Computer and Internet Security, Firewalls, Authentication, Policy

Advisories & Patches

CERIAS   - Center for Education and Research in Information Assurance and Security. University center for multidisciplinary research and education in areas of information security.

US-CERT   - Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.

Apache HTTP Server Vulnerability Lists - Lists of security problems fixed in released versions of the Apache HTTP Server.

AusCERT - Australian Computer Emergency Response Team. Advisories and tools.

Bugtraq - Independent source for security vulnerabilities, alerts, and threats.

CERT Coordination Center - Studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to improve site security.

Computer Incident Advisory Capability - CIAC publishes security bulletins and virus and hoax information. They provide computer security assistance to US Department of Energy (DOE) sites.

eVuln - Original source of responsible open source vulnerability research.

FrSIRT - Provides security advisories and real-time information about vulnerabilities, exploits, and threats. Sponsor of the Common Vulnerability Scoring System (CVSS).

ISS X-Force - Security alerts, advisories, and alert summaries from ISS.

Linux Security Group - Security Advisories, Anti Hackers, programming books and related links.

Makesecure.com - Network security news, alerts and updates

New Zealand Computer Emergency Readiness Team - Security Alerts and Advisories

Open Source Vulnerability Database - Searchable database of vulnerabilities. Offers data for download in XML format as well as via website. Details of how to submit new vulnerabilities, database schema and FAQ.

Oracle Security Center - Tips, tools, and technologies to keep Oracle products safe, secure, and patched.

Patch Management Forum - Mailing list facilitates networking and information exchange related to patch management: announcements, testing, verification, operations processes, and vulnerabilities.

PatchAdvisor - Fee based patch alert service.

PatchEasy - Software vendor for patch management.

Patchlink Corporation - Software vendor for cross platform patch management.

PatchManagement.org - Mailing list dedicated to the discussion of patch management.

SANS Internet Storm Center - Cooperative cyber threat monitor and alert system. Features daily handler diaries that summarize and analyze new threats and events.

Secunia - Provides security advisories and information about patches, and provides software for vulnerability management.

Secure Elements - Software vendor for IS technical control auditing, vulnerability management, and compliance. Provides advisories via XML and RSS, and fully supports OVAL and XCDDF XML standards for compliance and vulnerability functions.

St Benard - Software vendor for patch management of operating systems and applications.

Symantec DeepSight Threat Management System - Fee based security alert service that provides early warning of active attacks.

VulnWatch - Computer security vulnerability disclosure mailing list

Authentication

BioPassword - A software-based technology that learns and verifies unique typing patterns. Includes an introduction to biometrics and keyboard dynamics.

Dos and Don'ts of Client Authentication on the Web - Paper by Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster. In the Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August 2001. [PDF]

Finally Software - Enterprise security solutions based on PKI and Kerberos. Also offer a secure terminal emulator for connecting to Unix servers from Windows. Product information and downloadable evaluation software.

Flicks Software - Software password protects web content (Windows NT / 2000). Free trial downloads available.

iDEX Systems, Inc. - Java-powered iButton based personal identity management security services and digital certificate authentication for secure logon, secure messaging, and digital signatures.

IIS User Authentication Tutorial - Information on various methods for WWW password protection using Internet Information Server (IIS). Text-based tutorial with some screenshots.

iisPROTECT - Functions with Internet Information Server to secure web sites. Includes live demo.

Intertrust Technologies Corporation - Develops general purpose digital rights management platform which serves as foundation for providers of digital information, technology and commerce services to participate in a global system for digital commerce. (Nasdaq: ITRU).

I/O Software - Provider of software solutions, including biometric solutions. Site includes product descriptions and technology licensing terms.

M-Tech Information Technology, Inc. - ID-Synch, identity management software for managing user administration processes. Product information, customers, press releases and contact details.

NMA, Inc. - ZSentry two-factor authentication solution. Product information, white papers and contact details.

Open Systems Management - Password synchronization and role based access control across UNIX, Windows NT and resident applications. Site contains FAQs.

Password Management - Paper by M. Bishop, 1991. Discusses problems of password selection and password management, and identifies relevant techniques. [PDF]

Pluggable Authentication Modules - Sun's official PAM documentation. Programmer documentation and source code.

A Proactive Password Checker - Paper by M. Bishop, 1991. The author describes a technique, and a mechanism, to allow users to select passwords which to them are easy to remember but to others would be very difficult to guess. [Postscript]

Proginet Enterprise Software - Password synchronization, enterprise-wide access control management and managed file transfer software.

Remote User Authentication in Libraries - Comprehensive collection of resources for libraries and universities. Includes links to software and some links of interest to non-librarians.

RSA Security - Products include token-based one time password systems and single sign on systems. Site contains information on security.

SAFLINK - Offer a range of identity management solutions based on tokens, smartcards and biometrics. Headquarters in Bellevue, WA.

Secure Remote Passwords - Software integrates into existing networked applications. Secure telnet and FTP available. Open source. User and technical documentation as well as source code.

SecureUser.net - Providers of tools to e-commerce developers. Site includes a technology explanation and case studies.

Theory of Identification and Authentication - History and development of mechanisms and techniques.

Unisys - Makers of several related products. Site includes rationale as well as comprehensive usage information.

Vasco - Makers of both software and hardware systems. Demos, case studies and product information.

