Martin McKeay's
Security Links and Resources
General, White Hats, Black Hats, CISSP, Windows, Linux, Tools, Firewalls, Anti-Virus Vendors
Security News Portal
Hello,
My name is Martin McKeay, and I am an aspiring network security professional. I
recently passed my Cisco Certified Network Administrator (CCNA) and now I'm
working on my Certified Information Systems Security Professionals (CISSP)
certificate, and my Oracle Certified DBA Administrator (OCA). Too much
stuff going on at once.. These links are many of the resources I use on a daily basis to keep up with the latest in security and vulnerabilities. To paraphrase a bumper sticker I recently read, 'If your not paranoid, your not paying attention'. This page is still in the development stage, and as I create my own original content I will be posting it
here. My first contribution is an analysis of the services installed by default
on Windows 2000systems. You can contact me at martin@mckeay.net. I am not a web designer, which is fairly obvious, so don't expect this page to be a thing of beauty. I just hope it can be useful.
Original Content
Windows 2000
Services: Disabling Non-Essential Services
--An analysis of the services that are installed on a Windows 2000 system by
default, their original states and suggestions for settings in a secure
environment. I have also included examples of vulnerabilities possessed by
the services, but these are just samples, not an exhaustive list. It turns
out that there are less than a dozen services that absolutely must be running
for your system to work. All the rest can be disabled.
Stay Safe Online
--A site sponsored by the National Cyber Security Alliance. A good place for the neophyte to go for information on securing their home system from being hacked.
IT Papers
--A ton of white papers on all different IT topics. If your looking for a resource for writing your own white paper, this is a good place to start. Just don't
plagiarize too much.
IP on Everything
--Say the name of the site out loud; I'm sure it's no mistake. A very thorough resource for Cisco router infomation.
Security Links
--If you want a lot of links to other resources, this is the place to go! They have about a hundred links just for security, an tons of others for Windows, Unix, Network, etc.
Tech Target
--An almost overwhelming collection of reference material to everything computer related. I have barely scratched the surface of what this site has to offer.
Help Net Security
--Another resource for keeping yourself up to date on the latest in hacks and vulnerabilities.
How to avoid giving free information to attackers
--This is an excellent white paper on minimizing the clues you give hackers to the layout of your network. Xinetica is a security consultant firm, and has several other useful white papers.
These are usually the good guys, or at least reformed badguys.
The Honeynet project
--This group uses honeynets and honeypots to watch the hackers at work and shares the information with everyone else. I want to build my own honeypot some day, but I will probably just build an IIS server, which amounts to the same thing anyway. ;-D
Gibson Research
--I love reading Gibson's page, but he is sometimes a bit reactionary. Especially good reading is his Denial of Service Article. It points out how much power a 'script kiddy' can have on today's Internet.
@stake
--Once known as L0pht, this is a group that was on the borderline between the black hats and whitehats. They are now a legitimate consulting company and firmly on the side of light. L0pht was best known for L0phtcrack, a utility that would crack NT SAM files. Good luck finding older versions of L0phtcrack, as the newer version, LC3, doesn't do nearly as much unless you pay for it.
Wiretrip
--The webmaster, Rain Forest Puppy, is perhaps one of the best known individuals in security and hacking circles. He is always discovering new vulnerabilities in all sorts of products, especially Microsoft.
Important Note: Use downloads from these sites at your own risk! Remember, these are the 'bad guys'. Use some common sense. On the other hand, it's good to know what the enemy is up to.
2600.com
--If you have never picked up a copy of this quarterly magazine, go down to Borders or Barnes and Noble and pick one up today. The articles range from the inane and useless to the true arcanum of hacking. The letters section alone is worth the price; it gives you a great idea of what the general hacker population is feeling. It is also very amusing.
Hackers: Computer Outlaws
--Not a hacker site, but a history of hackers and hacking by TLC. This site gives a very general history of hacking, is good background for neophytes, and is amusing reading for real hackers and security professionals.
Hammer of God
--This site gives links to a number of other well-known hacker/security sites, as well as having a small number of unique tools. I'm sure the members area gives access to a lot more tools, but don't try to get into it.
Astalavista Group
--News, papers, and files for Hackers by Hackers. Beware the downloads here; they can contain trojans. If you can't view (and decypher) the source code for a file/exploit, don't use it.
