| Table of Contents |
Abrams, Marshall D., Sushil Jajodia, and Harold J. Podell, eds. Information Security: An Integrated Collection of Essays. Los Alamitos, CA: IEEE Computer Society Press, 1995.
Ahuja, Vijay. Network and Internet Security. Boston, MA: Academic Press, 1996.
Albitz, P., and Cricket Liu. DNS and BIND in a Nutshell. Sebastopol, CA: O’Reilly and Associates, Inc., 1992.
Aleph One. “Smashing the stack for fun and profit.” Phrack, no. 7 (1997): 49.
Anderson, J.P. “Computer security technology planning study.” ESD-TR-73-51, Hanscom AFB, MA: United States Air Force Electronics Systems Division,1972.
Anonymous. Maximum Security. Indianapolis, IN: Sams.net, 1997.
Bell, D. E. “Lattices, policies, and implementations.” In Proceedings of the Thirteenth National Computer Security Conference (1990): 165–171.
Bellovin, Steven M. “Security problems in the TCP/IP protocol suite.” Computer Communications Review (1989), no. 19 (2): 32–48.
———“Packets found on an Internet.” Computer Communications Review (1993), no. 23 (3): 26–31.
———“Problem areas for IP security protocols.” In Proceedings of the Sixth USENIX UNIX Security Symposium (1996): San Jose, CA.
———“There be dragons.” In Third USENIX UNIX Security Symposium (1992): Baltimore, MD.
———“Using the Domain Name System for system break-ins.” In Proceedings of the Fifth USENIX UNIX Security Symposium (1995): 205–214. Salt Lake City.
Bellovin, Steven M., and Michael Merritt. “Limitations of the Kerberos authentication system.” In USENIX Conference Proceedings (1991): 253–267. Dallas, TX.
———“Encrypted key exchange: Password-based protocols secure against dictionary attacks.” In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy (1992): 72–84. Oakland, CA.
Bishop, Matt. “Anatomy of a proactive password changer.” In Proceedings of the Third USENIX UNIX Security Symposium (1992): 171–184. Baltimore, MD.
Brinkley, Donald L., and Roger R. Schell. “Concepts and terminology for computer security.” In Information Security: An Integrated Collection of Essays, edited by M. Abrams, S. Jajodia, and H. Podell, 40–90. Los Alamitos, CA: IEEE Computer Society Press, 1995.
Chapman, D. Brent, and Elizabeth D. Zwicky, Building Internet Firewalls. Sebastopol, CA: O’Reilly & Associates, Inc., 1995.
Chapman, D. Brent. “Network (In)Security Through IP Packet Filtering.” Proceedings of the Third USENIX UNIX Security Symposium (1992): 63–76. Baltimore, MD.
Cheswick, William R. “An evening with Berferd, in which a cracker is lured, endured, and studied.” In Proceedings of the Winter USENIX Conference (1992). San Francisco.
Cheswick, William R. “The design of a secure Internet gateway.” In Proceedings of the Summer USENIX Conference (1990). Anaheim, CA.
Cheswick, William R., and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA: Addison-Wesley, 1994.
Comer, Douglas E. Internetworking with TCP/IP, Vol. 1, Principles, Protocols, and Architecture. Englewood Cliffs, NJ: Prentice Hall, 1991.
Comer, Douglas E. Internetworking with TCP/IP, Vol. 2, Design, Implementation, and Internals. Englewood Cliffs, NJ: Prentice Hall, 1991.
Coopers & Lybrand. “Microsoft Windows NT Server: Security Features and Future Direction.” Available at www.microsoft.com/security. 1997.
daemon9, route, infinity. “IP-spoofing Demystified: Trust-Relationship Exploitation.” Phrack (1996).
Denning, Dorothy E. Cryptography and Data Security. Reading, MA: Addison-Wesley, 1983.
Denning, Dorothy E. “An intrusion-detection model.” In Proceedings of the 1986 IEEE Symposium on Security and Privacy (1986).
Dole, Bryn, Steve Lodin, and Eugene Spafford. “Misplaced Trust: Kerberos 4 Session Keys.” In Proceedings of Symposium on Network and Distributed Systems Security, IEEE (1997).
Ferbrache, David, and Gavin Shearer. UNIX Installation Security and Integrity. Englewood Cliffs, NJ: Prentice Hall, 1993.
Finseth, C. “An access control protocol, sometimes called TACACS.” RFC 1492.
1993.
Garfinkel, Simson, and Gene Spafford. Practical UNIX and Internet Security. Sebastopol, CA: O’Reilly and Associates, Inc., 1996.
Harmon, Paul, Rex Amus, and William Morrissey. Expert Systems Tools and Applications. New York, NY: John Wiley & Sons, Inc., 1988.
Infoworld. “Test center comparison: Network intrusion-detection solutions.” Infoworld (1998), no. 20 (18): 88–98.
ISS. “ISS Security Alert.” Available at www.iss.net, October 21, 1997.
Kaufman, Charlie, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World. Englewood Cliffs, NJ: Prentice Hall, 1995.
Klander, Lars. Hacker Proof: The Ultimate Guide to Network Security. Houston, TX: Jamsa Press, 1997.
