Computer Networking Resources
The following are useful online resources about data communications and computer networks. Also see my Study Guide for a list of textbooks (including free ones). Aspects of network security are not covered here; instead see my list Security Resources.
News and General Resources
Terminology and Notation
As with many technical topics, there are many terms, abbreviations, acronyms and mathematical notations used when discussing computer security. The following attempt to provide definitions of security terms. Unfortunately there is often conflicts in definitions and usage, so there is no one primary list of definitions.
Alerts
As vulnerabilities are found in security technology, including software and algorithms, it is important to inform the developers and users of those technologies so that they can apply fixes. There are numerous companies and organisations that issues and maintain lists of security alerts and vulnerabilities. A common name is Computer Emergency Response/Readiness Team (CERT). Others are less formal and usually alerts are made via mailling lists. In addition to those listed below, many companies have their own lists/announcements.
- CERT, the original team from Carnegie Mellon University
- US-CERT, official US government CERT
- NVD: National Vulnerability Database provided by NIST.
- CVE. Database of Common Vulnerabilities and Exposures by MITRE Corporation, an official US government project.
- BugTraq is a mailling list with many vulnerability announcements.
- Full Disclosure is another mailling list with security vulnerability announcements.
Organisations
Standards Organisations
- ITU. Standardise telecommunication systems, ranging from traditional public switched telephone networks (e.g. landlines) to data networks (e.g. ISDN) to multimedia systems (e.g. H.323).
- IETF. Produce standards and guidelines on Internet protocols, including IP, TCP, routing protocols, multimedia protocols and many formats.
- IEEE Standards Association produces electronic and communications standards, including IEEE 802 series for LANs and MANs.
- ISO (often jointly with IEC and/or ITU) create standards for information and communication systems. A key contribution is the OSI 7-layer reference model.
- W3C. Produces freely available standards for web applications such as HTML, XML, URL, PNG, etc.
Internet Governance
- Several related organisations focus on technical activities on the Internet operation: IAB, IETF, IRTF, ISOC, IANA
- IP addresses are allocated by IANA, which delegates to regional Network Information Centres, e.g. APNIC, ARIN, which in turn delegate to country level NICs, e.g. THNIC.
- Naming, e.g. domain names, is an important part of the Internet run by ICANN
- IAB
- ICANN, also runs IANA
Government
Regulator authorities play an important part in determining how communication technologies can be used inside countries, especially how electromagnetic spectrum is shared between different applications/users.
- FCC regulates communications in the US.
- NBTC regulates communications in the Thailand. (Previously known as NTC)
Professional Organisations
Companies
A selection of high-profile companies in telecommunications and computer networking
Thailand
Companies, government departments and groups in Thailand that are related to computer and network security.
- Thailand Computer Emergency Response Team (ThaiCert)
- Thai Information Security Assocation (TISA)
- Electronic Transactions Development Agency (ETDA)
- Electronic Government Agency (EGA)
- ACIS, security certification and training in Thailand
People
There are many security researchers and professionals that have blogs and homepages, and/or are active on social networks (e.g. Google+, Twitter). Searching for "security blog" or "network security" will often lead you to popular security people. Here I list just a small selection of "famous" people that provide some interesting information on all aspects of computer and network security.
- Ross Anderson, Professor Security Engineering at the Computer Laboratory, University of Cambridge. Includes many links and articles about his and others research on a wide variety of security topics. See also his book, which is available for free.
- Bruce Schneier, an author, researcher and commentator of network security. His blog provides commentary on technical, political and legal aspects of security.
- Steve Gibson, of Gibson Research Corporation, has developed many software applications for security tasks. He, with Leo Laporte, has a weekly podcast (plus transcripts) called Security Now.
- Daniel J. Bernstein, a mathematics, computer science and cryptography researcher. Provides links and articles on secure software and algorithms he has developed, related cryptography research, as well as legal and political issues.
