cipherdyne.org

Michael Rash, Security Researcher

• Home
• Blog Archives
• Software
• Author
• Contact

Michael Rash, Security Researcher

Resume All projects distributed on this site were developed as open source software in Perl and C by Michael Rash, and my resume is available as a Word file and as an HTML file. Many of my articles, papers, and slides for conference talks can be downloaded below.

Publications

1. "IDS Signature Matching with iptables, psad, and fwsnort", USENIX ;login: Magazine (Security Issue), December 2007
   
   
2. "Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort", No Starch Press, September 2007
   
   
3. "Protecting SSH Servers with Single Packet Authorization", The Linux Journal, May 2007
   
   
4. "Single Packet Authorization", The Linux Journal, April 2007
   
   
5. "Wireshark & Ethereal Network Protocol Analyzer Toolkit" (contributed the active response case study on pages 398-402), Syngress Publishing, December 2006
   
   
6. "Single Packet Authorization with fwknop", USENIX ;login: Magazine, February 2006
   
   
7. "Intrusion Prevention and Active Response : Deploying Network and Host IPS", Syngress Publishing, February 2005
   
   
8. "Combining Port Knocking and Passive OS Fingerprinting with fwknop", USENIX ;login: Magazine, December 2004
   
   
9. "Snort 2.1 Intrusion Detection, Second Edition", Syngress Publishing, June 2004
   
   
10. "Content Filtering and Inspection with fwsnort and psad", Sys Admin Magazine, April 2004
    
    
11. "Firewalls: Doing it Yourself", Information Security Magazine, October 2003
    
    
12. "Running Linux and Netfilter on Nokia IP Series Hardware", The Linux Journal, April 2003
    
    
13. "Security Benchmark for Linux" (Contributing Editor), The Center for Internet Security, May 2002
    
    
14. "Securing Linux Step-By-Step" (Contributing Editor), SANS, March, 2002
    
    
15. "Verifying Filesystem Integrity with CVS", The Linux Journal, February 2002
    
    
16. "Detecting Suspect Traffic", The Linux Journal, November 2001
    
    

Conference Talks

1. "Advanced Linux Firewalls", SOURCE Boston, March 2008
   
   
2. "Iptables Attack Visualization", OSCON, July 2007
   
   
3. "Zero-day Attack Prevention via Single Packet Authorization", Techno Security, June 2007
   
   
4. "Attack Detection and Response with Linux Firewalls", ShmooCon, March 2007
   
   
5. "Service Cloaking and Anonymous Access; Combining Tor with Single Packet Authorization (SPA)", DefCon 14, August 2006
   
   
6. "Maximum Netfilter", OSCON, July 2006
   
   
7. "Advances in Single Packet Authorization", ShmooCon, January 2006
   
   
8. "Netfilter and Encrypted, Non-replayable, Spoofable, Single Packet Remote Authorization", ToorCon 7, September 2005
   
   
9. "Securing the Enterprise with Netfilter", Linux World Summit, May 2005
   
   
10. "Advanced Netfilter; Content Replacement (ala Snort_inline) and Combining Port Knocking with p0f", DefCon 12, July 2004
    
    

Online Book Chapters

1. Chapter 10 "Deploying fwsnort" from "Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort", No Starch Press, September 2007
   
   
2. Chapter 5 "Network Inline Data Modification" from "Intrusion Prevention and Active Response: Deploying Network and Host IPS", Syngress Publishing, February 2005
   
   

Interviews and Web Articles

1. Interview with Michael Rash, Security Architect and Author of "Linux Firewalls", net-security.org, November 2007
   
   
2. Linux Firewalls Hold Up Under Application Layer Attacks, CRN, November 2007