Biometrics

AMAG Technology, Inc. - Manufacturer of card and biometric access control systems, with distribution worldwide. Includes articles and descriptions of products.

Bioidentification - FAQ covering basic information, performance, implementation, and security.

Biometric Resource Center - Biomet.org brings together a diverse and comprehensive selection of biometric information. It provides an extensive web resource for biometric news, products, companies and analysis.

The Biometrics Catalog - A US-government sponsored database of information about biometric technologies including research and evaluation reports, news articles, vendors and consultants, government documents and legislative text.

Biometrics comes to life - "Fingers, hands, eyes, face, voice, all are in use and could relegate PIN-based security to history" (Orla O'Sullivan, senior editor/technology - ABA Banking Journal).

Exim21.com - Korean site offers biometric and proximity RFID system for access control and time attendance applications.

Glossary of Biometric Terms (1999) - Glossary compiled by the International Association for Biometrics (iAfB) and International Computer Security Association (ICSA)

Human Identification in Information Systems: Management Challenges and Public Policy Issues - Roger Clarke

Idex - Offers fingerprint recognition solutions. Includes a primer on biometric technologies.

International Biometric Group - Collection of technology reports, testing results and primers.

Technical Committee M1: biometrics standards - M1's members are engaged in the rapid development and approval of formal national and international generic biometric standards. Membership is open to all interested parties

Biometrics - Face Recognition

Evaluation of Face Recognition Algorithms - An online resource for face recognition researchers that provides a standard set of well known algorithms and experimental protocols with which novel algorithms can be compared.

Face Detection and Face Recognition - Face detection and recognition software project includes an online demo of the algorithm, links to free software libraries, and a list of existing facial databases.

Face Detection Homepage - For information and material on the task of detecting faces.

Face Recognition Homepage - Aims to provide scientists with the relevant information in the area of face recognition. It is intended to be an information pool for this community.

Facial Expression Resources on the Web - Links to resources for research on facial expressions.

Florida State University - Laboratory for Computational Vision - Research project about the geometrical representations of faces.

Libface Project - Aims at developing an open-source, cross-platform library implementing a variety of face recognition algorithms.

Biometrics - Fingerprint Recognition

Global Analytic Information Technology Services - Overview of fingerprint recognition technology.

Network Fingerprint Attendance Control - Offers a networked version of a fingerprint door access system that manages numerous access points.

OPTEL Fingerprint Creator    - Based on mathematical description of arrangement of dermatoglyphics and creation of minutiae. Has example pictures of minutiae points, demonstration program, and commentary on the production of synthetic images.

Antheus Technology - Agora - Extracts minutiae points and classifies prints into classes. Has ActiveX and DLL's available.

Biometrix - Recognition algorithm, developer tools. Has Windows login software, BioCheck search engine SDK for Win2K/XP, and other software.

Count Me In, LLC. - Time and attendance tracking and door access control software. [Windows]

Free Fingerprint Imaging Software - Has pattern classification, minutiae detection, Wavelet Scalar Quantization(WSQ) compression, ANSI/NIST-ITL 1-2000 reference implementation, baseline and lossless jpeg, image utilities, and math and neural net libraries. All source code in C. [LGPL/MPL]

Identix - BioEngine SDK - Toolkits and sample code provide verification (one-to-one) and identification (one-to-many) matching capabilities. Has image acquisition library, quality control library, processing library, search library, and demo applications.

Math Archives - WSQ - The FBI/Yale/Los Alamos Wavelet-packet Scalar Quantization compression algorithm, for Windows 3.1 or higher. He Ouyang and M. Victor Wickerhauser Washington University in St. Louis. Has Binary only freeware 'wsqwin.exe' and 'read.me' archived in zip format.

NIST - WSQ Image Compression Certification Guidelines - Provides technical document about the Wavelet Scale Quantization standard. Describes the processes and procedure for obtaining FBI certification of implementations for compliance with the specification.

NIST Fingerprint Image Software (NFIS) - Software designed to facilitate and support the automated manipulation and processing of fingerprint images. Includes a neural-network based pattern classification system, a minutiae detector, a reference implementation of the ANSI/NIST-ITL 1-2000, and general-purpose image utilities.

Biometrics - Iris Recognition

International Biometric Group - Iris recognition technology primer.

Iris Recognition - Information, resources, databases and links about the human iris as a biometric trait, including identification.

Cryptography

RSA Laboratories    - FAQ covering what cryptography is, explanations of terms, tools and techniques used, applications of cryptography and related laws.

ArticSoft - PGP-based file and email encryption and digital signature software.

Averina Software - Library for Authenticode signing and verification of executable files, drivers, catalogs and scripts.

Bloombase Technologies - Encryption for enterprise storage systems/databases, email and Service Oriented Architecture (SOA).

CipherActive - Designer of software that accelerates public key cryptography.

CopySafe - Software system for the protection of online website content. Plugin allows viewing of encrypted images on end-user system, while disallowing saving of images.

Cryptomathic - Encryption and authentication products including EMV card preparation systems.

Cryptzone - EAL2 and ITSEC E1 certified encryption of files, hard drives, USB memory sticks and email.

Data Encryption Information Center - A comprehensive site that guides ordinary users and students around the subject of data encryption.

