The Security Resource Library

 

 

Privacy Policy

 

 

 

This page uses style sheets created by Ruthsarian Labs

Authentication, PKI, Cryptography, Identity and Password Management

Authentication

Authentication Tokens: Balancing the Security Risks with Business Requirements by Joe Grand
Policy-based Authentication and Authorization Secure Access to the Network Infrastructure by Jeff Hayes
Choosing Strong Passwords by Eric Shultze
Identity Confirmed by Fred Avolio
Smart Cards and Biometrics: Your Key to PKI by D. Corcoran, D. Sims, and B. Hillhouse
The one and only you by Howard Millman
WWW Authentication by Kurt Seifried
Biometrics: Threat or Menace? by Stephen Kent

Cryptography

Cryptographic Protection for the 21st Century by Elaine Barker
Cryptography an online UIC graduate course by D.J. Bernstein>
Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure (SDSI) by Ronald L. Rivest and Butler Lampson
Cryptography & The Internet by Steve Bellovin
Deploying Crypto, What Are You Waiting For? by Fredrick M. Avolio
Peter Gutmann's godzilla crypto tutorial Privacy Implications of Digital Signatures by Roger Clarke

PKI

Establishing Identity Without Certification Authorities by C.Ellison
Public-Key Infrastructure (X.509) (pkix) IETF
PKI tames network security by Stuart McClure
Understanding Certificates and PKI by Dave Piscitello
We Need a Public Key Infrastructure by Lisa Phifer
Conventional Public Key Infrastructure: An Artefact Ill-Fitted to the Needs of the Information Society by Roger Clarke
The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption by H. Abelson, R. Anderson, S. Bellovin, et al.
Understanding Certificates and PKI by Dave Piscitello
We Need a Public Key Infrastructure by Lisa Phifer

Identity Management

10 Problems affecting Identity Management deployments by Dave Piscitello, Bob Worner
A case for Identity Management by dave Piscitello
Enterprise Identity And Access Management Technical White Paper by Jiri Ludvik
The Emerging Infrastructure for Identity and Access Management by Jamie Lewis

Intrusion Detection, Sniffing, Hacking, Anti-Hacking, Forensics

Intrusion Detection, Traffic Analysis, Anti-hacking

FAQ: Network Intrusion Detection Systems by Robert Graham
A look at whisker's anti-IDS tactics by rain forest puppy
Benchmarking IDS by Marcus Ranum
Carnivore and Open Source Software by Steve Bellovin
Coverage in ID Systems by Marcus Ranum
Triangulation in Attack Analysis(Part I, Part II) by J.L. Stutzman
Tripwire Literature Room hosted by Tripwire, Inc.
Honeypot Farms by Lance Spitzner
Honeypots: Sweet Idea, Sticky Business by Dave Piscitello
Your First Penetration Test by Dave Piscitello
Honeytokens: The Other Honeypot by Lance Spitzner
Intrusion Detection and DDOS Protection by David Piscitello
Tapping, Tapping On My Network Door by Steve Bellovin
What Broadcast Traffic Reveals by Dave Piscitello
There Be Dragonsby Steve BellovinTo Build A Honeypot by Lance Spitzner
Tracking intruders by Rik Farrow
Network Intrusion Detection Signatures (Part 2), by Karen Kent Frederick>
NFR eases intrusion detection by David Piscitello
Passive Fingerprinting by Lance Spitzner
Passive Network Traffic Analysis: Understanding a Network Through PassiveMonitoring
Primer on Predictive Analysis by J.L. Stutzman
Quantifying Vulnerabilities In The Networked Environment: Methods and Uses by Char Sample and Ian Poynter
Sniffing (network wiretap, sniffer) FAQ by Robert Graham
Studying Normal Traffic(Part 1), by Karen Kent Frederick
Studying Normal Traffic: FTP Traffic (Part 2), by Karen Kent Frederick
Studying Normal Traffic: TCP Headers (Part 3), by Karen Kent Frederick
Wiretapping the Net by Steve Bellovin
Intrusion detection...or prevention? by Dave Piscitello

