Dr Anton Chuvakin Information Security Publications

More information about me
My Blog
List of my public appearances
My security book reviews

Enterprise Security Management
Log Analysis, Log Management and Data Correlation
Regulatory and Policy Compliance
In Russian:
Policy and people issues of information security
Malicious hacker attacks
Honeypots and honeynets
Security Tools and Intrusion Detection
UNIX/Linux Security
Application security
VPN, IPSec and encryption
  • (08/2001) "Future IP Security" outlines the future of IP addressing (IPv6) and focuses on the security components of next generation IP services (IPsec) [published at SecurityWatch]
  • (03/2007) "Five mistakes of data encryption" covers some of the other mistakes that often occur when organizations try to use encryption to protect data at rest and data in transit and thus improve their security posture.) [published at ComputerWorld]
Vulnerability Analysis

Hack-of-the-Week series  takes a recent vulnerability in some popular operating system or other software and studies it. Realistic exploit scenarios are developed, and suggested ways of mitigating risks are considered and new ones proposed [published at SecurityWatch]

Other vulnerability and penetration testing articles
  • (05/01/2002) "Standardizing Penetration Testing" Gives an outlines of popular penetration testing methodology (OSSPTMM) and challenges with standartizing penetration testing. [published at SC Magazine web portal]
  • (04/22/2003) "Covert Channels" A modern review of network covert channeling methods which compares them with classic "Rainbow Series" covert channles on secure operating systems [submitted for publication]
Security Basics and FAQs

Information Security FAQs
Other IT issues (non-security)
Digital risks
  • (09/2001) "Digital risks taxonomy" A diagram that structures digital risks (such as hacking, Do, etc) in the form useful for impact assessment for the purposes of insurance [local copy] 
  • (09/2001) "Impacts of digital risks on enterprise" [under development]
  • (12/05/2001) "Infrastructure Protection: Infosec Perspective" The paper covers issues in critical infrastructure protection and information security, lists several focus areas that need efforts and summarizes the results of recent meeting in New England on infrastructure protection. [published at SC Magazine web portal]
  • (11/11/2001) "Protecting New England: A Call to Action" The paper summarizes the results of joint meeting on critical infrastructure protection in New England and infosecurity community role in increasing information sharing [published at ISSA web site in PDF format]

Old preblog entries are here.

To contact me with questions or comments, use email. For other contact methods, look at the home page. For my information security book page go here.

My recent blog posts (see old content below):

Subscribe to RSS headline updates from:
Powered by FeedBurner

Modified: 16-Mar-2010