DESlock+ - Transparent encryption of files, folders and emails with an optional USB token. Supports AES, 3DES and Blowfish algorithms.

Digital Security International - Backup tape drive encryption hardware. Product and company details, news and contact information.

Distributed Management Systems Ltd. - Manufacturer of user authentication tokens, including a CESG-certified version for UK Government use.

DISUK Limited - Supplier of data encryption devices for tape backup and archive drives.

DOMUS IT Security Laboratory - Accredited laboratory evaluates and certifies security and cryptographic products against Common Criteria, FIPS 140 and INTERAC (SPED).

Encryption Software Inc - Public key encryption add-ons for a selection of instant messenging programs. Also offer elliptic curve cryptography (ECC) libraries.

Encryption Wizard for Oracle - Offering data encryption software for the Oracle RDMBS. The Encryption Wizard can perform DES3 Encryption and obfuscation on a complete schema.

Ingrian Networks - Offers a security appliance that encrypts critical data in applications and databases.

MCSoft Security Solutions - Offers cryptography and wipe software.

Navastream - A leading provider of encryption devices for IP, ISDN, Email, and Cellular Communications, using Triple-DES and the newer AES standards.

Pate Williams' Implementations - Cryptographic algorithms in C, C++, Java and other programming language.

PMC Ciphers Inc. - Company offering "polymorphic cryptography" i.e. variant algorithms and potentially huge keys.

Pointsec Mobile Technologies - Develops and markets access-control and encryption systems for desktops, notebooks, PDAs and smartphones.

Red Iron - Software to encrypt credit card data between retail Point Of Sale, back-office and enterprise systems.

Sigaba - Secure e-mail, instant messaging and document transmission. Product details, news, customer portfolio, support options and contact information.

Utimaco Safeware AG - Supplier of disk, file and email encryption software, FIPS-certified hardware security modules and systems for lawful interception of telecommunications.

Voltage Security Inc. - Identity-based elliptic curve encryption for email, application data, laptops, removable storage devices and network shares.

Winzap - File, photo and email encryption software. Free demo download available.

xyzmo Software GmbH - Software to add digital signatures to electronic documents.

Cryptography - File Encryption

AWAY32 - Encryption with viewer and digital signature that keeps pictures, data, and text private.

ccrypt - Command-line file and stream encryption utility based on Rijndael, designed to replace crypt. Open source and GPL.

CHAOS' doors - CHAOS' doors can compress the files and folders before encrypting them, giving additional security to your information.

CipherPack - CipherPack compresses and enciphers files using industrial strength cryptographic techniques and then 'packs' them with the decompression and deciphering code. Use as a standalone utility or anti-piracy software.

CryptDecrypt - File and folder encryption utility supporting AES, GOST, 3DES, RC2, RC4 and Windows data protection API.

Cryptosystem ME6 - Provides ME6, a Windows program for the encrypting and decrypting multiple files in multiple folders using a proprietary cipher with a 500-bit symmetric key.

DRM Networks, LLC - Providing solutions for online digital rights management across multi-platform networks. Allows content owners to securely package digital files for distribution, by encrypting the content with a key.

Ecoded.com - Provides EC3, a free program using a proprietary cipher with key sizes ranging from 256 bit to 65536 bits.

Encryption Protection - Encryption Protection encrypts files, folders, and email using 128, 256, or 448 bit keys. Also includes file shredder. [Windows]

File Locker - Software that allows users to lock access to files on their system, also offer encryption and decryption of non-binary files. [Windows]

Innersafe - Enables existing software to use encrypted files, without sending decrypted data to disk. Supports AES, Twofish, HMAC, PBKDF2 and limited anti-keylogger.

Interfuse Technology - Automated encryption and decryption of Windows document files. Also provides Digital Rights Management.

Invisible Secrets - Encrypts and hides data, destroy Internet traces, shred files, make secure IP to IP password transfer and even lock any application on the computer.

KFileCoder - C++ open source Linux KDE file encryption utility with optional bzip or gzip compression, using the PC1 algorithm with 128-bit keys (one key per file in the archive).

Kremlin Encryption Suite - File encryption and deletion software with a choice of encryption algorithms and a royalty-free Software Development Kit to cryptographically-enable other programs.

LexiGuard - File protection software that supports most common encryption algorithms. Can generate own keys and certificates or import them from other PKI vendors. Includes emergency key recovery facilities. [Windows]

Mathematical Modeling, Inc. - Dynacrypt Version 2.0 allows you to encrypt files, directories, and words, sentences or text in files or word processors at maximum encryption strength.

MAXA Research Int'l Inc - Software for encryption, steganography, Word file cleaning, cookie cleaning etc., in German, English or Spanish.

Meganet Corporation - Offers data security solutions using proprietary encryption called Virtual Matrix Encryption. Products for laptop, desktop, and corporate privacy include VME2000, VMEmail, Fast Encryption Software Developer Kit and VME Secure web tools.

Nscrypt - File encryption utility, integrates with Windows explorer interface. [Windows, Freeware]

OmniSecure - Produces file level protection products for web servers and file servers using our patented Virtual Private Disk Technology.

The OTP Scrambler - An encryption utility based on the uncrackable one-time pad method. Its unique feature is the ability to generate large truly random keys from analog noise in the circuits of your sound card. Source included with registered copy.