Hacking

FAQ: Hacking Lexicon by Robert Graham
A Taxonomy of Internet Attacks maintained by Marcus Ranum
Abnormal IP Packets by Karen Kent Frederick
Advanced Host Detection: Techniques To Validate Host-Connectivity by dethy
An Evening With Berferd, in which a Hacker is Lured, Endured, and Studied by Bill Cheswick
Anatomy of a Cross-Site Scripting Attack by Dave Piscitello
Blackhat Archives at 8200.org
Bug Hunting: The Seven Ways of the Security Samurai by Ivan Arce
Cross Site Scripting FAQ at CGIsecurity.com
Enumerating Hosts behind NAT by Steve Bellovin
Evolution of Cross Site Scripting by iDefense
How Web Spoofing Works by Brad Johnson
ICMP Use in Scanning by Orf Arkin
Identifying ICMP Hackery Tools Used In The Wild Today by Orf Arkin
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas Ptacek
Know Your Enemy:The Tools and Methodologies of the Script Kiddie by Lance Spitzner
KnowYour Enemy: Tracking their moves by Lance Spitzner
Know Your Enemy: They Gain Root by Lance Spitzner
Know Your Enemy: A Forensic Analysis by the Honeynet Project
Know Your Enemy: Motives by the Honeynet Project
Know Your Enemy: Worms at War by the Honeynet Project
Know Your Enemy: Passive Fingerprinting by the Honeynet Project
Know Your Enemy: Honeynets by the Honeynet Project
Know Your Enemy: Statistics by the Honeynet Project
Remote OS detection via TCP/IP Stack FingerPrinting by Fyodor
Send ICMP Nasty Garbage (SING) a Source Forge project
X - Remote ICMP Based OS Fingerprinting Techniques by Orf Arkin
Xprobe2:The Next Generation of Active Operating System Fingerprinting by Orf Arkin
A TCP/UDP Ports database in an /etc/services format by Kurt Seifried

Forensics

Digital Discovery and Recovery by Mike Dockery
LogAnalysis.org
Electronic Evidence Gatheringby Henry B. Wolfe
Internet Forensics: Common Tools by Bill Hancock
What's that entry in my log? by Dave Piscitello
ICMP Ports List by Kurt Seifried
Interaction InfoSec Chris Tobkin's pen-test, hacking & ID page
Ports Used by Trojans Simovitz Consulting
The Internet Ports Database

Virtual Private Networking, Secure Remote Access

VPNs

Virtual Private Networks (Primer) by Lee Chae
Firewalls and Virtual Private Networks by Fred Avolio
How to stay in front of VPN management by Tim Greene
Multi-Vendor VPNs: The Quest for Interoperability by Lisa Phifer
Security Parameters for Site-to-Site VPNs by Dave Piscitello
The Core Competence VPN FAQ Page
VPN Insider an archive of VPN articles, product reviews
VPN Services: The Real Deal on Costs by Daniel M. Gasparro
VPNs: Virtually Anything? by Lisa Phifer
Explaining the Gap between Specification and Actual Performance for IPsec VPN Systems Ray Savarda and Matt Karash
Realm-Specific IP for VPNs and Beyond by Lisa Phifer
Debugging IPsec VPNs by Lisa Phifer

SSH and SSL

Getting started with SSH by Kimmo Suominen
Secure Sockets Layer at Netscape
Secure Sockets Layer by Brian Lashley and Andrzej Tarski
SSH: From Secure Administration to Virtual Private Networking by Lisa Phifer
SSL and S-HTTP (Primer) by Anita Karve
Ssh (Secure Shell) FAQ Frequently asked questions

Secure Remote Access, Secure Application Access

Securing Teleworker Networks by Lisa Phifer
Simplifying Secure Remote Access: SSL VPNs by Lisa Phifer and Dave Piscitello
Secure Remote Access with IPsec Lisa Phifer and David Piscitello
VPNs: Low-Cost Solution For Remote Dial-Up Access by Lisa Phifer and David Piscitello
VPN Client Administration by Lisa Phifer
Twelve Steps to Secure Remote Access Using IPsec by Lisa Phifer & Dave Piscitello
Protocols for Remote Access VPNs by Lisa Phifer
Protocols for Remote Access VPN Services by Lisa Phifer
Dial VPNs: Revenue Opportunity or Headache? by Lisa Phifer
Stretching 'VPN' to Fit Web-Based Intranets? by Lisa Phifer
Slipping NAT past IPsec by Lisa Phifer
IP Security and NAT: Oil and Water? by Lisa Phifer
Stretching VPNs for Web-based Access by Lisa Phifer
SSL VPN: the name is lamentable, but the services are not... by Dave Piscitello
Pushing IPsec Through NATby Lisa Phifer
The Trouble with NAT by Lisa Phifer

Core Competence, Inc. is a full-service internetworking, broadband, security, and
network management consulting firm with offices in Pennsylvania and South Carolina.

Posted 8/25/2004, Last updated 4/19/2005 © 2004 - 2008 Core Competence, Inc.