Information Security

General

#!/usr/bin/perl -Tw ############################################################################## # rss2si.pl # # This program writes out a html table or list that can be placed into a # normal html page for displaying RSS feed on the web. The progam is a # modified version of rss2js.pl by Nik Jewell (see below). Modification # done by Kåre Presttun, kare(at)presttun.org 07th March 2004. # # The modification makes the program suitable for being run from SSI. # Typical usage is like this: # # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # ############################################################################## ############################################################################## # rss2js.pl # # # # This program writes out an RSS file to JavaScript for remote display # # # # by Nik Jewell. v0.2 20th May 2002 # # # # Configuration of the visual display characteristics can be carried out # # with the accompanying rssconfig.pl script # # # # Please contact L.N.Jewell@leeds.ac.uk with bugfixes, suggested # # improvments or for assistance # # # # Copyright (C) 2002 PRS-LTSN # # # # This program is free software; you can redistribute it and/or # # modify it under the terms of the GNU General Public License # # as published by the Free Software Foundation; either version 2 # # of the License, or (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA # ############################################################################## # Modules use strict; use CGI; use LWP::Simple; use XML::RSS; # Declare global variables my ($width,$height,$listOn,$listOff); # Create an instance of CGI my $query = new CGI; ##################################################################### # Collect the query data my $remote = $query->param('remote'); my $name = $query->param('name'); my $nameDesc = $query->param('nameDesc'); my $image = $query->param('image'); my $desc = $query->param('desc'); my $num = $query->param('num'); my $box = $query->param('box'); my $copyr = $query->param('copyr'); my $date = $query->param('date'); my $list = $query->param('list'); my $wid = $query->param('wid'); ##################################################################### # Create an instance of XML::RSS my $rss = new XML::RSS; # Fetch the remote file my $xml = get($remote); # Parse the retrieved file $rss->parse($xml); # Create the html table &OUTPUT($rss); ##################################################################### # Main display sub OUTPUT { if (not defined $wid) { $wid = '200' } # Display news items as list items? if (defined($list)) { $listOn = "

"; $listOff = "

"; } # Print the header print "Content-type: text/html\n\n"; # Print the opening container table tags print "\n"; # Call the individual display subroutines if (defined($name)) { &NAME; } if ($rss->{'image'}->{'link'} && defined($image)) { &IMAGE; } if ($rss->{'channel'}->{'description'} && defined($nameDesc)) { &NAMEDESC; } if (defined($desc)) { &DESCRIPTION; } else { &TITLE; } if (($rss->{'textinput'}->{'title'}) && defined($box)) { &TEXTINPUT; } if (($rss->{'channel'}->{'pubDate'}) && defined($date)) { &PUBDATE; } if (($rss->{'channel'}->{'copyright'}) && defined($copyr)) { ©RIGHT; } # Print the closing container table tags print "

\n"; } ##################################################################### # Print channel name sub NAME { print "\n"; my $chan="{'channel'}->{'link'}\">$rss->{'channel'}->{'title'}"; &PRINT($chan); print "\n"; } ##################################################################### # Print channel image sub IMAGE { if ($rss->{'image'}->{'width'}) { $width = "$rss->{'image'}->{'width'}"; } if ($rss->{'image'}->{'height'}) { $height = "$rss->{'image'}->{'height'}"; } print "

{'image'}->{'link'}\">{'image'}->{'url'}\" alt=\"$rss->{'image'}->{'title'}\" border=\"0\" width=\"$width\" height=\"$height\">

\n"; } ##################################################################### # Print channel description sub NAMEDESC { print "\n"; my $chandesc="$rss->{'channel'}->{'description'}"; &PRINT($chandesc); print "\n"; } ##################################################################### # Print item title sub TITLE { if (not defined $num) { $num = '0'; } my $s = 1; if ($list eq "y") { my $tableOpen = "

"; my $tableClose = ""; &PRINT($tableOpen); foreach my $items (@{$rss->{'items'}}) { next unless defined($items->{'title'}) && defined($items->{'link'}) && ($s <= $num); my $titles = "

