SN - Security Engineering
- Security Engineering - A Guide to Building Dependable Distributed Systems
- Password Management Best Practices
- Best practices for enterprise password management. Classifies security threats and discusses practical strategies to counter password guessers, packet sniffers, sticky notes and more.
- PGP Global Directory
- An Example of RSA Encryption
- CS and Security - Index of /~cs5204/fall03/Papers
- PKI considered harmful
- PKI - Pandora's Box or Panacea?
- PKI's promise is to help make e-commerce transactions truly secure. But because it's built on a fragile underlying Web of trust, be careful when implementing it in your enterprise.
- Clark-Wilson Security model
- NSFOCUS Information Technology
- Anatomy of an ARP Poisoning Attack: Security Basics | WatchGuard Technologies, Inc.
- Anatomy of an ARP Poisoning Attack: Network Security Basics from WatchGuard LiveSecurity
- Windows 2000 Authentication
- RFID Handbook: Fundamentals and Applications in... - Google Book Search
- DEEDS - TU Darmstadt, Germany
- Public-Key Infrastructure (X.509) (pkix) Charter
- Windows Vista Security and Protection
- Microsoft Windows Platform Products Awarded Common Criteria EAL 4 Certification: Certification builds on Security Development Lifecycle advances to deliver unprecedented levels of assurance and quality for IT.
- Certification builds on Security Development Lifecycle advances to deliver unprecedented levels of assurance and quality for IT.
- Overview to the Threats and Countermeasures Guide
- This is the overview for the Threats and Countermeasures Guide
- http://www.ietf.org/internet-drafts/draft-ietf-smime-ibearch-03.txt
- Shamir47.pdf (application/pdf Object)
- ONLamp.com -- Terence Spies on Identity-Based Encryption
- Terence Spies, vice president of engineering at Voltage Security, recently spoke to the O'Reilly Network about Identity-Based Encryption.
- Identity-Based Encryption - IBE -Secure Email By Voltage Security
- Identity-Based Encryption. IBE & Secure Email. Voltage Security. Using IBE dramatically simplifies the process of securing sensitive communications.
- Build and implement a single sign-on solution
- It is particularly difficult to bolt a single sign-on solution -- SSO, the ability to log in once and be authenticated to all your network resources -- onto existing applications, but every developer faces this problem when building sophisticated portals. Because portals need to integrate with back-end resources, each with its own authentication needs, the portal often has to provide the appearance of single sign-on to the user. In this article, Chris Dunne provides a step-by-step description of his experience with building a single sign-on solution for a Web portal. He shows you how to set up an open source solution, the Central Authentication Service from Yale University, and how to extend it to authenticate to a Microsoft Active Directory infrastructure.
- Using SSL for Authentication
- INFORMATION SECURITY: PRINCIPLES AND PRACTICES
- Information Security Illuminated - Zoeken naar boeken met Google
- John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eB ook-DDU.pdf - ebook4you
- . John.Wiley.and.Sons.Hacking.Windows.XP.Jul.2004.eB ook-DDU.pdf Security - Hacking
- Security - Hacking - Page 3 - ebook4you
- . Page 3-Các ebooks thuộc chủ đề bảo mật và xâm nhập như Tường lửa, Mật mã, bảo mật ứng dụng (hệ thống), các kỹ thuật khai thác ...
- Bro Intrusion Detection System - Bro Overview
- Enterasys - Products - Advanced Security Applications - Intrusion Detection/Prevention - Dragon Intrusion Detection/Protection Systems
- Host-Based IDS vs Network-Based IDS (Part 1)
- This white paper will highlight the association between Network Based and Host based intrusion detection. A product comparison will be incorporated in a following white paper part 2 to assist in the selection of the appropriate IDS for your organization. Important facts and consideration will be highlighted to assist when selecting a sound intrusion detection system. This white paper will give you a better understanding of the differences between NID and HIDS and will highlight the strengths and weaknesses of both concurrently extending your knowledge and increasing your understanding of the IDS systems.
