For zoetrope, and others curious about the Insecurity section of the Internet Handbook, we pass along this Yellow Pages advert-insert comp sec teaser from SAIC -- with only dribbles of cryptography. The puffery appears to be artfully fattened and out-of-date. Like most security porkers, SAIC sells its nitrated sec services dearly (security by deep pockets of the fearful engorgers) while feigning Net public-spirit to mask IP search and steal. In a telling slight, SAIC does not cite outturned- pockets, beef jerky Cypherpunks. _______________________________________________________ URL: http://mls.saic.com/library.html [which links to the listed contents] SECURITY LIBRARY The SAIC Security Library contains security-related infomation and programs from around the Net. SAIC does not verify or endorse such files or any use thereof. Notices and Upcoming Events [Not included here] Advisories and Alerts Newsgroups Documents Programs Other Security Sites _______________________________________________________ URL: http://mls.saic.com/alerts.html SECURITY ADVISORIES AND ALERTS Alerts * Sun Security Alerts * CERT - Computer Emergency Response Team * ASSIST - Automated Systems Security Incident Support Team * AUSERT - Australian Security Emergency Response Team * NASIRC - NASA Automated Systems Incident Response Capability * DDN - Defense Data Network * FIRST - Forum of Incident Response and Security Teams Advisories * 8lgm Advisories * Bugtraq Archives, threaded * CERT Advisories * CIAC - Computer Incident Advisory Capability _______________________________________________________ URL: http://mls.saic.com/docs.html SECURITY DOCUMENTS These documents are from the Net and cover a wide area of topics concerning computer security. They are for the education and legitimate use of computer security techniques only. All non-FAQ documents are in PostScript format unless otherwise noted. ______________________________________________________ Frequently Asked Questions * Basic Computer Security * Firewalls * Setting Up Anonymous FTP * What To Do If Your Machine Is Compromised * Security Patches * Vendor Contacts * Pretty Good Privacy (PGP) * #hack FAQ * Cryptography FAQ _______________________________________________________ Firewalls Introductory Papers * Internet Firewalls - An Introduction (August 1994, 221K) * Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (Undated, 1.8M) General Firewall Documents * A Network Firewall (June 1992, 374K) * A Toolkit and Methods for Internet Firewalls (Undated, 185K) * Proper Care and Feeding of Firewalls (November 1994, 121K) * A Network Perimeter with Secure External Access (Undated, 268K) * An Internet Gatekeeper (Undated, 149K) * Thinking About Firewalls (Undated, 109K) * X Through Firewalls, and Other Application Relays (May 1993, 430K) _______________________________________________________ WWW Security * Security and the World Wide Web (June 1994, 10K HTML) * NCSA on Mosaic Security Issues(December 1994, 1.6K HTML) * Shen: A Security Scheme for the Web (Undated, 1.7K HTML) * Using PGP/PEM Encryption (Undated, 7.6K HTML) * Secure HTTP (Undated, 2.2K HTML) _______________________________________________________ Intrusion Detection * A Software Architecture to support Misuse Intrusion Detection (March 1995, 250K) * An Application of Pattern Matching in Intrusion Detection (June 1994, 674K) * Algorithm for Distrubuted Recognition and Accountability (Undated, 209K) * A Pattern Matching Model for Misuse Intrusion Detection (Undated, 191K) * AI Approach to Intrusion Detection (June 1994, 168K) * Intrusion Detection In Computers (January 1991, 12K text) * USTAT - A Real-time Intrusion Detection System for UNIX (November 1992, 1.3M) _______________________________________________________ Improving your UNIX Security Technical Tips * Setting up Sun Security (March 1992, 7K text) * Miscellaneous Security Tips (October 1992, 23K text) * CERT Generic Security Tips (July 1992, 17K text) * UNIX Site Security Handbook (July 1991, 253K text) Finding and Fixing Your Security Problems * Improving the Security Of Your Site By Breaking Into It (Undated, 51K text) * Finding Holes in Your System (October 1993, 16K text) * Improving the Security of Your UNIX System (April 1990, 274K) * Becoming An Uebercracker to Stop Uebercrackers (December 1993, 9K text) _______________________________________________________ The Internet Worm * A Report on the Internet Worm (November 1988, 16K text) * Technical Report on the Internet Worm Incident (September 1991, 173K) * The Internet Worm Program: An Analysis (December 1988, 283K) * A Tour of the Worm (Undated, 166K) _______________________________________________________ Tales of Computer Attacks and Countermeasures * Five Incidents At Columbia University (Undated, 93K) * "An Evening With Berferd" (Undated, 82K) * Internet Attack on Texas A&M (1993, 294K) * "There Be Dragons" (August 1992, 185K) * Computer Break-ins: A Case Study (Undated, 94K) * System Admin Horror Stories (1992, 148K text) _______________________________________________________ Networking TCP/IP Security * TCP Wrapper Security (Undated, 59K) * A Weakness in the 4.2BSD TCP/IP Software (February 1985, 27K) * Security Problems in the TCP/IP Protocol Suite (April 1989, 107K) * Network (In)Security Through IP Packet Filtering (September 1992, 123K) General Networking Documents * Architecture and Implementation of Network-Layer Security under UNIX (Undated, 124K) * Information Security And Privacy In Networks (Undated, 809K .tar file) * Paving the Road to Network Security (May 1994, 162K) * NFS Tracing By Passive Network Monitoring (Undated, 170K) * Addressing Weaknesses in the DNS Protocol (August 1993, 