Computer / Network Security

Linux Related

• Firewall and Proxy Server HOWTO  Version 0.80, February 26, 2000
• Linux IP Maqsquerade HOWTO  November 13, 2005
• Linux 2.4 NAT HOWTO  Rusty Russell
• Linux 2.4 Packet Filtering HOWTO  Rusty Russell
• Netfilter Hacking HOWTO  Rusty Russell and Harald Welte
• Netfilter Extensions HOWTO  Fabrice Marie
• Linux Firewalls Using iptables  siliconvalleyccie.com
• Iptables Tutorial  Version 1.1.19 - good section (4.8) on complex protocols and connection tracking - faqs.org
• Iptables Firewall  Nice index with lots of net references to IPtables - linuxguruz.com

Virtual Private Networks

• Hamachi  Interesting secure VPN approach using P2P technologies.

National Institute of Standards and Technology (NIST) Publications (USA)

• An Introduction to Computer Security: The NIST Handbook   Special Publication 800-12
• Generally Accepted Principles and Practices for Securing Information Technology Systems   Special Publication 800-14
• Guide for Developing Security Plans for Information Technology Systems   Special Publication 800-18
• Mobile Agent Security   Special Publication 800-19
• PBX Vulnerability Analysis - Finding Holes in Your PBX Before Someone Else Does   Special Publication 800-24
• Security Self-Assessment Guide for Information Technology Systems   Special Publication 800-26
• Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A  Special Publication 800-27
• Guidelines on Active Content and Mobile Code   Special Publication 800-28
• Risk Management Guide for Information Technology Systems   Special Publication 800-30
• Intrusion Detection Systems   Special Publication 800-31
• Introduction to Public Key Technology and the Federal PKI Infrastructure   Special Publication 800-32
• Underlying Technical Models for Information Technology Security   Special Publication 800-33
• Contigency Planning Guide for Information Technology Systems   Special Publication 800-34
• Guide to Information Technology Security Services   Special Publication 800-35
• Guide to Selecting Information Technology Security Products   Special Publication 800-36
• Guide for the Security Certification and Accrediation of Federal Information Systems   Special Publication 800-37
• Procedures for Handling Security Patches   Special Publication 800-40
• Creating a Patch and Vulnerability Management Program   Special Publication 800-40 Version 2.0
• Guidelines on Firewalls and Firewall Policy   Special Publication 800-41
• Guideline on Network Security Testing   Special Publication 800-42
• Guidelines on Securing Public Web Servers   Special Publication 800-44
• Guidelines on Electronic Mail Security   Special Publication 800-45
• Security for Telecommuting and Broadband Communications   Special Publication 800-46
• Security Guide for Interconnecting Information Technology Systems   Special Publication 800-47
• Wireless Network Security: 802.11, Bluetooth and Handheld Devices   Special Publication 800-48
• Federal S/MIME V3 Client Profile   Special Publication 800-49
• Building an Information Technology Security Awareness and Training Program   Special Publication 800-50
• Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme   Special Publication 800-51
• Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations   Special Publication 800-52
• Recommended Security Controls for Federal Information Systems   Special Publication 800-53.  Annexes:  Annex 1:  Minimum Security Control - Low Baseline,   Annex 2:  Minimum Security Control - Moderate Baseline,   Annex 3:  Minimum Security Control - High Baseline
• Security Metrics Guide for Information Technology Systems   Special Publication 800-55
• Recommendation for Key Management - Part 1: General   Special Publication 800-57.   Part 2: Best Practices for Key Management Organization
• Security Considerations for Voice Over IP Systems   Special Publication 800-58
• Guideline for Identifying an Information System as a National Security System   Special Publication 800-59
• Volume 1: Guide for Mapping Types of Information and Information Systems to Security Categories  Special Publication 800-60.   Volume 2: Appendixes to Guide for Mapping Types of Information and Information Systems to Security Categories
• Computer Security Incident Handling Guide   Special Publication 800-61
• Electronic Authentication Guideline   Special Publication 800-63
• Security Considerations in the Information System Development Life Cycle   Special Publication 800-64
• Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher   Special Publication 800-67
• Security Configuration Checklists Program for IT Products - Guidance for Checklists Users and Developers  Special Publication 800-70
• Interfaces for Personal Identity Verification   Special Publication 800-73
• Cryptographic Algorithms and Key Sizes for Personal Identiy Verification   Special Publication 800-78
• Guide to Malware Incident Prevention and Handling   Special Publication 800-83