lottalinuxlinks: Security and Privacy

Top: Security and Privacy

blog | blog feed | podcast feed | ogg feed | forum

Meta Sites (4)
PGP / GnuPG (9)

SSH (5)

A Guide to Building Secure Web Applications and Web Services - A massive document covering all aspects of web application and web service security; published by the Open Web Application Security Project (OWASP). (2006)
A Linux-PAM page - The primary distribution site for the Linux-PAM (Pluggable Authentication Modules for Linux) project. PAM is a flexible mechanism for authenticating users.
AFIk (Another File Integrity Checker) - Site available in English and French.
AIDE - Advanced Intrusion Detection Environment - Free, GPLed replacement for Tripwire.
AirSnort Homepage - A wireless LAN (WLAN) tool which cracks encryption keys on 802.11bWEP networks.
BackTrack - A Slackware-based, live CD Linux distribution with over 300 security tools useful for tasks such as security audits and penetration testing. This distribution evolved from the merger Whax and Auditor Security Collection distributions.
Basic Analysis and Security Engine (BASE) -- Homepage - A network security measuring tool; web-based interface front-end to query and analyze the SNORT-IDS security alerts.
Bastille Linux - hardening script for security conscience - The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. It can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works. Currently supports the Red Hat (Fedora Core,Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandriva distributions, along with HP-UX.
CIPE - Crypto IP Encapsulation - An ongoing project to build encrypting IP routers. Latest stable release is 1.6.0, 2004-08-03.
Common Vulnerabilities and Exposures - A list of standardized names for vulnerabilities and other information security exposures. The goal of CVE is to make it easier to share data across separate vulnerability databases and security tools.
Creating Snort Rules with EnGarde HOWTO - This HOWTO provides a step-by-step guide to writing custom rules for Snort, an intrusion detection and prevention application. (2007)
Crypto-Gram Newsletter - Bruce Schneier's Crypto-Gram Newsletter is the one of best sources of information and analysis on computer and other security issues.
Darik's Boot and Nuke (DBAN) - A cross-platform application to wipe data off of a hard disk and return the disk to a pristine state for reuse.
Debian GNU/Linux -- Security Information - The main Debian security site which includes security advisories and advice for the Debian user.
Debian Security Audit Project - The aim of the project is to audit as many of the packages within the Debian stable release as possible for potential flaws; important packages, which are contained in the unstable distribution, may also be examined for flaws as time permits.
Electronic Privacy Information Center - A public interest research centre in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the U.S. First Amendment, and constitutional values.
Ettercap - A multipurpose sniffer/interceptor/logger for switched LAN.
Flawfinder Home Page - Security auditing tool for C/C++.
GNU httptunnel - An application that creates a bidirectional virtual data connection tunnelled in HTTP requests; the HTTP requests can be sent via an HTTP proxy.
Help Net Security - Excellent meta site for webserver security, news, software and information.
HoneyNet Project - The Honeynet Project is a U.S.-based non-profit volunteer research organization dedicated to raising awareness to and improving the security of the Internet.
Honeyd - Network Rhapsody for You - Creates virtual hosts on a network for threat detection and analysis.
ISECOM - Institute for Security and Open Methodologies - An open, non-profit organization that develops open standards and methodologies primarily in the security field. Formerly the Ideahamster Organization.
ISECOM Open Source Security Testing Methodology Manual - A standard for internet security testing; available in English, French and Spanish in a PDF file.
Insecure.Org -- Nmap Security Scanner - Stealth port scanner for network security auditing, general internet exploration & hacking. Designed to rapidly scan large networks, although it works fine against single hosts.
Jail Chroot Project - A login tool which works as a wrapper to the user shell.
John the Ripper - UNIX Password Cracker - Primary purpose is to detect weak Unix passwords.
Keyring for PalmOS - Secure storage of digital secret keys on a Palm handheld computer.
Kismet - 802.11 Network sniffer - An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
