• Articles & Whitepapers
• Web Sites
• Resources
• Software-client
• Software-server
• Network Firewalls, IDS,
  & Proxy Servers
• Exam Preparation

Home

Articles & Whitepapers

• Best of the Tests
  Brief reviews of Cisco VPN solutions, Retina, Wireless, etc.
  Network World, 11/11/02
  http://www.nwfusion.com/best/2002/tests.html
  
  
• WinPcap Brings Unix Network Tools to Windows
  O'Reilly.com 12/05/2000
  http://security.oreilly.com/news/securingnt2_1200.html
  
  
• Wireless Security Revisited
  Hidden dangers of wide-open wireless connections
  Windows & .NET Magazine 12/2003 InstantDoc #40706
  http://www.winnetmag.com/Articles/ArticleID/40706/40706.html
  
  
• How to keep spam off your net
  Network World, 8/11/97
  http://www.nwfusion.com/netresources/0811spam.html
  
  
• Everything You Need to Know About Network Security
  http://www.adimpleo.com/library/axent/NetSec.pdf
  
  
• How to survive a PC apocalypse
  C|Net reviews, 5/21/02
  http://reviews.cnet.com/4520-3680_7-5021083-1.html
  
  
• About RATs- A Look at the Problem of SubSeven and "Remote Administration Trojans"
  Good article on Remote Administration Tools, including specifics on the SubSeven backdoor trojan.
  http://www.pestpatrol.com/Support/About/About_Rats.asp
  
  
• Malicious Threats of Peer-to-Peer Networking
  Symantec Security Response
  Discusses security risks with allowing peer-to-peer networking traffic within your network
  http://enterprisesecurity.symantec.com/PDF/malicious_threats.pdf
  
  
• Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses
  Symantec Security Response
  http://enterprisesecurity.symantec.com/PDF/Blended_Attacks.pdf
  
  
• Stalking the Wily Hacker
  An acadmemic paper which highlights some of the techniques used to break into computers.
  By Cliff Stoll, author of The Cuckoo's Egg.
  Communications of the ACM, 5/98
  http://faculty.cs.tamu.edu/pooch/course/CPSC665/Spring2001/Lessons/
  Intrusion_Detection_and_Response/p484-stoll.pdf
  
  
• ICMP Stands For Trouble
  Network Magazine 09/05/2000
  http://www.networkmagazine.com/article/NMG20000829S0003
  
  
• Sniffing the sniffers - detecting passive protocol analysers
  http://www.dkuug.dk/nordu2001/papers/th11-sniffing-the-sniffers.pdf
  
  
• Intrusion Detection Systems Directory
  Top IDS vendors
  http://www.isp-planet.com/services/ids
  
  
• How To Guide-Implementing a Network Based Intrusion Detection System
  http://downloads.securityfocus.com/library/switched.pdf
  
  
• From Blueprint to Fortress: A Guide to Securing IIS 5.0
  http://www.microsoft.com/technet/prodtechnol/windows2000serv/
  technologies/iis/deploy/depovg/securiis.mspx
  
  
• IIS Security Checklist
  http://www.microsoft.com/WINDOWS2000/en/server/iis/htm/core/iisckl.htm
  
  
• IIS Lockdown tool
  http://www.microsoft.com/technet/treeview/default.asp?
  url=/technet/security/tools/locktool.asp
  
  
• Cisco Cures the Chicago Blues
  Head-to-Head testing of High Availability firewalls. Cisco, Checkpoint, NetScreen.
  Network Computing, 11/01
  http://www.networkcomputing.com/1223/1223f2.html
  
  
• Cisco Systems Tech Talk:
  Combating Blaster and other Internet Worms. Top 100 Questions and Answers
  http://www.cisco.com/offer/worm/blasterworm_lp_hard.html?sid=124013_257
  
  
• Cisco SAFE Implementation
  Best practices and recommendations for building scalable, secure enterprise networks.
  http://www.cisco.com/go/safe
  
  
• Cisco IOS firewall feature set
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/
  120t/120t4/fw800.htm
  
  
• Cisco: IOS router security features
  IOS CBAC, IDS, DoS, etc.
  http://www.cisco.com/asiapac/channels/files/club/VPNRoadshowModule7IOSfirewall.pdf
  
  
• IOS 12.2: Traffic filtering and firewalls
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
  fsecur_c/ftrafwl/index.htm
  
  
• Firewall Stateful Inspection of ICMP
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/
  products_feature_guide09186a0080146558.html
  
