In this section of the book, I cover the basics of security engineering technology. The first chapter sets out to define the subject matter by giving an overview of the secure distributed systems found in four environments: a bank, an air force base, a hospital, and the home. The second chapter is on security protocols, which lie at the heart of the subject: they specify how the players in a system—whether people, computers, or other electronic devices—communicate with each other. The third, on passwords and similar mechanisms, looks in more detail at a particularly simple kind of security protocol that is widely used to authenticate people to computers, and provides the foundation on which many secure systems are built.
Source: Ross Anderson - Posted by Benjamin D. Thomas
My goal in making the book freely available is twofold. First, I want to reach the widest possible audience, especially among poor students. Second, I am a pragmatic libertarian on free culture and free software issues; I think that many publishers (especially of music and software) are too defensive of copyright. I don't expect to lose money by making this book available for free: more people will read it, and those of you who find it useful will hopefully buy a copy. After all, a proper book is half the size and weight of 300-odd sheets of laser-printed paper in a ring binder. (My colleague David MacKay found that putting his book on coding theory online actually helped its sales. Book publishers are getting the message faster than the music or software folks.)
MOSREF is a exploitation architecture utilizing the power of the MOSVM virtual machine and Mosquito Lisp to make penetration testing, exploit development, and general systems security tasks more efficient.
While MOSREF has been developed primarily as a platform for exploitation and penetration-testing, MOSREF and the underlying MOSVM virtual machine technology can be used for a variety of security-related and non-security-related tasks. Moreover, the platform is licensed under the GNU LGPL, and is redistributable and modifiable under the terms of that license. <>P
Source: It-Observer.com - Posted by Efren J. Belizario
Backup and recovery operations are the focus of business continuity and data protection plans and often the main source of anxiety for IT departments. Few businesses are fully satisfied with their backup and recovery solutions. Not only must data be protected from complete site failures, such as those resulting from natural disasters, data must also be protected from corruption or data loss, such as that resulting from a computer virus or human error.
This document describes a method of verifying Secure Shell (SSH) host keys using Domain Name System Security (DNSSEC). The document defines a new DNS resource record that contains a standard SSH key fingerprint.
Source: ThatHost.com - Posted by Benjamin D. Thomas
Finally, an entertaining programmer's book on security! Innocent Code will show you how common programming errors make a web site open to attacks, even with both firewalls and encryption in place. You, the programmer, play a major role when it comes to the security of a web site. With lots of real-life examples, this book will show you why.
This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. The purpose of this publication is to inform members of the information security management team [agency heads, chief information officers (CIO), senior agency information security officers (SAISO), and security managers] about various aspects of information security that they will be expected to implement and oversee in their respective organizations. This handbook summarizes and augments a number of existing National Institute of Standards and Technology (NIST) standard and guidance documents and provides additional information on related topics. NIST requests public comments on the draft until August 07, 2006; comments may be sent to handbk-100@nist.gov .
This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program.
The purpose of this publication is to inform members of the information security management team [agency heads, chief information officers (CIO), senior agency information security officers (SAISO), and security managers] about various aspects of information security that they will be expected to implement and oversee in their respective organizations. This handbook summarizes and augments a number of existing National Institute of Standards and Technology (NIST) standard and guidance documents and provides additional information on related topics.