{'link'}\">$items->{'title'}

"; &PRINT($titles); $s++ } &PRINT($tableClose); } else { foreach my $items (@{$rss->{'items'}}) { next unless defined($items->{'title'}) && defined($items->{'link'}) && ($s <= $num); my $titles = "{'link'}\">$items->{'title'}"; &PRINT($titles); $s++ } } } ##################################################################### # Print item title and description sub DESCRIPTION { if (not defined $listOn) { $listOn = ''; } if (not defined $listOff) { $listOff = ''; } if (not defined $num) { $num = '0'; } my $s = 1; foreach my $items (@{$rss->{'items'}}) { next unless defined($items->{'title'}) && defined($items->{'link'}) && ($s <= $num); my $title = "$listOn{'link'}\">$items->{'title'}$listOff"; my $desc = "$items->{'description'}"; &PRINT($title); &PRINT($desc); $s++; } } ##################################################################### # Print channel textinput box sub TEXTINPUT { my $input = ""; &PRINT($input); } ##################################################################### # Print channel publication date sub PUBDATE { my $pub="$rss->{'channel'}->{'pubDate'}"; &PRINT($pub); } ##################################################################### # Print channel copyright sub COPYRIGHT { my $copyR = "$rss->{'channel'}->{'copyright'}"; &PRINT($copyR); } ##################################################################### # Clean up RSS input before printing sub PRINT { # Escape any single quotes (only needed in js output) # $_[0] =~ s/\'/\\'/g; # Get rid of any stray new lines, form feeds or carriage returns in the input $_[0] =~ s/\n//g; $_[0] =~ s/\f//g; $_[0] =~ s/\r//g; # Print the output print "$_[0]\n"; }

"; $listOff = "

{'image'}->{'link'}\">{'image'}->{'url'}\" alt=\"$rss->{'image'}->{'title'}\" border=\"0\" width=\"$width\" height=\"$height\">

"; my $tableClose = ""; &PRINT($tableOpen); foreach my $items (@{$rss->{'items'}}) { next unless defined($items->{'title'}) && defined($items->{'link'}) && ($s <= $num); my $titles = "

{'link'}\">$items->{'title'}

InfoSysSec

ISO/IEC 27000 series

Ted Humphreys' International User Group Site

Management and Audit

Firewalls

Firewall Product Overview originally by Catherine Fulmer
Firewall and Proxy Server HOWTO by Mark Grennan
Linux Firewall and Security Site
Internet Firewalls: Frequently Asked Questions by Matt Curtin and Marcus J. Ranum
Port Knowledgebase from ISS
Port Numbers from IANA
The PortsDB Project

Benchmarks / Guides

CIS - The Center for Internet Security
NSA - Security Configuration Guides

Common Criteria

Common Criteria Portal
NIAP - National Information Assurance Partnership (US)
SERTIT - sertifiseringsmyndigheten for IT sikkerhet (NO)
Common Criteria - Wikipedia

Web Security

The World Wide Web Security FAQ
OWASP - Open Web Application Security Project
WASC - Web Application Security Consortium
Cgisecurity.com: Web Security
Nikto - web server scanner
WHArsenal - web application security productivity tool

(D)DoS

Many (Distributed) Denial of Service (DoS) attacks work because ISPs (Internet Service Providers) does not do their job. When you are at the end of a link and are under a DoS attack there is not very much you can do. ISPs on the other hand can do a lot to prevent attacks from reaching their customers and to prevent attacks being launched from their networks. Unfortunately very few of them do it.

Denial of Service attack against GRC.COM by Steve Gibson
Distributed-Systems Intruder Tools Workshop by CERT/CC
Distributed Denial of Service (DDoS) Attacks/tools by Dave Dittrich
Network Ingress Filtering: rfc 2827/BCP 38
Bogon List by Rob Thomas. Get it via BGP
Reverse Path Forwarding by Cisco and Juniper

IDS (Intrusion Detection Systems)

Snort and SnortCenter - NIDS - SnortSnarf - Oinkmaster
PureSecure - Free for home users (Snort management)
Prelude - Hybrid IDS
Firestorm - NIDS
Hank - NIDS
BENIDS - NIDS
Tamandua - NIDS
SANS IDS FAQ
Talisker: IDS overview
SANS: Anti-IDS Tools and Tactics
HogWash - Intrusion Prevention System (IPS)
"Receive only" sniffing cable - for NIDS - RJ-45 Pinouts

Scanners | Testing

Nessus - remote security scanner
Nikto - web server scanner
Nmap - network exploration or security auditing
dsniff - network auditing and penetration testing
fragroute - testing of NIDS, firewalls, and basic TCP/IP stack behaviour
Talisker: Vulnerability Scanners Overview

Honeypots

Other Tools

HOME

Job:

Personal: