Introductory and General:
- Privacy and Security Page - www.markusjansson.net. Or see local copies of the pages:
- Security threats - Test your security and consider why should you be worried
- What to do you if you are attacked or hacked
- Securing yourself & your computer
- How to secure Windows2000 / XP
- Tweaks and tricks for security and privacy
- Firewalls and ZoneAlarm Guide and Tips
- Security threats - Test your security and consider why should you be worried
- Snake Oil Warning Signs: Encryption Software to Avoid to help you distinguish good cryptography from producucts that are to be avoided. (see localy: PDF).
- Security Recommendation Guides from the National Security Agency:
- The 60 Minute Network Security (First Steps Towards a Secure Network Environment) - this guide was written with the less experienced System Administrator and information systems manager in mind, to help them understand and deal with the risks they face.
- Guide to Securing Microsoft Windows NT Networks - presents detailed information on how to secure a network based Windows NT 4.0 operating system. Specifically, this document addresses the builtin security features and shortfalls of the default Windows NT 4.0 operating system.
- Guide to Securing Microsoft Windows XP
- Microsoft Windows 2000 - over 20 guides to securing different aspects of the system and services.
- Microsoft Office XP/2000: Executable Content Security Risks and Countermeasures - this document describes the security risk of Office documents, the countermeasures available within Office XP/2003, and suggestions on how best to configure and use the security in Office XP/2003 to prevent most executable content attacks.
- Microsoft Office 2000 Executable Content Security Risks and Countermeasures - this document describes these improvements and features, and suggests how best to configure and use the security in Office 2000 to prevent most executable content attacks.
- Outlook E-mail Security in the Midst of Malicious Code Attacks - this document presents a variety of countermeasures that can be applied to limit the vulnerability of e-mail systems to attacks. It focuses primarily on the Microsoft Outlook clients, given the prominent role those applications played in recent incidents. Both the Outlook and Outlook Express clients are covered.
- CERT Coordination Center, Home Network Security - http://www.cert.org/tech_tips/home_networks.html - This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of Òalways-onÓ or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem).
- “Glossary for Information Security & Prevention of Computer Related Crime"
- Security: How to Documents: Information Systems and Technology University of Waterloo - http://ist.uwaterloo.ca/security/howto/ - collection of the guides on: Dealing with Adware and Spyware, Managing Your Windows PC, Email Security, Firewall,
- Protect Yourself from WiFi Snoops - http://www.windowsdevcenter.com/pub/a/windows/2005/04/19/WiFiHacks.html
References & others:
- On-line Privacy Tools: http://www.privacy.gov.au/internet/tools/ 5 steps to better on-line privacy - set of links to various tools: Firewall, Cookie Remover, Web Bug Remover, Anonymous Web Browsing, Encrypted Email, Advertising Filters, Anti-Spam Tools, Anti-Spyware Tools,
- “Secure Computing and Online Communications" - This document points to materials which will be of use to those new to online security and privacy issues, as well as resources for more advanced users.
- Online Resources for Readers of the Book "Internet Privacy for Dummies"- /www.internetprivacyfordummies.com
- Neil F. Johnson's Encryption links page
- Godzilla crypto tutorial - Totalling 704 slides tutorial on cryptography history, technical aspects, policy and politics. (see localy: HTML).
- “Anonymity Loves Company: Usability and the Network Effect"
Passwords:
- Passwords and Access Controls
- Good Passphrase Tips
- Safer Passphrases - Creation and Policy
- Information Security & Passwords
Files destruction:
- “Why a normal delete is not sufficient” by Simon Richard Bascom <gns@aladdin.co.uk> - www.iusmentis.com/security/filewiping/realdelete
- “Securing yourself & your computer” - http://www.markusjansson.net/esecuring.html
- “How to Destroy a CD-R” - http://www.roxio.com/en/support/discs/destroydiscs.html
- “Secure Deletion of Data from Magnetic and Solid-State Memory” by Peter Gutmann - http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html and “Data Remanence in Semiconductor Devices” by PeterGutmann - http://www.cypherpunks.to/~peter/usenix01.pdf
Backup:
- “Backing Up Your Data”
- “Introduction to Backing Up and Restoring Data” - http://www.faqs.org/docs/Backup-INTRO/
- “Backing Up Your Computer” - http://www.michaelhorowitz.com/backupclass.html
- “Backup – or else!” - http://www.geekgirls.com/windows_backup_strategies.htm
- “Windows XP Backup Made Easy”
- ”How to Use the Backup Utility to Back Up Files and Folders in Windows XP Home Edition“
Encryption:
- “Using Encryption and Digital Signatures”
- see also descriptions in ngo@box manual “Chapter 8: Pretty Good Privacy”
- “Breaking the code: What encryption means for the first amendment and human rights”
- “NetAction's Guide to Using Encryption Software”
- “Snake Oil-Warning Signs: Encryption Software to Avoid.pdf”
- NetAction's Guide to Using Encryption Software - this documents describes fundamentals about encryption.
- Steganography, Steganalysis and Cryptanalysis
- Introduction to Cryptography and Encryption - The purpose of this tutorial is to teach the theory and application of encryption to bright high school students in a fun and informative manner (see local html);
Internet & communications:
- “Top 10 Places Your Email Can Be Intercepted"
- “Voice Over Internet Protocol and Skype Security” by Simson L. Garfinkel
- “An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol" by Salman A. Baset and Henning
- How to Blog Safely (About Work or Anything Else) - http://www.eff.org/Privacy/Anonymity/blog-anonymously.php and
A technical guide to anonymous blogging - a very early draft - http://cyber.law.harvard.edu/globalvoices/?p=125
Firewall:
- Firewalls and you - A basic introduction to firewalls from TechSoup
- Internet Firewalls: Frequently Asked Questions
- Firewalls and ZoneAlarm Guide and Tips
Virus cleaners:
Recommended Security Lists:
- Bugtraq -- Arguably the most important Internet security list. Vulnerabilities are often announced here first, so check frequently! | Previous month | Archived posts | About list
- Full Disclosure -- An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience. | Current month | Archived posts | About list
- Penetration Testing -- While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing. | Previous month | Archived posts | About list
- Vulnerability Development -- A moderated list for discussing possible security issues and devising exploits for them. | Previous month | Archived posts | About list
- Security Basics -- A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I would recommend this list to network security newbies, but be sure to read bugtraq and other lists as well. | Previous month | Archived posts | About list
- Firewall Wizards -- Tips and tricks for firewall administrators | Previous month | Archived posts | About list
- VulnWatch -- A non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world. | Current quarter | Archived posts | About list
- VulnDiscuss -- This sister-list of VulnWatch allows for discussions about new vulnerabilities. | Previous month | Archived posts | About list
- Incidents -- Lightly moderated list for dicussing actual security incidents (unexplained probes, breakins, etc). Topics include information about new rootkits, backdoors, trojans, virii, and worms. | Current month | Archived posts | About list
- Info Security News -- Carries news items (generally from mainstream sources) that relate to security. | Previous month | Archived posts | About list
- Security Jobs -- A popular list for advertising or finding jobs in the security field. Employers post openings and job seekers post resumes (run by SecurityFocus) | Previous month | Archived posts | About list
- IDS Focus -- Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list | Current month | Archived posts | About list
- Web App Security -- Provides insights on the unique challenges which make web applications notoriously hard to secure. | Current quarter | Archived posts | About list
- MS Sec Notification -- Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products -- note how most have a prominant and often-misleading "mitigating factors" section. | Current quarter | Archived posts | About list
- Honeypots -- Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks. | Current quarter | Archived posts | About list
More Quality Lists
These may not all be directly security related, but I couldn't resist including them.
- The RISKS Forum -- Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed. | Archived posts | About list
- Politech -- Journalist Declan McCullagh's list of news updates relating to politics and technology | Previous month | Archived posts | About list
References to the Tools:
- Abakt
- Active Ports
- Adobe Acrobat Reader
- Advanced Port Scanner
- AntiVir
- Avast
- Avast Cleaner
- BestCrypt
- CCleaner
- Ciphire
- CryptoPhone
- Cygwin Information and Installation
- Darik's Boot and Nuke (DBAN)
- DeepBurner
- DeepBurner - Powerful CD and DVD burning package
- Eraser
- EudoraGPG
- Firefox Extensions - Privacy and Security
- Firefox web browser and Thunderbird e-mail client
- Freebyte Backup
- Gaim
- GIMP & GTK Toolkit - Windows installers
- Gmail
- GMail Drive shell extension
- GnuPG Plugin
- Handy Recovery
- Hushmail
- IsoBuster
- KeePass - The Open-Source Password Safe
- Knoppix Secure Tools Distribution (STD)
- Martus
- MbsaFU
- Microsoft Windows AntiSpyware (Beta) Home
- Mozilla Extensions - Privacy and Security
- NetTime
- Network Scanner
- Off-the-Record Messaging
- Off-the-Record Messaging
- Password Safe
- Peter Gurman's Encryption and Security Tutorial
- Portable Firefox
- Portable Thunderbird
- Pretty Good Privacy (GPG) - Freeware version
- Privoxy
- PuTTY: a free telnet/ssh client
- RealVNC
- Recover my files
- Registry First Aid
- Security Configuration Guides
- Skype
- SmartFTP
- Snake Oil Warning Signs:Encryption Software to Avoid
- Spybot
- Steganography Software
- Sygate Firewall
- SystemRescueCd
- The GNU Privacy Guard (GnuPG)
- TightVNC: VNC-Based Free Remote Control Solution
- Tor: An anonymous Internet communication system
- TrueCrypt
- UBCD for Windows
- Ubuntulinux
- WinMTR
- WinPT: Windows Privacy Tools
- ZipGenius
- Zone Alarm