AusCERT Web Log: The AusCERT web log is where our staff have the opportunity to informally discuss current activity and interesting developments in the area information security.
Member Newsletters: Complete archive of news letters distributed to AusCERT members
Presentations and Papers:
Windows Intrusion Detection Checklist
- Checklist designed to assist administrators in intrusion detection for Windows Systems.
Enhancing Security of IP Multicast Traffic in Corporate Networks
- The use of multicast applications within the Internet is
increasing. This paper identifies the security implications related to
multicast communication. Possible solutions for enhancing multicast security
- A list of Computer Security Incident Response Team (CSIRT) resources useful
for people interested in designing, developing and implementing their own CSIRT.
Handbook for Management of IT Evidence
- The Management of IT Evidence handbook has been completed and is now available from Standards Australia.
NIST Special Publication 800-36 - Guide to Selecting Information Technology Security Products
- The National Institute of Standards and Technology has published Special Publication 800-36 - Guide to Selecting Information Technology Security Products
Putting cyberterrorism into context
- 'Cyberterrorism' is an often misused and abused term which results in a misunderstanding of the threat. This article provides an assessment of the threat of cyberterrorism for Australian networks and compares this threat with other existing cyber threats.
Business Impact Assessment - Blaster revisited
- The Blaster and Welchia worms continue to have a sustained impact on many Australian networks. The newest Microsoft RPC vulnerabilities announced early on 11 September 2003 provide the potential for a new round of worm attacks. This time, however, the impact could be more severe - if, as we expect, the time to develop the worm code occurs more quickly than before.
Business Impact Assessment - Possible Slammer hiatus
- The effects of the Slammer worm were short-lived but if circumstances permit a resurgence of harmful network activity may easily occur.
Impact analysis of Apache/mod_ssl worm
- There are reports that the Apache/mod_ssl worm has compromised around 30,000 hosts. This article looks at some of the implications of distributed denial of service attacks that could be unleashed by compromised Slapper worm agents.
Windows 95/98 Computer Security Information
- This document is written for users of Microsoft Windows 95/98. The MS
Windows 95/98 operating systems are not designed to be used with
computers storing data that is considered critical to a project or
that must be very securely protected. The Windows 95/98 operating
systems are commonly installed on home computers. Because of an
increasing number of incident reports from Windows 95/98 users the
CERT Coordination Center (CERTCC) and AusCERT have created this
document to help users become more aware of computer security.
Know Thy Attacker
- A pdf file of the presentation "Know Thy Attacker"
Secure Unix Programming Checklist
- A check list, in short form, for quick reference by lab engineers to use in writing secure Unix code
Windows NT Intruder Detection Checklist
Windows NT Configuration Guidelines
- This document is being published jointly by the CERT Coordination
Center and AusCERT (Australian Computer Emergency Response Team) and
details common Microsoft Windows NT 4.0 configuration problems that
have been exploited by intruders and recommends practices for deterring
several types of break-ins. We encourage system administrators to
review all sections of this document and modify their systems
accordingly to fix potential weaknesses.
Anonymously Launching a DDoS Attack via the Gnutella Network
Information Security Standards
- This page provides a range of information about standards directly or
peripherally associated with information security within Australia New
Zealand, and elsewhere throughout the world. It does not set out to
exhaustively list all standards in the known universe that may relate
primarily or peripherally to information security.
Multiple Vulnerabilities in SNMPv1 implementations - Briefing Note
Steps for Recovering from a UNIX or NT System Compromise
- This document is being published jointly by the CERT Coordination
Center and AusCERT (Australian Computer Emergency Response Team). It
describes suggested steps for responding to a UNIX or NT system
UNIX Security Checklist v2.0
- This document details steps to improve the security
of Unix Operating Systems. We encourage system administrators to review
all sections of this document and if appropriate modify their
systems accordingly to fix potential weaknesses.
AusCERT - UNIX Security Checklist v2.0 - The Essentials
- This document extracts from the "UNIX Security Checklist v2.0" essential steps to improve the security of Unix Operating Systems. We encourage system administrators to review the full UNIX Security Checklist.
Collecting Electronic Evidence After a System Compromise
- Collecting forensic evidence for the purposes of investigation and/or prosecution is difficult at the best of times, but when that evidence is electronic an investigator faces extra complexities....
Lessons Learned from Loving Melissa
- Between April 1999 and May 2000 a series of events relating to
computer security received blanket worldwide coverage.
Windows NT Security and Configuration Resources
- This document is being published jointly by the
CERT Coordination Center and AusCERT (Australian Computer Emergency
Response Team). The CERT® Coordination Center and AusCERT® do
not review, evaluate, or endorse the resources, tools, mailing lists,
or contents of any web sites listed below. The decision to use any of
these resources is the responsibility of each user or organization,
and we encourage each organization to thoroughly evaluate any
resources, any new tools or techniques before installing or using
them. We are simply including this information here so that you may
be aware of their existence and may evaluate them as appropriate for
Distributed Denial of Service Attacks
- Recent media coverage has focused on a series of Distributed Denial of
Service (DDOS) attacks against a number of high profile sites. In
general, these sites have been E-Commerce related. Previous years
have seen concentrated Denial of Service (DOS) attacks against other
industry groups, particularly ISPs, universities and other agencies
throughout the world.
Copyright Amendment (Digital Agenda) Bill 1999 Submissions
- Submissions on the Exposure Draft of the Copyright Amendment (Digital Agenda) Bill 1999 and Commentary in pdf format.
UNIX Intruder Detection Checklist
- This document outlines suggested steps for determining if your system has
been compromised. System administrators can use this information to look
for several types of break-ins. We encourage you to review all sections of
this document and modify your systems to close potential weaknesses.
Improving Computer Security through Network Design
- Security conscious organisations have learned the benefits of protecting
their information processing infrastructure from unauthorised actions by
intruders. Unfortunately, many organisations leave key systems open to attack due to poor network design.
- Source code to a wrapper which is designed to limit exploitation of programs which have command line argument buffer overflow vulnerabilities. It referenced in the Unix Security Checklist.
wrap programs to prevent command line argument buffer overrun vulnerabilities
Secure Programming Check List
- A check list, in short form, for quick reference by lab engineers to use in writing secure Unix code. The document is reference by the Unix Security Checklist.
Enhancing Security of Unix Systems
- This paper examines the common threats to data security in open systems
highlighting some of the more recent threats, and looks at some of the
tools and techniques that are currently available to enhance the security
of a Unix system.
Forming an Incident Response Team
- This paper examines the role an IRT may play
in the community, and the issues that should be addressed both
during the formation and after commencement of operations.
Surfing Between the Flags: Security on the Web
- This paper examines internet security with respect to the WWW.
Selected Aspects of Computer Security in Open Systems
- This report examines those security threats, and details what tools and techniques are available to combat them.
Operational Security - Occurrences and Defence
- This paper is a discussion of computer security.
Rather than detailing the standard weaknesses in computer security
(which have been detailed many times in the past), this paper
discusses a few recent vulnerabilities and details of where further
information on computer security can be found.
Site Security Policy Development
- In order to ensure that computer systems are used in an
effective and productive way, it is important that the owners,
operators and users of these systems have a clear understanding
of acceptable standards of use. Such an understanding can be
gained as part of a Site Computer Security Policy.
Previous 1, 2, 3, 4 Next
denotes AusCERT member only content.