"Federal Information Processing Standards Publications"

I was reading through so I thought I would recommend them in case someone besides myself is feeling the need to grind through federal publications related to computer security. :-)

The FIPS by Category Index

I stumbled across this URL by accident, but it's quite a good URL list of Cisco-related security tips and documents.

Cisco - Security Technical Tips

Rate and identify your attackers.

Rating the Enemy: How to identify the enemy

The OpenSSL worm code.

OpenSSL Worm Code

Many TCP/IP sequence number generators and their associated OS PRNG sources are still broken.

Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later

"Principles of Secure Network Systems Design" presents the topic in three basic parts. Part one covers the basic background of network security and the current scope for security in all types of networks and organizations. Part two focuses on the essential nature of network security and a scientific methodology for secure network design. Lastly, part three discusses concrete applications of the design concepts with real world networks.

Principles of Secure Network Systems Design

I still get people, regularly, telling me that IDSes are up to snuff and I still keep reading material like this showing that more rigorous analysis says that IDSes are sadly lacking.

Crying wolf: False alarms hide attacks

This looks like a pretty nifty method for testing your security skillz...

Next Generation Security Technologies | ngGames | Game #1

Bruce Schneier on the business aspects of computer security.

Fixing Network Security by Hacking the Business Climate

This is not as unexpected as slashdot.org paints it. Actually, the industry has been moving this way for 2 years or so. I remember talking to WatchGuard about their plans to build specialized ASICS processors that could be OEM'ed.

We will see more and more of this in the future.

ZDNet |UK| - News - Story - 3Com puts firewall on an NIC