|
Welcome to Raptor Systems' Security
Library
Files NOW available in PDF format.
To view the PDF format you need to download Adobe Acrobat Reader.
Download.
It is free!
If you have problems viewing the documents please let me know.
kcarberry@raptor.com
- The Internet Worm: An Analysis
- Spafford
Format: postscript, 283kb
- Format: PDF
- OPUS: Preventing Weak Password Choices
- Spafford
Format: postscript, 48kb
- Format: PDF
- Software Forensics: Can We Track Code to Its Authors?
- Spafford/Weeber
Format: postscript, 56kb
- Format: PDF
- A Generic Virus Scanner in C++
- Kumar/Spafford
Format: postscript, 109kb
- Format: PDF
- The Design and Implementation of TripWire: A Filesystem Integrity
Checker
- Kim/Spafford
Format: postscript, 222kb
- Format: PDF
- An Application of Pattern Matching in Intrusion Detection
- Kumar/Spafford
Format: postscript, 674kb
- Format: PDF
- Writing, Supporting, and Evaluating TripWire: A Publicly Available
Security Tool
- Kim/Spafford
Format: postscript, 197kb
- Format: PDF
- Countering Abuse of Name-Based Authentication
- Schuba/Spafford
Format: postscript, 243kb
- Format: PDF
- Authorship Analysis: Identifying the Author of A Program
- Krsul
Format: postscript, 595kb
- Format: PDF
- Active Defense of a Computer System Using Autonomous Agents
- Crosbie/Spafford
Format: postscript, 173kb
- Format: PDF
- Defending a Computer System Using Autonomous Agents
- Crosbie/Spafford
Format: postscript, 151kb
- Format: PDF
- Classic IP and ARP over ATM
- Schuba, et. al.
Format: postscript, 317kb
- Format: PDF
- Are Hacker Breakins Ethical?
- Spafford
Format: postscript, 113kb
- Format: PDF
- INFOHAX Digest
- InfoHax E-Mail list
Format: ASCII, Part 1, 89kb, ASCII,
Part 2, 67kb, ASCII, Part 3, 48kb, and
ASCII, Part 4, 118kb
- Increasing Security on IP Networks
- Cisco Systems
Format: ASCII, 45kb
- NSA Audit Workbench
- Wee, et. al.
Format: postscript, 144kb
- Format: PDF
- Computer Break-ins: A Case Study
- van Doorn
Format: ASCII, 36kb
- CONNECTING TO THE INTERNET: SECURITY CONSIDERATIONS
- National Institute of Standards and Technology
Format: ASCII, 15kb
- SECURITY PROGRAM MANAGEMENT
- National Institute of Standards and Technology
Format: ASCII, 11kb
- PEOPLE: AN IMPORTANT ASSET IN COMPUTER SECURITY
- National Institute of Standards and Technology
Format: ASCII, 18kb
- COMPUTER SECURITY POLICY: SETTING THE STAGE FOR SUCCESS
- National Institute of Standards and Technology
Format: ASCII, 23kb
- THREATS TO COMPUTER SYSTEMS: AN OVERVIEW
- National Institute of Standards and Technology
Format: ASCII, 14kb
- REDUCING THE RISKS OF INTERNET CONNECTION AND USE
- National Institute of Standards and Technology
Format: ASCII, 15kb
- Computer Security and the Law
- Morris
Format: ASCII, 14kb
- ABBREVIATED CERTIFICATION METHODOLOGY FOR SENSITIVE INFORMATION
TECHNOLOGY SYSTEMS
- U.S. Dept of Commerce
Format: ASCII, 32kb
- Dept of Commerce Password Usage Federal Information Processing Standard
(FIPS)
- U.S. Dept of Commerce
Format: PostScript, Part 1, 283kb and
PostScript, Part 2, 810kb
- Format: PDF
- GUIDELINE FOR THE USE OF ADVANCED AUTHENTICATION TECHNOLOGY ALTERNATIVES
FIPS
- U.S. Dept of Commerce
Format: ASCII, 167kb
- Digital Signature Standard FIPS
- U.S. Dept of Commerce
Format: PostScript, 325kb
- Format: PDF
- Standard Security Label for Information Transfer FIPS
- U.S. Dept of Commerce
Format: PostScript, 333kb
- Format: PDF
- Guidlines for the Analysis Local Area Network Security FIPS
- U.S. Dept of Commerce
Format: PostScript, 389kb
- Format: PDF
- GENERALLY ACCEPTED SYSTEM SECURITY PRINCIPLES (GSSP)
- Natl Research Council
Format: ASCII, 49kb
- Security on the Internet
- McNulty
Format: ASCII, 44kb
- General Procedures for Registering Computer Security Objects
- National Institute of Standards and Technology
Format: ASCII, 22kb
- Information Technology Security Evaluation Criteria
- European Community Advisory Group
Format: ASCII, 288kb
- REDEFINING SECURITY
- Joint Security Committee
Format: ASCII, 154kb
- A Security Analysis of the NTP Protocol
