Here are the slides for a presentation that I gave in 1999 titled The Zen of Information Security.

Here are the slides for a presentation that I gave in 2000, titled Securing a Linux Box: It's mine, and You Can't Use It., which was in turn based on another presentation that I gave in 1998. As such, a fair bit of this is somewhat dated.

Here are the slides from a presentation I gave in 2002, titled Network Security: A Quick Overview.

Here are some papers that I feel are significant.

Here are some programs that I find useful or generally neat:

• For MTAs I use qmail
• Another neat MTA is Postfix
• For an encrypted drop in replacement for the rsh series, I use OpenSSH
• If you run a major revision behind on Linux, you can use use Solar Designer's Secure-Linux patch.
• Also from Solar Designer we have nifty port scan detector.
• Solar Designer also has a good password cracker called John the Ripper.
• Solar Designer also wrote a great pop daemon called Popa3d.
• Solar Designer and the Openwall team pulled all this together, and actually made a linux distribution called Owl.
• Fydor wrote a port scanner that you can use to audit your machine. It is called nmap.
• If you occasionally find that you need to change a user's password, but you don't want it to be easily guessable, and you want the user to change it soon, consider random passwords. You can use rpasswd to generate all sorts of random passwords, including word based passphrases.

• CERT, an officialish computer security center. They try. Really hard.
• The HoneyNet Project

• Firewalls and Internet Security : Repelling the Wily Hacker by William R. Cheswick and Steven M. Bellovin
• Practical Unix and Internet Security by Simson Garfinkel and Gene Spafford

I highly suggest both of them.

Mail