• Configuring Network-Based Application Recognition (NBAR) on Cisco Routers
  NBAR is used to prevent certain types of traffic (like IM) from crossing your router.
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/ products_configuration_guide_chapter09186a00800c75d0.html
  
  
• Rolling out remote access
  Network World, 10/28/02
  Comparison of Cisco, Checkpoint, Avaya, NetScreen, SonicWALL, Sidewinder VPN products.
  http://www.nwfusion.com/reviews/2002/1028bgrev.html
  
  
• The SSL Alternative
  Network Computing Magazine 11/13/03
  An introduction to SSL VPNs and review of 8 products choosing Neoteris (NetScreen) as the winner.
  http://www.nwc.com/showitem.jhtml?docid=1423f3
  
  
• The Firewall Market for 2003
  Trends, Gimmicks, Features & Pitfalls for Improving Perimeter Security
  http://www.digitaldatatrust.com/pdf/papers/Firewall_Market-Statham_Kruse.pdf
  
  
• Mitigating the SANS/FBI Top Twenty with Check Point Software Technologies
  http://www.checkpoint.com/securitycenter/whitepapers.html
  
  
• Checkpoint Stateful Inspection
  http://www.checkpoint.com/products/downloads/Stateful_Inspection.pdf
  
  
• 2003 CSI/FBI Computer Crime and Security Survey
  The Survey is conducted by CSI with the participation of the San Francisco FBI Computer Intrusion Squad. The aim is to raise security awareness and determine the scope of computer crime in the United States.
  http://www.gocsi.com/press/20030528.jhtml
  
  
• Do It Yourself DNS
  Review of top DNS appliances, including ApplianSys, BlueCat, and Infoblox.
  Network Computing 4/3/03
  http://www.nwc.com/1406/1406f3.html
  
  
• CSI: Enterprise
  Network Computing 12/9/04
  The role of computer forensics in the enterprise
  http://www.networkcomputing.com/story/showArticle.jhtml?articleID=54201184
  
  
• Elementary, My Dear Watson
  Network Computing 12/9/04
  A review of network forensics tools
  http://www.networkcomputing.com/story/showArticle.jhtml?articleID=54201537
  
  

Web Sites

• Security Focus
  Lots of news and articles on network security.
  http://www.securityfocus.com
  
  
• Microsoft Security
  Mostly propaganda, but some good info. Every Windows sys admin should subscribe to their email security bulletins.
  http://www.microsoft.com/security
  
  
• NTSecurity.com
  http://www.ntsecurity.com
  
  
• Windows & .NET Magazine
  Security Administration Archive
  http://www.winnetmag.com/WindowsSecurity
  
  
• LabMice Computer Network and System Security
  http://www.labmice.net/Security
  
  
• Computer Cops
  News and forums on network security
  http://www.computercops.biz
  
  
• Packet Storm
  http://packetstormsecurity.nl
  
  
• Astalavista.com
  Hacker portal includes code samples, tutorials, tools, etc.
  http://www.astalavista.com
  
  
• Snap Files
  Lots of cool network utilities
  http://www.snapfiles.com
  
  
• Honeypots- Tracking Hackers
  http://www.tracking-hackers.com
  
  Top

Resources

• SANS Top 20 Vulnerabilities
  SANS (SysAdmin, Audit, Network, Security Institute) was established in 1989 as a cooperative research and education organization. Many SANS resources, such as news digests, research summaries, security alerts and award-winning papers are free to download. http://www.sans.org/top20
  
  
• Spywareguide
  This site has loads of information on spyware, including a comprehensive database of spyware applications, and a downloadable registry file that kills all known malicious ActiveX controls.
  http://www.spywareguide.com
  
  
• Pest Scan
  Free online spyware scanner by Pest Patrol. Catches most Spyware and Adware. The downloadable licensed software can detect and remove spyware. You could also use the online database at Pest Patrol for instructions on how to manually remove the spyware.
  http://www.pestscan.com
  
  
• Eeye Security
  The makers of Retina and SecureIIS create tools to test your network for known vulnerabilities. They also make a NT version of Nmap. Free downloads.
  http://www.eeye.com/html/Research/Tools
  
  
• Netcraft
  Uses service banners to show the operating system a host is running. Useful stats on popular operating systems. This can be fooled with certain tools or proxies, but still useful info.
  http://news.netcraft.com
  
  
• ShieldsUP!
  Externally probes your network for open ports. Valuable tool for testing your network perimeter.
  http://www.grc.com
  
  
• Windows Security & Configuration Resources
  http://www.cert.org/tech_tips/win-resources.html
  
  
• Top 75 Security Tools
  http://www.insecure.org/tools.html
  http://www.insecure.org/tools2000.html
  