406K) * Countering Abuse of Name-Based Authentication (Undated, 243K) * An Architectural Overview of UNIX Network Security (May 1993, 50K text) * NIS Security Warning (December 1991, 7.5K) _______________________________________________________ Trusted Systems * The Orange Book (August 1983, 264K text) * Understanding Configuration Management in Trusted Systems (March 1988, 138K text) * Understanding DAC in Trusted Systems (September 1987, 87K text) * Understanding Facility Management in Trusted Systems (June 1989, 106K text) * Understanding Trusted Distribution in Trusted Systems (December 1988, 55K text) * Understanding Audit in Trusted Systems (July 1987, 56K text) _______________________________________________________ Newsletters * COAST Newsletter * Privacy Forum * Cipher - Electronic Newsletter of the IEEE Technical Committee on Security and Privacy _______________________________________________________ Miscellaneous Documents * Security Term Glossary (Undated, 70K text) * Open Systems Security - An Architectural Framework (June 1991, 300K text) * Password Security: A Case History (Undated, 36K) * Extracts from various security articles (Undated, 61K text) * Coping with the Threat of Computer Security Incidents (June 1990, 102K text) * Threat Assessment of Malicious Code and Human Threats (October 1992, 231K) * Tty Security - a Tty Session Manager (Undated, 98K) * Electromagnetic Emanation Eavesdropping (1989, 45K text) * GAO Report on Internet Security (June 1989, 104K text) * ACM SIG on Security, Audit, and Control _______________________________________________________ URL: http://mls.saic.com/programs.html SECURITY PROGRAMS These programs are from various locations around the Net; SAIC does not verify their functionality and/or consequences of use. All programs are for assumed legal uses and education. Unless noted, all programs are intended for UNIX platforms. Local (load directly to disk; gzip tar files unless noted) * COPS - Bulletproof your system from intruders * Crack - Password cracker * Cryptography File System (CFS) - Encrypted filesystems for SunOS * Internet Security Scanner (ISS) - Checks UNIX sites for vulnerabilities * ifstatus - Checks interfaces for promiscuous mode * probe_ports - Finds open ports on UNIX systems * Secure-Sun Check - Shell script to check several common SunOS vulnerabilities (no compression) Remote * Arpwatch - Ethernet monitor, keeps track of ethernet/IP address pairings * Chalance - Intercept-proof password authentication * chrootuid - Run network programs in a mininal environment * CBW - Code Breaker's Workbench * Courtney - Identifies the use of SATAN * Dig - Sends domain name query packets to name servers * DNSWalk * Drawbridge - A bridging filter from TAMU * Kerberos - Provides secure networking * MegaPatch - Large number of SunOS patches in one bundle * Netlog - TCP/UDP traffic logging system * PGP - Pretty Good Privacy * Portmap - Portmapper replacement, with access control * SATAN - Checks computers/networks for security vulnerabilities * Securelib - Protects RPC daemons * screend - Filters IP packets * Smrsh - Sendmail restricted shell * Socks - Allows Internet access to firewalled machines * SRA - Secure RPC Authentication for Telnet and FTP * TAMU - Texas A&M Security Tool Package * tcpdump - captures protocol packets from networks * TCP Wrapper - ACLs for network services * Tiger - Scans your UNIX system for security problems * TIS Firewall Toolkit - Firewall package from TIS * Tripwire - Watch for system file changes * Watcher - Watches your system for security problems _______________________________________________________ URL: http://mls.saic.com/sites.html OTHER SECURITY SITES Cryptography * International Assoc. for Cryptologic Research * Cryptography Web Page at UMBC * Cryptography Export Control Archives * Lawrie's Cryptography Bibliography * RSA Data Security, Inc. * Quadralay's Cryptography Archive * Cryptography, PGP, and Your Privacy * PGP Web Page Firewall Vendors and Information * Harris Computer Systems * Sun Microsystems (SunScreen) * Trusted Information Systems * Cohesive Systems * Sea Change Corp. * Raptor Systems * Greatcircle Firewall Server * Virtual-One Network Environment Corp (V-ONE) * CheckPoint Software Technologies Ltd. * Firewalls.R.Us Security Gophers * InterNIC's Computer and Network Security * NIST Security * Security, Audit & Control (SIGSAC) World Wide Web Security * WWW Security Mailing List Archive * WWW Security at Rutgers University Intrusion Detection * Intrusion Detection Systems Archives (threaded) PC Security * Safetynet, Inc. Various Security Sites * Computer Security Research Lab at UC Davis * Computer Security at chalmers.se * Harris Computer Systems * Szymon Sokol's Security Site * The Uebercracker's Web Site * COAST Project and Laboratory * Computer Underground Digest Archive * Security News Clippings Archive * EINet's Computer Virus and Security Page * Crimelab * Phrack Magazine Home Page * TANSU's Security Reference Index * Digital Equipment's Secure Systems Index * Bellcore Security Products * Texas A&M security tools * ftp.win.tue.nl * NIST Computer Security Resource Clearinghouse * Christopher Menegay's Security Page * Security Papers at Johns Hopkins University * Dartmouth Security Tools * CERT FTP Archive * Computer Systems Consulting * Computer Systems Consulting (Local Files) * MIT's Athena Project * Yahoo's Security and Encryption Page * NIST Computer Security * ALW Unix Security Information * ALW's List of Unix Security Programs * ESNet FTP site * Bennet Yee's Security Page * Various security FTP pointers _______________________________________________________ Send questions and comments to Webmaster@mls.saic.com.