Today,   Welcome •

Babelfish   French   Spanish   German   Italian   Portuguese   Japanese   Korean   Dutch   Greek   Russian   Chinese (trad.)   Chinese (simp.) Your System Check: Liquidmatrix, the LSD logo, its likeness, and these pages Copyslight © 1998 - 2006 Liquidmatrix Solutions & Design All Rights Obscured...whatever.

Liquidmatrix White Papers   NSA Rainbow Series Security Guides External   Rainbow Series Library The following files are provided in PDF format. IMPORTANT: Please read our (NSA's) Legal Notice before using these guides. DoD Trusted Computer System Evaluation Criteria (Orange Book) DoD Password Management Guideline (Green Book) Computer Security Requirements -- Guidance for Applying the DoD TCSEC in Specific Environments (Light Yellow Book) Technical Rational Behind CSC-STD-003-85: Computer Security Requirements -- Guidance for Applying the DoD TCSEC in Specific Environments (Yellow Book) A Guide to Understanding Audit in Trusted Systems (Tan Book) Trusted Product Evaluations - A Guide for Vendors (Bright Blue Book) A Guide to Understanding Discretionary Access Control in Trusted Systems (Neon Orange Book) Glossary of Computer Security Terms (Teal Green Book) Trusted Network Interpretation of the TCSEC (Red Book) A Guide to Understanding Configuration Management in Trusted Systems (Amber Book) A Guide to Understanding Design Documentation in Trusted Systems (Burgundy Book) A Guide to Understanding Trusted Distribution in Trusted Systems (Dark Lavender Book) Computer Security Subsystem Interpretation of the TCSEC (Venice Blue Book) A Guide to Understanding Security Modeling in Trusted Systems (Aqua Book) Trusted Network Interpretation Environments Guideline (Red Book) Guidelines for Formal Verification Systems (Purple Book) A Guide to Understanding Trusted Facility Management (Brown Book) Guidelines for Writing Trusted Facility Manuals (Yellow-Green Book) A Guide to Understanding Identification and Authentication in Trusted Systems (Light Blue Book) A Guide to Understanding Object Reuse in Trusted Systems (Light Blue Book) A Guide to Understanding Trusted Recovery in Trusted Systems (Yellow Book) A Guide to Understanding Security Testing and Test Documentation in Trusted Systems (Bright Orange Book) A Guide to Writing the Security Features User's Guide for Trusted Systems (Hot Peach Book) A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems (Turquoise Book) Assessing Controlled Access Protection (Violet Book) Introduction to Certification and Accreditation Concepts (Blue Book) A Guide to Understanding Covert Channel Analysis of Trusted Systems (Light Pink Book)   NSA Security Recommendation Guides Internal   Security Recommendation Guides The following files are provided in PDF format. IMPORTANT: Please read our (NSA's) Legal Notice before using these guides. Microsoft Windows 2000 Network Architecture Guide (161KB) Guide to Securing Microsoft Windows 2000 Group Policy: Security Configuration Tool Set (936KB) Guide to Securing Microsoft Windows 2000 Group Policy (237KB) Guide to Securing Microsoft Windows 2000 File and Disk Resources (234KB) Guide to Securing Microsoft Windows 2000 DNS (738KB) Guide to Securing Microsoft Windows 2000 Active Directory (430KB) Guide to the Secure Configuration and Administration of Microsoft Internet Information Services 5.0 (949KB) Guide to the Secure Configuration and Administration of Microsoft Windows 2000 Certificate Services (1,178KB) Guide to the Secure Configuration and Administration of Microsoft Windows 2000 Certificate Services (Checklist Format) (966KB) Guide to Securing Microsoft Windows 2000 Encrypting File System (199KB) Guide to Securing Microsoft Windows 2000 Schema (86KB) Microsoft Windows 2000 Router Configuration Guide (1,159KB) Guide to Windows 2000 Kerberos Settings (369KB) Group Policy Reference (789KB) Guide to Securing Windows NT/9x Clients in a Windows 2000 Network (143KB) Guide to Using DoD PKI Certificates in Outlook 2000 (256KB)   Router Security Configuration Guide Internal   "Principles and guidance for secure configuration of IP routers, with detailed instructions for Cisco Systems routers" NSA Router Security   Denial of Service Papers Posted 09.16.01   Distributed denial-of-service attacks Defenses against distributed denial-of-service attacks DDoS is neither dead nor forgotten DNS server security: Learning from Microsoft's mistakes Deconstructing DoS attacks A year after meltdown: No silver bullet for DoS DDos: Internet weapons of mass destruction Potential market manipulation with denial-of-service attacks DOShelp.com DDOS attacks' ultimate lesson: Secure that infrastructure New denial-of-service tool uses relay chat Surfing the Tsunami Denial of service Denial of Service InfoSysSec /security.txt/windows.nt ICMPecho The world wide web security FAQ Hype or hot The latest in denial of service attacks: "Smurfing" description and information to minimize effects No site is immune Denial-of-service threat gets IETF's attention A different kind of DoS   Maximum Security - The Book Online External   A Hacker's Guide to Protecting Your Internet Site and Network The Book   User's Security Handbook Internal   This is rfc2504. I have added this to the site for informational purposes as it is good reading. enjoy - gattaca User's Security Handbook   What are the Basic Security Problems? External   This paper is an overall list of questions that a company or even personal comuter user needs to be aware of in order to best secure their system(s). This paper was written and published by Securitywatch.com, an excellent security news and information site. Basic Security Problems   David Dittrich's Analysis of Stacheldraht Internal   This paper is an analysis of the distributed denial of service tool called "stacheldraht" or "barbed wire". This analysis was written by David Dittrich from the University of Washington. Stacheldraht Analysis   SANS Ten Most Critical Internet Security Threats External   This a compilation of the 10 most readily identifiable security threats on the internet today. Follow the link below. SANS Top Ten   SANS Salary Survey 1999 Internal Download   A salary survey for security professionals. This local download is in .pdf format. 1999 SURVEY If you need ADOBE Acrobat reader, it can be downloaded here.   Other Papers... Posted 02.03.02   Applied Cryptography Unix Computer Security Checklist AUSCERT, Australian Computer Emergency Response Team; 1995; ASCII Text; 89k A comprehensive checklist for securing your Unix box. Packets Found on an Internet Bellovin, Steven M.; 1993; GZip'd Postscript; 32k A very interesting paper describing the various attacks, probes, and miscellaneous packets floating past AT&T Bell Labs' net connection. Security Problems in the TCP/IP Protocol Suite Bellovin, Steven M.; 1989; GZip'd Postscript; 10k A broad overview of problems within TCP/IP itself, as well as many common application layer protocols which rely on TCP/IP. There Be Dragons Bellovin, Steven M.; 1992; GZip'd Postscript; 58k Another Bellovin paper discussing the various attacks made on att.research.com. This paper is also the source for this page's title. An Advanced 4.3BSD IPC Tutorial Berkeley CSRG; date unknown; GZip'd Postscript; 60k This paper describes the IPC facilities new to 4.3BSD. It was written by the CSRG as a supplement to the manpages. NFS Tracing by Passive Network Monitoring Blaze, Matt; 1992; ASCII Text Blaze, now famous for cracking the Clipper chip while at Bell Labs, wrote this paper while he was a PhD candidate at Princeton. Network (In)Security Through IP Packet Filtering Chapman, D. Brent; 1992; GZip'd Postscript; 46k Why packet filtering is a difficult to use and not always secure method of securing a network. An Evening with Berferd Cheswick, Bill; 1991; GZip'd Postscript; 32k A cracker from Norway is "lured, endured, and studied." Improving the Security of your Unix System Curry, David, SRI International; 1990; GZip'd Postscript; 99k This is the somewhat well known SRI Report on Unix Security. It's a good solid starting place for securing a Unix box. With Microscope & Tweezers Eichin & Rochlis; 1989; GZip'd Postscript.gz; 99k An analysis of the Morris Internet Worm of 1988 from MIT's perspective. The COPS Security Checker System Farmer & Spafford; 1994; GZip'd Postscript; 45k The original Usenix paper from 1990 republished by CERT in 1994. COPS and Robbers Farmer, Dan; 1991; ASCII Text This paper discusses a bit of general security and then goes into detail regarding Unix system misconfigurations, specifically ones that COPS checks for. Improving The Security of Your System by Breaking Into It Farmer & Venema; date unknown; HTML An excellent text by Dan Farmer and Wietse Venema. If you haven't read this before, here's your opportunity. A Unix Network Protocol Security Study: NIS Hess, Safford, & Pooch; date unknown; GZip'd Postscipt; 20k Outlines NIS and its design faults regarding security. A Simple Active Attack Against TCP Joncheray, Laurent; 1995; GZip'd Postscript; 90k This paper describes an active attack against TCP which allows re-direction (hijacking) of the TCP stream. Foiling the Cracker Klein, Daniel; GZip'd Postscript; 38k A Survey of, and Improvements to, Password Security. Basically a treatise on how to select proper passwords. A Weakness in the 4.2BSD Unix TCP/IP Software Morris, Robert T; 1985; GZip'd Postscript; 10k This paper describes the much ballyhooed method by which one may forge packets with TCP/IP. Morris wrote this in 1985. It only took the media 10 years to make a stink about it! Covering Your Tracks Phrack Vol. 4, Issue #43; GZip'd Postscript; 16k A Phrack article describing the unix system logs and how it is possible to reduce the footprint and visibility of unauthorized access. Cracking Shadowed Password Files Phrack Vol. 5 Issue #46 GZip'd Postscript; 19k A Phrack article describing how to use the system call password function to bypass the shadow password file. Thinking About Firewalls Ranum, Marcus; Gzip'd Postscript; 30k A general overview of firewalls, with tips on how to select one to meet your needs. An Introduction to Internet Firewalls Wack & Carnahan for NIST; Gzip'd Postscript; 600k This is a special publication of the National Institute of Standards and Technology which provides a solid introduction to firewalls concepts and uses. TCP Wrapper Venema, Wietse; Gzip'd Postscript; 13k Wietse's paper describing his TCP Wrapper concept, the basis for the TCP Wrappers security and logging suite. Safe Internet Programming: Publications Installation of the TIS Firewall Toolkit on Linux Security-Papers FhG The Hacker Crackdown by Bruce Sterling US site O'Reilly Security Book info Computer Security Basics by Russell and Gangemi Practical Unix Security by Garfinkel and Spafford Web Security PGP: Pretty Good Privacy by Garfinkel Oracle Security Stopping Spam by Alan Schwartz & Simson Garfinkel Computer Crime: A Crimefighter's Handbook by Icove, Seger & VonStorch Building Internet Firewalls by Chapman and Zwicky Building Internet Firewalls, Second Edition by Chapman, Zwicky and Cooper Securing Windows NT/2000 Servers for the Internet by Stefan Norberg Java Cryptography by Jonathan Knudsen PGP: Source Code and Internals by Phil Zimmermann The Official PGP User's Guide by Phil Zimmermann Cryptography Theory and Practice Wietse's tools and papers