Network Security

• Certification authority implementation
• Authentication
• Biometrics
• Security breaches
• Cryptanalyis
• Security libraries
• Electronic payments
• Firewalls
• Denial-of-Service attacks
• Operating system security
• Network Security (routers, etc.)
• Kerberos
• Phishing

General Topics

• Steganography:
  • MP3 files
  • SNOW: hides information in trailing white space
• Results, Not Resolutions - A guide to judging Microsoft's security progress; Jan. 24, 2002.
• Considering Security: A Parable, Fred Baker, Dec. 2001
• WWW security FAQ
• general list of security issues
• Randomness and Netscape
• Data Encryption Standard (DES) (FIPS 46-2)
• Rijndael selection as AES
• computational alternative to random number generators
• forum for security issues
• X.509 certificates
• Attack Trees
• security and communications
• Java and excuteable security objects
• Dynamic Virtual Private Network
• securing real-time database
• securing real-time database
• securing mobile agents
• management for encrypted broadcast
• multimedia and copyrights
• security policy on graphical interfaces
• useablity of security
• enforceable security policies
• shared randomness and secure signatures
• elliptic curve cryptography
• AES Alogrithm
• web sites for the computer security oriented
• papers on security issues
• SANS (System Administration, Networking, and Security) Institute
• anonymizer.com keeps web surfing private; description of anonymizer proxy
• Elliptic curve cryptography
• Castles Built on Sand: Why Software is Insecure, Jan. 2002
• Global Election Systems voting
• Security Aspects of Napster and Gnutella
• nmap - network mapper
• All E-Commerce news
• Keeping PKI Under Lock and Key: PKI implementation issues
• Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology (GAO report)
• Alice and Bob: on the private lives of our favorite characters
• UW Network Security Credo
• Bruce Schneier on crypto, the FBI, privacy and more, October 3, 2001 (The Register)

• PGP GRANTED EXPORT LICENSE
  Pretty Good Privacy Inc. has obtained U.S. government approval to export 128-bit encryption technology -- without key-recovery features -- to foreign subsidiaries and branches of large U.S. companies. The branches and subsidiaries are not allowed to re-export, resell or transfer the encryption software without government authorization. (BNA Daily Report for Executives 2 Jun 97)

• RSA tattoo
• ITAR Civil Disobedience: send RSA to Anguilla
• A Cryptographic Evaluation of IPsec
• S/MIME
• Public Report on Secret Meeting About Keeping Secrets: IAB security workshop
• Email: spoofing, anon. remailer
• Infowar
• Smart cards come to the Web -- are you ready?
• Security vendor list
• Dispute Arises Over FBI Wiretap Plan (NY Times)
• Web server security checklist
• Security problems of the TCP
• Crypto-log (links)
• According to Deloitte & Touche's fraud unit here is a list of the most used passwords.
  1. Your first, last, or kid's name
  2. "secret"
  3. stress-related words ("deadline", "work")
  4. sports teams or terms ("bulls", "golfer")
  5. "payday"
  6. "bonkers"
  7. The current season ("winter", "spring")
  8. Your ethnic group
  9. repeated characters ("aaaaa", "bbbbb")
  10. obscenities, sexual terms
  Business Week, Feb 10 1997
• Fortune article on corporate network security
• Security First Network Bank: trusted operating system (B1) and network security
• Trusted PC: secure PC
• Internet criminal risks
• Brief Tutorial
• Digital Signature Tutorial (American Bar Association)
• Phil Karn's privacy and security page
• Computer Security and Privacy course
• Protection of TCP/IP Based Network Elements
• Behind Encryption Debate: Using a Mimicry Applet (NYT, 9/5/97)
• A Patent Falls, and the Internet Dances (Expiration of Diffie-Hellman patent)
• Windows NT receives C2 security level assurance; Dec. 1999
• Solaris is C2 certified
• ISO-9000-3 certification addresses security
• Infosec Institute

Last updated by Henning Schulzrinne