- Bishop
Format: PostScript, 106kb
- Format: PDF
- Artificial Intelligence and Intrusion Detection: Current and Future
Directions
- Frank
Format: PostScript, 168kb
- Format: PDF
- A Pattern Matching Model for Misuse Intrusion Detection
- Kumar/Spafford
Format: PostScript, 191kb
- Format: PDF
- Machine Learning and Intrusion Detection
- Frank
Format: PostScript, 226kb
- Format: PDF
- LIST OF NATIONAL SECURITY AGENCY COMPUTER SECURITY DOCUMENTS
- National Security Agency
Format: ASCII, 8kb
- National Information Systems Security (INFOSEC) Glossary
- National Security Agency
Format: ASCII, 209kb
- Support for Security in Distributed Systems Using MESSIAHS
- Chapin/Spafford
Format: PostScript, 148kb
- Format: PDF
- Potential Liabilities of Computer Search Response Centers Arising
from Notification to Publishers and Users of Security Deficiencies in Software
- stewart
Format: PostScript, 146kb
- Format: PDF
- Coping with the Threat of Computer Security Incidents
- Russell Brand
Format: postscript, 293kb
- Format: PDF
- Why Cryptosystems Fail
- Ross Anderson
Format: postscript, 212kb
- Format: PDF
- Searching for the Optimum Correlation Attack
- Ross Anderson
Format: postscript, 117kb
- Format: PDF
- Detecting Intruders in Computer Systems
- Teresa Lunt Format: postscript, 217kb
- Format: PDF
- On the Security of Unix
- Dennis Ritchie
Format: postscript,23kb
- Format: PDF
- Life Without Root
- Steve Simmons
Format: postscript, 83kb
- Format: PDF
- UTnet Guide to Unix Security
- Charles Spurgeon
Format: postscript, 50kb
- Format: PDF
- Legal Issues Affecting Computer Information Systems
- David Loundy
Format: postscript,2.3mb
- Format: PDF
- New Attack on Random Pronounceable Password Generators
- Ganesan and Davies
Format: postscript, 695kb
- Format: PDF
- Interpreted ITCSEC Requirements
- National Security Agency
Format: postscript, 644kb
- Format: PDF
- A New Family of Secure Electronic Payment Protocols
- International Business Machines
Format: postscript, 209kb
- Format: PDF
- Unix and Security
- Bacic
Format: postscript, 299kb
- Format: PDF
- The ISI Tunnel
- Cohen
Format: postscript, 166kb
- Format: PDF
- Addressing Weaknesses in the Domain Name System
- Schuba
Format: postscript, 434kb
- Format: PDF
- Security for Multimedia Data
- Jurgen Meyer
Format: postscript, 276kb
- Format: PDF
- Liability and Computer Security
- Ross Anderson
Format: postscript, 144kb
- Format: PDF
- The SAMSON Security System
- Misc. authors
Format: postscript, 199kb
- Format: PDF
- The Computer Underground
- Gordon Meyer
Format: ASCII, 148kb
- Security Checklist
- Australian CERT
Format: ASCII, 50kb
- The First Steps to Assurance
- Marshall Abrams
Format: ASCII, 167kb
- A Draft Proposal for Secure Hypertext
- E. Rescorla
Format: ASCII, 80kb
- AUTOMATED TOOLS FOR TESTING COMPUTER SYSTEM VULNERABILITY
- W. Timothy Polk
December 3, 1992
Format: postscript, 310Kb
- Format: PDF
- NIST SPECIAL PUBLICATION 800-7 -- SECURITY IN OPEN SYSTEMS
- Computer Systems Technology US Department of Commerce, National Institute
of Standards and Technology
John Barkley, Editor
Format: postscript, 1400Kb
- Format: PDF
- SECURITY ISSUES IN THE DATABASE LANGUAGE SQL
- Lawrence E. Bassham
July 30, 1993
Format: postscript, 310Kb
- Format: PDF
Abstract: The Database Language SQL (SQL) is a standard interface
for accessing and manipulating relational databases. An SQL-compliant database
management system (DBMS) will include a minimum level of functionality
in a variety of areas. However, many additional areas are left unspecified
by the SQL standard. In addition, there are multiple versions of the SQL
standard; the functionality will vary according to the particular version.
- AN EVENING WITH BERFERD IN WHICH A CRACKER IS LURED, ENDURED, AND
STUDIED
- Bill Cheswick
Format: postscript, 84Kb
- Format: PDF
Abstract:On January, 1991, a cracker, believing he had discovered
the famous sendmail DEBUG hole in our Internet gateway machine, attempted
to obtain a copy of our password file. I sent him one.
