Security

General

• http://en.flossmanuals.net/basic-internet-security/

• http://sla.ckers.org/forum

• https://cryptoparty.org/wiki/CryptoParty

• http://techblog.rosedu.org/from-0-to-cryptography.html

FreeBSD jail

• http://en.wikipedia.org/wiki/FreeBSD_jail

Firewalls

• https://help.ubuntu.com/community/UFW
  • http://en.wikipedia.org/wiki/Uncomplicated_Firewall

• http://www.shorewall.net/

csf

• http://configserver.com/cp/csf.html
  • http://configserver.com/free/csf/changelog.txt
• http://configserver.com/cp/csfdemo/config.html

• http://blog.configserver.com/

Passwords

• https://github.com/raymontag/keepassc

Logging

http://www.fail2ban.org/wiki/index.php/Main_Page

Hardening

• https://wiki.archlinux.org/index.php/SELinux

Shells

• http://lshell.ghantoos.org/ - limited shell

HTTPS, SSL and TLS

• https://en.wikipedia.org/wiki/HTTPS
• https://en.wikipedia.org/wiki/Transport_Layer_Security

• https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
  • Living with HTTPS (19 Jul 2012)

• OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection - Touching on HTTPS, SSL and TLS

• SSL/TLS Deployment Best Practices - tutorial whitepaper

• Improved HTTPS Performance with Early SSL Termination

• https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS - basic intro

• http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Certificates

• http://en.wikipedia.org/wiki/Comparison_of_SSL_certificates_for_web_servers

• http://news.ycombinator.com/item?id=4830858

Self-signed

Vulnerable to MITM as cracker can generate their own.

• How to Create A Self Signed Certificate - sslshopper.com
• How to create a self-signed SSL Certificate which can be used for testing purposes or internal usage

Cacert.org

• http://www.cacert.org/
  • http://en.wikipedia.org/wiki/CAcert.org
  • http://wiki.cacert.org/

Community group providing certs. Web of trust based assurance point system. Not carried by major browsers, just Linux distros.

StartCom

• http://en.wikipedia.org/wiki/StartCom

Free certs, one cert per domain, 1 year.

Tools

• https://github.com/mikecardwell/sslScanner

• http://www.cert-depot.com/

DNSSEC

• http://jpmens.net/2011/02/16/ssl-certificate-validation-and-dnssec/
• http://blog.huque.com/2012/10/dnssec-and-certificates.html
• http://blogs.cisco.com/security/top-of-mind-problems-with-ssl-solved-with-dnssec/

• https://os3sec.org/

HTML

• http://html5sec.org/

VPN

• http://en.wikipedia.org/wiki/Virtual_private_network
• http://en.wikipedia.org/wiki/Social_VPN

OpenVPN

• http://openvpn.net/index.php/open-source.html
  • http://en.wikipedia.org/wiki/OpenVPN

• http://library.linode.com/networking/openvpn
• http://akensai.com/linode-vpn/

IPsec

• http://en.wikipedia.org/wiki/IPsec

• https://www.openswan.org/projects/openswan/
  • http://en.wikipedia.org/wiki/Openswan

Encryption

• http://www.truecrypt.org/ - hard drive space

• http://www.keepassx.org/ - passwords

• http://safeharbor.export.gov/list.aspx - UK DPA safe harbours

• http://web.monkeysphere.info/

• http://www.schneier.com/solitaire.html

UX

• Everything you ever wanted to know about building a secure password reset feature

Resources

• http://securitytube.net

Testing

Distros

• http://backbox.org/

Metasploit

• http://www.metasploit.com/
  • http://www.metasploit.com/modules/
  • http://www.metasploit.com/development/
  • http://dev.metasploit.com/redmine/projects/framework/issues?set_filter=1&tracker_id=1

• http://en.wikipedia.org/wiki/Metasploit_Project
  • http://en.wikibooks.org/wiki/Metasploit

• http://fastandeasyhacking.com/
  • http://fastandeasyhacking.com/manual
  • http://fastandeasyhacking.com/start
  • http://wiki.backbox.org/index.php/Armitage

Other

• w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

Misc

• http://www.datagenetics.com/blog/september32012/index.html