reportsAppendices
Appendix D through Appendix F, in PDF format, are available for download here.
cabinet Documents
Supporting documents referenced in the book are available for download here.
Glossary in format required for loading into Blackboard's Glossary manager. This file was developed by Prof. Stanley Wine of Baruch College.
forumsUseful Forums
orangeball Security and Cryptography Forum: Sponsered by DevShed. Discusses issues related to coding, server applications, network protection, data protection, firewalls, ciphers and the like.
orangeball Cryptography Forum: On Topix. Fairly good focus on technical issues.
orangeball Security Forums: On WindowsSecurity.com. Broad range of forums, including cryptographic theory, cryptographic software, firewalls, and malware.
 
www_iconUseful Links
orangeball Computer Science Student Resource Site: Help and advice for the long-suffering, overworked student.
orangeball Errata sheet: Latest list of errors, updated at most monthly. File name is Errata-CompSec1e-mmyy. If you spot any errors, please contact me at Email.

Chapter 1 - Overview

orangeball IETF Security Area: Provides up-to-date information on Internet security standardization efforts.
orangeball Computer and Network Security Reference Index: A good index to vendor and commercial products, FAQs, newsgroup archives, papers, and other Web sites.
orangeball IEEE Technical Committee on Security and Privacy: Home of the electronic newsletter Cipher, which provides book reviews, new crypto and security links, and links to reports and papers available online.
orangeball Computer Security Resource Center: Maintained by NIST; contains a broad range of information on security threats, technology, and standards.
orangeball European Network and Information Security Agency A source of expertise on security issues for the EU. Includes an excellent set of technical reports, plus numerous other documents and links.
orangeball Security Focus: A wide variety of security information, with an emphasis on vendor products and end-user concerns. Maintains the Bugtraq, a mailing list for the detailed discussion and announcement of computer security vulnerabilities.
orangeball SANS Institute: Similar to Security Focus. Extensive collection of white papers. Maintains Internet Storm Center, which provides a warning service to Internet users and organizations concerning security threats.
orangeball Risks Digest: Forum on risks to the public in computers and related systems.
orangeball United States Computer Emergency Readiness Team: US-CERT is a partnership between the Department of Homeland Security and the public and private sectors, intended to coordinate the response to security threats from the Internet. The site has a good collection of technical papers, and information and alerts on current security issues, vulnerabilities and exploits.new3
orangeball CERT Coordination Center: The organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency. Site provides good information on Internet security threats, vulnerabilities, and attack statistics.
orangeball Packet Storm: Resource of up-to-date and historical security tools, exploits, and advisories.
orangeball Institute for Security and Open Methodologies: An open, collaborative security research community. Lots of interesting information.
orangeball Security Cartoon: A cartoon-based approach aimed at improving the understanding of security risk among typical Internet users.
orangeball Center for Internet Security: Provides freeware benchmark and scoring tools for evaluating security of operating systems, network devices, and applications. Includes case studies and technical papers.new3

Chapter 2 - Cryptographic Tools

orangeball The Cryptography FAQ: Lengthy and worthwhile FAQ covering all aspects of cryptography.
orangeball Bouncy Castle Crypto Package: Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment. The package is distributed at no charge for commercial or non-commercial use.
orangeball Cryptography Code: Another useful collection of software.
orangeball American Cryptogram Association: An association of amateur cryptographers. The Web site includes information and links to sites concerned with classical cryptography.
orangeball Crypto Corner: Simon Singh's Website. Lots of good information, plus interactive tools for learning about cryptography.

Chapter 3 - User Authentication7

orangeball Password Usage and Generation: NIST documents on this topic
orangeball Biometrics Consortium: Government-sponsored site for the research, testing, and evaluation of biometric technology

Chapter 4 - Access Control

orangeball NIST RBAC site: Includes numerous documents, standards, and software on RBAC

Chapter 6 - Intrusion Detection

orangeball Open Security Foundation: Runs the DataLossDB project, which compiles a wide variety of statistics, charts, graphs, and incident report.new3
orangeball Honeynet Project: A research project studying the techniques of predatory hackers and developing honeypot products
orangeball Honeypots: A good collection of research papers and technical articles.
orangeball Snort: Web site for Snort, an open source network intrusion prevention and detection system.

Chapter 7 - Malicious Software

orangeball Vmyths: Dedicated to exposing virus hoaxes and dispelling misconceptions about real viruses.
orangeball SecureList: Information about viruses, hackers, and spam.

Chapter 8 - Denial-of-Service Attacks

orangeball David Dittrich’s Distributed Denial Of Service Site: Contains lists of books, papers, and other information on DDoS attacks and tools.

Chapter 9 - Firewalls

orangeball Firewall.com: Numerous links to firewall references and software resources.

Chapter 10 - Trusted Computing

orangeball Trusted Computing Group: Vendor group involved in developing and promoting trusted computer standards. Site includes white papers, specifications, and vendor links.
orangeball Common Criteria Portal: Official Web site of the common criteria project.

Chapter 11 - Buffer Overflow

orangeball CWE/SANS Top 25 Most Dangerous Software Errors: A list of the most common types of programming errors that were exploited in many major cyber attacks, with details on how they occur and how to avoid them.new3
orangeball Metasploit: The Metasploit Project provides useful information on shellcode exploits to people who perform penetration testing, IDS signature development, and exploit research
orangeball OpenBSD Security: The OpenBSD project produces a free, multiplatform 4.4BSD-based UNIX-like operating system.

Chapter 12 - Software Security

orangeball CERT Secure Coding: Resource on CERT site of links to information on common coding vulnerabilities and secure programming practices
orangeball David Wheeler - Secure Programming: Provides links to his book and other articles on secure programming
orangeball Fuzz Testing of Application Reliability: Provides details of the security analysis of applications using random input performed by the University of Wisconsin Madison
orangeball Open Web Application Security Project (OWASP): Dedicated to finding and fighting the causes of insecure software and providing open source tools to assist this process

Chapter 13 - Physical Security

orangeball InfraGuard: An FBI program to support infrastructure security efforts. Contains a number of useful documents and links
orangeball The Infrastructure Security Partnership: A public-private partnership dealing with infrastructure security issues. Contains a number of useful documents and links.
orangeball Federal Emergency Management Administration (FEMA): Contains a number of useful documents related to physical security for businesses and individuals.
orangeball NIST PIV program: Contains working documents, specifications, and links related to PIV.

Chapter 14 - Human Factors

orangeball Federal Agency Security Practices: A voluminous set of documents covering all aspects of organizational security policy
orangeball ISO 17799 Community Portal: Documents, links, and other resources related to ISO 17799

Chapter 15 - Security Auditing

orangeball Security Issues in Network Event Logging: This IETF working group is developing standards for system logging.

Chapter 16 - IT Security Management and Risk Assessment

orangeball AusCERT - Australian Computer Crime and Security Surveys: Details of the annual surveys of computer network attacks and computer misuse trends in Australia each year.
orangeball ISO 27000 Directory: An overview of the ISO 27000 series of standards reserved by ISO for information security matters
orangeball ISO 27001 Security: Dedicated to providing information on the latest international standards for information security

Chapter 17 - IT Security Controls, Plans, and Procedures

orangeball Computer Security Incident Response Team: Provide security professionals with the means to report, discuss, and disseminate computer security related information to others around the world. This site provides information for reporting security incidents and information on technical resources.

Chapter 18 - Legal and Ethical Aspects

orangeball International Cyber Threat Task Force: An online security community of cyber security professionals collaborating to deal with all related cyber threats including all aspects of cyber crime and cyber warfare. Useful documents and other information.new3
orangeball Criminal Justice Resources: CyberCrime: Excellent collection of links maintained by Michigan State University.
orangeball International High Technology Crime Investigation Association: A collaborative effort of law enforcement and the private sector. Contains useful set of links and other resources.
orangeball Computer Ethics Institute: Includes documents, case studies, and links.

Chapter 19 - Symmetric Encryption and Message Confidentiality

orangeball AES Home Page: NIST's page on AES. Contains the standard plus a number of other relevant documents
orangeball AES Lounge: Contains a comprehensive bibliography of documents and papers on AES, with access to electronic copies.
orangeball Block Cipher Modes of Operation: NIST page with full information on NIST-approved modes of operation.

Chapter 20 - Public-Key Cryptography and Message Authentication

orangeball NIST Secure Hashing Page: SHA FIPS and related documents.
orangeball Whirlpool: Range of information on Whirlpool..
orangeball RSA Laboratories:: The research center of RSA Security, Inc., it offers an extensive collection of technical material on RSA and other topics in cryptography

Chapter 21 - Internet Security Protocols and Standards

orangeball TLS Charter: Latest RFCs and internet drafts for TLS.
orangeball OpenSSL Project: Project to develop open-source SSL and TLS software. Site includes documents and link.
orangeball NIST IPSec Project: Contains papers, presentations, and reference implementations.
orangeball IPsec Maintenance and Extensions Charter: Latest RFCs and internet drafts for IPsec.new3
orangeball S/MIME Charter: Latest RFCs and internet drafts for S/MIME.

Chapter 22 - Internet Authentication Applications

orangeball MIT Kerberos Site: Information about Kerberos, including the FAQ, papers and documents, and pointers to commercial product sites.
orangeball MIT Kerberos Consortium: Created to establish Kerberos as the universal authentication platform for the world's computer networks.
orangeball USC/ISI Kerberos Page: Another good source of Kerberos material.
orangeball Kerberos Working Group: IETF group developing standards for Kerberos.
orangeball Public-Key Infrastructure Working Group: IETF group developing standards based on X.509v3.
orangeball NIST PKI Program: Good source of information.

Chapter 23 - Linux Security

orangeball NSA SELinux Web site: Contains useful documentation on SELinux.

Chapter 24 - Windows Security

orangeball Microsoft Security Central: Good collection of information about Windows and Windows Vista security

Appendix D - RFCs

orangeball RFCs: IETF RFC repository. Includes a complete list of all RFCs, constantly updated.
orangeball RFC Sourcebook: Provides the relevant information in the RFC in an easy to use, easy to access format.new3