Suramya's Blog : Welcome to my crazy life…

May 12, 2005

Web Browser Forensics

Filed under: Security Tutorials — Suramya @ 3:41 AM

The following article on SecurityFocus teaches you how to perform a basic forensic analysis of web-browsers and find the information they cache about our surfing habits.

Article Part 1: Web Browser Forensics, Part 1

Article Part 2: Web Browser Forensics, Part 2

– Suramya

May 5, 2005

The Coroner Toolkit

Filed under: Computer Security,Security Tools,Security Tutorials — Suramya @ 5:37 PM

Linux Magazine has a really good article on The Coroner Tool kit which allows a sysadmin to perform forensics analysis on a compromized system.

Article: Linux Magazine
The Coroner Toolkit: Download Page

– Suramya

April 17, 2005

Securing Apache 2: Step-by-Step

Filed under: Security Tutorials — Suramya @ 5:13 AM

Apache is one of the most common Webservers being used today and Apache 2 is the latest release of this great product. Although Apache2 is fairly secure in its default installation it needs to be tweaked a little to make it more secured. The following article is a step by step guide on how to do this. Check it out. Its worth the time…

Article Link: Securing Apache 2

– Suramya

Information Security papers

Filed under: Security Tutorials — Suramya @ 5:08 AM

Links with papers on information security:

Security Focus Library:

Has a great selection of articles with detailed instructions on how to secure various components of a OS.

Security Focus Library:

Has a great selection of articles with detailed instructions on how to secure various components of a OS.

Role-Based Access control

While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control – role-based access control (RBAC) – that is more central to the secure processing needs of non-military systems then DAC.

(Abstract Copied verbatin from site)

Security Enhanced Linux:

A NSA based project that attempts to create a more secure version on Linux.

Infosecwriters.com:

The Information Security Writers group (Infosec Writers) is designed to serve as a primary Internet-based source of information, relating to various Information Security issues and topics.

(Abstract Copied verbatin from site)

Information Systems Security Mechanisms:

A collection of resources on computer security.

As always if you know of a resource not listed here, let me know and I will add it.

– Suramya

Wireless LAN Security resources

Filed under: Security Tools,Security Tutorials — Suramya @ 4:53 AM

These are links to various sites that have information on Wireless LAN security. If you know of any other sites let me know and I will add them here.

Wireless security papers:
Lists a lot of papers on wireless security

Wardriving.com:
Has a lot of resources on Wardriving and how to protect against it

Wi-Fi Networking News:
Wi-Fi Networking News covers high-speed wireless networking and communications, focusing on Wi-Fi and related specifications.

Wi-Fi Planet:
A good source for Wi-Fi news

Securing Wireless Networks:
A good article on how to secure wireless networks

Wireless Intrusion Detection Systems:
Information on how to setup a Wireless Intrusion Detection system.

Wireless LAN Policies for Security &Management:
An interesting paper on setting up Wireless LAN security policies.

Airsnarf:
Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots

WPA2 (Wi-Fi Protected Access 2):
WPA2 is the second generation of WPA security; providing enterprise and consumer Wi-Fi® users with a high level of assurance that only authorized users can access their wireless networks

– Suramya

April 14, 2005

How to Obscure a URL

Filed under: Security Tutorials — Suramya @ 3:49 AM

This very interesting article has a lot of details about tricks which are known to the spammers and scammers to obscure URL’s to make it easier to run scams and phishing attacks.

Check it out.

– Suramya

April 12, 2005

Ethical Hacking/Computer Security Tutorial’s

Filed under: Security Tutorials — Suramya @ 12:13 AM

Have a look at these sites especially the guides and tutorials. You can use their links to find other sites and so on.

More to be added soon (As and when I go through my bookmark collection to find them)

– Suramya

Crypto-Loops

Filed under: Security Tutorials — Suramya @ 12:11 AM

A loopback device is a very special device that allows you to mount a normal file as it was a physical device. Loopback devices can be encrypted and these are called Crypto-Loops.

A good tutorial on Crypto-Loop is available here.

– Suramya

April 10, 2005

Tools to Audit a Windows Server

Filed under: Security Tools,Security Tutorials — Suramya @ 8:10 PM

Here are some links to software/articles that will help you Audit your windows server(s):

Software:

Articles:

– Suramya

« Newer Posts

Powered by WordPress