- IMPROVING THE SECURITY OF YOUR SITE BY BREAKING INTO IT
- Dan Farmer and Wietse Venema
Format: text 51Kb
Abstract:Every day, all over the world, computer networks and hosts
are being broken into. The level of sophistication of these attacks varies
widely; while it is generally believed that most break-ins succeed due
to weak passwords, there are still a large number of intrusions that use
more advanced techniques to break in. Less is known about the latter types
of break-ins, because by their very nature they are much harder to detect.
- FIPS PUB XXX - FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION
- CRYPTOGRAPHIC SERVICE CALLS (DRAFT)
- US Department of Commerce/National Institute of Standards and Technology
Format: postscript, 326Kb
- Format: PDF
- PACKET FILTERING IN AN IP ROUTER
- Bruce Corbridge, Robert Henig, Charles Slater - Telebit Corporation
Format: postscript, 80Kb
- Format: PDF
Abstract:By using existing information in packet headers, routers
can provide system administrators a facility to manage network connections
between computers. Most address, network number, interface, direction,
protocol, and post number are parameters that may be used to implement
an access control policy.
- HOW TO KEEP TRACK OF YOUR NETWORK CONFIGURATION
- J. Schonwulder & H. Langendolfer - TU Braunschweig, Germany
Format: postscript, 244Kb
- Format: PDF
Abstract:In this paper we present extensions for the Ined network
editor allowing us to discover the structure of an IP network automatically.
The discovering algorithm is based on an active probing technique that
ties well with our interactive editor.
- THERE BE DRAGONS
- Steven M. Bellovin
June 24, 1992
Format: postscript, 178Kb
- Format: PDF
Abstract:Our security gateway to the Internet, research.att.com,
provides only a limited set of services. Most of the standard servers have
been replaced by a variety of trap programs that look for attacks. Using
these, we have detected a wide variety of pokes, ranging from simple doorknob-twisting
to determined attempts to break in. The attacks range from simple attempts
to log in as guest to forged NFS packets. We believe that many other sites
are being probed but are unaware of it: the standard network daemons do
not provide administrators with either appropriate controls and filters
or with the logging necessary to detect attacks.
- E-LAW: LEGAL ISSUES AFFECTING COMPUTER INFORMATION SYSTEMS AND SYSTEM
OPERATOR LIABILITY+
- David Loundy
Format: postscript, 1036Kb
- Format: PDF
- SECURE CONTROL OF TRANSIT INTERNETWORK TRAFFIC
- Deborah Estrin Gene Tsudik
December 12, 1990
Format: postscript, 489Kb
- Format: PDF
Abstract:When independent administrative domains (ADs) interconnect
their networks, usage control mechanisms are needed to preserve the autonomy
of each AD. Neither traditional network access control methods nor current
internetwork routing protocols are well- suited to the enforcement of network
usage policies. Consequently, new policy sensitive inter- domain routing
protocols are currently under development. While these protocols are designed
to enforce network policies, they raise new security-related concerns.
- FEDERAL CRITERIA for INFORMATION TECHNOLOGY SECURITY - VOLUME 1
PROTECTION PROFILE DEVELOPMENT - VERSION 1.0
- National Institute of Standards and Technology & National Security
Agency
December 1992
Format: postscript, 1036Kb
- Format: PDF
- FEDERAL CRITERIA for INFORMATION TECHNOLOGY SECURITY - VOLUME 2
- REGISTRY OF PROTECTION PROFILES - VERSION 1.0
- National Institute of Standards and Technology & National Security
Agency
December 1992
Format: postscript, 915Kb
- Format: PDF
- A NETWORK FIREWALL
- Marcus J. Ranum
June 12, 1992
Format: postscript, 374Kb
- Format: PDF
Abstract:Information is the lifeblood of the computer age, and
network connectivity is crucial to day-to-day business. Connecting a private,
corporate network to the Internet is not acceptable without some form of
secure gateway acting as a firewall between the two networks, to prevent
miscreants and unwelcome visitors from accessing hosts on the private network.
In the case of a software or hardware vendor, source code, CAD diagrams,
and other product- specific information must be kept secret. Hospitals
and insurance companies, that maintain confidential information, or pharmaceutical
research labs with patent applications cannot afford to take chances with
data theft. A break-in over the network could do incalculable damage in
a very short time.
- SECURITY BREACHES: FIVE RECENT INCIDENTS AT COLUMBIA UNIVERSITY
- Fuat Baran, Howard Kaye and Margarita Snarez
Format: postscript, 93Kb
- Format: PDF
Abstract:During a two-month period (February through March,
1990) Columbia University was involved in five break-in incidents. This
paper provides a detailed account of each incident as well as what steps
we took, both short-term and long-term, to reduce the likelihood of future
incidents.
