Access Control, RFID, Viruses leap to smart radio tags, Extended EAP (Extensible Authentication Protocol), SolutionBase: RADIUS deployment scenarios, There are many different ways that RADIUS servers can be deployed, both in ISP and in corporate environments. Here are some of the less common types of RADIUS deployments.
Architecture, Virtualization, What are the security risks associated with virtual PCs?, If a virtual machine is hacked, what are the consequences?
Application & Database, Jess Gracia's Malware Analysis Knowledge Base, Web Application, PHP / SQL Injection, Manual, Guide to PHP security, Security Tool: SafeSQL, How to prevent SQL Injection Attacks with PHP and MySQL, Encrypted Storage Model, XSS, Hackers broaden reach of cross-site scripting attacks, Cross-site tracing vs. Cross-site scripting, What new tactics can prevent cross-site scripting attacks?, Web Application Security Consortium, Open Web Application Security Project (OWASP), Web Hacking Incident Database, HTTP attacks: Strategies for prevention, Developer's active content delivery checklist, Buffer overflows and memory leaks in a Web application?, Blind SQL Injection Tool, an automatic blind SQL injection tool, developed in python, capable to perform an active database management system fingerprint, enumerate entire remote databases and much more. The aim of this project is to implement a fully functional database management system tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities.
BCP & DRP, Disaster Recovery e-book
Incident Handling, Management, CERT Coordinated Response - guidance to establish computer security incident response teams (CSIRTs), Creating a Computer Security Incident Response Team: A Process for Getting Started, Action List for Developing a Computer Security Incident Response Team (CSIRT), Steps for Recovering from a UNIX or NT System Compromise, Forensic, Jess Garcia's Forensic Knowledge Base !, First Responders Guide to Computer Forensics - Advanced Topics, Tools, LiveView, Sleuthkit & Autospy, Various Notes, How to perform forensics analysis?, Spyware removal checklist
Management, Policy, Reduce the risks of uncontrolled email and web usage, The ePolicy Institute and MessageLabs combine to bring you this best practice guide to implementing, updating and enforcing your email and web acceptable usage policy., Download this FREE guidebook to understand how to reduce the risks of epolicy breaches. Plus receive free policy templates to help ensure best practice., IT Security Policy Checklist, An IT Security Policy should be a place to standardize and document company-wide security practices. This checklist provides a comprehensive list of issues that should be covered and recommends a variety of security policy best practices., Policy & Procedure Manual, 30-days Trial Professional Policy and Procedure Manual software is designed to organize and create, review, and view policy and procedure documents. There is a great demand for an electronic policy manual that suits the efficiency, competency, and regulatory needs of any business. The Policy and Procedure Manager addresses all those needs., Build Your Own: E-mail Usage Policy, E-Policy Best Practices Guide, Total Enterprise Assurance Management (TEAM) model, Top tools for testing your online security, Master the principles of computer security, Computer security may seem complicated, but in truth the theory behind computer security is relatively simple. Hacking methods fall into just a few categories, and solutions to computer security problems are actually rather straightforward. In this sample chapter from Network Security Foundations: Technology Fundamentals for IT Success, explore the history of computer security, investigate the reasons that computers aren't secure, and master the theoretical underpinnings of network security., Standard / Certification, CC Validated Product List
Operation, The 15-Minute Backup Solution Using Open Source, Animated RAID Tutorial, RAID Space Calculator, RAID storage explained
Physical, ASIS Security Toolkit, ASIS Executive Documents, CIA's The World Factbook, Security Management Online, Protection of Assets (POA) Manual, Lock Picking, Definitive Guide, Physical Security in Mission Critical Facilities, Monitoring Physical Threats in the Data Center
