Suramya's Blog : Welcome to my crazy life…

Good article on how to Encrypt partitions using dm-crypt.

– Suramya

The following article on SecurityFocus teaches you how to perform a basic forensic analysis of web-browsers and find the information they cache about our surfing habits.

Article Part 1: Web Browser Forensics, Part 1

Article Part 2: Web Browser Forensics, Part 2

– Suramya

Apache is one of the most common Webservers being used today and Apache 2 is the latest release of this great product. Although Apache2 is fairly secure in its default installation it needs to be tweaked a little to make it more secured. The following article is a step by step guide on how to do this. Check it out. Its worth the time…

Article Link: Securing Apache 2

– Suramya

Links with papers on information security:

Security Focus Library:

Has a great selection of articles with detailed instructions on how to secure various components of a OS.

Security Focus Library:

Has a great selection of articles with detailed instructions on how to secure various components of a OS.

Role-Based Access control

While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control – role-based access control (RBAC) – that is more central to the secure processing needs of non-military systems then DAC.

(Abstract Copied verbatin from site)

Security Enhanced Linux:

A NSA based project that attempts to create a more secure version on Linux.

Infosecwriters.com:

The Information Security Writers group (Infosec Writers) is designed to serve as a primary Internet-based source of information, relating to various Information Security issues and topics.

(Abstract Copied verbatin from site)

Information Systems Security Mechanisms:

A collection of resources on computer security.

As always if you know of a resource not listed here, let me know and I will add it.

– Suramya

This very interesting article has a lot of details about tricks which are known to the spammers and scammers to obscure URL’s to make it easier to run scams and phishing attacks.

Check it out.

– Suramya

Have a look at these sites especially the guides and tutorials. You can use their links to find other sites and so on.

• http://www.antionline.com: Has excellent tutorials section in the forums.
• http://www.hackthissite.org: Lots of challenges with tutorials and lectures
• http://www.tgs-security.com: Has forums, tutorials, tools
• http://securityfocus.com/library: Has a lot of very good articles on how to secure computer systems
• Open Source Security Testing Methodology Manual: It is is a peer-reviewed methodology for performing security tests and metrics.
• Security Forums: Has really good discussions on security related topics.

More to be added soon (As and when I go through my bookmark collection to find them)

– Suramya

A loopback device is a very special device that allows you to mount a normal file as it was a physical device. Loopback devices can be encrypted and these are called Crypto-Loops.

A good tutorial on Crypto-Loop is available here.

– Suramya