Top: Publications: Papers

Intrusion_Detection

• Automated event log management for PCI DSS compliance
  This white paper highlights why organizations need to implement event log auditing as an integral part of their security policy to meet industry standards such as the Payment Card Industry Data Security Standard (PCI DSS).
  
• Automating vulnerability management for PCI DSS compliance
  This white paper identifies the problems encountered in addressing network security risks through vulnerability management. It describes how automated vulnerability management contributes to compliance with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS) and assists you in proactively identifying security weaknesses before these are exploited.
  
• A Simple Active Attack Against TCP
  Joncheray, Laurent; 1995; GZip'd Postscript; 90k ``This paper describes an active attack against TCP which allows re-direction (hijacking) of the TCP stream.
  
• A Unix Network Protocol Security Study: NIS
  Hess, Safford, & Pooch; date unknown; GZip'd Postscipt; 20k ``Outlines NIS and its design faults regarding security.
  
• A Weakness in the 4.2BSD Unix TCP/IP Software
  Morris, Robert T; 1985; GZip'd Postscript; 10k ``This paper describes the much ballyhooed method by which one may forge packets with TCP/IP. Morris wrote this in 1985. It only took the media 10 years to make a stink about it!
  
• An Advanced 4.3BSD IPC Tutorial
  Berkeley CSRG; date unknown; GZip'd Postscript; 60k ``This paper describes the IPC facilities new to 4.3BSD. It was written by the CSRG as a supplement to the manpages.
  
• An Evening with Berferd
  Cheswick, Bill; 1991; GZip'd Postscript; 32k ``A cracker from the Netherlands is "lured, endured, and studied."
  
• COPS and Robbers
  Farmer, Dan; 1991; ASCII Text ``This paper discusses a bit of general security and then goes into detail regarding Unix system misconfigurations, specifically ones that COPS checks for
  
• Covering Your Tracks
  Phrack Vol. 4, Issue #43; GZip'd Postscript; 16k ``A Phrack article describing the unix system logs and how it is possible to reduce the footprint and visibility of unauthorized access.
  
• Cracking Shadowed Password Files
  Phrack Vol. 5 Issue #46 GZip'd Postscript; 19k ``A Phrack article describing how to use the system call password function to bypass the shadow password file.
  

[ 1 2 3 4 ]