Spring 2006

Clay Shields


front | classes | research | personal | contact

Information Assurance

Topics and Readings

back to class page
--->
Topic
Garfinkel,
Spafford,
and Schwartz
Required
Related
Introduction to Information Assurance
1
Security Controls for Computer Systems
(through part B)

Cryptography Overview
7

An Overview of Cryptography
Policy Issues and Risk Assessment
3
Georgetown University Computer Systems Acceptable Use Policy

Practical Threat Analysis and Risk Management

Attack trees

The SANS Security Policy Project

Building an Information Technology Security Awareness and Training Program

Physical and Personnel Security
8,9
Employment Background Checks Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks.

Notes on Picking Pin Tumbler Locks.

Identity and Authentication
4,5
Passwords

Password Security: A Case History

Observing Reusable Password Choices

Passwords: The Weakest Link?

Biometrics

Impact of Artificial "Gummy" Fingers on Fingerprint Systems

Body Check: Biometric Access Protection Devices and their Programs Put to the Test

RFID

Cloning a Verichip

RFID

RFDump
Secure System Design and Implementation
16
Software Flaws

Smashing the Stack for Fun and Profit

Format String Attacks

Secure Programming

Secure Programming for Linux and Unix Howto

Protecting sensitive data in memory

Protecting Passwords part 1, part 2

Preventing buffer overflows

Software Flaws


Common Vulnerabilites and Exposures

Secure Programming

Secure Programming.com (particularly their pages of links and articles).

Malicious Code
23
How to 0wn the Internet in Your Spare Time

Reflections on Trusting Trust
The Worm Information Center

Salami Fraud

Audit, Integrity, and Forensics
20,21


TCP/IP Security
11, 12
A Weakness in the 4.2BSD Unix TCP/IP Software

A Simple Active Attack against TCP

Wireless Security
 
Wireless Network Security: 802.11, Bluetooth, and Handheld Devices

Firewalls
 
Guidelines on Firewalls and Firewall Policy

Intrusion Detection
Intrusion Detection Systems (IDS)

Insertion, Evasion, and Denial of Service

Intrusion Detection FAQ
Denial of Service
24
What do we mean by network denial of service?

Response to Attacks
22,25


Vulnerability Analysis
Guideline on Network Security Testing

Trust
26