleuthkit

 The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools
 (a.k.a digital orensic tools) that run on Unix systems (such as Linux, OS X, FreeBSD, OpenBSD, 
  and Solaris).  They can be used to analyze NTFS, FAT, Ext2, Ext3, UFS1, and UFS2 file systems 
  and several volume system types.

• • http://www.sleuthkit.org/

• HELIX

  Includes WFT (Windows Forensic Toolchest)
           FRU (First Responders Utility)
           IRCR2 (Incident Response Collection Report)

• • http://www.e-fense.com/helix/

• Windows Sysinternals

   Security and system utilities most of them are useful for Computer Incident Response and 
   Investigation

• • http://www.microsoft.com/technet/sysinternals/default.mspx

• Foundstone tools

   Security and system utilities most of which are also useful for Computer Incident Response 
   and Investigation

• • http://www.foundstone.com/us/resources-free-tools.asp

• Live View

 Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw
(dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk
and gain an interactive, user-level perspective of the environment, all without modifying the 
underlying image or disk. Because all changes made to the disk are written to a separate file, 
the examiner can instantly revert all of his or her changes back to the original pristine state of 
the disk. The end result is that one need not create extra "throw away" copies of the disk or image 
to create the virtual machine.

Live View is developed by CERT, Software Engineering Institute

• • http://liveview.sourceforge.net/