- PGP MITM Attack - By RSnake
- RSnake's official homepage.
- Summary of MITM attacks with legacy authentication
- P2P Networks
- Security and Privacy in RFID Systems
- This site references papers related to security and privacy in RFID systems.
- Storm, Nugache lead dangerous new botnet barrage
- Storm and Nugache Trojans are leading a dangerous new botnet barrage.
- The Byzantine Generals Problem
- Cryptology ePrint Archive
- Microsoft Exchange Hosted Encryption
- Exchange Hosted Encryption: Technical Overview
- Breaking copy protection in microcontrollers
- The last investigations into security of microcontrollers and copy protection mechanisms. PIC16C84, PIC16F83, PIC16F84, PIC16F84A, PIC16F873, PIC16F874, PIC16F876, PIC16F877, PIC16F627, PIC16F628, PIC12C508, PIC12C509, AT89C51, AT89C52, AT89C55, AT89C1051, AT89C2051, AT90S1200, AT90S2313, AT90S2323, uPD78F9026, uPD78F9116, MSP430F110, MSP430F112, MSP430F122, MSP430F123, MSP430F133, MSP430F135, MSP430F147, MSP430F148, MSP430F149, MSP430F412, MSP430F413, MC68HC05B6, MC68HC05B8, MC68HC05B16, MC68HC05B32, MC68HC05X16, MC68HC05X32, MC68HC11A8, MC68HC11E9, MC68HC11L6, MC68HC11KA4 and MC68HC11KG4 have been tested for possible ways of unlock and unprotect. Other PIC and AVR processors might be sensible for such attacks.
- COMPARISON OF SECURE EMAIL TECHNOLOGIES X.509 / PKI, PGP, and IBE
- This work presents a list of desirable features as well as a list of attacks or problems to secure email,
together with a corresponding score card for the technologies X.509 / PKI, PGP and IBE as used today. Usability, as an aggregation of
properties, is considered the Most Important Feature of a secure email system.
- ECRYPT NoE
- Technical report - Web Single Sign On Systems
- BBC NEWS | Technology | Google ranked 'worst' on privacy
- Google is sharply criticised in a report looking at the privacy policies of popular net firms.
- Sec w/o ID
- Sci
American on privacy
- Navica - Open Source Maturity Model (OSMM)
- Description here
- The Open Source Definition
- EUROPA - Rapid - Press Releases
- Rapid - the press releases database for main European Institutions
- OSVDB: The Open Source Vulnerability Database
- The Laws of Identity - MSDN
- Microsoft Exchange Hosted Encryption - Identity Based Encryption
- Exchange Hosted Encryption is a convenient, easy-to-use e-mail encryption service that helps to safely deliver your confidential business communications.
- Microsoft Exchange Hosted Encryption
- Exchange Hosted Encryption: Technical Overview
- Authentication, Crypto and Such by Rick Smith - Books, Papers, and Presentations on Computer-based Authentication, Security, and Internet Cryptography
- Rick Smith's books, papers, and presentations on information security topics, with information describing his books "Authentication: From Passwords to Public Keys" and "Internet Cryptography." Papers and presentations also explore computer security basics, e-commerce, and computer security evaluations.
- Research and Scholarly Activities - Dr. Rick Smith, University of St. Thomas
- History of Computer Security
- This page contains History of Computer Security papers.
EduCourses and Training
- MIT OpenCourseWare | Home
- Interactive Training - Microsoft Enterprise Learning Library
- Grid - Security @ Class Pages for University of Maryland, Computer Science
- Lecture Notes - Johnathan Katz - Undergraduate crypto course
- Lecture Notes - Johnathan Katz - Crypto course
- CMSC 858K --- Advanced Topics in Theory of Computing: Cryptography
Distance Education at a Glance
Distance learning guidelines
CEEVU: Центрально-восточно-европейский виртуальный университет
TechOnLine - Educational Resources - VirtuaLabs
Worldwide Universities Network
Kennisnet Primair onderwijs Leerkracht
TPG - Trusted Computing Group
- Trusted Computing Group: Home
- Trusted Computing Group: TPM
- Trusted Computing Group: Infrastructure
- Trusted Computing Blog
- TPM Matrix (c) 2004 - 2006
- TPM deployment Matrix
- Trusted Computing Group: Interop 2006
- Goals and objectives of OpenTC — Open_TC
- Trusted Computing (TC) aims at increasing the security of the core Operating Systems (OS). This begins at the lowest level of the platform with a controlled loading of an operating system and goes on level by level, verifying the process after each level. Project development will be based on a hardware root of trust, a security hardware module to support the integrity checks and the storage of keys and other data in a protected chip, referred to as Trusted Platform Module (TPM). A secure hardware architecture is another prerequisite for the project - this will be developed outside the project by AMD and made available to the project. Making security a tangible and affordable enabling technology is of great importance for the deployment of a global security framework.
- Trusted Computing - TCG proposals
- OpenTC - Trusted Java Website
- SourceForge.net: Trusted Java
- The world's largest development and download repository of Open Source code and applications
- Welcome to OpenTC — Open_TC
- The Open Trusted Computing (OpenTC) consortium is an R&D project focusing on the development of trusted and secure computing systems based on open source software. The project targets traditional computer platforms as well as embedded systems such as mobile phones.
AAA, Identity,
PKI, Application Security
Shibboleth
- Shibboleth/OpenSAML CVS Source Code Repository
- SourceForge.net: Project Info - Shibboleth
- Shibboleth v1.3 Software
- WebHome < Shibboleth < TWiki
- WebServices < Shibboleth < TWiki
- GridShib: A Policy Controlled Attribute Framework
- GridShib: Downloads
- GridShib: A Policy Controlled Attribute Framework
- http://shibboleth.internet2.edu/downloads/
- Shibboleth - Download
- Shibboleth is standards-based, open source
middleware software which provides Web Single SignOn (SSO) across or within
organizational boundaries. It allows sites to make informed authorization
decisions for individual access of protected online resources in a
privacy-preserving manner.
- TrustEngine < Shibboleth < TWiki
- SourceAccess - Shibboleth - Internet2 Wiki
- Announce-Shib-2.0-Beta - Shibboleth 2.0 Documentation - Internet2 Wiki
PKI &Trust
- Grid Policy Management Authority Website
- PinkRoccade Infrastructure Services - pki.pinkroccade.com - Managed PKI - Digital Certificates - qualified certificate
- PKI
- OpenPGP Public Key Server Commands
- Pgp-keyserver-folk Info Page
- http://www.openca.org/openca/download-releases.shtml
- TrustCoM
- X.509 - Using PFX and PEM Certificate Formats with Keystores
- There are a number of certificate formats in cryptography. This tutorial demonstrates how to convert between the most common formats and build keystores that can be used for two-way SSL.
- VeriSign Secure Site Services
Identiy Mngnt/Authentication
- Central Authentication Service - CaseWiki
- Microsoft .NET Passport Member Services
- Liberty Alliance
- SourceID | Open Source Federated Identity Management | Liberty Alliance, WS-Federation, SAML | Home
- opensso: Home
- The A-Select Authentication System
-
- Authentication Authorisation Accounting ARCHitecture Research Group
- About the Group - Policy Research Group, DoC, Imperial College
- Akenti Distributed Access Control
- Sun Java System Access Manager
- Global working Group eduroam Area
- pGina: Making the big boys play nice - Latest News
- TWiki - Shibboleth - Ohio Univ
- uPortal by JA-SIG
- Information Systems Security Group
- Samoa: Formal Tools for Securing Web Services
- OpenLDAP, Software
- LDAP @Stig Venaas
- DAASI International
- PAPI project
- GAA-API Home Page
- Access Control in Operating Systems
- SPOCP.org - Simple Policy Control Protocol
- Phaos Technology Corporation - XML Certificate, XML Security Suite, Encryption XML
- bhold company - role based acces control (rbac)
- Build and implement a single sign-on solution
- Securent Entitlement Management Solution (EMS)
- Entitlement management solution: Securent entitlement management solution (EMS) is a unique, scalable, enterprise-ready solution for achieving fine-grained or application specific role-based distributed entitlement.