Certified Information Systems Security Professional - My next certification hurdle, after the CCNA
International Information Systems Security Certification Consortium, Inc
-- Home of the CISSP and SSCP certification tests. This is a good starting point for any questions about CISSP certification. Also the home of the Common Body of Knowledge for IS professionals.
CISSP Open Study Group
--My main source and reference in my quest for CISSP Certification. Be sure to sign up for CISSP Mailing list. Even if you aren't looking for CISSP Certification, the amount of useful security information that comes across this list are well worth your time.
Handbook of Information Security Handbook
--This is the online version of the book, by Krause and Tipton, that is sited as one of the most commonly used books for passing the CISSP Exam. This is another resource that I have, regretably, barely touched.
ISSA - San Francisco Chapter
--The San Francisco Chapter of the Information Systems Security Association. I include this in the hope that someone else might find them useful. I have sent several emails to this organization inquiring about membership and have yet to be acknowledged.
Microsoft's Security Best Practices
--I know that Microsoft is the source of half of the vulnerabilities on the Web, but this site does have some useful information to offer. If only they would take their own advice. Have you downloaded the latests patches?
Computer Security Resource Center
--This site hosts the National Institue of Standards and Technology (NIST) System Administration Guidance for Windows 2000 Professional Document. Worth reading if you have the time. They also have a link to the NSA Windows 2000 Security Recommendations.
Cygwin
-- Have you ever wanted to use some of the *nix tools on your Windows machine? Cygwin allows you to have a simulated Linux environment on you desktop.
WWW Security FAQ
-- This is a FAQ that answers questions for the beginner as well as the more experienced. The FAQ isn't real pretty, since it is a Linux oriented site. But than again, who am I to throw stones.
RootPrompt.org
--'Nothing but Unix' is their tag line. You can find links to the most up-to-date articles on Unix security and deployment. I especially like this article about the trials and tribulations a system administrator faced when his site was hacked several years ago.
Installing Linux on a PPC
--I have been trying (without much sucess) to install Linux on an old PowerPC that a friend gave me. While not strictly a security link, I hope this link can help someone else.
Netcat
--Netcat, the 'network swiss army knife'. This allows you to provide raw HTTP input to your servers for testing, and read the raw HTTP output. IE automatically strips out extraneous input, like ../../ or %255. Useful tool for testing the vulnerabilities you read about on a dialy basis.
Languard Scanner
--Good, free, and easy to use. Not exactly a 'stealth' scanner, but this will enumerate shares and users on a Windows network, provided they allow NetBIOS Null Sessions.
WebAttack
--Shareware and Freeware tools galore. This is a good place to find all sorts of tools, not just security/hacker stuff. But double check anything you download for viruses and trojans. After all, what do you expect from a place called 'WebAttack'.
Snort - The Open Source Network IDS
--If you want to play with an Intrusion Detection System, download and install Snort. They have Linux and Windows versions, so set it up and start playing. This can be especially fun if you have an always-on Internet connection, such as DSL or a cable modem.
Tiny Personal Firewall
--I haven't used this product myself, I hear it is really good. From what I have seen, it offers a lot more detail about incoming packets to the user, but this will just confuse most people.
Zone Labs
--I used this product for a while, but it just didn't work like I wanted. I was always getting false positives when Kazaa Desktop was open.
BlackICE Defender
--This is my current personal firewall. I like the combination of information and traceback capabilities that BlackICE gives me, though I am a bit concerned about the buffer overflow vulnerability recently uncovered in the product. They say that the latest patch solves this problem.
Trend Micro
--Trend Micro is usually the first place I go whenever I hear rumors of a new virus. It may just be my perception, but they seem to have the most up to date information the fastest. They also have a useful hoax database.
McAfee Antivirus
--I'm a little miffed at McAfee right now. I bought a copy of their virus scan software, which was clearly marked that it works with XP. Moments after I installed it, XP came crashing down. When I looked on their website, they clearly say, 'Don't install our product on XP. Use our web based product instead.' Needless to say, I returned McAfee VirusScan.
Symantec/Norton Antivirus
--My current antivirus vendor. Symantec offers a number of other products worth looking into, such as their personal firewall and privacy protection software.