Chapter 1: Network Security Axioms
Chapter 2: Security Policy and Operations Life Cycle
Chapter 3: Secure Networking Threats
Chapter 4: Network Security Technologies
Chapter 5: Device Hardening
Chapter 6: General Design Considerations
Chapter 7: Network Security Platform Options and Best Deployment Practices
Chapter 8: Common Application Design Considerations
Chapter 9: Identity Design Considerations
Chapter 10: IPsec VPN Design Considerations
Chapter 11: Supporting-Technology Design Considerations
Chapter 12: Designing Your Security System
Chapter 13: Edge Security Design
Chapter 14: Campus Security Design
Chapter 15: Teleworker Security Design
Chapter 16: Secure Network Management and Network Security Management
Chapter 17: Case Studies
Chapter 18: Conclusions
Find a bad link or one in the book I don't have here? Send me email at: sconvery@employees.org
Chapter 1: Network Security Axioms
CAIDA
Ptacek, Thomas H., and Timothy N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection.
Tippett, P. "Defense-In-Breadth." Information Security Magazine (February 2002).
Chapter 2: Security Policy and Operations Life Cycle
Analysts: Egghead's inquiry cost millions.
Fraser, B. RFC 2196, Site Security Handbook.
Guel, Michele D. A Short Primer for Developing Security Policies.
Hackers break in N.Y. Times Web site.
Insecure.org.
Moore, A., R. Ellison, and R. Linger. Attack Modeling for Information Security and Survivability. Technical note CMU/SEI-2001-TN-001.
Nessus Vulnerability Scanner.
Packetstorm Security.
SecurityFocus.
Chapter 3: Secure Networking Threats
Aleph One. Smashing the Stack for Fun and Profit.
Back Orifice 2000.
CAIDA Code Red Analysis.
CERT Code Red Advisory.
CERT Melissa Advisory.
CERT Nimda Advisory.
Chkrootkit.
Computer Emergency Response Team.
Cross-Site Scripting FAQ.
Dave Dittrich's Distributed Denial of Service site.
DC Phone Home. -link dead?
dsniff.
Ethereal.
Ettercap.
Fragroute.
Fyodor. Remote OS Detection via TCP/IP Stack FingerPrinting.
Google.
Howard, John D. An Analysis of Security Incidents on the Internet, 1989-1995.
Hping.
John the Ripper Password Cracker.
LC4.
Libnet.
Nessus.
Netcat.
Netstumbler.
Nmap.
Paketto Keiretsu.
Ptacek, Thomas H., and Timothy N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection.
Slashdot.
STRIP. - Link Updated Since Book Publish
War driving.
World Wide Web Security FAQ.
Chapter 4: Network Security Technologies
Computer Security Issues and Trends, CSI 2002.
Ellison, C., and B. Schneier. Ten Risks of PKI.
halflife. Bypassing Integrity Checking Systems. Phrack Issue 51
Hogwash. - Site no longer being maintained
Yan, Jeff. A Note on Proactive Password Checking.
Chapter 5: Device Hardening
Apache HTTP Server Project. Security Tips: Apache HTTP Server Security.
APTools.
Brett and Variable K. "Building Bastion Routers Using Cisco IOS." Phrack Magazine 9, no. 55 (September 1999), 10 of 19.
Cisco Systems, Inc. AutoSecure.
Cisco Systems, Inc. Cisco PIX Firewall System Log Messages.
Cisco Systems, Inc. Configuring Secure Shell.
Cisco Systems, Inc. Configuring SNMP Support.
Cisco Systems, Inc. Improving Security on Cisco Routers.
Cisco Systems, Inc. Logging System Messages.
Cisco Systems, Inc. Quick Start Guide for Cisco Intrustion Detection System Version 4.0.
Cisco Systems, Inc. SC: Part I: Authentication, Authorization, and Accounting (AAA).
Free BSD, FreeBSD Security How-To.
Microsoft. Microsoft TechNet Security Guides. - Link Updated Since Book Publish
National Security Agency Security Recommendation Guides. Cisco Router Guides. - Link Updated Since Book Publish
Securing Debian Manual. - Link Updated Since Book Publish
Sun Microsystems. Sun Blueprints Program and Sun Blueprints Online Magazine.
Thomas, R. Secure BIND Template.
Chapter 6: General Design Considerations
Arkin, O. ICMP Usage in Scanning.
arpwatch.
Baker, F., and R. Atkinson. RFC 2082, RIP-2 MD5 Authentication.
Cisco ACL Fragmentation Issues.
Cisco Documentation: ARP Inspection.
Cisco Documentation: DHCP Snooping.
Cisco Documentation: PIX Static Command.
Cisco Documentation: Port Security.
Cisco Documentation: Private VLANs.
Cisco Documentation: TCP Intercept.
Cisco Documentation: Unicast RPF.
Convery, S. Hacking Layer 2: Fun with Ethernet Switches.
DHCP DoS.
dsniff.
Ferguson, P., and D. Senie. RFC 2827, Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing.
Greene, B., C. Morrow, and B. Gemberling. ISP Security—Real World Techniques.
Heffernan, A. RFC 2385, Protection of BGP Sessions via the TCP MD5 Signature Option.
IANA IPv4 Address Allocation.
Kuhn, M. and R. Anderson. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations.
Kuhn, Markus G. Optical Time-Domain Eavesdropping Risks of CRT Displays.
Malkin, G. RFC 1723, RIP Version 2 Carrying Additional Information.
Morrow, C., and B. Gemberling. Backscatter DDoS Traceback.
Morrow, C., and B. Gemberling. Enabling Black Hole Filtering for Customers.
