Computer and Network Security

Most of information here is extremely dated and of unknown usefulness.  Hope to get this updated one of these days.   In the meantime one of the best single resources for Computer and Network security papers is the SANS Institute Reading Room.  For more information on what we're currently working on this this area please visit the Jade Website.

Amplification / Reflection DDoS Attacks

Several protocols such as DNS, SNMP, and NNTP have become the vehicle of choice for hackers intent on bringing down networks and otherwise causing havoc and damage.  Most of these are UDP based protocols providing the attacker the ability to spoof a source IP address with a small size request that results in much larger responses being sent to the attacked site or network.  Recent (as of late 2013) versions of BIND (for DNS) offer mechanisms for rate limiting and are not covered here.  Early 2014 has seen massive NNTP based attacks (links below for NNTP), however SNMP is also vulderable with potentially a larger impact due to the much larger response payloads possible.

• Understanding and mitigating NTP-based DDoS attacks - Nice overview and description of NTP based attacks - cloudflare.com
• An Analysis of DrDoS SNMP/NTP/CHARGEN Reflection Attacks - Prolexic White Paper - prolexic.com
• Prolexis DrDOS White Paper Series - Links to other papers on DDoS attacks - prolexic.com
• NTP Amplification Attacks Using CVE-2013-5211 - US-CERT Security Report - us-cert.gov
• Secure NTP Templates - Templates for various platforms including Cisco IOS, Juniper JUNOS and UNIX ntpd - www.team-cymru.org
• NPTD Security Notices - ntp.org
• NTPD Access Restrictions - ntpd configuration documentation details - ntp.org

Linux Related

• Firewall and Proxy Server HOWTO - Version 0.80, February 26, 2000
• Linux IP Maqsquerade HOWTO - November 13, 2005
• Linux 2.4 NAT HOWTO - Rusty Russell
• Linux 2.4 Packet Filtering HOWTO - Rusty Russell
• Netfilter Hacking HOWTO - Rusty Russell and Harald Welte
• Netfilter Extensions HOWTO - Fabrice Marie
• Linux Firewalls Using iptables - siliconvalleyccie.com
• Iptables Tutorial - Version 1.1.19 - good section (4.8) on complex protocols and connection tracking - faqs.org
• Iptables Firewall  Nice index with lots of net references to IPtables - linuxguruz.com

Virtual Private Networks

• Hamachi - Interesting secure VPN approach using P2P technologies.

National Institute of Standards and Technology (NIST) Publications (USA)

• An Introduction to Computer Security: The NIST Handbook - Special Publication 800-12
• Generally Accepted Principles and Practices for Securing Information Technology Systems - Special Publication 800-14
• Guide for Developing Security Plans for Information Technology Systems - Special Publication 800-18
• Mobile Agent Security - Special Publication 800-19
• PBX Vulnerability Analysis - Finding Holes in Your PBX Before Someone Else Does - Special Publication 800-24
• Security Self-Assessment Guide for Information Technology Systems - Special Publication 800-26
• Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A - Special Publication 800-27
• Guidelines on Active Content and Mobile Code - Special Publication 800-28
• Risk Management Guide for Information Technology Systems - Special Publication 800-30
• Intrusion Detection Systems - Special Publication 800-31
• Introduction to Public Key Technology and the Federal PKI Infrastructure - Special Publication 800-32
• Underlying Technical Models for Information Technology Security - Special Publication 800-33
• Contigency Planning Guide for Information Technology Systems - Special Publication 800-34
• Guide to Information Technology Security Services - Special Publication 800-35
• Guide to Selecting Information Technology Security Products - Special Publication 800-36
• Guide for the Security Certification and Accrediation of Federal Information Systems - Special Publication 800-37
• Procedures for Handling Security Patches - Special Publication 800-40
• Creating a Patch and Vulnerability Management Program - Special Publication 800-40 Version 2.0
• Guidelines on Firewalls and Firewall Policy - Special Publication 800-41
• Guideline on Network Security Testing - Special Publication 800-42
• Guidelines on Securing Public Web Servers - Special Publication 800-44
• Guidelines on Electronic Mail Security - Special Publication 800-45
• Security for Telecommuting and Broadband Communications - Special Publication 800-46
• Security Guide for Interconnecting Information Technology Systems - Special Publication 800-47
• Wireless Network Security: 802.11, Bluetooth and Handheld Devices - Special Publication 800-48
• Federal S/MIME V3 Client Profile - Special Publication 800-49
• Building an Information Technology Security Awareness and Training Program - Special Publication 800-50
• Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme - Special Publication 800-51
• Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations - Special Publication 800-52
• Recommended Security Controls for Federal Information Systems - Special Publication 800-53.  Annexes:  Annex 1:  Minimum Security Control - Low Baseline,   Annex 2:  Minimum Security Control - Moderate Baseline,   Annex 3:  Minimum Security Control - High Baseline
• Security Metrics Guide for Information Technology Systems - Special Publication 800-55
• Recommendation for Key Management - Part 1: General   Special Publication 800-57.   Part 2: Best Practices for Key Management Organization
• Security Considerations for Voice Over IP Systems - Special Publication 800-58
• Guideline for Identifying an Information System as a National Security System - Special Publication 800-59
• Volume 1: Guide for Mapping Types of Information and Information Systems to Security Categories  Special Publication 800-60.   Volume 2: Appendixes to Guide for Mapping Types of Information and Information Systems to Security Categories
• Computer Security Incident Handling Guide> - Special Publication 800-61
• Electronic Authentication Guideline - Special Publication 800-63
• Security Considerations in the Information System Development Life Cycle - Special Publication 800-64
• Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher - Special Publication 800-67
• Security Configuration Checklists Program for IT Products - Guidance for Checklists Users and Developers - Special Publication 800-70
• Interfaces for Personal Identity Verification - Special Publication 800-73
• Cryptographic Algorithms and Key Sizes for Personal Identiy Verification - Special Publication 800-78
• Guide to Malware Incident Prevention and Handling - Special Publication 800-83