Computer Security Links (as of Dec 2007)

Antivirus

Attacks & Vulnerabilities

Assessment

Biometrics

Cryptography

Education

 Firewalls

Forensics 

"Free" Items

Incident Reporting

Intrusion Detection

  Laws

Miscellaneous

Network Penetration Testing

 Online Publications 

Operating System,  Web Server & Router Security

Organizations & Certification

Oversight- Federal

Public Key Infrastructure

Research & University

Risk Management

Virtual Private Networks

Wireless Access 

and Security

Other General Security Links

 

Antivirus

- AV Comparatives
- Symantec Antivirus Center

- European Community

- IBM Research

- McAfee Antivirus for DoD (no charge to end user)

 

 

 

 

 

 

 

Attacks/Cracking
2600    50 Ways Series   Antionline  Arbor Networks ASERT  Attrition CastleCops  Cyberpunks Emerging Threats  Federal Computer Crime Prosecutions i-hacked   Insecure  Liquid Matrix  Mwcollect  Nepenthes  Offensive Computing    Packetstorm Phrack ReverseMode Sam Spade SANS  ISC  SecuriTeam  Securtyfix  Shadowserver  Sunbelt/CWSandbox  Support Intelligence  TaoSecurity  ThreatSTOP  Websense  Zone-h

 

DEFCON ShmooCon ToorCon Blackhat HackInTheBox 

 

Databases of Vulnerabilities

- National Vulnerability Database (NVD)

- Security Focus, Inc/Bugtrak   

- Common Vulnerabilities and Exposures (CVE)  

- DOD IA Vulnerability Alerts

- CERT at Carnegie Mellon University

 Assessment, Audit, Accreditation
- NSA InfoSec Methodology
- DoD IT Security Information and Accreditation Process (DITSCAP)
- Common Criteria     - Protection Profiles
- Systems Security Engineering CMM
- Control Objectives for IT (COBIT)
- National Information Assurance Partnership (NIAP) – Octave Vulnerability Assessment

- Validated CC Product List

- NIST Security Self-Assessment for IT Systems

- Security Checklists from NIST

- Center for Internet Security Guides

- AMC's Security Checklists

Biometrics

- Biometric Consortium

- DoD Biometrics Management Office 

 - Find Biometrics

 

 

 

 

Cryptography

- NIST Cryptography

- Ron Rivest's Links

- Crypto Policy

- International Pretty Good Privacy (PGP) Page

- Secure Sockets Layer (SSL)

- Secure Shell (SSH)

- IP Security (IPSEC)

- Secure HTTP (HTTPS)

- Digital Certificates  

- Secure XML - Secure Electronic Transaction

Education

Papers

SANS Reading Room

ITPapers.com - Security Journals Link List 

Course Offerings

-  Centers of Academic Excellence

-  MIS Training Institute     -  Learning Tree Intl

-  SANS Institute -  CERT at Carnegie Mellon Univ

-  Computer Security Institute

-  National Institute for Science and Technology 

Security University

Firewalls
- Firewall FAQ

- Common Criteria Certified Firewalls
- Firewall Products
- Personal Firewalls
- Internet Firewall Resources fom CERIAS
- Intro to Firewalls- NIST
- Firewall Mailing List
- Chapman & Zwicky Chapter 4
- Firewall Forensics - Logs

 

Forensics

- DoD Computer Forensics Lab

- US Secret Service Digital Evidence Practices

 

 

 

 

 

 

 

 Free Publications & Software

- IATF Information Assurance Technical Forum

- IATAC Information Assurance Technical Analysis Center (free seminars)

- NIST Publications (free)

- NSA Guides (free)
- DISA CDs IA Support Environment (free)
- Federal Agency Security Practices (NIST)
- GAO Reports 

- Freeware Tools

- McAfee Antivirus for DoD (no charge to end user)

Incident Reporting/Response
- CERT at Carnegie Mellon University
- Security Focus/Bugtraq

- Incidents.org  & Dshield (both SANS)

- U.S. Cert  U.S. Cert Vulnerability Notes

- National Infrastructure Protection Center
- FedCERT
- DoD CERT
- Army CERT (.mil access only)
- Navy CERT
- Air Force CERT
- Forum  Incident Response & Security Teams
- DoE Computer Incident Advisory Center

- Microsoft Product Security Notification

 

 

 

 

 

Intrusion Detection
- Intrusion Detection Pages 
- Robert Grahams FAQ
- IDS Products
- Honeypots
- Security Focus, Inc 

- HoneyNet Project

 

 

 

 

 

 

 

 

 


 

Laws, Regulations

- U.S.C. Title 18 Part I Chapter 47 Section 1030. Fraud and related activity in connection with computers

- USA Patriot Act Amendments to U.S.C.

- PL107-347 Federal Information Security Management Act of 2002

- Public Law 100-235 Computer Security Act of 1987
- Public Law 106-398 Govt Info Security Reform Act (GISRA)
- OMB Circular A-130 Appdx III - Security of Federal Automated Information Resources

- DoDD 3600.1 Information Operations

- DoDD 5200.1-R Information Security Program

- DoDD 5200.28 Security Requirements for AISs

- DoDI 5200.40 and DoDM 5200.40. - DITSCAP

- DODD 5205.2 DoD Operations Security (OPSEC) Program

- DODD 5215.1 Computer Security Evaluation Center

- DODI 5215.2 Computer Security Technical Vulnerability Reporting Program
- DoDD 5400.11 DoD Privacy Program

- DoDD 8500.1 Information Assurance

- DoDD 8500.2 Information Assurance Implementation

- Dept Justice Computer Crime Section

- Computer Security, Law, Privacy (CERIAS) 

Miscellaneous Links

- Gary Kessler's Links (excellent)

- Lance Spitzner's Site (linux, honeypots, firewalls)

- InfoSec Portal
- CERIAS Hotlist Links

- Microsoft's Security Site

- Security Administrator [Microsoft focus] 

 

Control Systems Security / SCADA

- Scadasec

- Control  Systems Glossary

- DHS Control Systems Security Test Center (CSSTC)

 

Network Penetration Testing

- Saint  - Nesses  - nmap

- SuperScan

- Top 50 Internet Security Tools

 

Sniffers

- TCPDump (for Linux&UNIX) & WinDump (for Windows machines) note: also require libpcap & winpcap

- Ethereal

- Network Associates Sniffer

 

 

Online InfoSec Publications

- SearchSecurity.com
- SC Magazine
- InfoSec News Archive
- Computer Security News Daily
- AntiOnline
- Moreover Tech - Computer Security
- ICSA Information Security Magazine
- Computerworld Resource Center
- Information Security Magazine
- Security Portal

Operating System, Web Server &

Router Security

NSA Guides - W2K, IIS, A/D, NT, CISCO, E-mail, etc.

Linux Security

Security Enhanced Linux

CISCO Router Security

Apache Security

CERT® Security Improvement Modules

 

 Organizations/Certification
- ACM SIG on Security, Audit and Control

- Intl InfoSysSecurity Certif. Consortium (ISC2)
- System Admin Networking & Security (SANS)
- Info Sys Audit and Control Assn (ISACA)
- Computer Security Institute (CSI)
- IEEE Computer Soc Tech Comm on Security and Privacy

- Internet Security Alliance
- International Systems Security Engineering Association
- Information Systems Security Association, Inc.

- Natl Colloquim on Info Sys Sec Education (NCISSE)

- Operations Security Professionals Society

 

 Oversight - Federal
- White House - Cyber security Strategy

- CIAO - Critical Infrastructure Assurance Office
- CIO Council Best Security Practices
- DIAP - Defensewide Info Assurance Program 
- DISA Info Assurance 
- NIST Computer Security Resource Center
- NSTISSC - Natl Sec Tel & Info Sys Sec Comm
- NSA Info System Security Org (ISSO)

- NIAP - National Information Assurance Partnership  (NSA&NIST) 

- NIPC - Natl Infrastructure Protection Center

- Infraguard

- Secure Cyberspace

Public Key Infrastructure
- NIST PKI Program 
- PKI Forum

 

 

 

 

 

Research & University Programs

- NSA Certified Centers of Excellence List

- Idaho State University

- Mitre Corporation InfoSEC Center

- Naval Postgraduate School

- NIST Computer Security Division 893
- Purdue Center for Education and Research in Information Assurance and Security (CERIAS)
- US Military Academy IWAR

Risk Management
- Society for Risk Analysis 
- Fred Cohen's Pages

- IA Metrics

 

Virtual Private Networks
- