Sunday, February 10, 2002
Loose Ends & Miscellaneous Notes. It's a beautiful Sunday in Southern California, so this entry is going to be short. My goals are to tie up some loose ends with respect to yesterday's entry on security and to also share a few sites that I serendipitously found in my never-ending surfing and research.
Security Redux. Phenoelit, a German group that is a self-described greyhat group (and one of the presenters at Black Hat Briefings '01), has an interesting site that features tools and papers security professionals will find both interesting and useful.
The tools include:
Chilling stuff, but forewarned is forearmed. If you want both insights into security and a well written technical primer I highly recommend Bruce Schneier's Secrets and Lies: Digital Security in a Networked World. My friend Kate Hartshorn wrote an insightful review on Amazon dated 8 November 2001, and I reviewed this outstanding book on 3 January 2001. If you like this book and want a gentle introduction to the underlying math and mechanics of the technologies that are introduced I also recommend Cryptography Decrypted. Linda reviewed this book on 17 December 2001 and I wrote a review on 16 March 2001.
- VIPPR (Virtual IP Phalanx Router) - a study of attack router concepts
- IRPAS - Internetwork Routing Protocol Attack Suite
- ARP0c - a connection interceptor (using ARP spoofing and a bridging engine)
- cd00r.c - a working proof-of-concept code for a not listening remote shell on UN*X systems
- PHossc - a sniffer designed to find HTTP, FTP, LDAP, Telnet, IMAP4 and POP3 logins on the wire
- Lumberjack - scans the hash codes of all passwords in a ldif file
- KOLD - a dictionary attack against LDAP server
- ObiWAN - a brute force authentication attack against Webserver with authentication requests
The Papers & References page on the site points to mainstream and non-mainstream resources.
- Moneywords is Tom Welsh's project management site. It contains checklists and a comprehensive list of book recommendations. I discovered this gem when Tom posted a message in our Project Management Forum. One page I especially like is Barometers, which is a listing of financial ratios and indicators.
- Introduction to the Zachman Framework by David Hay. I've been a strong proponent of the Zachman framework ever since reading Spewak's and Hill's Enterprise Architecture Planning. See Linda's 21 January 2001 review on Amazon. I first read this book in 1993 and can attest that it's as relevant today as it was when it was first published over nine years ago.
- Enterprise-Wide IT Architecture, which is a reference site and community resource for Enterprise-wide Information Technology Architecture (EWITA) or Enterprise Architecture (EA).
- ZIFA, which is the Zachman Institute for Framework Advancement. I didn't recently discover this site, but am including it because it fits well into the themes of the sites I previously mentioned.