Home · Research · Essays · Link Farm · Podcast · Curriculum Vitæ · Impressum
Picture of Stephan Neuhaus

I work in computer security. In research, I use experimental methods to analyze security incidents and analyzing version archives to find and predict vulnerabilities. In my company, I help companies assess, manage, and mitigate risks that come from operating an IT infrastructure. You can also hire me as a freelance security consultant.

Link Farm

This page contains interesting links about computer security. Due to the large amount of work involved in keeping a bilingual page up to date, this link farm is presented only in English. We apologize for the inconvenience.

Notes

About the typography: I frequently add my own opinions to the contents of this page. In order to make it easy for you to distinguish between fact and opinion, I'm marking my own opinions like this.

All lists should be alphabetically sorted. The project list is sorted according to project name, not according to the name of the main contributor.

Maintaining a link farm is difficult, because some pages tend to move often. (I find that the better ones don't. Interesting...) If you find that a page that you tried to reach from a link on this page is no longer reachable, please drop me a note.

People

This list contains links to the respective people's homepages.

Mailing Lists

A good overview of security-related mailing lists, with archives, is available from the Virus.org list archives.

  • For cryptography, I recommend the cryptography mailing list.
  • Dan Bernstein (see People above) maintains a low-volume (and therefore affordable) mailing list called securesoftware about vulnerabilities in software that is supposed to be secure.

Projects

  • Peter Gutmann's cryptlib, a security toolkit containing all manner of cryptographic algorithms. What makes this library special is that it didn't just grow, like many other libraries that are just collections of functions, but was actually designed. One consequence is that it is difficult to use the API in an insecure manner, which is a nice change from the usuall stuff.
  • The djbdns suite of programs and daemons is a replacement for BIND, a DNS server and resolver suite. It comes with essentially the same security guarantee as qmail. BIND has been riddled with security holes in the past. Only time can tell whether djbdns is better, but things look pretty good.
  • The OpenWall Project, which provides, among other things, security patches for the Linux kernel, making the stack non-executable.
  • Postfix MTA is a drop-in replacement for sendmail. Sendmail is finally showing its age. It seems that it just isn't possible to patch the last security hole in sendmail. Postfix is vastly easier to administrate than sendmail and has never had any security holes.
  • qmail MTA is also an MTA that can be used to replace sendmail. This mailer was designed to be fast and secure and even comes with its own security guarantee.
  • The NSA's Security-Enhanced Linux (SELinux) project provides mandatory access controls.

How-Tos

This section contains links to how-to pages that give security best practices.

Programming

Books

The links take you directly to the corresponding page at Amazon.de.

Security

  • Ross A. Anderson: Security Engineering, ISBN 0-47-138922-6, Wiley, 2001.
  • William R. Cheswick, Steven M. Bellovin, Aviel D. Rubin, Firewalls and Internet Security, ISBN 0-20-163466-X, Second Edition, Addison-Wesley, 2003. Don't be fooled by the title; it's not just about firewalls. Rather, it's an excellent general security book aimed at the system administrator. A nice touch is that it does not re-iterate all the stuff that has already been said a thousand times, but instead tells you many things you did not already know.
  • Peter Gutmann: Cryptographic Security Architecture, ISBN 0-38-795387-6, Springer, 2003. Describes how to design a security-critical system, using his Cryptlib as an example. Explains all the design decisions in detail. Contains many, many references. An excellent in-depth view of how to design security-critical systems (and how not to). In contrast to many other authors, Gutmann is quite opinionated and probably treads on a good many toes, which is a refreshing change from the norm.
  • Michael Howard, David LeBlanc: Writing Secure Code, ISBN 0-73-561722-8, Microsoft Press, 2003. Very much a how-to book, heavy on examples, light on general theory. Centers on Windows. If you need a good book how to avoid security pitfalls in Windows, buy this book. If you want a good general introduction to secure programming, you should look elsewhere (for example, at the book by Viega and McGraw.)
  • Charlie Kaufman (yes, just like the director), Radia Perlman, Mike Speciner, Network Security, Private Communication in a Public World, ISBN 0-13-046019-2, Prentice-Hall, 2002.
  • John Viega, Gary McGraw, Building Secure Software, ISBN 0-20-172152-X, Addison-Wesley, 2001.

General Computer Science

  • Donald E. Knuth, The Art of Computer Programming, Volumes 1–3 (Volumes 1 and 2 in Third Edition, Volume 3 in Second Edition), ISBN 0-20-148541-9, Addison-Wesley, 1998. The Bible.

Networking

  • W. Richard Stevens, TCP/IP Illustrated, Vol. 1: The Protocols, ISBN 0-20-163346-9, Addison-Wesley, 1994. It's old, but it's still a classic. This is because Stevens does not skim over the murky details but instead lays them out with relish. This is where most other authors fail and where he excels. The Bible of TCP/IP.

Valid XHTML 1.0 Strict Valid CSS!