This article describes how recent research has found "tamper resistant" technologies to be found wanting. "Smart cards" may claim to provide security; they are really only secure against people that have no technical abilities. Some of the most secure commercial "anti-tampering" technologies can fall prey to attacks that require only sorts of equipment that are commercially (and cheaply) available.
The article further examines what public information is available on the technologies used to protect nuclear weapons from tampering; evidence suggests that in order to protect such devices from tampering fundamentally requires armed guards and extremely serious physical protection.
The conclusion is that commercially available tamper-resistent systems really only resist tampering and reverse engineering done by unknowledgeable attackers.
This paper presents a checklist for converting a default Windows NT installation to a bastion host.
A bastion host is a computer system that is exposed to attack, and may be a critical component in a network security system. Special attention must be paid to these highly fortified hosts, both during initial construction and ongoing operation. Bastion hosts can include Firewall gateways, Web servers, FTP servers, Name servers (DNS), Mail hubs and Victim hosts (sacrificial lambs).
Unfortunately, turning the host into a "bastion" results in making the system "inoperable from a management perspective." Once secured, standard tools (e.g. SMS) may no longer be used to manage the system...
An introduction to the security model known as capabilities.
An attempt to unify cryptography, object programming, and capability-based operating system research to provide a secure way of managing financial transactions.
A site focusing on the use of firewalls; a lot of likely-useful links.
Including an essay on Secure Deletion of Data from Magnetic and Solid-State Memory
NTLM (NT / Lan Manager) Authentication is a scheme created by Microsoft that is quite commonly used to set up authentication used to get through NT firewalls.
This site lists ports and services commonly used for attacks. Could be useful in trying to diagnose what's going on in a port-scanning attack...
As for the notion that open source's usefulness to opponents outweighs the advantages to users, that argument flies in the face of one of the most important principles in security: A secret that cannot be readily changed should be regarded as a vulnerability.
|-- Whitfield Diffie|
In the new infosec paradigm, the attacker can be anywhere. To defeat him, you'll have to change your thinking--and your tactics.
A "lockpick" suitable for opening cheap padlocks built out of an electric toothflosser.
Here is a fairly typical example of how to use hashing so that the passwords you store in your applications are not vulnerable to capture in plain text form.
This represents a large list of default passwords for various hardware and software systems. It can be used either for good or for evil.
A "pranky" approach to people trying to steal your bandwidth; the idea is to give such folks a really strangely filtered view of the Internet, notably involving intercepting HTTP requests and redrawing graphics backwards
Could be used for evil or for good.
Assists tracking your mobile device, should it go astray.