Network analysis and security
- Live data graphing
- Network performance
- Network protocols
- Network security
- Network technologies
- Network tools
- Packet capture and analysis
- Technology and ethics
- net-tools is the
collection of network tools that go back to the origins of Unix systems. They include
hostname. In many modern systems they are either obsolete or deprecated in favour of iproute2 (see below). Jonathan Corbet wrote an article for LWN subscribers in on Moving on from net-tools.
- tcpdump tutorial and primer by Daniel Miessler.
- Traceroute map generator from MIT.
- iproute2 is the
collection of network utilities to replace and extend net-tools (see above). It includes
tc. The iproute2 summary sheet by Daniil Baturin gives a nice overview with lots of examples of how to achieve results using iproute2 that are comparable to those from net-tools.
- IPv6 is best defined by RFC8200.
- IPv6 toolkit by van Hauser for testing the attack resistance of IPv6 configurations.
- Review of network monitoring tools by CellStream.
- DSLreports, US-based reports and tools for DSL services.
- netplan configuration with YAML.
- ThinkBroadband, was ADSL Guide, UK-based broadband information.
Live data graphing
- MRTG, the multi-router traffic graphercan store and display years of data. It stores data with decreasing granularity as the time period increases.
- Netdata has real-time performance monitoring, in great detail, covering the last few minutes of a huge range of server statistics.
- Andrew Case’s reading list on computer security, digital forensics, incident response, malware analysis, and reverse engineering.
- Cryptography in an hour video by Colin Percival.
- CyberChef from GCHQ is a web interface for analysing and decoding data. The program is available vis GitHub for download under the Apache licence.
- A Riddle Wrapped in an Enigma, a paper by Koblitz and Menezes from the IACR Cryptology ePrint Archive revised on . The paper gives a detailed history of ECC and evaluates speculations on the deprecation of ECC and other Suite B technologies by the NSA in . The deprecation of P-256 was immediate, that of other technologies on a somewhat longer timescale.
- ECC safe curves at safecurves.cr.yp.to. An introduction to safe curve considerations.
- How to encrypt your entire life in less than an hour by Quincy Larson, teacher at FreeCodeCamp from .
- Have I Been Pwned?
- IACR, the International Association for Cryptological Research
- List of naughty strings for testing software that accepts user input.
- Post-Quantum Cryptography for Long-Term Security paper by the PQCRYPTO working party for the EC Horizon 2020 project.
- Project Wycheproof from Google provides a test framework for encryption algorithm testing.
- Dan Geer’s publications.
- dcp disk copy and profile utility from the NSA Technology Transfer program.
- Dingo is a caching DNS server that accesses Google DNS servers over HTTPS. Written in GO by Pawel Foremski.
- GPG for data encryption guidance from NASA.
- DNSSEC, TLS and DANE by R L Barnes, IETF Journal, .
- DNSSpy.io runs a comprehensive test of the performance and security of a domain’s DNS servers.
- Krebs on security
- Mark Jeftovic’s Blog. Mark is the CEO of EasyDNS and author of an O’Reilly book on DNS.
- IPTables on RHEL/CentOS 6
- firewalld on RHEL/CentOS 7
- What comes after iptables? Its successor, of course: nftables. Posted on the Red Hat Developer blog by Florian Westphal on .
- Gibson Research Corporation.
- Help Net Security provide InfoSec news as a website, with archive, and as a weekly or daily email newsletter.
- Ivan Ristić’s blog. Ivan operates SSL Labs.
- Mitch Kabay’s web site, security resources.
- OneRNG is a reliable and open verifiable USB-connected hardware entropy source and random number generator. Excellent random number generation is essential to achieve robust encryption.
- NIST National Cybersecurity Center of Excellence with building blocks, under projects in the site menu, that include DNS-based email.
- The Open Web Application Security Project (OWASP) focuses on improving the security of software and systems. Includes cheat sheets such as the HTML5 Security Cheat Sheet that includes advice on HTTP headers, Communication APIs, Storage APIs, Geolocation, Web Workers, Sandboxed Frames, and Offline Applications.
- QUIC Performance and Security at the Transport Layer by Samuel Jero in the edition of the IETF Journal. The article introduces a security review of QUIC (Quick UDP Internet Connections), a proposal by Google for lower latency secure web traffic.
- Risks Register
- Securi-Pi: Using the Raspberry Pi as a Secure Landing Point using SSLH and OpenVPN. By Bill Childers, .
- Security Now, a TWIT TV programme. Show notes and transcripts at Gibson Research Corp.
- Security in Times of Surveillance conference on was hosted by the Eindhoven Institute for the Protection of Systems and Information (Ei/PSI, EiΨ).
- TLS parameters from IANA.
- Top 125 Network Security Tools, originally from an insecure.org nmap user survey.
- UDP amplification attack background and mitigation, US CERT report TA14-017A from was revised on .
- Yubikey NEO Smartcard features, an lwn.net article from .
- TCP BBR congestion control to increase server speed. Needs kernel version 4.9 or higher.
- TCP Fast Open with NGINX.
- IEEE standards
- Ipv6: IAB statement on IPv4 address space exhaustion of . In brief, all network protocols must work with IPv6 and no longer require IPv4. Hence, future IETF protocol work will optimize for and depend on IPv6.
- Linux network stack monitoring and tuning from the packagecloud blog in .
- Protocols web site.
- RFC Editor
- TCP/IP Port List by Richard Akerman.
- Unix domain sockets v. IP performance in a blog article from by Tiago “Myhro” Ilieve.
Packet capture and analysis
- Packetbomb.com by Kary: case studies and tutorials using Wireshark.
- SharkFest and SharkFest Europe include sessions from previous conferences.
- WireShark packet capture tools.
Technology and Ethics
- Do artifacts have ethics? A blogpost by Michael Sacasas that proposes 41 questions to explore the wide-ranging “moral dimension” of our technologies.
This may be more historic than useful nowadays. In days long ago it was not unusual to need to wire up a connector, often requiring soldering, and to have some understanding of basic electronics and components.