- THE DESIGN OF A SECURE INTERNET GATEWAY
- Bill Cheswick
April 1990
Format: postscript, 42Kb
- Format: PDF
Abstract:The Internet supports a vast and growing community
of computers users around the world. Unfortunately, this network can provide
anonymous access to this community by the unscrupulous, careless, or dangerous.
On any given Internet there is a certain percentage of poorly-maintained
systems. AT&T has a large internal Internet that we wish to protect
from outside attacks, while providing useful services between the two.
This paper describes our Internet gateway.
- GREEN BOOK ON THE SECURITY OF INFORMATION SYSTEMS - DRAFT 3.6
- July 14, 1993
Format: postscript, 447Kb
- Format: PDF
- AN INTRODUCTION TO COMPUTER SECURITY: THE NIST HANDBOOK - DRAFT
- National Institute of Standards and Technology Technology Administration
US Department of Commerce
June 20, 1994
Format: postscript, 282Kb
Format: PDF
- AN INTRODUCTION TO COMPUTER SECURITY: THE NIST HANDBOOK - PART II
- MANAGEMENT CONTROLS
- National Institute of Standards and Technology Technology Administration
US Department of Commerce
June 20, 1994
Format: postscript, 520Kb
- Format: PDF
- AN INTRODUCTION TO COMPUTER SECURITY: THE NIST HANDBOOK - PART III
- OPERATIONAL CONTROLS
- National Institute of Standards and Technology Technology Administration
US Department of Commerce
June 20, 1994
Format: postscript, 528Kb
- Format: PDF
- AN INTRODUCTION TO COMPUTER SECURITY: THE NIST HANDBOOK - PART IV
- TECHNICAL CONTROLS
- National Institute of Standards and Technology Technology Administration
US Department of Commerce
June 20, 1994
Format: postscript, 479Kb
- Format: PDF
- AN INTRODUCTION TO COMPUTER SECURITY: THE NIST HANDBOOK - PART V
- EXAMPLE
- National Institute of Standards and Technology Technology Administration
US Department of Commerce
June 20, 1994
Format: postscript, 246Kb
- Format: PDF
- COMPUTER BREAK-INS: A CASE STUDY
- Leendert van Doorn, Vrije Universitait, Amsterdam, The Netherlands
Format: postscript, 94Kb
- Format: PDF
Abstract:Computer break-ins are getting more common every day.
Log files and even program binaries are changed, making it very hard for
the system administrators to assess the damage and track down the intruders.
This paper describes the modus operandi of hackers based on multiple hacking
attempts that occurred during this year at some department computers. Special
attention is paid to the methods they use to break into computer systems
and what they do once they are in.
- KEEPING YOUR SITE COMFORTABLY SECURE: AN INTRODUCTION TO INTERNET
FIREWALLS
- John P. Wack and Lisa J. Carnahan
Draft November 30, 1994
Format: postscript, 1834Kb
- Format: PDF
- A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION
- Sandocp Kumar and Eugene H. Spafford
Format: postscript, 191Kb
- Format: PDF
Abstract:This paper describes a generic model of matching that
can be usefully applied to misuse intrusion detection. The model is based
on Colored Petri Neta. Guards define the context in which signatures are
matched. The notion of start and final states, and paths between them define
the set of event sequences matched by the net. Partial order matching can
also be specified in this model. The main benefits of the model are its
generality, portability and flexibility.
- SECURITY PROBLEMS IN THE TCP/IP PROTOCOL SUITE
- S.M. Bellovin
Format: postscript, 107Kb
- Format: PDF
Abstract:The TCP/IP protocol suite, which is very widely used
today, was developed under the sponsorship of the Department of Defense.
Despite that, there are a number of serious security flaws inherent in
the protocols, regardless of the correctness of any implementations. We
describe a variety of attacks based on these flaws, including sequence
number spoofing, routing attacks, source address spoofing, and authentication
attacks. We also present defenses against these attacks, and conclude with
a discussion of broad-spectrum defenses such as encryption.
- THE ISI TUNNEL - ISI Research Report ISI/SR-93-35B
- Annette DeSchon and Danny Cohen
October 1993
Format: postscript, 166Kb
- Format: PDF
- LIMITATIONS OF THE KERBEROS AUTHENTICATION SYSTEM
- Steven M. Bellovin and Michael Merritt
Format: postscript, 149Kb
- Format: PDF
Abstract:The Kerberos authentication system, a part of MIT's
Project Athens, has been adopted by other organizations. Despite Kerberos's
many strengths, it has a number of limitations and some weaknesses. Some
are due to specifics of the MIT environment; others represent deficiencies
in the protocol design. We discuss a number of such problems, and present
solutions to some of them. We also demonstrate how special-purpose cryptographic
hardware may be needed in some cases.