- 9Star Research Inc: Open Source Campus/Enterprise IdM Solution
- US - NIST New Computer Security Publications (eGovernment Resource Centre)
- The US National Institute of Standards and Technology has published reports on computer security including Windows XP Home Edition, IT plans, acess control policies, and computer security log management.
- Interoperability Prototype for Liberty
- Microsoft .NET Passport
- PRIMA - Privilege Management and Authorization
- Report about identity management online
- SWITCH - AAI - Dukono Test Identity Provider
Security: Operational and Network
- NewsBites: Security Digest
- OWASP
- Brutus - The Remote Password Cracker
- Security Forum - Home Page
- Computer Security Alerts
- Technology Support - Laws and TTU Policies Affecting Computer Use - main page
- BankInfoSecurity.com - Integrity & Confidentiality of Networked Systems
- Threat Classification - Web Application Security Consortium
- Secure BGP
- GNUCITIZEN
- ORG (Owasp Report Generator) - OWASP
- ASTALAVISTA.COM TOOLS PASSWORD WINDOWS PASSOWRD CRACKERS
- Security Risk Management and Network Change Management Solution from Skybox Security, Inc.
- Skybox Security pioneered the science of quantifiable security risk analysis and is driving the advancement of the Security Risk Management
(SRM) market. The company’s award-winning product suite, Skybox View™, is the first and only software solution to create a virtual model and staging environment of an organization’s network security profile. Skybox View™ collects network infrastructure and security configurations, evaluates vulnerability scan results, maps dependencies among security devices and incorporates the business value of critical assets. Through exclusive attack simulation, it uses this data to calculate all possible access paths, and highlight vulnerabilities that can be exploited by internal and external attackers as well as malicious worms. Creating a virtual sandbox, or simulating a staging environment, is possible through unique “what-if” analysis capability. By using Skybox View, the information overload associated with thousands of network security policies, control devices and vulnerability scans can be demystified and automated. The benefit is business continuity through a measurable, repeatable and predictable network connectivity and risk assessment process. This is achieved through continuous evaluation of an organization’s risk profile, security control effectiveness and justifiable price tag on mitigating exposures. With Skybox View, the security team receives a precise and prioritized battle plan; IT operations can reduce IT workload; and management gains unprecedented visibility into the organization’s risk and governance profile. Skybox View has two applications: Skybox Secure for Security Risk Management, and Skybox Assure for Network Change Management. Designed for the security and auditing teams, Skybox Secure runs unique attack simulations on the virtual model to evaluate which threats pose the greatest potential harm. It evaluates all possible access paths and vulnerabilities that can be exploited by internal and external attackers as well as malicious worms. Designed for the IT network and operations team, Skybox Assure runs unique access simulation within a virtual staging environment in order to evaluate effectiveness and compliance of security controls with defined policies. It simulates all possible access paths, validates connectivity and enables the testing of proposed changes before implementation.
- The Open Group Security Forum
- The Open Group is an international vendor and technology-neutral consortium that is committed to delivering greater business efficiency by bringing together buyers and suppliers of information technology to lower the time, cost and risk associated with integrating new technology across the enterprise. With its proven certification methodology and conformance testing expertise, The Open Group is the international guarantor of the interoperability that single economic entities require to achieve independence. The flexible structure of membership of The Open Group allows for almost any size of organization to join and influence the future of the IT world, and the introduction of membership for individuals is currently being considered. However, members include some of the largest and most influential organizations in the world and buy-side members have combined budgets of over $50 billion per annum.