Security Links

• Port knocking

• Wikipedia about SSL/TLS

• OpenSSL → http://www.openssl.org/
• http://dev.openssl.org/
• The Most Common OpenSSL Commands
• A few frequently used SSL commands
• OpenSSL Command-Line HOWTO
• OpenSSL vulnerability in Debian → http://www.debian.org/security/2008/dsa-1571
• OpenSSL for Windows (link from Colubris)
  → http://www.slproweb.com/products/Win32OpenSSL.html

Test SMTP-over-SSL:

openssl s_client -connect secure.networkconcepts.nl:2525

• X509 is an ITU-T standard for a public key infrastructure (PKI), specifies public key certificates.
• Public Key Cryptography Standards → PKCS
• A .PEM file may contain certificate(s) or private key(s), enclosed between the appropriate BEGIN/END-lines.
• PKCS#7 is a standard for signing or encrypting (officially called “enveloping”) data.
• PKCS#10 is Certification Request Standard (CSR)
• PKCS#12 evolved from the PFX (Personal inFormation eXchange) standard and is used to exchange public and private objects in a single file.
• http://www.cacert.org/
• http://www.rapidssl.com/
• http://www.sslcertificaten.nl/
• http://www.instantssl.com/
• Free SSL Certificate (Comodo)
• Exchange 2007 lessons learned - generating a certificate with a 3rd party CA
• SSL HOWTO: using openssl to get keys into PKCS#12 format
• Multi-site certification voor MS Exchange, zie
  → http://www.sslcertificaten.nl/multidomein.php
• multi-site = Unified Communications Certificaten (UCC)
• SAN: The Subject Alternative Name field explained
  → http://www.digicert.com/subject-alternative-name.htm
• Comparison of SSL certificates for web servers
• EVC = Extended Validation Certificate
• Extended Validation → https://www.sslcertificaten.nl/GroeneAdresbalk
• Generate UCC cert on Exchange-2007 → https://www.digicert.com/easy-csr/exchange2007.htm

• MD5/SHA1 database → http://md5.rednoize.com/
• MD5 GUI for Windows → http://www.toast442.org/md5/

• http://www.openssh.com/
• Putty
• Putty User Manual
• ssh
• http://sial.org/howto/openssh/publickey-auth/
• http://www.ece.uci.edu/~chou/ssh-key.html
• http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
• Slashdot → Debian Bug Leaves Private SSL/SSH Keys Guessable

• SFTP
• How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh
• rssh → http://www.pizzashack.org/rssh/
• scponly → http://www.sublimation.org/scponly/wiki/index.php/Main_Page

• Rootkit
• http://www.chkrootkit.org/
• http://rkhunter.sourceforge.net/
• http://www.ossec.net/

• Alladin Safeword Tokens
  → http://www.aladdin.com/safeword/authenticators.aspx
• http://www.aladdin.com/support/safeword/application-notes.aspx

• Safenet SoftRemote (before NS Remote Client)
  → http://biz.safenet-inc.com/prod/software/index.asp
• AnthaVPN → http://www.anthasoft.com/anthavpn-virtual-private-network.php
• The GreenBow → http://thegreenbow.com/vpn.html
• Juniper/Netscreen IPsec client discusion
• (replacement Netscreen Secure Client): Universal IPsec VPN Client
  → van NCP-E: http://www.ncp-e.com/

• IPsec
• IKE = Internet Key Exchange
• Xauth = IKE Extended Authentication
• Cisco on Xauth
• XAuth info → draft-beaulieu-ike-xauth-02.txt

• NZV 'Aladdin SafeWord 2008' → http://www.aladdin.com/SafeWord/default.aspx
• SafeWord and Juniper → http://www.aladdin.com/partners/findresults.aspx?id=231
• http://www.aladdin.com/etoken/solutions/secure-vpn-access.aspx