Telecom, Sniffing, Tools - Free, Packet Garden, URL Filtering, Google translator as proxy to by-pass restricted sites, Immunity Resource - Papers, MIDCOM (MiddleBox Communication), Network Role Based Security, Combining NetFlow with Security Information Management systems, DDoS, Can service providers prevent DDoS attacks?, Block and reroute denial-of-service attacks, Wireless, WPA, Deploying Wi-Fi Protected Access (WPA) and WPA2 in the Enterprise, WPA2 Data Encryption and Integrity, WPA Overview, The Opportunities and Challenges Associated With Wi-Fi Deployment, Eleven Myths about 802.11 Wi-Fi Networks, Ultimate guide to enterprise Wireless LAN security, The six dumbest ways to secure a wireless LAN, Hack most wireless LANs in minutes!, ASLEAP - Cisco LEAP Cracking Tool, WEP: Dead Again, VoIP, IP Telephony Pocket Guide, Investigate and implement Session Initiation Protocol (SIP) gateways, SIP Server: Technical Overview, With the advance of SIP, server logic has become increasingly complex. SIP Servers need to deal with varying network topologies (such as public Internet networks, cellular networks, broadband residential networks), complex routing policies, security and SIP extensions. SIP Servers often need to handle high message/transaction rates and yield real-time performance and scalability, high throughput, and low delay. This paper discusses the protocol aspects of SIP Server behavior and the usage of the RADVISION SIP Server Platform to address the challenges of effective SIP Server development., Successfully Deploy and Maintain VoIP with these Best Practices, Your VoIP vendor choice will influence your deployment and maintenance processes, but following general VoIP best practices will also increase the project's success. You can separate and handle voice traffic through standard, vendor-neutral protocols and design practices. Furthermore, general layout and design models for integrated VoIP and data networks provide a strong base for many VoIP deployments. VLANs, QoS, codecs, and compression will all help you build your VoIP solution atop your existing network. This document identifies and explains general best methods for deploying and maintaining successful VoIP networks., The OSI Model: Understanding the Seven Layers of Computer Networks, TCP/IP Fundamentals for Microsoft Windows, DNS Step-by-Step Guide, Microsoft Windows Server 2003 TCP/IP Implementation Details, This white paper describes the implementation of the TCP/IP protocol stack in the Microsoft® Windows Server™ 2003 family and is a supplement to the Windows Server 2003 Help and Support Center and Technical Reference documentation. This white paper contains an overview of TCP/IP in Windows Server 2003 features and capabilities, a discussion of protocol architecture, and detailed discussions of the core components, network application interfaces, and critical client components and services. The intended audience for this paper is network engineers and support professionals who are already familiar with TCP/IP. Except where noted, the TCP/IP implementation for Windows® XP is the same as that for Windows Server 2003., Firewall, 10 things you should look for in a desktop firewall, Application Firewall Overview, A firewall checklist, Firewall Performance Testing Methodology, Introducing a firewall into a network starts with proper planning. One will need to consider things such as the protocols that the firewall will support, the applications that need access from either side of the firewall, the criticality of each application, the budget, and the importance of CRASP (compatibility, reliability, availability, scalability, performance) for the network and the firewall. This document describes suitable methods and techniques that can help determine the performance and reliability of the firewall., Firewall failure plan checklist, Whether your firewall is hardware- or software-based it's a terrific target for experienced hackers and at some point it will fail. How you prepare for that failure and the actions you take following the failure are critical. This comprehensive Firewall failure plan checklist contains two sections: a checklist of critical information to have on hand and a list of techniques for troubleshooting both operational and non-operational firewall failures., IDS/IPS, IPS - Types of Signature, IPS Topics on searchsecurity.com, Evading NIDS, revisited, How Does Ping Really Work?
Career, CISSP, CISA, Exam Self Assesment dari ISACA
Assurance, Audit & Assessment, PenTest, Tools - Open Source, Metasploit, Wi-Fi hacking, with a handheld PDA, NIST 4-Stage Pen-Testing Guideline, FoundStone's Pen-Testing Methodology, OSSTMM, Log Analysis, Tools - Open Source, Distributed Aggregation for Data analysis (DAD), Tools - Commercial, No-Tech Hacking
Awareness, Ethics, Social Engineering, Tips, Security Awareness Content for Managers
SCADA, LOGIIC Correlation Project, The LOGIIC Correlation Project was a 12-month technology integration and demonstration project jointly supported by industry partners and the U.S. Department of Homeland Security (DHS). The project demonstrates an opportunity to reduce vulnerabilities of oil and gas process control environments by sensing, correlating and analyzing abnormal events to identify and prevent cyber security threats. The project partners will: * Identify new types of security sensors for process control networks * Adapt a best-of-breed correlation engine to this environment * Integrate in test bed and demonstrate * Transfer technology to field operations
Security Guide, Security Technical Implementation Guides (STIGS), NSA Security Guides, All Current Security Guides, Applications , Database Servers, Operating Systems, Routers, Supporting Documents, Switches, VoIP and IP Telephony, Vulnerability Technical Reports, Web Servers and Browsers, Wireless, Archived Security Guides, Center for Information Security (CISecurity), NIST Checklists Program for IT Products
Various Stories, Slashdot Security Stories, Aircraft Remote Control, 45 millions Credit-Card Data Went Out Wireless Door - TJX case
Various Tools, List of Mgmt tools for Enterprise SysAdmin, Online, Process Library, check what processes are running, Keymail the KeyLogger, An E-mailing Key Logger for Windows with C Source., MadMACs, MAC address spoofer, Brutus, Pentest Download, Oracle & Bluetooth
Vulnerability, Database, National Vulnerability Database (NVD), Fuzzer, (L)ibrary (E)xploit API - lxapi, A collection of python scripts for fuzzing, Mangle, A fuzzer for generating odd HTML tags, it will also autolaunch a browser, SPIKE, A collection of many fuzzers from Immunity. Used to find the recent remote RDP kernel DoS against a firewalled XP SP2, PROTOS WAP, A fuzzer from the PROTOS project for fuzzing WAP, PROTOS HTTP-reply, Another fuzzer from the PROTOS dudes for attack HTTP responses, useful for broswer vulns, PROTOS LDAP, For fuzzing LDAP, not as successful as the others from the PROTOS project, PROTOS SNMP, Classic SNMP fuzzer, found a vuln in almost every networking gear available at the time (2002), PROTOS SIP, For fuzzing all those new VOIP SIP devices you see everywhere., PROTOS ISAKMP, For attacking IPSec implementations, RIOT & faultmon, For attacking plain text protocols (Telnet, HTTP, SMTP). Used by Riley Hassell when he worked at eEye to discover the IIS .printer overflow and included in The Shellcoder's Handbook, SPIKE Proxy, A semi-functional web fuzzer from the guys at Immunity that brought you the original SPIKE, Tag Brute Forcer, Awesome fuzzer from Drew Copley at eEye for attacking all of those custom ActiveX applications. Used to find a bunch of nasty IE bugs, including some really hard to reach heap overflows, FileFuzz, A file format fuzzer for PE (Windows) binaries from iDefense. Has a pretty GUI. I've recently used it to find bugs in Word., SPIKEFile, Another file format fuzzer for attacking ELF (Linux) binaries from iDefense. Based off of SPIKE listed above., notSPIKFile, A ELF fuzzer closely related to FileFuzz, instead of using SPIKE as a starting point., Screaming Cobra, Name makes the fuzzer sound better than it really is, but is good for finding CGI bugs. Also, its a perl scrpt so easy to modify or extend., WebFuzzer, A fuzzer for (guess what?) web app vulns. Just as good as some of the cheap commercial web fuzzers., eFuzz, A generic TCP/IP protocol fuzzer. Easy to use, but maybe not as full featured as some others on this list, Peach Fuzzer, A great fuzzer written by Michael Eddington. Peach Fuzzer is more of a framework for building fuzzers, Fuzz, The ORIGINAL fuzzer developed by Dr. Barton Miller at my Alma Matter, the University of Wisconsin-Madison in 1990. Go badgers!
Video, Tutorial, The dangers of Ad-Hoc networks in Windows XP SP2, Hacking Mac OS X - A Case Study, Hacking SQL in Linux using the SecureState Swiss Army Knife
Threats Monitor, The security risks of Google Notebook, 10 emerging malware trends for 2007, Google Desktop gets scarier, How to tame Google Desktop
Cyberwar, DoD's Report on China Military Power, News
MITRE.org Projects & Links, complete index
Mind Mapping, 3 Web-based Mind Mapping Tools Review
NokSync is a Thunderbird extension. NokSync synchronizes contacts between Thunderbird and a NOKIA phone. NokSync will * read one or more Thunderbird address books * read the phonebook in a NOKIA phone (using cable, infrared or bluetooth connection) * compare the two, and suggest updates to bring them into synchronization * let the user change the suggestions to synchronize exactly as he wishes * update contact information in Thunderbird address books and the NOKIA Phone accordingly NokSync is free, open-source software.
Synchronize your Google Calendar with your mobile phone or PDA. Goosync will seamlessly synchronize almost any mobile device with your Google Calendar. It's quick and simple, sign-up and start syncing.
Universal Command Guide for Operating Systems
Microsoft, Tools, Sysinternals
VMware, Untitled, Lots of Vmware Links...., VMguru, ESX Server Supported Hardware Lifecycle Management Agents, Virtual Tricks, VMworld 2006 Conference Sessions, Create VM using VMware Player, Success Stories, Forum: VMware Infrastructure: Virtual Machine and Guest OS, Problems, Windows Vista Enterprise (official release) install issues on ESX 3.0.1, Cross LUN file operation performance
Asterisks, Reference, synsip.eu > References