- FOILING THE CRACKER - A SURVEY OF, AND IMPROVEMENTS TO, PASSWORD
SECURITY
- Daniel V. Klein
Format: postscript, 95Kb
- Format: PDF
- Abstract:With the rapid burgeoning of national and international
networks, the question of system security has become one of growing importance.
High speed inter-machine communication and even higher speed computational
processors have made the threats of system 'crackers', data theft, data
corruption very real. This paper outlines some of the problems of current
password security by demonstrating the ease by which individual accounts
may be broken. Various techniques used by crackers are outlined, and finally
one solution to this point of system vulnerability, a proactive password
checker, is proposed.
- INTERNET FIREWALLS - An Introduction - Draft Revision 242
- 26 August 1994
Format: postscript, 216Kb
- Format: PDF
Abstract:Connecting to Internet connection will expose some
subset of your enterprise network resources, called the zone of risk, to
internet-based attacks from any of millions of internet users. One way
to reduce this exposure is to reduce the zone of risk to a small number
of extremely secure hosts. These secure hosts are collectively referred
to as a firewall. An Internet firewall allows enterprise network administrators
to implement strict access controls, including strong authentication, between
the internet and the enterprise network.
- COUNTERING ABUSE OF NAME-BASED AUTHENTICATION
- Christoph L. Schuba and Eugene H. Spafford
Format: postscript, 242Kb
- Format: PDF
Abstract:Authentication for access control procedures is usually
based on the identity of participating entities. In some communications
systems, identities are partially or wholly resolved using hostnames or
machine addresses in the underlying protocol suite. Access control lists
and revocation lists are often defined on the basis of hostnames, whereby
the communication subsystem at runtime utilizes machine addresses.
- NETWORK READING LIST: TCP/IP, UNIX, and ETHERNET
- Charles Spurgeon
June 1993
Format: postscript, 266Kb
- Format: PDF
Abstract:This annotated list of resources is intended for network
managers, developers, and users at the University of Texas at Austin, or
anywhere that TCP/IP, UNIX, and Ethernet are used to provide computer communications.
These three networking technologies share the same major attribute: they
can be used to build interoperable network systems across a wide range
of computer equipment. Because of their ability to provide the glue that
holds networks together, TCP/IP, UNIX, and Ethernet are in wide use on
campus and at many other sites.
- GUIDE TO NETWORK RESOURCE TOOLS - Document Number: 3.0
- May 24, 1994
Format: postscript, 477Kb
- Format: PDF
- OBSERVING REUSABLE PASSWORD CHOICES - Purduc Technical Report CSD-TR
92-049
- Eugene H. Spafford
31 July 1992
Format: postscript, 67Kb
- Format: PDF
Abstract:From experience, a significant number of recent computer
breakins- perhaps the majority - can be traced back to an instance of a
poorly-chosen reusable password. Once a system intruder had gained access
to one account by breaking a password, it is often a simple matter to find
system flows and weaknesses that thereafter allow entry to other accounts
and increasing amounts of privilege.
- PACKETS FOUND ON AN INTERNET
- Steven M. Bellovin
May 15, 1992
Format: postscript, 103Kb
- Format: PDF
Abstract:As part of our security measures, we spend a fair amount
of time and effort looking for things that might otherwise be ignored.
Apart from assorted attempted penetrations, we have also discovered many
examples of amorous behavior. These range from excessive ICMP messages
to nominally- local broadcast packets that have reached us from around
the world.
- USER AUTHENTICATION AND RELATED TOPICS: AN ANNOTATED BIBLIOGRAPHY
- Eugene H. Spafford and Stephen A. Woeber
Format: postscript, 203Kb
- Format: PDF
- PASSWORD SECURITY: A CASE HISTORY
- Robert Morris and Ken Thompson
Format: postscript, 35Kb
- Format: PDF
Abstract:This paper describes the history of the design of the
password security scheme on a remotely accessed time-sharing system. The
preset design was the result of countering observed attempts to penetrate
the system. The result is a compromise between extreme security and ease
of use.
- PROXY-BASED AUTHORIZATION AND ACCOUNTING FOR DISTRIBUTED SYSTEMS
- B. Clifford Neuman
Format: postscript, 157Kb
- Format: PDF
Abstract:Despite recent widespread interest in the secure authentication
of principals across computer networks there has been considerably less
discussion of distributed mechanisms to support authorization and accounting.
By generalizing the authentication model to support restricted proxies,
both authorisation and accounting can be easily supported. This paper presents
the proxy model for authorisation and shows how the model can be used to
support a wide range of authorisation and accounting mechanisms.
- NETWORK (IN) SECURITY THROUGH IP PACKET FILTERING
- D. Brent Chapman
Format: postscript, 123Kb
- Format: PDF
Abstract:Ever-increasing numbers of IP router products are offering
packet filtering as a tool for improving network security. Used properly,
packet filtering is a useful tool for the security-conscious network administrator,
but its effective use requires a thorough understanding of its capabilities
and weaknesses, and of the quirks of the particular protocols that filters
are being applied to. This paper examines the utility of IP packet filtering
as a network security measure, briefly contrasts IP packet filtering to
alternative network security approaches such as application-level gateways,
describes what packet filters might examine in each packet, and describes
the characteristics of common application protocols as they relate to packet
filtering.
- PROBING TCP IMPLEMENTATIONS
- Douglas R. Comer and John C. Lin
Format: postscript, 211Kb
- Format: PDF
Abstract:In this paper, we demonstrate a technique called active
probing used to study TCP implementations. Active probing treats a TCP
implementation as a black box, and uses a set of procedures to probe the
black box. By studying the way TCP responds to the probes, one can declare
several characteristics of the implementation.
- SITE SECURITY HANDBOOK
- P. Holbrook - CICNet and J. Reynolds - ISI
July 1991
Format: postscript, 888Kb
- Format: PDF
Abstract:This handbook is the product of the Site Security Policy
Handbook Working Group (SSPHWG), a combined effort of the Security Area
and User Services Area of the Internet Engineering Task Force (IETF). This
FYI RFC provides information for the Internet community. It does not specify
an Internet standard.
- GUIDELINES FOR THE SECURE OPERATION OF THE INTERNET
- R. Pethin, S. Crocker and B. Fraser
November 1991
Format: postscript, 85Kb
- Format: PDF
Abstract:This memo provides information for the Internet community.
It does not specify an Internet standard.
- RETROFITTING NETWORK SECURITY TO THIRD-PARTY APPLICATIONS - THE
SECUREBASE EXPERIENCE
- Jonathan I. Kamens
Format: postscript, 97Kb
- Format: PDF
Abstract:Systems such as Kerberos, designed to provide secure
user and service authentication over insecure open networks, continue to
gain acceptance in the UNIX world.
- SECURITY ARTICLE EXTRACTS - LEGALITIES
- Simon Garfinkel
1987
Format: postscript, 199Kb
- Format: PDF
- TCP/IP SECURITY SURVIVAL ON THE INTERNET 1992 Spring DECUS Symposium
- John (Fast-Eddie) McMahon
4 May 1992
Format: postscript, 581Kb
- Format: PDF
- SWIPE NETWORK-LAYER SECURITY FOR IP
- John Ioannidis, Phil Karn and Matt Blaze
March 93
Format: postscript, 74Kb
- Format: PDF
- TCP BUFFERING AND PERFORMANCE OVER AN ATM NETWORK - Purduc Technical
Report CSD-TR 94-026
- Douglas E. Comer and John C. Lin
March 16, 1994
Format: postscript, 300Kb
- Format: PDF
Abstract:This paper reports a series of experiments to measure
TCP performance when transferring data through an Asynchronous Transfer
Mode (ATM) switch.
- INTRODUCTION TO THE INTERNET PROTOCOLS
- Computer Science Facilities Group, Rutgers, The State University of
New Jersey
3 October 1988
Format: postscript, 379Kb
- Format: PDF
Abstract:This is an introduction to the Internet networking
protocols (TCP/IP). It includes a summary of the facilities available and
brief description of the major protocols in the family.
- INTRODUCTION TO ADMINISTRATION OF AN INTERNET-BASED LOCAL NETWORK
- Computer Science Facilities Group, Rutgers, The State University of
New Jersey
3 October 1988
Format: postscript, 965Kb
- Format: PDF
Abstract:This is an introduction for people who intend to set
up or administer a network based on the Internet networking protocols (TCP/IP).
- TCP WRAPPER
- Wicke Venema
Format: postscript, 58Kb
- Format: PDF
Abstract:Network monitoring, access control, and booby traps
- PROCESSING VISUAL SPECIFICATIONS OF FILE SYSTEM SECURITY
- C. Allan Hoydon
October 1, 1992
Format: postscript, 3752Kb
- Format: PDF
Abstract:This dissertation pushes the boundary between textual
and visual expression in a new way. We focus on the issue of writing specifications
using a visual notation, and we describe two visual languages for this
purpose. These languages provide users with the ability to formally specify
security properties of a file system.
- THINKING ABOUT FIREWALL
- Marcus J. Ranum
Format: postscript, 108Kb
- Format: PDF
Abstract:Many companies connect to the Internet, guarded by
firewalls designed to prevent unauthorized access to their private networks.
Despite this general goal, firewalls span a continuum between ease of use
and security. This paper describes some of the considerations and tradeoffs
in designing firewalls. A vocabulary for firewalls and their components
is offered, to provide a common ground for discussion.
- A TOOLKIT AND METHODS FOR INTERNET FIREWALLS
- Marcus J. Ranum Frederick M. Avolio
Format: postscript, 185Kb
- Format: PDF
Abstract:As the number of businesses and government agencies
connecting to the Internet continues to increase, the demand for Internet
firewalls - points of security guarding a private network from intrusion
- has created a demand for reliable tools from which to build them. We
present the TIS Internet Firewall Toolkit, which consists of software modules
and configuration guidelines developed in the course of a broader ARPA-sponsored
project.
- IMPROVING THE SECURITY OF YOUR UNIX SYSTEM
- David A. Curry
Final Report April 1990
Format: postscript, 274Kb
- Format: PDF
- USTAT A Real-time Intrusion Detection System for UNIX
- Koral Ilgun
November 1992
Format: postscript, 1260Kb
- Format: PDF
Abstract:This thesis presents the design and implementation
of a real-time intrusion detection tool called USTAT, a State Transition
Analysis Tool for UNIX. The original design was first developed by Philip
A. Parras and presented in (Porr91) as STAT, a State Transition Analysis
Tool. STAT is a new model for representing computer penetrations, and the
model is applied to the development of a real-time intrusion detection
tool.
- GROWTH TRENDS IN WIDE-AREA TCP CONNECTIONS
- Vern Paxson
May 12, 1993
Format: postscript, 254Kb
- Format: PDF
Abstract:We analyze the growth of a medium-sized research laboratorys
wide-area TCP connections over a period of more than two years. Our date
consisted of six month-long traces of all TCP connections made between
the site and the rest of the world.
- EMPIRICALLY-DERIVED ANALYTIC MODELS OF WIDE-AREA TCP CONNECTIONS:
EXTENDED REPORT
- Vern Paxson
June 15, 1993
Format: postscript, 522Kb
- Format: PDF
Abstract:We analyze 2.5 million TCP connections that occurred
during 14 wide-area traffic traces. The traces were gathered at five stub
networks and two internetwork gateways, providing a diverse look at wide-area
traffic. We derive analytic models describing the random variables associated
with telnet, nnip, swip, and fip connections, and present a methodology
for comparing the effectiveness of the analytic models with empirical models
such as tiplils.
- EMPIRICALLY-DERIVED ANALYTIC MODELS OF WIDE-AREA TCP CONNECTIONS:
EXTENDED REPORT - SECOND PART
- Vern Paxson
June 15, 1993
Format: postscript, 560Kb
- Format: PDF
Abstract:This is second part to above manual.
- ANALYSIS OF AN ALGORITHM FOR DISTRIBUTED RECOGNITION AND ACCOUNTABILITY
- Calvin Kn, Deborah A. Frincke and Terrence Goan, Jr.
Format: postscript, 209Kb
- Format: PDF
Abstract:Computer and network systems are vulnerable to attacks.
Abandoning the existing huge infrastructure of possibly-insecure computer
and network systems is impossible, and replacing them by totally secure
systems may not be feasible or cost effective. A common element in many
attacks is that a single user will often attempt to intrude upon multiple
resources throughout a network. .... To solve this problem, we suggest
an approach for distributed recognition and accountability (DRA), which
consists of algorithrow which process at a central location, distributed
and asynchronous reports generated by computers (or a subnet thereof) throughout
the network.
- X THROUGH THE FIREWALL, AND OTHER APPLICATION RELAYS
- G. Winfield Treese and Alec Wolman
3 May 1993
Format: postscript, 430Kb
- Format: PDF
Abstract:Organizations often impose an administrative security
policy when they connect to other organizations on a public network such
as the Internet. Many applications have their own notions of security,
or they simply rely on the security of the underlying protocols. Using
the X Window System as a case study, we describe some techniques for building
application-specific relays that allow the use of applications across organizational
boundaries. In particular, we focus on analyzing administrative and application-specific
security policies to construct solutions that satisfy the security requirements
while providing the necessary functions of the applications.
- INFORMATION SECURITY AND PRIVACY IN NETWORK ENVIRONMENTS
- Recommended citation: U.S. Office of Technology - Assessment, Information
Security and Privacy in - Network Environments, OTA-TCT-606 (Washington,
DC
September 20, 1994
Format: text, 808Kb
Abstract:Information technologies are transforming the ways we create,
gather, process, and share information. Computer networking is driving
many of these changes. But the transformation brought about by networking
also raises new concerns for the security and privacy of networked information.
