Personal Internet Self Defense 2004
Upcoming SlideShare
Loading in...5
×
 

Personal Internet Self Defense 2004

on

  • 1,670 views

 

Statistics

Views

Total Views
1,670
Views on SlideShare
1,669
Embed Views
1

Actions

Likes
0
Downloads
20
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Personal Internet Self Defense 2004 Personal Internet Self Defense 2004 Presentation Transcript

    •  
    • Personal Internet Self-Defense 2003: Security and Privacy for the New Millennium Robert C. Jones, M.D. LtCol, USAF, Medical Corps Staff Anesthesiologist Andrews Air Force Base, Maryland E-mail: rob@notbob.com Web site: http://notbob.com
    • Disclaimer/Disclosure
      • This talk represents my own views, not those of the USAF, the DoD, or anyone else.
      • I am a Microsoft shareholder.
      • I am a Palm shareholder.
        • Far from a controlling interest in either!
      • Nobody paid me anything to write or present this.
      • The opinions/content on external URLs belong to the authors, not myself, the USAF, or the DoD.
    • CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
    • CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
    • CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
    • CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
    • CIA XXIIIII Copyright (C) 2003 Robert C. Jones, M.D. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Do you feel like this? CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • The Dirty Truth: “ Internet technologies are not designed to be secure. They're designed to be interactive... ...we as consumers are not taking the responsibility...to learn basics about using this stuff” Russ Cooper, editor of the NT Bugtraq mailing list (www.securityadvice.com), in http://cnn.com/TECH/computing/9909/28/ms.security.idg/index.html
    • You can’t afford perfect security “ The only secure computer is one that is unplugged, locked in a secure vault that only one person knows the combination to, and that person died last year.” Eckel, G and Steen, W., Intranet Working , New Riders, 1996, p. 419 CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • ...but can you really afford this ? CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • What this talk is about
      • Basic Internet self-defense for average users
      • How to protect your privacy on the internet
      • Where to learn more about Net security
      • My own personal opinions (not the USAF)‏
    • What this talk is NOT about
      • Advanced intrusion detection and response
      • How to hide nuclear secrets behind photocopiers
      • Advanced TCP/IP networking and protocols
      • Anyone else’s opinions (especially the USAF)‏
    • What is Internet Security?
      • For that matter, what is the Internet?
    •  
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. Mail2News http logon to web e-mail service newsreader web2mail
      • “ Information protection is not a technology issue. It is a people issue and therefore the people need to be educated.”
      Personal Internet Self-Defense 2003 Geza Szenes CISSP, Computer Security Awareness: A Case Study , SANS 99 http://www.sans.org/newlook/misc/Final_szenes.pdf
    • What do people need ?
    • Maslow’s Hierarchy of Needs Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • Basic Security Needs Workstation Needs Privacy Needs Confidence Guru The Security Pyramid CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Physical Security 2003
      • Theft (especially portables)‏
    • Physical Security 2003
      • Theft (especially portables)‏
        • locks, vigilance in airport X-ray lines/queues
    • Physical Security 2003
      • Theft (especially portables)‏
      • Electrical problems
        • UPS protects against brownouts & surges
    • Physical Security 2003
      • Theft (especially portables)‏
      • Electrical problems
      • Lack of reliable current backup
        • Backup regularly to reliable media; net backup
    • Physical Security 2003
      • Theft (especially portables)‏
      • Electrical problems
      • Lack of reliable current backup
      • C & C: Coffee and Cats
        • Don’t drink and compute; keep fans clean
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Passwords 2003
      • Pick Good Passwords
      • Avoid Bad Passwords
      • Protect Passwords
      • Change Passwords
    • Passwords 2003
      • Good Passwords
        • At least 8 characters (more if possible)‏
        • Mix of capital and small letters
        • Mix of letters and numbers
        • At least one special character ($#@!*^*)‏
        • Based on complex passphrase
          • tB0ntB?t1stFq!
    • Passwords 2003
      • Bad Passwords
        • Anything having to do with you
          • Any part of your social security number
          • Your birthday
          • Your kids’ birthdays
          • Relating to your hobbies
        • Less than 8 characters
        • Anything in a dictionary
        • Fictional characters (Gandalf, Frodo, Bilbo)‏
    • Passwords 2003
      • Pick Good Passwords
      • Avoid Bad Passwords
      • Protect Passwords
        • Don’t share them, don’t write them down
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Passwords 2003
      • Pick Good Passwords
      • Avoid Bad Passwords
      • Protect Passwords
      • Change Passwords
        • Change is good; automatic change is better?
      • Too frequent change = bad passwords
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Antivirus Defense 2003
      • Install antivirus software FIRST
      • Update antivirus software regularly
      • Check for Operating System (OS) patches monthly (more frequently if serious security holes arise)‏
      • Scan all downloaded files and attachments
        • Beware of viruses, trojans, spyware…
    • Terms of Endangerment
      • Virus: Self-replicating computer code with variable adverse effect (“payload”) [Example: Melissa macro virus]
      • Trojan: Sneaky program which, once activated by user, causes harm to computer, privacy, or both [Example: Back Orifice 2000 (BO2K)]
      • Spyware: Programs that connect to internet and report personal data regarding user [Example: RealNetworks Jukebox]
    • Antivirus Defense 2003
      • Install antivirus software FIRST
      • Update antivirus software regularly
      • Check for Operating System (OS) patches monthly (more frequently if serious security holes arise)‏
      • Scan all downloaded files and attachments
        • Beware of viruses, trojans, spyware…
    • Blaster Worm (2003)‏
      • Blaster-B variant exploits hole in MS Windows XP and 2000 (DCOM RPC)‏
      • Patch had been available for weeks…people just never bother to patch their systems!
      • ALL Operating Systems (OSes) need to be patched frequently to plug security holes (yes, even Linux!)‏
      http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.b.worm.htm l Jeffrey Lee Parsons, alleged Blaster Variant B creator
    • Antivirus Defense 2003
      • Install antivirus software FIRST
      • Update antivirus software regularly
      • Patch your OS at least monthly
      • Scan all downloaded files and attachments
      • (Radical) Disable M$ Outlook/Outlook Express
    • MS Outlook = Danger! “ I'm on record as saying that Outlook is a security hole that also happens to be an e-mail client.” Steven J. Vaughan-Nichols ZDNet News May 4, 2000 http://www.zdnet.com/sp/stories/column/0,4712,2562098,00.html
    • The Melissa Virus
      • E-mail  Productivity Suite integration exploit
      Yet another...
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Browser Security 2003
      • Disable routine ActiveX and Java/Javascript
    • How Secure is ActiveX?
      • “ The problem with ActiveX security, according to analysts, developers, and IS managers alike, is that there is no security with ActiveX. ”
      • --Paul Festa, CNET News.com, 18 Feb 98
      • http://news.cnet.com/news/0-1003-201-326605-0.html
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Browser Security 2003
      • Disable ActiveX and Java/Javascript
      • Use the maximum security setting you can stand
    • MSIE 4.72.x CIA XXIII (note: Fixed in MSIE versions 5.x)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • How to tell when your browser settings are correct... CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Browser Security 2003
      • Disable ActiveX and Java/Javascript
      • Use the maximum security setting you can stand
      • Upgrade encryption to 128 bits minimum
        • 40 bits is standard…and insecure.
    • How to check your encryption strength
    • Browser Security 2003
      • Disable ActiveX and Java/Javascript
      • Use the maximum security setting you can stand
      • Upgrade encryption to 128 bits minimum
      • Update browser regularly to get bug fixes
        • But beware of version X.0 of anything
    • Don’t be an unpaid beta tester!
      • “ Time to market and functionality always beat out security. Always. Always.”
      • --David Bradley, UC Berkeley, 25 August 99
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Privacy 2003: Endangered Species
      • “ You have zero privacy now. Get over it.”
      • -- SUN CEO Scott McNealy, February 99, when asked by a reporter about Jini’s tracking of users across networks
    • Privacy 2003: Endangered Species
      • “ Like murder, privacy invasion is most frequently committed by those close to us.”
      • --Rob Jones, M.D. , Dec 1999
    • Privacy 2003: Basic
      • Assume workplace internet use is monitored
    • Privacy 2003: Basic
      • Assume workplace internet use is monitored
        • E-mail, surfing should be boss/CEO-acceptable
    • Privacy 2003: Basic
      • Assume workplace internet use is monitored
      • Beware of prying eyes
        • “ Shoulder-surfing” on airplanes, ATM machines
    • Privacy 2003: Basic
      • Assume workplace internet use is monitored
      • Beware of prying eyes
      • Lock your workstation when you are away
        • Password-protected screen saver or log off
    • Privacy 2003: Basic
      • Assume workplace internet use is monitored
      • Beware of prying eyes
      • Lock your workstation when you are away
      • Password-protect sensitive documents
        • Not cracker-proof, but will deter average snoop
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Privacy 2003: Advanced
      • Use strong encryption for sensitive information
        • PGP, RSA, IDEA, Blowfish (DES is cracked)‏
    • from Introduction to Cryptography , Network Associates, 1999 Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • “ The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely.” Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII from Introduction to Cryptography , Network Associates, 1999
    • Privacy 2003: Advanced
      • Use strong encryption for sensitive information
      • Con your OS (GUID, ComputerName,Workgroup)‏
        • Pleased to meet you. Hope you guess my name.
    • Why does my software have to know my name? start | run | regedit | edit | find | your_name be careful...regedit can ruin your computer if you change stuff unwisely...always back up first
    • Office 97 and the Personal ID/Global User ID... get the fix here: http://officeupdate.microsoft.com/Articles/privacy.htm Unique number derived, in part, from network card MAC address
    • Privacy 2003: Advanced
      • Use strong encryption for sensitive information
      • Con your OS (GUID, ComputerName,Workgroup)‏
      • Nuke intrusive information on your hard drive
        • Cookies and History and Cache, oh my!
    • Cookies are bad for your wealth
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Privacy 2003: Advanced
      • Use strong encryption for sensitive information
      • Con your OS (GUID, ComputerName,Workgroup)‏
      • Nuke intrusive information on your hard drive
      • Use anon proxies for private web browsing
        • ZKS Freedom, Anonymizer, etc .
    • How anon proxy servers work Web Server X Anon Proxy Server Your computer “ this is joeschmoe@joesisp.com” “ this is nobody@ anonproxy.net” Web page + cookies Web page - cookies
    • Turn off file and print sharing
      • unless you want the Internet to be your LAN
      • Especially important with cable modem or xDSL
      oh, one more thing...
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • What is spam?
      • Not the Hormel ® Luncheon Meat (SPAM™)‏
      • Unsolicited Bulk e-mail
      • Junk Usenet posts
      • (New) Instant Messaging spam
    • Why spam is bad.
      • " Spamming is the scourge of electronic-mail and newsgroups on the Internet. ... Spammers are, in effect, taking resources away from users and service suppliers without compensation and without authorization. "
        • - - Vint Cerf, Senior Vice President, MCI and (unlike Al Gore) acknowleged "Father of the Internet”, as quoted on http://www.cauce.org/problem.html
    • This is your Inbox
    • This is your Inbox with e-mail
    • This is your Inbox with spam Job Offer Love letter from Salma Hayek
    • Spam = Theft!
      • Key aspect is unauthorized theft of services
        • bandwidth, hard dive space, per-minute costs, time
    • Spam = Theft!
      • Key aspect is unauthorized theft of services
      • Costs shifted to recipients, not senders
        • Unlike junk snail mail; 47 USC 227: no junk faxes
    • Spam = Theft!
      • Key aspect is unauthorized theft of services
      • Costs shifted to recipients, not senders
      • Content neutral…not a freedom of speech issue!