  
• Symantec Security Check
  http://security.symantec.com/ssc
  
  
• Back Officer Friendly
  (NFR Security) Free download
  http://www.nfr.com/resource/backOfficer.php
  
  
• ORDB RBL
  The Open Relay DataBase. A non-profit organization that tracks open relays.
  http://www.ordb.org
  
  
• SpamCop RBL
  An experimental service that lists hosts that emit lots of spam.
  http://www.spamcop.net/bl.shtml
  
  
• DSBL RBL
  Distributed Server Boycott List. A list of open proxies, open relays, and insecure formmail scripts.
  http://www.dsbl.org
  
  
  Top

Software - Client

• AVG Anti-Virus
  Czech company offers free anti-virus client and updates for personal home use. Site also includes virus removal tools and an online virus encyclopedia.
  http://www.grisoft.com
  
  
• Bit Defender
  Romanian company offers free anti-virus, online scanner, virus removal tools.
  http://www.bitdefender.com
  
  
• SpamPal
  Free tool that practically eliminates all spam. Can be used with any Windows POP3/IMAP4 email client. Functionality can be extended by using a number of free plugins.
  http://www.spampal.org
  
  
• Zone Alarm
  Blocks viruses, hackers, cookies, ads. Includes hacker tracking, ad blocking, mail safe protection blocks suspicious email attachments. Very good, easy to use software firewall. Free version available.
  http://www.zonelabs.com
  
  
• Outpost Firewall
  Much more than a personal firewall. Also blocks cookies, pop-ups, E-mail viruses, backdoors, spyware, adware, malware. Supports parental controls and 3rd party plugins. Free version available.
  http://www.agnitum.com/products/outpost
  
  
• Black Ice Defender
  Powerful personal firewall, includes IDS. Server versions available.
  http://blackice.iss.net
  
  
• Spybot Search & Destroy
  Detects and removes spyware and adware. Blocks drive-by downloads. Shareware.
  http://security.kolla.de
  
  
• PestPatrol
  Site includes free online spyware scanner. Online version and evaluation version will detect pests, but won't remove them.
  http://www.pestpatrol.com
  http://www.pestscan.com (online scanner)
  
  
• Xblock
  Detects and removes spyware and adware. Shreds files, removes cookies, cleans cache, and some more useful tools. Freeware version available.
  http://www.xblock.com
  
  
• Lavasoft AdAware
  Catches and removes AdWare. Free version available.
  http://www.lavasoftusa.com
  
  
• Secure CRT
  Terminal emulator supports telnet, SSH1, SSH2, serial. Free trial.
  http://www.vandyke.com/products/securecrt
  
  
• PUTTY
  Freeware Win32 telnet/ssh client
  http://www.chiark.greenend.org.uk/~sgtatham/putty
  
  
• Ethereal
  Free protocol analyser
  http://www.ethereal.com
  
  
• Nmap
  Vulnerability testing and fingerprinting tool. Very accurate. Popular with hackers.
  http://www.insecure.org/nmap
  
  
• Snort
  Open source intrusion detection system. Can be used as a packet sniffer, packet logger, or full-blown NIDS. Runs on just about any OS, flexible & extensible, supports 3rd party plugins.
  http://www.snort.org
  
  
• WinPcap
  http://netgroup-mirror.ethereal.com/winpcap/misc/links.htm
  
  
• Fport
  Windows command-line utility maps ports to processes. This should be in every security admin's toolkit.
  http://www.foundstone.com
  
  
• VisualWare Visual Route
  Graphical traceroute tool useful for tracking spammers and hackers as well as diagnosing network problems.
  http://www.visualware.com
  
  
• VisualWare Visual Lookout
  realtime TCP port monitor
  http://www.visualware.com
  
  
• Retina
  Big daddy vulnerability scanner. Scans every machine on your network, including a variety of operating system platforms (e.g. Windows, Unix, Linux), networked devices (e.g. firewalls, routers, etc.), databases and third-party or custom applications, and delivers a comprehensive report that details all vulnerabilities and appropriate corrective actions and fixes.
  http://www.eeye.com/html/Products/Retina
  
  
• LANguard Network Security Scanner
  Vulnerability Scanner. Freeware.
  http://www.gfi.com/lannetscan
  
  
• LANguard System Integrity Monitor
  provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. Freeware.
  http://www.gfi.com/lansim
  
  
• LANguard Security Event Log Monitor
  Event log based intrusion detection and network-wide event log management.
  http://www.gfi.com/lanselm
  