If these concerns are not properly resolved, they threaten to limit networking's
full potential, in terms of both participation and usefulness. Thus appropriate
institutional and technological safeguards are required for a broad range
of personal, copyrighted, sensitive, or proprietary information. The OTA
report on Information Security and Privacy in Network Environments examines
policy issues in three areas: 1) cryptography policy, including federal
information processing standards and export controls; 2) guidance on safeguarding
unclassified information in federal agencies; and 3) legal issues and information
security, including electronic commerce, privacy, and intellectual property.
- DEPARTMENT OF DEFENSE STANDARD - DEPARTMENT OF DEFENSE TRUSTED COMPUTER
SYSTEM EVALUATION CRITERIA - DECEMBER 1985
- December 26, 1985
Format: text, 277Kb
Abstract:This publication, DoD 5200.28-STD, "Department of
Defense Trusted Computer System Evaluation Criteria," is issued under
the authority of an in accordance with DoD Directive 5200.28, "Security
Requirements for Automatic Data Processing (ADP) Systems," and in
furtherance of responsibilities assigned by DoD Directive 52l5.l, "Computer
Security Evaluation Center." Its purpose is to provide technical hardware/firmware/software
security criteria and associated technical evaluation methodologies in
support of the overall ADP system security policy, evaluation and approval/accreditation
responsibilities promulgated by DoD Directive 5200.28.
- CSC-STD-002-85 - DEPARTMENT OF DEFENSE - PASSWORD MANAGEMENT GUIDELINE
- Department of Defense Computer Security Center
12 April 1985
Format: text, 60Kb
Abstract:This publication, "Department of Defense Password
management Guideline," is being issued by the DoD Computer Security
Center (DoDCSC) under the authority of and in accordance with DoD Directive
5215.1, "Computer Security Evaluation Center." The guidelines
described in this document provide a set of good practices elated to the
use of password-based user authentication mechanisms in automatic data
processing systems employed for processing classified and other sensitive
information. Point of contact concerning this publication is the Office
of Standards and Products, Attention: Chief, Computer Security Standards.
- CSC-STD-003-85 - COMPUTER SECURITY REQUIREMENTS - GUIDANCE FOR APPLYING
THE DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA IN
SPECIFIC ENVIRONMENTS
- 25 June 1985
Format: text, 20Kb
Abstract:This publication, Computer Security Requirements--Guidance
for Applying the Department of Defense Trusted Computer System Evaluation
Criteria in Specific Environments, is being issued by the DoD Computer
Security Center (DoDCSC) under the authority of and in accordance with
DoD Directive 5215.1, "Computer Security Evaluation Center."
It provides guidance for specifying computer security requirements for
the Department of Defense (DoD) by identifying the minimum class of system
required for a given risk index. System classes are those defined by CSC-STD-001-83,
Department of Defense Trusted Computer System Evaluation Criteria, 15 August
1983. Risk index is defined as the disparity between the minimum clearance
or authorization of system users and the maximum sensitivity of data processed
by the system. This guidance is intended to be used in establishing minimum
computer security requirements for the processing and/or storage and retrieval
of sensitive or classified information by th
- CSC-STD-004-85 - TECHNICAL RATIONAL BEHIND CSC-STD-003-85: COMPUTER
SECURITY REQUIREMENTS - GUIDANCE FOR APPLYING THE DEPARTMENT OF DEFENSE
- TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA IN SPECIFIC ENVIRONMENTS
- Robert L. Brotzman, Director, DoD Computer Security Center
25 June 1985
Format: text, 76Kb
Abstract:This publication, Technical Rationale Behind CSC-STD-003-85:
Computer Security Requirements--Guidance for Applying the Department of
Defense Trusted Computer System Evaluation Criteria in Specific Environments,
is being issued by the DoD Computer Security Center (DoDCSC) under the
authority of and in accordance with DoD Directive 5215.1, "Computer
Security Evaluation Center." This document presents background discussion
and rationale for CSC-STD-003-85, Computer Security Requirements--Guidance
for Applying the Department of Defense Trusted Computer System Evaluation
Criteria in Specific Environments. The computer security requirements identify
the minimum class of system required for a given risk index. System classes
are those defined by CSC-STD-001-83, Department of Defense Trusted Computer
System Evaluation Criteria, 15 August 1983.
HOME || CORP
|| PRODUCTS || SERVICE
|| NEWS || LIBRARY
|| MAP || INFORMATION
 Raptor
Systems, Inc., 69 Hickory Drive, Waltham, MA 02154
Voice: 800-9-EAGLE-6, 617-487-7700 Fax: 617-487-6755
Email: info@raptor.com
For web issues please Email: webmaster@raptor.com
|
