Spring 2007

Clay Shields


front | classes | research | personal | contact

Information Assurance

Topics and Readings

back to class page
Topic
Garfinkel,
Spafford,
and Schwartz
Required
Related
Introduction to Information Assurance
1
Security Controls for Computer Systems
(through part B)

800-100 Information Security Handbook: A Guide for Managers (updated March, 2007)

Information Systems Security - A Comprehensive Model

National Information Systems Security (INFOSEC) Glossary

Beware the backhoe

Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security

Cryptography Overview
7

An Overview of Cryptography
Policy Issues and Risk Assessment
3
Georgetown University Computer Systems Acceptable Use Policy

Practical Threat Analysis and Risk Management

Attack trees

The SANS Security Policy Project

Building an Information Technology Security Awareness and Training Program

Physical and Personnel Security
8,9,18
Employment Background Checks Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks.

Notes on Picking Pin Tumbler Locks.

Identity and Authentication
4,5
Passwords

Password Security: A Case History

Password Security: A Case History [Alternate link]

Observing Reusable Password Choices

Passwords: The Weakest Link?

Biometrics

Impact of Artificial "Gummy" Fingers on Fingerprint Systems

Body Check: Biometric Access Protection Devices and their Programs Put to the Test

RFID

Cloning a Verichip

RFID

RFDump
Secure System Design and Implementation
16
Software Flaws

Smashing the Stack for Fun and Profit

Format String Attacks

Secure Programming

Secure programmer: Keep an eye on inputs

Secure Programming for Linux and Unix Howto

Protecting sensitive data in memory

Software Flaws


Common Vulnerabilites and Exposures

Secure Programming

Secure Programming.com (particularly their pages of links and articles).

Trusted Systems   Reflections on Trusting Trust

DoD 5200.28-STD TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA

 
Malicious Code
23
How to 0wn the Internet in Your Spare Time

Salami Fraud


Offensive Computing

The Underhanded C Contest

Audit and Integrity
20,21
   
TCP/IP Security
11, 12
TCP/IP tutorial (all four parts and appendix)

A Weakness in the 4.2BSD Unix TCP/IP Software

A Simple Active Attack against TCP


Wireless Security
 
Wireless Network Security: 802.11, Bluetooth, and Handheld Devices

Firewalls
 
Guidelines on Firewalls and Firewall Policy

Intrusion Detection
Intrusion Detection Systems (IDS)

Guide to Intrusion Detection and Prevention Systems (IDPS)(updated March 2007)

Insertion, Evasion, and Denial of Service

Intrusion Detection FAQ
Denial of Service
24
What do we mean by network denial of service?

Response to Attacks
22,25
Computer Security Incident Handling Guide

Guide to Integrating Forensic Techniques into Incident Response


Vulnerability Analysis
Guideline on Network Security Testing

Trust
26