        • Violation of Acceptable Use Policies/TOSes
        • Violation of U.S. state laws (WA, VA…)‏
        • Violation of Austrian federal law
          • http://www.pcwelt.de/ausgabe/99_07/n090799011.HTM
    • Anti-Spam 2003
      • Munge
        • [email_address] SPAMBL 0 CK isp.com
    • Anti-Spam 2003
      • Munge
      • Filter
        • E-mail filter rules; Usenet killfiles; IRC #ignore
    • Anti-Spam 2003
      • Munge
      • Filter
      • Use throwaways
        • Get free e-mail accounts for net registrations
    • Anti-Spam 2003
      • Munge
      • Filter
      • Use throwaways
      • Complain
        • E-mail spammers’ ISPs; be polite to sysops
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • What is a firewall?
    • Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII Beaumaris Castle Ynys Môn Cymru
    • What is a firewall?
      • Firewalls are like medieval moats:
        • Restrict people to entering at one controlled point
        • Prevent attackers from getting close to your other defenses
        • Restrict people to leaving at one controlled point
      --Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, p 17
    • port 25 (smtp)‏ port 8080 (http)‏ port 119 (nntp)‏ port 6667 (IRC)‏ port 23 (telnet)‏ TCP/IP Hi, I’m 102.74.145.234 Hello, I’m 214.90.1.43 Everyday computer conversations use many “ports” CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • port 8080 (http)‏ Firewall Your computer port 6667 (IRC)‏ Firewalls implement your security decisions port 25 (smtp)‏ port 25 (smtp)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • What a Firewall Can Do
      • Serves as focus for security decisions
      • Enforces security policy
      • Logs internet activity efficiently
      • Limits damage to your network
      --Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20
    • What a Firewall Can’t Do
      • Can’t protect against insiders
      • Can’t protect you against connections that don’t pass through it
      • Can’t protect against completely new threats
      • Can’t protect you from viruses/trojans
      --Chapman and Zwicky, Building Internet Firewalls, O’Reilly, 1995, pp 19-20
    • CIA XXIII Firewalls can’t protect you from SE! ( S ocial E ngineering)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Do you need a firewall?
      • Home user vs. Business user
    • Do you need a firewall?
      • Home user vs. Business user
      • Dynamic internet IP address vs. Static IP address
    • Do you need a firewall?
      • Home user vs. Business user
      • Dynamic internet IP address vs. Static IP address
      • Unix/Linux OS vs. any flavor of Windows
    • Do you need a firewall?
      • Home user vs. Business user
      • Dynamic internet IP address vs. Static IP address
      • Unix/Linux OS vs. any flavor of Windows
      • Dialup modem vs. always-on Broadband
    • CIA XXIII Fat pipes make juicy targets! Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Types of Firewalls
      • Software
      • Hardware
    • Types of Firewalls
      • Software
        • NetworkICE BlackICE Defender
        • Zonelabs ZoneAlarm (free for personal use)‏
        • Norton Internet Security 200x
        • Others…
      • Hardware
    • BlackICE Defender attack list (against my dialup sessions)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • Automatic reverse IP address lookup on attacker reveals... Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • Zonelabs ZoneAlarm (freeware for personal use)‏ Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • Zonelabs ZoneAlarm Alert Example Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • NOTE: As of January, 2002, ZoneAlarm (not Black ICE) is the only leading software firewall that looks at OUTGOING packets from your machine (thus catching Trojans, spyware, and backdoors installed by your ISP’s software)‏ On the other hand, BlackICE tracks attackers back through the Net…freeware ZoneAlarm doesn’t (although the upgrade, ZA Pro, does)‏ Updated 10 Jan 02
    • Types of Firewalls
      • Software
      • Hardware
        • SonicWall
        • Watchguard SOHO
        • Your own Linux box with custom ipchains… etc.
    • Remember…
      • A poorly-administered firewall is worse than none at all!
      • From comp.security.firewalls newsgroup:
      • &quot;JArelXXXX&quot; <jarelXXXX@aol.com> wrote in message
      • news:20000822182824.13689.00000745@ng-mg1.aol.com...
      • > The company I work for is evaluating the possibility of outsourcing the
      • > administration of the FirewallVPN…
      • > I have just been appointed responsability (sic) of administering their firewall,
      • > however they do not want to send me to any type of training . They feel
      • > that once I get the training I will leave.
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Continuing Security Education 2003
      • Friends?
    • Continuing Security Education 2003
      • Friends?
        • The worst source. Virus hoaxes and urban legends galore
    • Continuing Security Education 2003
      • Friends?
      • 3-Space Mass Media?
    • Continuing Security Education 2003
      • Friends?
      • 3-Space Mass Media?
        • 24 hours to 3 months behind; Generally clueless with regard to non-web Net events
    • Continuing Security Education 2003
      • Friends?
      • 3-Space Mass Media?
      • Books?
        • Excellent source for fundamentals; usually 1-5 years behind
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • The Tao of Network Security 1994-1999: Information Access
    • The Tao of Network Security 1994-1999: Information Access 2000-2005: Information Denial
    • Security 2004 Preview
    • Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved. CIA XXIII
    • Online Resources
      • Physical Security
      • Targus (notebook locks, alarms): http://www.targus.com/
      • American Power Conversion (UPS): http://www.apc.com/
      • TrippLite (UPS) : http://www.tripplite.com/
      • Iomega (backup hardware, software): http://www.iomega.com/
      • Castlewood (backup hardware, software): http://www.castlewood.com/
      • Xdrive (online backup): http://www.xdrive.com/
      • iBackup (online backup): http://www.ibackup.com/
    • Online Resources
      • Password Security
      • Picking good passwords
        • http://www.itis.gatech.edu/doc/passwd.html
        • http://www.alw.nih.gov/Security/Docs/passwd.html
      • Top 10 Bad passwords
        • http://www.knowledgeclicks.com/security/articles/11999/top10badpasswords.htm
    • Online Resources
      • Antivirus Security
      • Symantec Antivirus Research Center: http://www.sarc.com/
      • McAfee Antivirus Center: http://www.mcafee.com/centers/anti-virus/
      • Aladdin E-safe Antivirus/Firewall: http://www.aladdin.co.il/
      • Qualcomm Eudora E-mail: http://www.eudora.com/
    • Online Resources
      • Browser Security
      • Microsoft IE: http://www.microsoft.com/windows/ie/default.htm
      • Microsoft Security Advisor: http://www.microsoft.com/security/default.asp
      • Netscape Communicator: http://www.netscape.com/download/index.html
      • Opera: http://www.opera.com/
      • Sam Spade for Windows: http://samspade.org/ssw/
      • Check your security with Shields Up! http://grc.com/default.htm
    • Online Resources
      • Privacy Protection
      • The Electronic Frontier Foundation: http://www.eff.org/
      • EPIC: http://www.epic.org/privacy/tools.html
      • PGP: http://www.pgp.com/
      • NSClean/IEClean: http://www.nsclean.com/
      • Microsoft Hotmail (for throwaways): http://www.hotmail.com/
      • Anonymizer: http:/www.anonymizer.com/
      • Zero Knowledge Systems Freedom: http://www.freedom.net/
      • Hushmail: http://www.hushmail.com/
    • Online Resources
      • Anti-Spam Activism
      • Junkbusters: http://www.junkbusters.com/
      • Spam.abuse.net: http://spam.abuse.net/
      • Coalition Against Unsolicited Commercial E-mail: http://www.cauce.org/
      • F.R.E.E.: http://www.spamfree.org/
      • The Spam-L FAQ: http://oasis.ot.com/~dmuth/spam-l/
      • The E-mail Spam FAQ: http://ddi.digital.net/~gandalf/spamfaq.html
      • The Munging FAQ: http://members.aol.com/emailfaq/mungfaq.html
    • Online Resources
      • Learning the Lingo (Usenet, IRC, IM)‏
      • news.announce.newusers: http://www.netannounce.org/news.announce.newusers
      • The Net-Abuse FAQ: http://www.cybernothing.org/faqs/net-abuse-faq.html
      • mIRC IRC FAQ: http://www.mirc.com/ircintro.html
      • NewIRCusers.com: http://www.newircusers.com/
      • ICQ IM Security: http://www.icq.com/features/security/
      • IM Security: http://www.pcmag.com/article2/0,4149,1217889,00.asp
    • Online Resources
      • Firewalls
      • Symantec Norton Internet Security: http://www.symantec.com/
      • ZoneLabs ZoneAlarm: http://www.zonelabs.com/
      • Internet Firewalls FAQ: http://www.interhack.net/pubs/fwfaq/
      • Keeping your site comfortably secure: an introduction to internet firewalls: http://cs-www.ncsl.nist.gov/publications/nistpubs/800-10/
      • Some Hardware Firewall Vendors: http://www.thegild.com/firewall/
      • Linux Firewall HOWTO: http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
    • Online Resources
      • Continuing Security Education
      • The SANS Institute: http://www.sans.org/
      • Internet Storm Center: http://isc.sans.org/
      • C|Net News.com: http://news.com.com/ (follow security tab)‏
      • AntiOnline: http://www.antionline.com/index.php
      • ISTS: http://news.ists.dartmouth.edu/
      • ISS X-Force: http://xforce.iss.net/
      • 2600: http://www.2600.com/
    • CIA XXIII Copyright (C) 2003 Robert C. Jones, M.D.. All Rights Reserved.
