apa.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 1,435 行 · 第 1/5 页

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Appendix A -- How to Get More Information</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch31/ch31.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../apb/apb.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">- A -</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">How to Get More Information</FONT></H1>
</CENTER>
<P>This appendix is designed to provide you with some of the sources consulted in
this book, as well as sites (or documents) that can assist you in better understanding
security.
<H2><FONT COLOR="#000077"><B>Establishment Resources</B></FONT></H2>
<P>Following is a list of resources. This list includes articles, papers, or tools.
The majority were authored or created by individuals working in security.
<H3><FONT COLOR="#000077"><B>Sites on the WWW</B></FONT></H3>
<P><B>General Accounting Office: <I>Information Security: Computer Attacks at Department
of Defense Pose Increasing Risks</I></B>. A report on failed security at U.S. Defense
sites.

<UL>
	<LI><A HREF="http://www.epic.org/security/GAO_OMB_security.html"><TT>http://www.epic.org/security/GAO_OMB_security.html</TT></A>
</UL>

<P><B>The Evaluated Products List (EPL).</B> This is a list of products that have
been evaluated for security ratings based on DoD guidelines.

<UL>
	<LI><A HREF="http://www.radium.ncsc.mil/tpep/epl/index.html"><TT>http://www.radium.ncsc.mil/tpep/epl/index.html</TT></A>
</UL>

<P><B>InterNIC (the Network Information Center).</B> InterNIC provides comprehensive
databases on networking information. These databases contain the larger portion of
collected knowledge on the design and scope of the Internet. Of main importance here
is the database of RFC documents.

<UL>
	<LI><A HREF="http://ds0.internic.net/ds/dspg1intdoc.html"><TT>http://ds0.internic.net/ds/dspg1intdoc.html</TT></A>
</UL>

<P><B>The Rand Corporation.</B> This site contains security resources of various
sorts as well as engrossing early documents on the Internet's design.

<UL>
	<LI><A HREF="http://www.rand.org/publications/electronic/"><TT>http://www.rand.org/publications/electronic/</TT></A>
</UL>

<P><B>Connected: An Internet Encyclopedia.</B> This is an incredible online resource
for RFC documents and related information, painstakingly translated into HTML.

<UL>
	<LI><A HREF="http://www.freesoft.org/Connected/RFC/826/"><TT>http://www.freesoft.org/Connected/RFC/826/</TT></A>
</UL>

<P><B>The Computer Emergency Response Team (CERT).</B> CERT is an organization that
assists sites in responding to network security violations, break-ins, and so forth.
This is a great source of information, particularly for vulnerabilities.

<UL>
	<LI><A HREF="http://www.cert.org"><TT>http://www.cert.org</TT></A>
</UL>

<P><B>Dan Farmer: <I>Security Survey of Key Internet Hosts and Various Semi-Relevant
Reflections</I>.</B> This is a fascinating independent study conducted by one of
the authors of the now famous SATAN program. The survey involved approximately 2,200
sites; the results are disturbing.

<UL>
	<LI><A HREF="http://www.trouble.org/survey/"><TT>http://www.trouble.org/survey/</TT></A>
</UL>

<P><B>U.S. Department of Energy's Computer Incident Advisory Capability (CIAC).</B>
CIAC provides computer security services to employees and contractors of the U.S.
Department of Energy, but the site is open to the public as well. There are many
tools and documents at this location.

<UL>
	<LI><A HREF="http://ciac.llnl.gov/"><TT>http://ciac.llnl.gov/</TT></A>
</UL>

<P><B>The National Computer Security Association.</B> This site contains a great
deal of valuable security information, including reports, papers, advisories, and
analyses of computer security products and techniques.

<UL>
	<LI><A HREF="http://www.ncsa.com/"><TT>http://www.ncsa.com/</TT></A>
</UL>

<P><B>Short Courses in Information Systems Security at George Mason University.</B>
This site contains information about security courses. Moreover, you'll find links
to a comprehensive bibliography of security-related documents.

<UL>
	<LI><A HREF="http://www.isse.gmu.edu:80/~gmuisi/"><TT>http://www.isse.gmu.edu:80/~gmuisi/</TT></A>
</UL>

<P><B>NCSA RECON.</B> This is the site of the National Computer Security Association's
special division. It offers a service where one can search through thousands of downloaded
messages passed among hackers and crackers on BBS boards and the Internet. This commercial
site is an incredible security resource.

<UL>
	<LI><A HREF="http://www.isrecon.ncsa.com/public/faq/isrfaq.htm"><TT>http://www.isrecon.ncsa.com/public/faq/isrfaq.htm</TT></A>
</UL>

<P><B>Lucent Technologies.</B> This site contains information about courses on security
from the folks who really know security.

<UL>
	<LI><A HREF="http://www.attsa.com/"><TT>http://www.attsa.com/</TT></A>
</UL>

<P><B>Massachusetts Institute of Technology Distribution Site of Pretty Good Privacy
(PGP) for U.S. Residents. </B>PGP provides some of the most powerful, military-grade
encryption currently available.

<UL>
	<LI><A HREF="http://web.mit.edu/network/pgp.html"><TT>http://web.mit.edu/network/pgp.html</TT></A>
</UL>

<P><B>The Anonymous Remailer FAQ.</B> This document covers all aspects of anonymous
remailing techniques and tools.

<UL>
	<LI><A HREF="http://www.well.com/user/abacard/remail.html"><TT>http://www.well.com/user/abacard/remail.html</TT></A>
</UL>

<P><B>The Anonymous Remailer List.</B> This is a comprehensive but often-changing
list of anonymous remailers.

<UL>
	<LI><A HREF="http://www.cs.berkeley.edu/~raph/remailer-list.html"><TT>http://www.cs.berkeley.edu/~raph/remailer-list.html</TT></A>
</UL>

<P><B>Microsoft ActiveX Security.</B> This page addresses the security features of
ActiveX.

<UL>
	<LI><A HREF="http://www.microsoft.com/security"><TT>http://www.microsoft.com/security</TT></A>
</UL>

<P><B>Purdue University COAST Archive.</B> This is one of the more comprehensive
security sites, containing many tools and documents of deep interest to the security
community.

<UL>
	<LI><A HREF="http://www.cs.purdue.edu//coast/archive/"><TT>http://www.cs.purdue.edu//coast/archive/</TT></A>
</UL>

<P><B>Raptor Systems.</B> The makers of one of the better firewall products on the
Net have established a fine security library.

<UL>
	<LI><A HREF="http://www.raptor.com/lib/index.html"><TT>http://www.raptor.com/lib/index.html</TT></A>
</UL>

<P><B>The Risks Forum.</B> This is a moderated digest of security and other risks
in computing. This great resource is also searchable. With it, you can tap the better
security minds on the Net.

<UL>
	<LI><A HREF="http://catless.ncl.ac.uk/Risks"><TT>http://catless.ncl.ac.uk/Risks</TT></A>
</UL>

<P><B>Forum of Incident Response and Security Teams (FIRST).</B> FIRST is a conglomeration
of many organizations undertaking security measures on the Net. This powerful organization
is a good starting place for sources.

<UL>
	<LI><A HREF="http://www.first.org/"><TT>http://www.first.org/</TT></A>
</UL>

<P><B>The CIAC Virus Database.</B> This is the ultimate virus database on the Internet.
It's an excellent resource for learning about viruses that can affect your platform.

<UL>
	<LI><A HREF="http://ciac.llnl.gov/ciac/CIACVirusDatabase.html"><TT>http://ciac.llnl.gov/ciac/CIACVirusDatabase.html</TT></A>
</UL>

<P><B>Information Warfare and Information Security on the Web.</B> This is a comprehensive
list of links and other resources concerning information warfare over the Internet.

<UL>
	<LI><A HREF="http://www.fas.org/irp/wwwinfo.html"><TT>http://www.fas.org/irp/wwwinfo.html</TT></A>
</UL>

<P><B>Criminal Justice Studies of the Law Faculty of University of Leeds, The United
Kingdom.</B> This site boasts interesting information on cryptography and civil liberties.

<UL>
	<LI><A HREF="http://www.leeds.ac.uk/law/pgs/yaman/cryptog.htm"><TT>http://www.leeds.ac.uk/law/pgs/yaman/cryptog.htm</TT></A>
</UL>

<P><B>Federal Information Processing Standards Publication Documents</B> <B>(Government
Guidelines). </B>The National Institute of Standards and Technology reports on DES
encryption and related technologies.

<UL>
	<LI><A HREF="http://csrc.nist.gov/fips/fips46-2.txt"><TT>http://csrc.nist.gov/fips/fips46-2.txt</TT></A>
</UL>

<P><B>Wordlists Available at NCSA and Elsewhere.</B> This site is for use in testing
the strength of, or cracking, UNIX passwords.

<UL>
	<LI><A HREF="http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html"><TT>http://sdg.ncsa.uiuc.edu/~mag/Misc/Wordlists.html</TT></A>
</UL>

<P><B>Department of Defense Password Management Guideline.</B> This is a treatment
of password security in classified environments.

<UL>
	<LI><A HREF="http://www.alw.nih.gov/Security/FIRST/papers/password/dodpwman.txt"><TT>http://www.alw.nih.gov/Security/FIRST/papers/password/dodpwman.txt</TT></A>
</UL>

<P><B>Dr. Solomon's.</B> This site is filled with virus information. Anyone concerned
with viruses (or anyone who just wants to know more about virus technology) should
visit Dr. Solomon's site.

<UL>
	<LI><A HREF="http://www.drsolomon.com/vircen/allabout.html"><TT>http://www.drsolomon.com/vircen/allabout.html</TT></A>
</UL>

<P><B>The Seven Locks Server.</B> This is an eclectic collection of security resources,
including a number of papers that cannot be found elsewhere!

<UL>
	<LI><A HREF="http://www.sevenlocks.com/"><TT>http://www.sevenlocks.com/</TT></A>
</UL>

<P><B>S/Key Informational Page.</B> This site provides information on S/Key and the
use of one-time passwords in authentication.

<UL>
	<LI><A HREF="http://medg.lcs.mit.edu/people/wwinston/skey-overview.html"><TT>http://medg.lcs.mit.edu/people/wwinston/skey-overview.html</TT></A>
</UL>

<P><B>A Page Devoted to ATP, the &quot;Anti-Tampering Program.&quot;</B> In some
ways, ATP is similar to Tripwire or Hobgoblin.

<UL>
	<LI><A HREF="http://www.cryptonet.it/docs/atp.html"><TT>http://www.cryptonet.it/docs/atp.html</TT></A>
</UL>

<P><B>Bugtraq Archives.</B> This is an archive of the popular mailing list, Bugtraq,
one of the most reliable sources for up-to-date reports on new-found vulnerabilities
in UNIX (and at times, other operating systems).

<UL>
	<LI><A HREF="http://geek-girl.com/bugtraq/"><TT>http://geek-girl.com/bugtraq/</TT></A>
</UL>

<P><B>Wang Federal.</B> This company produces high-quality security operating systems
and other security solutions. It is the leader in TEMPEST technology.

<UL>
	<LI><A HREF="http://www.wangfed.com"><TT>http://www.wangfed.com</TT></A>
</UL>

<P><B>The Center for Secure Information Systems.</B> This site, affiliated with the
Center at George Mason University, has some truly incredible papers. There is much
cutting-edge research going on here. The following URL sends you directly to the
publications page, but you really should explore the entire site.