General Information
Home
Project Status
Download
Documentation
Feedback
References
Acknowledgements
Sponsor of FKL
Site Hosted By:
More Information
Project Home Page
Mailing List
|
|
FortKnox for Linux related Links
The following are links that you may find useful in your pursuit of
a more secure Linux platform. The golden rule of security is to run
the least amount of services as possible while still being able to deliver
the necessary system resources that your users need.
- TSWG
- This is the sponsor of the FKL program.
- Bastille website
- This is the main website for Bastille Linux, which is a hardening
script for various types of unix. The FortKnox for Linux hardening
and audit tool is a subset of the Bastille program.
- Linux Security
- Linux Security.com has a lot of nice resources pertaining
to Linux Security. Its a good place to do a search for material about
security.
- RedHat Security
- A part of RedHat's website that pertains to their distro and how
to secure it.
-
SUSE security site - Novell's SUSE security site for specifics of
the SUSE distro.
-
Top 75 security tools
- This site has a great list of the top security tools.
US Government Agencies
Several agencies of the US Government are involved in
establishing guidelines and standards related to computer
security. These documents are mostly freely available. Other
efforts include the publication of known vulnerabilities and the
development of tools for the hardening of computer systems.
See the definitions below for an expansion
of some of the abbreviations and acronyms of the various agencies.
- US Computer Emergency
Readiness Team - A joint venture by the National Cyber
Security Division of the Department of Homeland Security and
private organizations.
- Computer
Incident Advisory Capability (CIAC) - An activity sponsored
by the DOE and NNSA which provides these and other government
agencies solutions to computer security threats.
- Systems and Network
Attack Center (SNAC) - Part of the NSA, this group has
published a number of
Security
Configuration Guides for various operating systems and
applications.
- Computer Security Resource
Center (CSRC) - A project of the Computer Security
Division of the NIST's Information Technology Laboratory (ITL).
Its publications
library offers many documents, including federal standards,
ITL research reports, and some early papers on computer
security.
-
Common
Criteria for Information Technology Security Evaluation
(CCITSE) - Also known as just Common Criteria (CC), this
is a jointly developed evaluation standard established by the
governments of the United States, United Kingdom, Germany,
France, Canada, and the Netherlands.
-
Common
Criteria Evaluation and Validation Scheme (CCEVS) Validation
Body - This joint activity of the NIST and the NSA is
establishing a national program to evaluate IT products with
regard to the international CC.
-
Rainbow
Series - Published by the NSA in the '80s and '90s, these
books describe the evaluation crtieria for trusted computer
systems. Each book has a cover of a different color, hence
the collective name "Rainbow Series." Some of these books
have been superceded by the Common Criteria.
US Private Organizations
There are many private companies and non-profit organizations
which provide computer security resources in the United States.
- Immunix is a hardened
version of the Linux v2.4 kernel, with access controls, buffer
overflow checking and format string protection.
- Internet Security
Alliance (ISA) - This cooperative effort between Carnegie
Mellon University and the Electronic Industries Alliance (EIA)
aims to improve its member's management of computer security
threats.
-
LinuxSecurity.com -
A site dedicated to serving the open source community with
information related to security. It is owned and maintained
by Guardian Digital, Inc., who also distribute
EnGarde Secure Linux.
- Linux Security
Modules - Sponsored by the DARPA, IBM, WireX, and others,
this project establishes a framework for access control in the
form of loadable kernel modules.
- The SANS Institute -
Established in 1989 as a research and education organization,
the Institute provides a large library of research documents
pertaining to computer security. It also offers training and
hosts conferences on this subject. SANS is an acronym for
SysAdmin, Audit, Network, Security.
- TruSecure Corp. -
This company provides security products and services. An
interesting feature is the
Hype or
Hot section, which lists many threats and classifies them
in different ways, including as hype or hoax.
- TrustedBSD - A
project which targets the Common Criteria for FreeBSD.
- UC Davis Computer
Security Laboratory - This lab is working on several
security projects.
International
There are a number of international organizations which deal
with the problem of computer security in a cooperative manner.
- Forum of Incident Response
Security Teams (FIRST) - A coalition of international
government and private organizations dedicated to share
information and coordinate responses to computer security
threats.
- FreeBSD
Security - Provides information related to securing this
operating system.
- International Information
Systems Security Certification Consortium - Also known as
(ISC)2, this organization has developed
international certifications for individuals working in the
computer security field.
- InterSect
Alliance - A team of Australian IT security specialists
providing support in the form of software and services to a
variety of customers. They also offer a few
open
source tools.
- Linux From
Scratch - Another open source community. Although the
primary focus is on providing instructions to assemble a
working Linux system from source code, it has recently added
a section on hardening such a system.
- The Linux Documentation
Project - Among all types of documents related to Linux,
this site has a number of HOWTOs dealing with
security
related to the Linux operating system.
- RFC
2196: Site Security Handbook - A memorandum by the Network
Working Group of the IETF.
- OpenBSD
Security - Provides information related to securing this
operating system.
- ProPolice
- An extension for the GNU C compiler to protect applications
from stack-smashing or buffer overflow attacks. It was
developed by IBM's labs in Japan.
Last updated on April, 2005 by Charlie Long
|