  
• CyberSitter
  PC software that protects children from objectionable Internet content. Does not require yearly update fees. Customizable and can be managed remotely. Won the PC-Magazine "Editors' Choice" award three years in a row.
  http://www.cybersitter.com
  
  
• Iolo System Mechanic
  Keep your PC running faster, cleaner, and error-free with System Mechanic's full suite of over 15 powerful tools. This set of easy to use, but non-intrusive tools will allow you to find and fix problems with your system as well as properly maintain your PC so that problems don't occur. The tools include: Maintain privacy and security by eliminating tracks left behind while using your computer or surfing the web. Properly remove such items as browser cache, cookies, and other history files. Turbocharge your Internet connection with netbooster™, a tool that will have your system screaming with 'net performance in a few clicks. Track and report on changes made to your system when installing programs, and lots more!
  http://www.iolo.com
  
  Top

Software - Server

• Symantec AntiVirus Corporate Edition
  Provides cross-platform virus protection for workstations and network servers throughout the network with central administration. Runs automatically with dynamic updates.
  http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=155
  
  
• GFI Mail Essentials & Mail Security for MS Exchange
  Email content checking, exploit detection, anti-trojan, anti-virus, anti-spam, & disclaimers.
  Removes all types of email-borne threats before they can affect your users.
  http://www.gfi.com
  
  
• Tripwire for routers and servers
  Notifies an administrator when configurations on routers, switches, firewalls, or servers have been changed.
  http://www.tripwire.com
  
  
• VShell S/FTP Server
  Replace insecure FTP with file transfer over SSH2.
  http://www.vandyke.com/products/vshell
  
  
• WS_FTP Server
  FTP server that supports 128 bit SSL encryption (FTPS).
  http://www.ipswitch.com/products/ws_ftp-server
  
  
• WebSense
  Used with your firewall, can dynamically block undesireable web content.
  http://www.websense.com
  
  
• N2H2 Sentian
  URL filtering. WebSense competitor
  http://www.n2h2.com
  
  Top
  

Network Firewalls, IDS, & Proxy Servers

• Cisco Secure PIX Firewall
  Extremely fast, stable, secure, and scalable firewall.
  http://www.cisco.com/go/pix
  
  
• Search eBay for used PIX 501 firewalls
  http://www.ebay.com
  
  
• Cisco Intrusion Detection Sensor
  Works with Cisco PIX firewalls to drop or report undesirable traffic.
  http://www.cisco.com/go/ids
  
  
• RealSecure IDS Sensor
  Well regarded intrusion detection and prevention.
  Software and appliance versions available.
  http://www.iss.net
  
  
• NetScreen
  Fast firewall appliance with web gui.
  http://www.netscreen.com
  
  
• Checkpoint FW-1
  Software firewall with lots of add-in modules available. Runs on Windows, Solaris, BSD, Linux.
  http://www.checkpoint.com
  
  
• Nokia (Checkpoint) Firewall (BSD)
  The market leader in Enterprise Checkpoint deployments
  http://www.nokia.com
  
  
• Sun (Checkpoint) iForce VPN/Firewall Appliance (Linux)
  http://www.sun.com/servers/entry/checkpoint
  
  
• Symantec Gateway Security (formerly Raptor) (Linux)
  Well regarded proxy firewall appliance
  http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=133
  
  
• SecureIIS Application Layer Firewall
  Protects IIS web servers. Better than URLScan, but URLScan is free.
  http://www.eeye.com/html/Products/SecureIIS
  
  
• Bluecoat (formerly CacheFlow) Port80 Appliance
  Secure proxy appliances that control user communications over the Web. Content filtering, web virus scanning, web proxy, caching, IM control, and bandwidth management. Complements your firewall and IDS sensors with granular application-layer protection against HTTP threats. Supports HTTP, HTTPS, FTP, streaming, MP3, Flash, and hundreds of other Web object types.
  http://www.bluecoat.com
  
  
• Symantec Web Security
  Web proxy integrates anti-virus and content filtering for HTTP & FTP traffic.
  http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=60
  
  
• Microsoft ISA Server
  An extendable proxy server primarily for Microsoft services.
  http://www.microsoft.com/ISAServer
  
  
• CipherTrust Ironmail
  Appliance-based mail server proxy. Protects your mail server from viruses, spam, hacker attacks, etc.
  http://www.ciphertrust.com
  
  
• BlueCat Networks
  They make another appliance-based mail server proxy and a pretty cool hardened DNS server appliance.
  http://www.bluecatnetworks.com
  
  
• FrankenPIX project
  Build a PIX out of an old Intel box. Not legal for production use.
  http://www.packetattack.com/frankenpix.html
  
  Top