PowerKey - Encryption toolkit designed to protect sensitive data. Features secure deletion (Wipe) option to avoid restoration of sensitive data. Product specifications, FAQs, and downloads.

PrivacyCrypt - Information and DLLs to assist the implementation of DES and RSA cryptographic subsystems.

RS-Computer - Disk Crypt encryption "on the fly" creates a virtual disk on your system (cryptdisk). (Keyfile) and a highly secure passphrase process.

SATA Hi-Tech Services - Biometric and autorun USB tokens for secure authentication and data encryption. Italian and English language site.

SecretAgent - File encryption utility, supporting cross-platform interoperability over a wide range of Windows and UNIX based systems.

SecureAction Research - Encryption software for Windows, encrypt files, e-mail text messages, sfx files, providing encryption from command line.

Softwinter - Offers tools for transparent encryption on Pocket PC and Windows based computers.

Wincry - Tool to password-protect and encrypt files and folders.

Cryptography -  Hard Disk Encryption

Abit SecureIDE - IDE hard drive encryption card uses DES with 40-bit key stored on a USB dongle.

Bosanova Inc. - Storage encryption hardware appliances which provide security for back-up data and integrated security solutions for any platform.

Clemens Fruhwirth - Project developing a hard disk encryption system using LUKS (Linux Unified Key Setup).

CrossCrypt - One of the few open source disk encryption systems. This system also supports mounting Linux encrypted disk images

CryptArchiver - A disk encryption system supporting a less conventional user interface, and means of managing encrypted disk images

CryptDisk.4h - It is a virtual disk based encryption tool that runs under Windows. CryptDisk.4h uses a file as virtual logic drive and mounts it as a real one.

Crypto CD - A comprehensive archive of cryptography programs. Includes a lot of filesystems. (Available on CD or their ftp site)

The CryptoGraphic Disk Driver - Short description of The CryptoGraphic Disk Driver (CGD) for NetBSD and a reference to the FREENIX paper written about it.

Cryptop - Laptop/workstation disk encryption software using USB tokens and intrusion detection/prevntion features, running on a virtual operating system.

CyProtect Disk Encryption - Polymorphic on-the-fly harddisk encryption developed by CyProtect AG. Easy to use and 100% secure. It is possible to encrypt your data on external (USB or Firewire) and internal harddisks.

Data Encryption Systems - Sells software protection devices, copy protection, license management and encryption technology and anti-piracy solutions.

dLock - Hard Disk encryption kit, the hardware solution for PC data security.

DriveCrypt - real time - hard disk encryption - 1344 Bit, Military strong, transparent real time Hard Disk encryption.

Encryption Plus Hard Disk - Delivers full hard disk encryption: automatic, on-the-fly data protection for your entire hard drive. Easy centralized administration for efficient corporate use.

FreeOTFE - Free "on-the-fly" transparent disk encryption program for both PCs and PDAs, allowing the creation of one or more encrypted "virtual disks". Offers extensive features and full source code.

GDI Technology, Inc. - Real-time hard drive encryption kits external TV box.

PGP - PGP products keep your confidential information secure.

PGPDisk v6.0.2i - As of version 6.5, PGPdisk is not longer included with the freeware versions. If you want PGPdisk 6.5 or later, you are required to buy one of the commercial versions. However, v6.0.2i is available here in both mac and pc versions.

Real-Time Hardware IDE/SATA encryption - Enova Technology specializes in developing,manufacturing and marketing real-time hard disk encryption chipset.

SafeBit - SafeBit features military strength on-the-fly AES encryption, by creating virtual disk drives, where you can hide files and folders.

SafeBoot Security System - Control Break provides encryption and security tools which are both secure, and easy to administer - designed primarily for the large enterprise, they also offer a range of consumer verisons.

Safeguard Data Encryption Software from Utimaco - Describes Utimaco data encryption software offerings for the U.S. market. Offerings include full hard disk encryption, LAN security, PDA Security, file encryption, email encryption, and hard disk partioning solutions.

SafeHouse Hard Drive Encryption - Transparent on-the-fly encryption of logical drives for Windows 3.1, 95, ME and 2000

ScramDisk - A hard drive encryption program that runs under Windows 95 & 98 and provides a number of high security ciphers including 3DES, Blowfish and IDEA.

Secure Drive 1.4 - Dos TSR program that can encrypt both floppy and hard disk partitions. Compatible with PGP 2.x keyfles. I have used this and it works great. Unfortunately it doesn't look like the programmer has made any enhancements to it for a while.

Secure FileSystem (SFS) for DOS/Windows - Create and manage a number of encrypted disk volumes. Runs under both DOS and Windows 9x. Not updated since '96

Secure Systems Limited - Supplier of Silicon Data Vault encryption device that connects into the IDE cable and requires a password at boot time to decrypt the hard drive. Uses 128-bit AES and is designed to meet FIPS 140-2.

Sentry 2020 for Windows XP/W2K/NT - The first security system that protects volumes, files, folders and programs quickly and easily

SpyProof! - Disk drive that automatically encrypts all data blocks written to it and then transparently decrypts them for any application, if logged in. Once logged out, the special disks are completely unreadable by unauthorized users and thieves.

Stonewood Flagstone - Supplier of encrypted hard drives from 30-120 Gb including FIPS 140-2 certified devices.

Tiasoft Security software - Encryption application that supports encrypted logical drives.

TrueCrypt - free open-source disk encryption - TrueCrypt can create a virtual encrypted disk within a file and mount it as a real disk. It can also encrypt an entire hard disk partition or storage device. Supports plausible deniability.

TurboCrypt - Creates encrypted disk drives which can be mounted at any time.

Cryptography -  PGP

International PGP Home Page  - PGP Resources outside of the U.S. and Canada. Serves as a PGP code and document repository for the PGP user community. It also keeps up-to-date PGP news, vulnerabilities, and hotfixes.

PGP Corporation  - Commercial PGP offerings for multiple platforms and applicaitons.

Diceware Passphrase - A way to choose a secure Passphrase for use with PGP.

DSJ Networks PGP Resources - A superior collection of PGP annotated resources and links to include books, tutorials, utilities, news, and articles.

IETF OpenPGP Working Group - Provides IETF standards for the algorithms and formats of PGP processed objects as well as providing the MIME framework for exchanging them via e-mail or other transport protocols.

Open PGP Alliance - The OpenPGP Alliance is a growing group of companies and other organizations that are implementers of the OpenPGP standard. The Alliance works to facilitate technical interoperability and marketing synergy between OpenPGP implementations.

PGP Digital Timestamping Service - Stamper is a free digital timestamping service which uses PGP and operates via Internet email.

PGP pathfinder and key statistics - Lookup the statistics of your PGP key. The pathfinder finds trust paths between your key and some other key in the PGP web of trust.

PGP Web-of-trust analysis - Statistics about the position of all keys within the web-of-trust. It calculates the MSD and the rank of the key over time.

PGP-Users Mailing List Home Page - Home page of the PGP-Users Mailing List and many good PGP related links.

Phil Zimmermann's Home Page - Phil Zimmermann is the original creator of PGP and a founder of PGP, Inc. This site offers historical PGP background and current resource links.

Robot CA - It signs PGP keys automatically. The point is only to verify the email address on the key, not to verify the identity of the email address's owner. Given a PGP key signed by a Robot CA, the user knows that the key really does belong to the email address on it.

Cryptography -  Steganography

Analyzing Steganogaphy Software - Review of 12 steganography products, both freeware and commercial. Covers strength and detectability of algorithms used.

Antiy Labs - Info Stego software is used for embedding files within other files and encrypting them with a 128 bit secure algorithm.

Concealogram - Steganographic tool for encrypting data in images. Product information, profiles of directors and contact details.

CryptoBola - Supports hiding data files in JPEG image files. FAQ, downloadable trial version and user tutorial.

Hermetic Stego - Supports hiding data files in one or more BMP image files. Usage instructions, pricing and downloadable evaluation copy. [Windows]

OutGuess - Freeware steganographic tools for hiding and detecting hidden data in PNM and JPEG image formats.

Reasonably Adequate Privacy - Steganography technique which uses the tendency of dried vegetable juices to become colored when heated as its base technology.

Safe Soft Corporation - CHAOS Universal tool allows the hiding of encrypted data in sound, image, and text files.

Stealth Encryption - Stealth Encryption software hides files in images. Encrypt email attachments or sensitive data. Protect digital art. Enter the contest. Free reader and images.

Steganography and Digital Watermarking - Collection of papers on data hiding and digital watermarking, including countermeasures.

Xidie - Offers multiple file steganography and encryption and secure file deletion. Product technical details and ordering information.

ACM Queue - Article discussing steganographic techniques and methods for detecting data hidden by them. (December 1, 2004)

Securityfocus - Article covering what Steganography is, its applications, tools available and possible approachs to detecting where it is being used. (April 9, 2003)

Firewalls

COAST Internet Firewalls Hotlist - A comprehensive list of firewall vendors, white papers, resources, and FAQs.

DShield - Distributed Intrusion Detection System collects firewall log excerpts from volunteers. The logs are aggregated and analyzed. Several reports are generated showing trends in attack sources and methods used.

FirewallSupport.com - Online support service specifically focused on firewall security. Information and resources to troubleshoot firewall problems.

The Freefire Project - Dedicated to Users, Admins and especially Developers of IT-Security Solutions (especially Firewalls) based on Free Software. It features a large Tool overview, some articles on IT-Security and Web Links to other resources.

Firewalls - FAQs, Help, and Tutorials

ISC Firewalls Mailing List  - For discussions of Internet firewall security systems and related issues. Also features searchable archives and digests.

Beginners Guide to Firewalls and Internet Security - This article is intended to provide some basic guidelines for securing your computer, and a better understanding of how some of these technologies work. It is intended primarily for users of high-speed Internet connections, but most of the article is applicable to dial-up Internet users also.

Cisco PIX Firewall - Practical Guide - Practical Cisco PIX guide based on hands-on experience with various PIX platforms and versions.

CPUG: The Check Point User Group - A group for Check Point Firewall-1 users and implementers. Contains the Check Point Wikipedia, discussion groups and other useful information.

The Firewall FAQ - Dartmouth College Institute for Security Technology Studies firewall FAQ and other information and research documents in related areas.

Firewall Tutorial - A fairly concise (< 4000 words) document for readers who want to know more about what firewalls do. Comprehensively covers main firewall concepts and technologies.

Firewall-net - Provides security and firewall comparisons, compare tools, configuration tips. Also includes a user forum.

Firewalls and Internet Security: Repelling the Wily Hacker - Web site for the book Firewalls and Internet Security: Repelling the Wily Hacker Second Edition by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin. Contains some sample sections and a link to the complete contents of the First Edition.

Home PC Firewall Guide - Features information on security, personal firewall software and Internet security appliances for dial-up and broadband-connected (xDSL and cable modem) home and SOHO computers. Also offers reviews of anti-virus and anti-Trojan products and software.

How Stuff Works: Internet Firewalls - An introductory explanation of how a firewall works and the various filtering methods used, with related links.

How-to setup an APF Firewall - A how-to that covers the basics and some advanced topics of installing and configuring the firewall, especially for CPanel users.

InfoSysSec: Firewall Security and the Internet - A portal for professionals, features links, FAQs, tutorials, product information, magazine articles and downloads.

Interhack.net: Firewalls Frequently Asked Questions - Features a background, basics, design, implementation issues, port and protocol issues. By Matt Curtin and Marcus Ranum. Documents are also available in Postscript and PDF.

Internet Protection and Security by Firewalls Paper - General overview of firewalls and their roles in mitigating various forms of network attacks. Includes case studies.

KnowPlace Firewalling - An overview of firewalls and security with particular reference to firewalling with Linux 2.4 and Netfilter/Iptables.

Korvan's Web - How to build an OpenBSD firewall for use with Australian broadband ISPs (Telstra and Optus, cable & ADSL).

Lenny Zeltser Firewall Discussions - Explores the use of various firewall techniques for protecting resources according to business requirements of multi-tier applications.

Linux Firewall and Proxy Server HOWTO - White paper outlining the basics of firewall systems and giving details on setting up both, a filtering and proxy firewall on a Linux based system.

Lowth.com - Linux security and related software articles and tools.

Network Security, Filters and Firewalls - This article is a general introduction to network security issues and solutions in the Internet; emphasis is placed on route filters and firewalls. It is intended as an overview. Some knowledge of IP networking is assumed, although not crucial.

Outpost Firewall - The Webhiker's Guide - Extensive guide to Outpost Firewall, with information for both inexperienced and expert users.

Packet filter (pf) mailing list - Mailing list for the pf firewall provided as part of the OpenBSD kernel.

Personal Firewalls - what they can do and what they can't - One author's detailed, non-technical article explaining personal firewalls, their abilities, uses, and li

"Personal Firewalls" are Mostly Snake-oil - The author explains his opinion that a personal firewall "provides no real additional security over turning off the services that you don't use".

Routing/Firewalls with Linux - A brief straightforward tutorial on creating a simple routing firewall using Linux and netfilter (iptables).

Samba Authenticated Gateway - This documents intends to show how to build a Firewall/Gateway with rules set on user basis having the users authenticated by a Samba Primary Domain Controller

Securepoint Firewall Archives - Searchable archives of the mailing list and forums on a range of different firewalls and related items.

SecurityDocs Firewall Reference - A collection of whitepapers and other documents on various aspects of firewalls such as what they are, how to choose one, and proper installation.

Shields Up: Personal Firewalls - Features FAQs, reviews, ratings, white papers, and tools to test Internet security and firewall vulnerabilities by Steve Gibson.

Solaris 2.6 Firewall Example Installation and Configuration - Details the procedure to configure a secure firewall on the Sun Solaris platform.

Vicomsoft Firewall Q&A - A whitepaper on relevant firewall questions and answers. The knowledge of this subject relates to firewalls in general use, and stems from NAT and proxy firewall technology experience. Welcomes feedback and comments from any readers on the usefulness or content.

Workable passive FTP connections through a firewall - A general article on enabling passive FTP connections through a firewall. Examples used in the article discuss the APF firewall and Pure-FTPD ftp server.

Firewalls - Products

Aker Security Solutions - Aker Firewall, a stateful packet filtering firewall for linux and FreeBSD. Integrages with Acker's Crypt server and client for VPN connections.

APF Firewall - A policy based iptables firewall system designed for ease of use and configuration. Includes information on the firewall, downloads and related articles and software.

Astaro: Integrated Perimiter Security Software - Astaro supplies integrated perimeter security software solutions that include firewall, VPN, virus, surf and spam.

Bastion-firewall project - A netfilter-based firewall configurable through config files. May be used as a normal firewall or as a firewall script generator. Integrated with the Snort inline IDS.

BizGuardian firewall - Customized FreeBSD based software solution to turn a Pentium class computer into a firewall. Uses a web browser based administration and a 'wizards' type setup. Available with or without a VPN option.

Bulwark Systems - Offers SecuraNET unified threat management solutions.

Cequrux Technologies BV - Provides firewalland VPN security software for internet, intranet and extranet applications.

Check Point FireWall-1 - ICSA certified Firewall-1. Operates on NT, Solaris, HP-UX, AIX, and RedHat Linux. Integrates with Check Point's VPN Gateway and RealSecure IDS products.

Chris Lowth Firewall and Filtering Tools - Open-source software for firewall and network traffic filtering including peer-to-peer applications.

Clavister security Products - Offers both software and appliance format firewall and VPN solutions as well as support and training..

Cyberix - Offers an integrated security system with filtering, detection and management capabilities.

Dolphinwall. The Dynamic Firewall - Installed in two configurations, firewall/central manager and peripheral firewall It includes stateful packet inspection, IDS, HTTP and SMTP proxies and antivirus capability. The firewall runs completely by CD-ROM and a USB pen-drive can be used for back-up of the configuration.

DoorStop - Macintosh based server-level and personal-user level software firewall, providing IP address based protection for TCP-based services.

Endian Firewall - A Linux based security distribution with web based management, statefull packet inspection, proxies, antivirus, antispam, content filtering and VPN.

Evidian NetWall - A manageable business-oriented firewall and VPN software solution to protect each IT zone according to its specific security requirements. DdMZ architecture allows tight control in compliance with overall business policy. Available overview, FAQs, Benefits, Whitepapers.

Falcon Firewall Project - UNIX/Linux open firewall project that intended to develop a free, secure and OS independent firewall system. Though discontinued the project site remains for historic reference.

Firestarter Linux Firewall - A graphical interfaced Open Source firewall for Linux.

The Firewall Toolkit (FWTK) - A set of proxies to build a firewall. Provides information and software on building free firewall and security solutions.

FREESCO - A small free firewall router intended as a replacement for more costly commercial products. The name stands for FREE ciSCO.

F/X Communications - Creator of firewall and internet dailer software for multiple operating systems.

Gateway Guardian - OEM Software and hardware for creating firewall and VPN appliances by Merilus. Includes a profile, product range, software downloads, and technical support.

Gibraltar Firewall - Debian/Linux based professional Firewall solution. Includes comfortable Webinterface and IPSec VPN.

IBM SecureWay Firewall - A mature product containing filtering, proxy, and circuit level gateway. Includes a Network Security Auditor, VPN IPSec support and disables unsafe applications, real-time performance statistics and log monitoring and central management capability. Available for MS Windows and AIX.

InfoExpress - Makers of the CyberArmor layered security architecture personal firewall. Includes a profile, product range, product specifications, news, and software downloads.

InJoy Firewall - All-in-one multi-platform Firewall with next-generation deep packet inspection technology. Includes IPSec VPN, Internet gateway (NAT), remote management, IDS, virus protection and PPPoE. Supports Windows, Linux and OS/2. Has a personal version.

InnerTek Software - Creators of the fBuilder firewall configuration utility for Linux. Includes services, product range, client intranet, screenshots, a profile, and forums.

Intoto Inc - iGateway Security solutions include ICSA certified Stateful Inspection Firewall integrated with NAT & ALGs, ICSA certified Virtual Private Network (VPN) and Network Intrusion Detection System (NIDS).

IP Filter - Free Linux TCP/IP packet filter, suitable for use in a firewall environment. Presently incorporated in FreeBSD, OpenBSD and NetBSD.

IPCop Firewall Addons - A collection of binary addons for IPCop Firewall as well as some relevant site references.

Isinglass-hzd - Linux-based firewalls and IsinGlass, is a script meant to make the average user's Linux machine more secure when connected to the Internet, for example, when dialing up via a local ISP.

Kerio Technologies UK Ltd. - Personal and corporate firewalls and secure mailserver solutions. Product details, customer references and on-line store.

LEAF - The Linux Embedded Appliance Firewall, an application based on iptables, with a number of optional modules including logging and intrusion detection.

LinuxMagic VPN Firewall - VPN FireWall, using the highest level of encryption, and industry standard IPSEC technology, ensures that no one can snoop your passwords or sensitive data, without paying the costs of expensive routers and dedicated networks.

Livermore Software Laboratores, Intl. - Providing the PORTUS products for over ten years with a perfect security record. Offers Gigabyte+ levels of performance, and is scalable from the smallest business to worldwide organizations.

LutelWall - Linux IPtables shell script written in bash for use as a stateful firewall and NAT/masquerade router for single or multiple subnets networks. It shares access to a internet connection from multiple workstations.

M0n0wall - A free embedded firewall software package based on FreeBSD.

NetBoz Firewall - Working over standard FreeBSD services, provides flexibility, ease of use and performance to corporate networks. NetBoz is a live CD and does not use a hard disk, while all the settings are stored on a write-protectable diskette, making it virtually inmune to intrusions and power failures.

NetBSD/i386 Firewall Project - Free firewall solution for people with a permanent Internet connection (e.g., xDSL or cable modem). Packet filtering firewall and NAT based on NetBSD.

The netfilter/iptables Project - Netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel that enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. This enable use as a firewall and router.

NetWolves - Provides a secure Internet gateway solution for LAN-to-Internet connectivity. Offers an ICSA-certified firewall and IPSec VPN with client VPN support and dynamic VPN routing as well as intelligent failover with high availability. Other filtering services are also available.

Neuberger & Hughes Easygate - EasyGate can serve as a complete internet solution with a built-in firewall, mailserver, webserver, proxyserver, nameserver, PPTP for teleworking and IPsec for encrypted network linking. The product also comes solely as a firewall and VPN solution, without any extras.

Novell BorderManager - ICSA certified firewall for Novell networks. Directory-based user access to intranet and Internet content.

Open Source Firewall for Windows - First open source firewall for windows. Includes binaries and sources code. For Windows 2000 and later.

pf -- Daniel Hartmeier's packet filter - Pf is a modern packet filter with NAT capabilities. It is used in OpenBSD.

pfSense - A free firewall based on Packet Filter (pf) and FreeBSD 6.

Phion Information Technologies - Security gateways designed to set new standards in security, connectivity and management flexibility in the enterprise security market. Netfence systems are not just security gateways but intelligent traffic managers providing exceptional connection intelligence.

PortsLock - Firewall that offers user-level access controls for Windows NT/2000/XP and Windows 2003 Server. It integrates with the Windows user authentication system.

Secure Computing - ICSA certified SecureZone and Sidewinder firewalls and application gateways. Embedded VPN capability. Integrates with Strikeback IDS product.

Securepoint Firewall Server - Securepoint Firewall Server free firewall system. The Securepoint Firewall Server is a high-performance, commercial-grade application designed to offer full protection for network assets.Also offerings in VPN, IDS and other entwork products.

Simple OpenBSD Firewall Interface - complete firewall solution for OpenBSD with many features, all of which are accessible through a web interface.

SINUS Firewall Page - Free TCP/IP packet filtering firewall for Linux. IP, TCP, UDP, ICMP and IGMP packet filtering. Dynamic rules including time-outs. Graphical management interface.

Smoothwall Limited - Corporate server, a linux based, stateful inspection software firewall. Plugin modules available to add VPN and web filtering functions. Customer case studies and option to buy online.

StoneGate High-Availability Firewall and VPN - An enterprise-class firewall with integrated VPN, high-availability and load-balancing. Load-balancing includes both connections and servers.

Sygate Enterprise - Host based, packet filtering firewall product.

TeamF1, Inc. Software - Provides software solutions in embedded network security and management on embedded OSes such as vxWorks. FireFly for vxWorks product implements a small footprint robust firewall for use in residential gateways and other internet appliances.

Trustix AS - Developers of the XSentry firewall and Trustix Secure Linux. Security science and research.

Vicomsoft Firewall and Internet Security Software - FAQs, White Papers, case studies and trial downloads of firewall and filtering software.

Winproxy by Ositis Software - Network Address Translation, firewall, and modem sharing. Runs on Windows NT/95/98. Recently purchased by Blue Coat.

Hackingv- Software Piracy

BSA Anti-Piracy Site - Software management facts and free audit tools. Sponsored by the Business Software Alliance.

FAST - Federation Against Software Theft, UK software industry group working alongside corporates who require advice and guidance to achieve a legally sustainable software environment.

SPA Anti-Piracy - A division of the Software and Information Industry Association, provides education and enforcement in dealing with software piracy. Online report forms, anti-piracy news, FAQ, copyright issues, policies, tools, seminars, and publications.

WarezFAQ - Articles and FAQ for alt.binaries.warez.ibm-pc. Also contains tutorials on posting and downloading files.

GameSpy.com Software Piracy Report - Three-part series by David Cuciz, interviews with enforcement agencies and a software pirate, world-wide statistics and the fight to bring software piracy under control. (June 9, 2000)

Hacking - Wardriving

Arizona War Driving And Wireless Security - Arizona Wardrivers Forum News and Events.

BC Wireless - Hardware, software and gear for wardriving.

Black Alchemy - Software for generating thousands of counterfeit 802.11b access points.

Fleeman Anderson & Bird Corp - Wireless antennas, amplifiers, coax, and wardriving accessories.

HD Communications Corp. - Offers equipment and kits for wardrivers including network cards, antennas and cables.

SDV W-lan - Mapped WarDriving results from BeNeLux, includes discussion forum.

Seattle Wireless - The who, what and why's of and about wardriving along with links for software and resources.

StumbVerter - Imports Netstumbler and converted Kismet logs, and generate AP location maps using MapPoint 2002 with map comparisons.

WarDrive.net - Offers information about Wardriving and Wireless Networking.

WarDrivers - Discussion forum about WarDrivers, software, hardware and wardriving techniques.

WarDriving Decals - Wardriver stickers for cars, laptops and folders.

Wardriving for Wireless Connections - Article from techtv about warchalkers and wardrivers who are part of a global guerrilla campaign to mark free, wireless access points.

wardriving is not a crime - Legal aspects of WarDriving, definition, resources and t-shirt.

Wardriving.com - Wardriving news hub with archives and links.

WarTyping.com - Site about interception of radio signals transmitted by wireless keyboards.

Warviewing - Look for and monitor 2.4GHz video signals.

Wi-Fi-AWACS Project - Project to develop a software suit for indoor and outdoor 3D location and tracking Wi-Fi nodes, using distributed, mobile, low density grid of heterogeneous sensors.

WiGLE.net - Wireless Geographic Logging Database. Worldwide database and mapping of hundreds of thousands of wireless networks.

Wireless Revolution - Colorado hotspot, group information and discussion board.

Wireless Warrior - Directory of wireless oriented resources.

Silicon.com - Article detailing how a hacker was sentenced to nine years in prison for illegally capturing financial details. He got into the company network via poorly secured wireless network discovered by wardriving. (December 16, 2004)

Wardriving: you can look, but don't touch - ZDNet AnchorDesk: Security Watch by Rob Vamosi (September 14, 2004)

Wi-Fi "wartrappers" nab drive-by hackers - Consultant KPMG is using a honeypot wireless LAN to lure wardrivers and measure the true level of this much-discussed security risk. (October 9, 2002)