Knocker - The Net Port Scanner - A cross-platform TCP security port scanner; capable of analyzing hosts and the network services which are running on them. Latest release is 0.6.6, 2002.
Know Your Enemy: Honeynets - Detailed paper that discusses what a Honeynet is, its value, how it works, and the risks/issues involved. (2006)
LIDS - Linux Intrusion Detect System - LIDS is a kernel patch and admin tools which enhances the kernel's security by implementing Mandatory Access Control (MAC).
LWN: Security Index - This index covers articles that appeared in LWN on various security-related topics. Articles from 2007 onwards are indexed here.
LaBrea Homepage - Honeypot software that sets up virtual machines with virtual vulnerabilities for potential crackers; aptly named after the LaBrea Tarpits in California.
Laurent Constantin, netwib, netwox, netwag, lcrzoex, lcrzo - Netwox - network toolbox to test an Ethernet/IP network; Netwag - Netwox advanced GUI; Netwib - network library.
Linsec.ca - This site contains primarily security-related articles, tips, and advice. Also included are tips for using LDAP as an address book, Mac OS X tips, book reviews, and software reviews.
Linux Exposed -- The Linux security and hacking portal - Articles on Linux security, but note that there seems to be spotty activity now (2007).
Linux Security Documentation and Resources - A comprehensive resouce centre; includes FAQs/HOWTOs, forums, whitepapers, resources on firewalls, host security, cryptography, network security, intrusion detection, securing Linux systems, a quick reference guide, and an administrator's guide.
Linux-Sec.net - A Linux security resource site.
LinuxExposed Article - "Looking securely at TCP/IP" - An overview article about TCP/IP and security-related issues. (2005)
LinuxExposed Article -"Services from a Security Point of View" - Review of commonly used Internet services and their security risks. (2005)
LinuxSecurity.com - The Community Center For Security - A Linux security site which includes news, HOWTOs, security advisories (Linux Security Watch), newsletters, reviews, and articles.
Lud's Linux Corner - Linux Network Security Tips - Site available in English and French.
Mailing list archives @ jammed.com - Security mailing lists
Mandriva Linux Security - Mandriva security site.
Medusa DS9 Security System - Used to increase Linux's security. It consists of two major parts: Linux kernel changes and the user-space daemon. Latest version is 1.0, kernel patch for 2.4.26, 2004-04-10. Named for the StarTrek movie, "Medusa Deep Space Nine (DS9).
Nessus Vulnerability Scanner - As of the 3.0 release (2005), no longer licensed under the GPL and is now proprietary software (but free as in beer); previous versions remain GPL'd.
OSVDB: Open Source Vulnerability Database - An open source database project to collect and distribute detailed vulnerability information freely to everyone.
Open1X - The Open1X project is dedicated to bringing a free, open source 802.1X/WPA/WPA2/IEEE802.11i implementation to as many target platforms as possible.
OpenCA Research Labs - An open organization that provides a framework for PKI (Public Key Infrastructure) studying and development of related projects.
OpenCOE: Open Common Operating Environment - Latest release: 1.1.4.1, October, 2003.
OpenSSL: The Open Source toolkit for SSL/TLS - A collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols.
OpenVPN - An Open Source VPN Solution by James Yonan - A VPN (Virtual Private Network) daemon to securely link two or more private networks using an encrypted tunnel over the internet.
Openswan: - An implementation of IPsec for Linux. It supports kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different platforms. A code fork of the FreeS/wan project.
Openwall Project: Information Security Software For Open Environments - Security software packages available on this site: Owl, John the Ripper, Modern password hashing, Pluggable password strength checking, scanlogd, popa3d.
OutGuess - universal Steganography - Latest version is 0.6, September, 2004.
PIKT - System monitoring and configuration management software.
PacketProtector - Security Solution for Wireless Routers - A Linux distribution for wireless routers, built on top of OpenWrt. The goal of this project is to transform the router into a unified threat management device.
PacketStorm - A general Internet security site with some Linux information.
Password Gorilla - A cross-platform password manager.
Privoxy - A web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious junk.
RISKS-LIST: RISKS-FORUM Digest - Forum on risks to the public in computers and related systems.
