Here is some other material Anton Chuvakin wrote on security. A part of it was actually used for book research.
Look for Cyrus Peikari publications here.
UNIX/Linux Security
|
Vulnerability Analysis
Hack-of-the-Week
series takes a recent vulnerability in some popular operating
system or other software and studies it. Realistic exploit scenarios are
developed, and suggested ways of mitigating risks are considered and new
ones proposed [published at SecurityWatch]
Other vulnerability and penetration testing articles
-
(05/01/2002) "Standardizing
Penetration Testing" Gives an outlines of popular penetration testing
methodology (OSSPTMM) and challenges with standartizing penetration testing.
[published
at SC
Magazine web portal]
-
(04/22/2003) "Covert Channels" A modern review of network covert channeling
methods which compares them with classic "Rainbow Series" covert channles
on secure operating systems [submitted for publication]
|
Application security
|
VPN, IPSec and encryption
-
(08/2001) "Future
IP Security" outlines the future of IP addressing (IPv6) and focuses
on the security components of next generation IP services (IPsec) [published
at SecurityWatch]
|
Malicious hacker attacks
|
Policy and people issues of information security
-
(03/20/2001) "NLP-powered
Social Engineering Attacks" describes a scary way of performing Social
Engineering attacks based on powerful NLP persuasion technology [published
at SecurityFocus]
-
(08/2001) "Internal
attacks: Doom of Information Security" Research
report on internal security breaches, attacker motivations, various countermeasures
and their relative efficiency [published in the Journal of
Information Security (CRC)]
|
Security Tools and Intrusion Detection
|
Honeypots and honeynets
|
Security Data Analysis
|
Enterprise Security Management
|
Security Basics and FAQs
Information Security FAQs
|
Digital risks
-
(09/2001) "Digital
risks taxonomy" A diagram that structures digital risks (such as hacking,
Do, etc) in the form useful for impact assessment for the purposes of insurance
[local
copy]
-
(09/2001) "Impacts of digital risks on enterprise" [under
development]
-
(12/05/2001) "Infrastructure
Protection: Infosec Perspective" The paper covers issues in critical
infrastructure protection and information security, lists several focus
areas that need efforts and summarizes the results of recent meeting in
New England on infrastructure protection. [published at SC
Magazine web portal]
-
(11/11/2001) "Protecting
New England: A Call to Action" The paper summarizes the results of
joint meeting on critical infrastructure protection in New England and
infosecurity community role in increasing information sharing [published
at ISSA
web site in PDF format]
|