====== Security Links ======


==== Firewall ====


  * [[wp>Port_knocking|Port knocking]]

==== SSL / TLS ====

  * Wikipedia about [[wp>Secure_Sockets_Layer|SSL/TLS]]

=== OpenSSL ===

  * OpenSSL -> http://www.openssl.org/
  * http://dev.openssl.org/
  * [[http://www.sslshopper.com/article-most-common-openssl-commands.html|The Most Common OpenSSL Commands]]
  * [[http://shib.kuleuven.be/docs/ssl_commands.shtml|A few frequently used SSL commands]]
  * [[http://www.madboa.com/geek/openssl/|OpenSSL Command-Line HOWTO]]
  * OpenSSL vulnerability in Debian -> http://www.debian.org/security/2008/dsa-1571
  * OpenSSL for Windows (link from Colubris) \\ -> http://www.slproweb.com/products/Win32OpenSSL.html

Test SMTP-over-SSL:
<code>
openssl s_client -connect secure.networkconcepts.nl:2525
</code>

==== X509 Certificates ====

  * [[wp>X509]] is an ITU-T standard for a public key infrastructure (PKI), specifies public key certificates.
  * Public Key Cryptography Standards -> [[wp>PKCS]]
  * A [[wp>Base64#Privacy-Enhanced_Mail_.28PEM.29|.PEM]] file may contain certificate(s) or private key(s), enclosed between the appropriate BEGIN/END-lines.
  * PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data.
  * PKCS#10 is Certification Request Standard (CSR)
  * PKCS#12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file.
  * http://www.cacert.org/
  * http://www.rapidssl.com/
  * http://www.sslcertificaten.nl/
  * http://www.instantssl.com/
  * [[
http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html?entryURL=http%3A//www.instantssl.com/|
Free SSL Certificate (Comodo)
]]
  * [[http://msexchangeteam.com/archive/2007/02/19/435472.aspx|
Exchange 2007 lessons learned - generating a certificate with a 3rd party CA]]
  * [[http://blog.palantirtech.com/2008/06/23/pkcs12/|
SSL HOWTO: using openssl to get keys into PKCS#12 format]]
  * Multi-site certification voor MS Exchange, zie \\ -> http://www.sslcertificaten.nl/multidomein.php
  * multi-site = Unified Communications Certificaten (UCC)
  * SAN: The Subject Alternative Name field explained \\ -> http://www.digicert.com/subject-alternative-name.htm
  * [[wp>Comparison_of_SSL_certificates_for_web_servers|Comparison of SSL certificates for web servers]]
  * EVC = [[wp>Extended_Validation_Certificate|Extended Validation Certificate]]
  * Extended Validation -> https://www.sslcertificaten.nl/GroeneAdresbalk
  * Generate UCC cert on Exchange-2007 -> https://www.digicert.com/easy-csr/exchange2007.htm


==== Security ====

  * MD5/SHA1 database -> http://md5.rednoize.com/
  * MD5 GUI for Windows -> http://www.toast442.org/md5/



==== SSH ====

  * http://www.openssh.com/
  * [[ http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
|Putty]]
  * [[
http://the.earth.li/~sgtatham/putty/0.53b/htmldoc/Contents.html
|Putty User Manual]]
  * [[wp>ssh]]
  * http://sial.org/howto/openssh/publickey-auth/
  * http://www.ece.uci.edu/~chou/ssh-key.html
  * http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
  * Slashdot -> [[
http://it.slashdot.org/article.pl?sid=08/05/13/1533212
|Debian Bug Leaves Private SSL/SSH Keys Guessable]]

==== SFTP/SCP ====

  * [[wp>SSH_file_transfer_protocol|SFTP]]
  * [[
http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html
|How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh]]
  * rssh -> http://www.pizzashack.org/rssh/
  * scponly -> http://www.sublimation.org/scponly/wiki/index.php/Main_Page

==== Rootkit ====
  * [[wp>Rootkit]]
  * http://www.chkrootkit.org/
  * http://rkhunter.sourceforge.net/
  * http://www.ossec.net/

==== Token ====

  * Alladin Safeword Tokens \\ -> http://www.aladdin.com/safeword/authenticators.aspx
  * http://www.aladdin.com/support/safeword/application-notes.aspx

==== IPsec clients ====

  * Safenet SoftRemote (before NS Remote Client) \\ -> http://biz.safenet-inc.com/prod/software/index.asp
  * AnthaVPN -> http://www.anthasoft.com/anthavpn-virtual-private-network.php
  * The GreenBow -> http://thegreenbow.com/vpn.html
  * [[
http://forums.juniper.net/t5/Firewalls/Recommend-an-IPSec-Client-for-SSG-s/m-p/9555/message-uid/9555
|Juniper/Netscreen IPsec client discusion]]
  * (replacement Netscreen Secure Client): Universal IPsec VPN Client \\ -> van NCP-E: http://www.ncp-e.com/

=== IPsec info ===

  * [[wp>IPsec]]
  * IKE = [[wp>Internet_Key_Exchange|Internet Key Exchange]]
  * Xauth = IKE Extended Authentication
  * Cisco on [[
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t1/feature/guide/xauth.html
|Xauth]]
  * XAuth info -> [[
http://www.unix-ag.uni-kl.de/~massar/vpnc/docs/draft-beaulieu-ike-xauth-02.txt
|draft-beaulieu-ike-xauth-02.txt]]

===== Tokens =====

==== Aladdin SafeWord ====

  * NZV 'Aladdin SafeWord 2008' -> http://www.aladdin.com/SafeWord/default.aspx
  * SafeWord and Juniper -> http://www.aladdin.com/partners/findresults.aspx?id=231
  * http://www.aladdin.com/etoken/solutions/secure-vpn-access.aspx