Radius - A server for remote user authentication and accounting. Its primary use is for Internet Service Providers (ISPs); latest release 1.3, 2004-11-20.
Rootkit.nl - Protect Your Machine - An easy-to-use tool that checks Linux and UNIX machines for rootkits and other unwanted tools.
Rule Set Based Access Control (RSBAC) - Homepage - Open Source (GPL) Linux kernel security extension.
SARA - Security Auditor's Research Assistant - A cross-platform network security analysis tool.
SUSE LINUX: Security Announcements - The main security site for SUSE.
Samhain Labs | samhain - An open source file integrity and host-based intrusion detection system for Unix and Linux.
Secure Programming for Linux and Unix HOWTO--Creating Secure Software - Online Book - This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Also available in Chinese and Korean. (2003)
Security Engineering ; A Guide to Building Dependable Distributed Systems - Online Book - A comprehensive security guide to protecting information systems. Wiley, 2001. Ignore the publication date -- this is one of the best security books available. N.B.: Online version contains some updated sections and errata; available in PDF format only.
Security-Enhanced Linux - SE Linux is a version of the Linux kernel enhanced for security purposes. It is developed by the U.S. government's National Security Agency and Secure Computing Corporation with the contributions of the University of Utah. Not strictly a Linux distribution.
SecurityTracker.com - Keep Track of the Latest Vulnerabilities! - A security tracking site.
Sigtran.org - A quick directory to all things related to Signal Transport technology.
Snort - Intrusion detection and prevention software.
Steghide - A steganography program that conceals data in various kinds of image- and audio-files.
Sussen - Security scanner; GNOME interface and GNOME-DB backend.
Systrace - Interactive Policy Generation for System Calls - A utility that monitors and controls what an application can access on a system by creating and enforcing access policies for system calls.
The Adamantix project - A highly secure and usable Linux distribution; formerly Trusted Debian Project.
The Big Brother System & Network Monitor - Free for non-commercial use.
The Complete, Unofficial TEMPEST Information Page - Suveillance technology.
The Open Web Application Security Project (OWASP) - The free and open application security community.
The Register Article - "Internet Anonymity for Linux Newbies" - A tutorial for newbies on how to secure your home system on Linux; dated, but the basic principles and advice are still valid. (2002)
The chkrootkit Homepage - Tool that locally checks for signs of a rootkit.
The phrack.com Homepage - A hacker magazine by the community for the community; articles on a variety of tech issues including Linux as well as security issues.
Tor - An anonymous Internet communication system.
Tripwire Security Systems, Inc. - Proprietary tools to monitor, detect and audit changes to computer systems; runs on Linux platforms.
TrueCrypt - Cross-platform disk encryption software which features real-time, "on-the-fly" encryption (OHFE), encryption of an entire hard disk partition or a storage device such as a USB flash drive, and provides two levels of plausible deniability. Latest release is 5.0, 2008-02-05.
Trustees - A recursive ACL (access control list) scheme for the Linux 2.6 kernel's Linux Security Module(LSM) framework.
Untangle - An open source (GPLv2) security gateway complete with 14 applications including intrusion detection, spam, phish, and virus blocking, web content filtering, firewall, and remote access applications - VPN and remote access portal.
Vancouver Webpages' Security Page - A short overview of common network security holes, and what do do about them.
VulnWatch - Vulnerability Disclosure List - A computer security vulnerability disclosure mailing list supported and run by a community of volunteer moderators distributed around the world.
Welcome to CERT! - A centre for Internet security research which studies Internet security vulnerabilities and long-term changes in networked systems, and develops information and training to help users improve security. Based at Carnegie Mellon University in the U.S.A.
Wipe: Secure File Deletion - A file and block device wiping utility. Latest stable release is 2.2.0, 2004-01-10.
Xatrix Security -- A Computer Security News Portal - A computer security website containing security advisories and vulnerabilities, forums, free online books (security, Linux, programming languages, and databases), and security news.
Zebedee: Secure TCP/IP Tunnel - A simple program to establish an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems.