Lance's Whitepapers

Lance's Security Papers
If you find any mistakes or have any suggestions, PLEASE email me at lance@honeynet.org
Thanks!

I've created a new website dedicated just to honeypots:
http://www.tracking-hackers.com.

--- Whitepapers ---
Feel free to copy / link / distribute any of the whitepapers listed below. You can find translated papers here.
(Francais, Deutsch, suomi, Slovene, Korean, Russian, Italian, Spanish, Chinese, Polski)

Honeypots - 17 May, 2002 (New honeypot discussed!)

This paper discusses the definitions and value of honeypots. It also covers various honeypot solutions you can download and try on your own.

Armoring Solaris: II - 05 November, 2001

This article is a continuation of the Armoring Solaris paper. This article focuses on securily building a minimized Solaris 8 64-bit system specifically for CheckPoint FireWall-1 NG.

Armoring Solaris - 19 August, 2001

How to armor the Solaris operating system. This article presents a systematic method to prepare for a firewall installation. Also included is a downloadable shell script that will armor your system.

Armoring Linux - 19 September, 2000

How to armor the Linux operating system. This article presents a systematic method to prepare your system for the Internet. The article is based on Redhat 6.0, but should apply to most distributions of Linux.

Armoring NT - 16 April, 2000

How to armor the NT operating system. This article presents a systematic method to prepare for a firewall installation.

Intrusion Detection for Check Point FireWall-1 - 22 December, 2001

How to implement intrusion detection for Checkpoint Firewall 1. Also included is a downloadble script that does all IDS functionality for you, for both Firewall-1 ver 4.1 and the latest, FW-1 NG (Next Generation). Please give this page a minute to download, I used several images for the page, totaling 225K. Thanks!

Understanding the FireWall-1 State Table - 29 November, 2000

Stateful inspection is one of FW-1's claim to fame. This whitepaper covers how it works, and how stateful it really is. Included is a PERL script that helps you read and understand your own FW-1 state table. This paper is a work in progress.

Building Your Firewall Rulebase - 26 January, 2000

Misconfigured firewalls are one of the biggest risks security admins face. This paper describes in a step-by-step fasion how to build a secure firewall rulebase.

Auditing Your Firewall Setup - 12 December, 2000

How to audit your firewall setup. The purpose of this paper is to help you verify your firewall is correctly implemented and behaves as you expect it.

FW-1 Troubleshooting Tips - 15 December, 1999

Advance Troubleshooting tips for CheckPoint FW-1.

--- Publications ---
As published in "Inside Solaris"

The Secrets of Snoop

How to best leverage the network sniffer snoop, with various command line examples. Included are examples on how to analyze network traffic and improve your network security.

Routing With Solaris - 9 March, 2000

How to configure a static routing table for a Solaris gateway. Also covers what VLSM is and how to leverage it. Included are examples of real routing situations, to include command syntax and routing table configuration. Also included is an excellent windows tool to calculate all your subnetting and CIDR aggregation.

Configuring Network Interface Cards

How to install, configure, and troubleshoot your NICs for the Solaris operating system. Included are examples of command syntax and interface configuration.

Watching Your Logs

How to plan and implement an automated filter for your logs utilizing swatch. Includes examples on configuration and implementation.

Intrusion Detection.

How to build and implement a simple intrusion detection system using TCP Wrappers and other tools. Also, recommendations on how to react and NOT react once you detect an intrusion attempt.

--- Other Goodies ---

The What and How of Information Technology

The result of a graduate school project, I propose a theory on how management can apply Information Technology in a Two Part Process. Linked to this is an interactive website demonstrating my theory.

Digital Certificates

In-depth Whitepaper on what Digital Certificates are and how they work.

Logger for Checkpoint Firewall 1

Access database that queries Checkpoint Firewall 1 logs. Please give this page a minute to download, I used several images for the instructions, totaling 159K. Thanks!!

Author's bio
Lance Spitzner enjoys learning by blowing up his Unix systems at home. Before this, he was an Officer in the Rapid Deployment Force, where he blew up things of a different nature. You can reach him at lance@honeynet.org .

My bio