    • Offline Resources
      • Books/Articles
            • Cheswick, WR, Bellovin, SM, Firewalls and Internet Security: Repelling the Wily Hacker , New York: Addison-Wesley Publishing Company 1994. ISBN 0-201-63357-4
            • Gilster, Paul, Finding it on the Internet , New York: John Wiley & Sons, Inc., 1994. ISBN 0-471-03857-1
            • Wolff , Michael (ed.), Your Personal Netspy: How You Can Access the Facts and Cover Your Tracks Using the Internet and Online Services , New York: Wolff New Media LLC, 1996. ISBN 0-679-77029-1
    • Offline Resources
      • Books/Articles
            • Knightmare, The, Secrets of a Super Hacker , Port Townsend, WA: Loompanics Unlimited, 1994. ISBN 1-55950-106-5
            • Zimmerman, Philip R., The Official PGP User's Guide , Cambridge, Mass: M.I.T. Press, 1996. ISBN 0-262-74017-6
            • Wayner, Peter, Disappearing Cryptography: Being and Nothingness on the Net , Boston: Academic Press Professional, 1996. ISBN 0-12-738671-8
            • O'Malley, Chris, Snoops: Welcome to a small town called the internet, where everyone knows your business , Popular Science, Jan 97, p. 56
    • Offline Resources
      • Books/Articles
            • Schwartz, Alan and Garfinkel, Simson, Stopping Spam , Cambridge: O’Reilly, 1998. ISBN 1-56592-388-X
            • Communications of the ACM 42(7), July 1999, various authors: Defensive Information Warfare
            • Communications of the ACM 42(2), Feb. 1999, various authors: Internet Privacy: the Quest for Anonymity
            • Honeycutt, Jerry; Pike,Mary Ann, et al. , Special Edition: Using the Internet , 3rd Edition, Indianapolis, IN: Que® Corporation, 1996. ISBN 0-7897-0846-9
    • Offline Resources
      • Books/Articles
            • Weiss, Aaron, The Complete Idiot's Guide to Protecting Yourself on the Internet , Indianapolis, IN: Que® Corporation, 1995. ISBN 1-56761-593-7
            • Griffith, Samuel B.(trans), Sun Tzu: The Art of War , New York: Oxford University Press, 1963 ISBN 0-19-501476-6
            • Lane, Carole A, Naked in Cyberspace: How to Find Personal Information Online , Wilton, CT: Pemberton Press c/o Online Inc., 1997 ISBN 0-910965-17-X
    • Offline Resources
      • Books/Articles
            • Chapman, D. Brent and Zwicky, Elizabeth D., Building Internet Firewalls , Sebastopol, CA: O'Reilly & Associates, 1995. ISBN 1-156592-124-0
            • Icove, David, Seger, Karl, and VonStorch, William, Computer Crime: A Crimefighter's Handbook , Sebastopol, CA: O'Reilly & Associates, 1995. ISBN 1-56592-086-4
            • Anonymous, Maximum Security , Second Edition, Indianapolis: Sams, 1998. ISBN 0-672-31341-3
    •