- Brian Krebs, a journalist who reports and blogs on computer security. His articles provide information on and links to major security attacks.
Courses
Books
Firstly, see the security textbooks in my study guide (including some free online books). Other, often more specialised online security books include:
Software
A very small selection of security-related software. Focus is on software used or demonstrated in my courses, which tends to be Linux and/or open-source software.
- OpenSSL is a library (and command line application) that implements many cryptographic algorithms.
- GnuPG implements mainly public key cryptography operations (although symmetric encryption is also supported).
- TrueCrypt is open source disk encryption software.
- John the Ripper, a password cracker.
- CrypTool. Free software for apply many encryption algorithms (classical, symmetric, public key) and analysing (breaking) ciphertexts. There are different variants of the software that run on different operating systems and online. It is designed to be educational, showing steps of ciphers and attacks.
- hashcat is a fast password cracker that supports running on GPUs.
By Topic
Performance and Benchmarking
- eBACS: ECRYPT Benchmarking of Cryptographic Systems. Presents benchmarks when using different hash, public key and stream algorithms running on a variety of hardware.
- GPU Speed Estimations by Ivan Golubev gives estimates of the speeds (in particular with respect to hashing and encryption) of many GPUs.
- See also: Hashcat
Encryption Algorithms
Hash Algorithms
Attacks
- Digital Attack Map is a live visualisation of DDoS attacks across the world. DDoS data comes from Arbor Networks.
- Acoustic Cryptanalysis of RSA uses a microphone to listen to a laptop computer, and from the different sounds heard when that computer is decrypting a chosen ciphertext, determines the private key used in the decryption. It is a very well-explained and interesting example of a side-channel attack. The FAQ gives a summary of the attack, while the 60+ page paper has the details (despite being long, the first few sections are quite clear and worth reading for most technical readers). I have a lecture trying to summarize the attack, with slides and YouTube screencast available.
- See also: Alerts
Random Numbers
- Ensuring Randomness with Linux's Random Number Generator is an article by Nick Sullivan that explains how the Linux kernel random number generator works, and how the output is accessed by /dev/random and /dev/urandom. It is quite long, but is a good explanation of how the Linux kernel uses different sources to generate random numbers.
- An example of how writing software that uses secure algorithms, but in an incorrect manner, can lead to security vulnerabilities and attacks. In this case, Android applications that use a Java library of cryptographic functions (the Java Cryptography Architecture), which in turn uses the OpenSSL Pseudo Random Number Generator (PRNG), were vulnerable to attacks because the PRNG was not initialised (seeded) correctly. A brief explanation of and fix for the problem by an Android developer. This implementation flaw meant that, for example, electronic wallets in Android had a serious security vulnerability: they could be easily stolen. Some popular Android apps that stored Bitcoins were vulnerable. (14 Aug 2013)
-
IntelĀ® Digital Random Number Generator (DRNG) Software Implementation Guide. Recent Intel CPUs offer a RDRAND operation which provides a very fast (compared to software) implemention of a random number generator. It uses the concept of using a true random number generator to create a seed as input to a cryptographically secure pseudo random number generator.
Media Sanitization
Deleting data and destructing media.
- NIST Special Publication 800-88 DRAFT Guidelines for Media Sanitization (). Techniques for deleting electronic data so that it is very hard to recover, as well as destroying media (including paper, USB drives, hard disks). Gives recommendations depending on the level of sanitization, such as just clearing the data or full destruction. Check the list of Special Publications by the NIST Computer Security Research Center to see if there is an updated version.
- hdparm is open source software for getting and setting parameters of ATA/SATA hard drives. Works in Linux and Windows and can apply ATA commands to sanitize hard disks. Possibly already installed in popular Linux distributions like Ubuntu.
- NSA Media Destruction Guidance. Lists NSA approved products for destroying paper, optical media, tape (degaussers) and hard drives.
Letter Frequency
Return to: Course List | Steven Gordon's Home | SIIT