Security and Privacy (CITS3231)

Computer Science & Software Engineering
Security and Privacy (CITS3231) - resources

Faculty Home | CSSE Home | csentry | CITS3231 | help3231

Security and Privacy (CITS3231) - Information resources

Selected readings:

It is anticiapted that you will be devoting 3-4 hours per week to these selected readings. Please keep up with your reading each week. It will be extremely difficult to read and reflect on each week's topics if you leave all of your reading until just before the final examination.

Readings will be added, each week, as the unit progresses.

All of these selected readings are available from public Internet sites and, for reasons respecting the rights of the Copyright holders, are not kept on the CSSE website. You, and other CITS3231 students, will benefit by setting your web-browser to use the UCS web proxy cache, as then only one student will actually have to download the original document from the external Internet.

Noteworthy security websites and information sources (review periodically):

The Australian Computer Emergency Response Team (AUSCERT).
The SANS Internet Storm Center.
The SANS InfoSec Reading Room.
The BugTraq online archives.
Counterpane - Internet Security.
Bruce Schneier's monthly Crypto-Gram newsletter.
Linux Security.
Packet Storm - "plan for the worst".
Security Focus.
The Slashdot news forum - News for Nerds. Stuff that matters.
Tom Dunigan's Security page (it's huge).
Stupid Security - exposing fake security since 2003.

Setting the scene:

Reflections of Trusting Trust, by Ken Thompson, from Communication of the ACM, Vol. 27, No. 8, August 1984, pp761-763.
Stalking the Wily Hacker, by Clifford Stoll, from Communications of the ACM, Vol. 31, No. 5, May 1988, pp484-497.
Why Cryptosystems Fail, by Ross Anderson.
SANS Top-20 2007 Security Risks, from the SANS Institute.

User authentication and password cracking:

Password Security: A Case History, by Robert Morris and Ken Thompson.
Password Security: Ten Years Later, by D. Feldmeier and P. Karn.
The Password Paradox: Insecure Security, by Eric Knight and Dr. Bruce V. Hartley.
The 1985 Standard for Password Usage, by the US National Institute of Standards and Technology (NIST).
The default password list.
Banking on Security - a first-hand account of social engineering.

Operating systems:

Users and Groups in Unix and Linux Systems, from the GNU libc programming reference.
Memory Models in Microsoft Operating Systems, by Prasad Dabak, Milind Borate, and Sandeep Phadk. An online chapter from the older book Undocumented Windows NT.
Integrating Flexible Support for Security Policies into the Linux Operating System, by Peter Loscocco & Stephen Smalley - "warning", lengthy but very detailed.

Introduction to network security, packet sniffing, port scanning:

Linux Networking-concepts HOWTO - by Rusty Russell, the very basics of how TCP/IP and the Internet work.
Sniffing (network wiretap, sniffer) FAQ, (very long but very interesting).
nmap - stealth port-scanner,
Project Purple - learn how to send arbitrary IP packets.
A practical approach for defeating Nmap OS-Fingerprinting.

TCP/IP vulnerabilities and attacks:

Security Problems in the TCP/IP Protocol Suite - by Steve Bellovin (1989, PDF).
Distributed Denial of Service (DDoS) Attacks/tools - extensive bibliography and analyses.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing - RFC2267.
The latest in denial of service attacks: "smurfing" description and information to minimize effects - by Craig A. Huegen.

Firewalls and packet-filtering:

The netfilter homepage,
many, easy to read iptables tutorials (near the bottom of the page),
Iptables Tutorial, by Oskar Andreasson (very long).
FAQ: Firewall Forensics (What am I seeing?), (very long but very interesting).

Security of wireless networking:

Seven Security Problems of 802.11 Wireless.
Dispelling the Myth of Wireless Security.
WiFi High Crimes, by Mark Rasch.
How Credit-Card Data Went Out Wireless Door, Biggest Known Theft Came from Retailer With Old, Weak Security - by Joseph Pereira.
The TJX Effect, Details of the largest breach of customer data are starting to come to light.
Wardriving and Warchalking.
Perth's free community wireless network, and
NodeDB.com - plotting WiFi access points on Google Maps.

Cryptographic building blocks:

WikiProject Cryptography (almost encyclopedic).
Chapter 1 of Network Security with OpenSSL (general, gentle introduction pp1-12).
The Cryptography FAQ (Basic Cryptology),
The Data Encryption Standard (DES) and its strength against attacks, by D. Coppersmith,
Has the RSA algorithm been compromised as a result of Bernstein's Paper? - RSA's response,
CryptoStuff Cryptography Tutorial,
Snake Oil Warning Signs: Encryption Software to Avoid,
The OpenSSL Command-Line HOWTO, by Paul Heinlien.
The Crypto Gardening Guide and Planting Tips, by Peter Gutmann (may be considered too theoretical for some).

Kerberos and the secure sockets layer (SSL):

Designing an authentication scheme: A dialogue in four scenes, Bill Bryant, MIT, 1988.
Kerberos: An Authentication Service for Computer Networks, IEEE Communications Magazine, 32(9), pp33-38, September 1994.
The Moron's Guide to Kerberos, by Brian Tung.
Netscape's Introduction to SSL,
The OpenSSL Project.
Chapter 1 of Network Security with OpenSSL (SSL material pp12-28).
The stunnel - the universal SSL wrapper.

Top of Page

CRICOS Provider Code: 00126G