Moy, J. RFC 2328, OSPF Version 2.
Neil Jr. Spy Agency Taps into Undersea Cable. Wall Street Journal.
Ping of Death.
Portable Keystroke Logger.
Rekhter, Y., B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear. RFC 1918, Address Allocation for Private Internets.
SYN Cookies.
Taylor, David. Are There Vulnerabilities in VLAN Implementations?
Thomas, Rob. Bogon List.
Thomas, Rob. ICMP Filtering Guidelines.
VLAN 1 Considerations.
van Eck, Wim. Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?
Chapter 7: Network Security Platform Options and Best Deployment Practices
No URLs in references
Chapter 8: Common Application Design Considerations
BIND.
Klensin, J. RFC 2821. Simple Mail Transfer Protocol.
Cricket. Securing an Internet Name Server.
Men and Mice. DNS Single Point of Failure Research.
Thomas, Rob. Secure BIND Template.
Wunsch, Scott. Chroot-BIND HOWTO.
Chapter 9: Identity Design Considerations
Aboba, Simon. RFC 2716, PPP EAP TLS Authentication Protocol.
Palekar, A., D. Simon, G. Zorn, J. Salowey, H. Zhou, S. Josefsson. Protected EAP Protocol (PEAP) Version 2.
Blunk, Vollbrecht. RFC 2284, PPP Extensible Authentication Protocol.
Cisco Documentation: Configuring 802.1x Port-Based Authentication.
Deploying Cisco Secure ACS for Windows in a Cisco Aironet Environment.
Dierks, Allen. RFC 2246, The TLS Protocol Version 1.0.
Guidelines for Placing ACS in the Network.
Haller, Metz. RFC 1938, A One-Time Password System.
IEEE 802.1x Standard, Port-Based Network Access Control. 2001.
Mishra, A., W. Arbaugh. An Initial Security Analysis of the IEEE 802.1x Standard.
Open Source Implementation of IEEE 802.1x.
Chapter 10: IPsec VPN Design Considerations
Cisco Documentation: Dynamic Multipoint VPN (DMVPN).
Cisco Documentation: EIGRP Stub.
Cisco TAC Guide: IP Fragmentation and PMTUD.
Cisco Documentation: IPsec VPN High Availability Enhancements.
DES Challenge III, RSA Security.
FIPS 46-2, Data Encryption Standard.
FIPS 46-3, DES (Including 3DES).
FIPS 197, Advanced Encryption Standard (AES).
FIPS 180-1, Secure Hash Standard.
Halpern, J., and M. Sullenberger. Deploying and Managing Enterprise IPsec VPNs. Networkers (2002).
Hanks, S., T. Li, D. Farinacci, D. Meyer, and P. Traina. RFC 2784, Generic Routing Encapsulation.
Harkins, D., and D. Carrel. RFC 2409, The Internet Key Exchange (IKE).
Krawczyk, H. SKEME: A Versatile Secure Key Exchange Mechanism for Internet.
Kent, S., and R. Atkinson. RFC 2401, Security Architecture for IP.
Kent, S., and R. Atkinson. RFC 2402, IP Authentication Header.
Kent, S., and R. Atkinson. RFC 2406, IP Encapsulating Security Payload (ESP).
Orman, H. RFC 2412, The Oakley Key Determination Protocol.
Perkins, C. RFC 2003, IP Encapsulation within IP.
Piper, D. RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP.
Rivest, R. RFC 1321, The MD5 Message-Digest Algorithm.
Chapter 11: Supporting-Technology Design Considerations
AirSnort.
APTools.
Arbaugh, W., N. Shankar, and J. Wang. Your 802.11 Wireless Network Has No Clothes.
Arkin, O. The Cisco IP Phones Compromise.
Arkin, O. Security Risk Factors with IP Telephony Based Networks.
Borisov, N., I. Goldber, and D. Wagner. Security of the WEP Algorithm.
Cisco Documentation: WLAN Auto Initiate VPN.
Flickenger, R. Antenna on the Cheap (er, Chip).
Fluhrer, S., I. Mantin, and A. Shamir. Weaknesses in the Key Scheduling Algorithm of RC4.
Halpern, J. SAFE: IP Telephony Security in Depth.
NetStumbler.
Voice over Misconfigured Internet Telephones (VOMIT).
Chapter 12: Designing Your Security System
No URLs in references
Chapter 13: Edge Security Design
Automotive Network Exchange.
Convery, S., and B. Trudel. SAFE: A Security Blueprint for Enterprise Networks.
Convery, S., and R. Saville. SAFE: Extending the Security Blueprint to Small, Midsize,and Remote-User Networks.
Chapter 14: Campus Security Design
Convery, S., and B. Trudel. SAFE: A Security Blueprint for Enterprise Networks.
Convery, S., and R. Saville. SAFE: Extending the Security Blueprint to Small, Midsize,and Remote-User Networks.
Chapter 15: Teleworker Security Design
Convery, S., and R. Saville. SAFE: Extending the Security Blueprint to Small, Midsize,and Remote-User Networks.
Chapter 16: Secure Network Management and Network Security Management
Arbor Networks.
Cflowd. CAIDA.
Cisco Documentation: NetFlow.
Cisco Documentation: SNMP Configuration.
IETF Operations and Management Area.
Kiwi Syslog.
Lonvick, C. RFC 3164, The BSD Syslog Protocol.
Moore, D., V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, The Spread of the Sapphire/Slammer Worm.
Sollins, K. RFC 1350, The TFTP Protocol (Revision 2).
Chapter 17: Case Studies
Sun Microsystems Sun Ray Thin Clients. - Link changed since book publication.
Chapter 18: Conclusions
No URLs in references