Security

From Things and Stuff Wiki

Revision as of 21:16, 20 January 2013 by Milk (talk | contribs) (→‎HTTPS, SSL and TLS)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

General

http://en.flossmanuals.net/basic-internet-security/

http://sla.ckers.org/forum

https://cryptoparty.org/wiki/CryptoParty

http://techblog.rosedu.org/from-0-to-cryptography.html

FreeBSD jail

http://en.wikipedia.org/wiki/FreeBSD_jail

Firewalls

https://help.ubuntu.com/community/UFW
- http://en.wikipedia.org/wiki/Uncomplicated_Firewall

http://www.shorewall.net/

http://www.pfsense.org/

csf

http://blog.configserver.com/

Passwords

https://github.com/raymontag/keepassc

Logging

http://www.fail2ban.org/wiki/index.php/Main_Page

Hardening

https://wiki.archlinux.org/index.php/SELinux

Shells

http://lshell.ghantoos.org/ - limited shell

HTTPS, SSL and TLS

https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
- Living with HTTPS (19 Jul 2012)

OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection - Touching on HTTPS, SSL and TLS

SSL/TLS Deployment Best Practices - tutorial whitepaper

Improved HTTPS Performance with Early SSL Termination

https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS - basic intro

http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

https://www.scantosecure.com/blog/fencing-your-ssl-errors-with-hsts

Certificates

http://en.wikipedia.org/wiki/Comparison_of_SSL_certificates_for_web_servers

http://news.ycombinator.com/item?id=4830858

Services

RapidSSL
Verisign
Comodo

Self-signed

Vulnerable to MITM as cracker can generate their own.

How to Create A Self Signed Certificate - sslshopper.com
How to create a self-signed SSL Certificate which can be used for testing purposes or internal usage

Cacert.org

http://www.cacert.org/
- http://en.wikipedia.org/wiki/CAcert.org
- http://wiki.cacert.org/

Community group providing certs. Web of trust based assurance point system. Not carried by major browsers, just Linux distros.

StartCom

http://en.wikipedia.org/wiki/StartCom

Free certs, one cert per domain, 1 year.

Tools

https://github.com/mikecardwell/sslScanner

http://www.cert-depot.com/

DNSSEC

https://os3sec.org/

Articles

https://www.eff.org/deeplinks/2012/12/end-year-blog-post-2012-https-rise

Future

http://tack.io/

HTML

http://html5sec.org/

VPN

OpenVPN

http://openvpn.net/index.php/open-source.html
- http://en.wikipedia.org/wiki/OpenVPN

IPsec

http://en.wikipedia.org/wiki/IPsec

https://www.openswan.org/projects/openswan/
- http://en.wikipedia.org/wiki/Openswan

Encryption

http://www.truecrypt.org/ - hard drive space

http://www.keepassx.org/ - passwords

http://safeharbor.export.gov/list.aspx - UK DPA safe harbours

http://web.monkeysphere.info/

UX

Everything you ever wanted to know about building a secure password reset feature

Resources

http://securitytube.net

Testing

Distros

http://backbox.org/

Metasploit

http://www.metasploit.com/

http://en.wikipedia.org/wiki/Metasploit_Project
- http://en.wikibooks.org/wiki/Metasploit

http://fastandeasyhacking.com/

Other

w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

Misc

http://www.datagenetics.com/blog/september32012/index.html

Retrieved from "https://wiki.thingsandstuff.org/index.php?title=Security&oldid=7538"