Klein, Daniel V. “Foiling the cracker: A survey of, and improvements to, password security.” In Proceedings of the USENIX UNIX Security Workshop (1990): 5–14. Portland, OR.
Knightmare, The. Secrets of a Super Hacker. Port Townsend, WA: Loompanics, Ltd., 1994.
Koblitz, Neal. A Course in Number Theory and Cryptography. New York, NY: Springer-Verlag, 1994.
Landreth, Bill. Out of the Inner Circle. Bellevue, WA: Microsoft Press, 1985.
LaPadula, L.J. “Formal modeling in a generalized framework for access control.” In Proceedings of the IEEE Computer Security Foundations Workshop III (1990): 100–109. Los Alamitos, CA.
Littmann, Jonathan. The Fugitive Game. Boston, MA: Little, Brown, and Co., 1997.
L0pht. “L0phtcrack.” Available at www.l0pht.com. 1997.
Luby, Michael. Pseudorandomness and Cryptographic Applications. Princeton, NJ: Princeton University Press, 1996.
Macgregor, R., A. Aresi, and A. Siegert. WWW.Security: How to build a secure World Wide Web connection. Upper Saddle River, NJ: Prentice Hall, 1996.
Microsoft. “Microsoft Windows NT Server White Paper.” Available at www.microsoft.com/security. 1997.
Miller, Barton P., et al. “Fuzz revisited: A re-examination of the reliability of UNIX utilities and services.” Available from COAST at www.cs.purdue.edu/coast. 1995.
Morris, Robert T. “A weakness in the 4.2BSD UNIX TCP/IP software.” Computing Science Technical Report 117 (1985). Murray Hill, NJ: AT&T Bell Laboratories.
Mudge. “Compromised buffer overflows from Intel to Sparc Version 8.” Available at www.l0pht.com. 1996.
NTbugtraq. “FAQ: NT Cryptographic Password Attacks & Defenses.” Available at www.ntbugtraq.com/samfaq.htm. 1997.
Okuntseff, Nik. Windows NT Security: Programming Easy-to-Use Security Options. Lawrence, KA: R&D Books, 1998.
PeterZ. “Weaknesses in SecurID.” Available at www.secnet.com/securid.ps. 1996.
Postel, John. “Internet protocol.” RFC 791 (1981).
Ptacek, Thomas H., and Newsham, Timothy N. “Insertion, evasion, and denial of service: Eluding network intrusion detection.” Available at www.secnet.com. 1998.
Ramsey, R. All About Administering NIS+. Englewood Cliffs, NJ: Prentice Hall, 1994.
Reilly, Michael. “Finding Holes in Your NT Security.” Windows NT Magazine, October (1996).
Rigney, C., A. Rubens, W. Simpson, and S. Willens. “Remote Authentication Dial In User Service (RADIUS).” RFC 2138 (1997).
Rivest, R. L., A. Shamir, and L. Adleman. “A method for obtaining digital signatures and public-key cryptosystems.” Communications of the ACM (1978), no. 21 (2): 120–126.
Samalin, Samuel. Secure UNIX. New York, NY: McGraw-Hill, 1997.
Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C. New York, NY: John Wiley & Sons, Inc., 1996.
Sheldon, Tom. Windows NT Security Handbook. Berkeley, CA: Osborne McGraw-Hill, 1997.
Smaha, Stephen, and Jessica Winslow. “Software tools for detecting misuse on UNIX systems.” Haystack Labs, 1994.
Snapp, Steven, et al. “DIDS (Distributed Intrusion Detection System)— Motivation, architecture, and an early prototype.” In Proceedings of the Fourteenth National Computer Security Conference (1991), 167–176.
Stallings, William. Network and Internetwork Security. Englewood Cliffs, NJ: Prentice Hall, 1995.
Stern, Hal. Managing NFS and NIS. Sebastopol, CA: O’Reilly and Associates, Inc., 1991.
Stevens, W. Richard. UNIX Network Programming. Englewood Cliffs, NJ: Prentice Hall, 1990.
Stevens, W. Richard. Advanced Programming in the UNIX Environment. Reading, MA: Addison-Wesley, 1992.
Stevens, W. Richard. TCP/IP Illustrated, Vols. 1 & 2. Reading, MA: Addison-Wesley, 1994.
Stoll, Cliff. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. New York, NY: Simon and Schuster, Inc., 1989.
Summers, Rita C. Secure Computing: Threats and Safeguards. New York: McGraw-Hill, 1997.
TIS. Gauntlet Firewall Administrators Guide. Trusted Information Systems, 1997.
Trott, Bob. “Microsoft hit with NT registry security flaw.” Infoworld Electric October 14 (1997).
Vacca, John. Internet Security Secrets. Foster City, CA: IDG Books, 1996.
Waterman, Donald. A Guide to Expert Systems. Reading, MA: Addison-Wesley, 1986.
Williams, James G., and Marshall D. Abrams. “Formal methods and models.” In Information Security: An Integrated Collection of Essays, edited by M. Abrams, S. Jajodia, and H. Podell, 170–186. Los Alamitos, CA: IEEE Computer Society Press, 1995.
Winsor, Janice. Solaris Advanced System Administrator’s Guide. Emeryville, CA: Ziff Davis, 1993.
| Table of Contents |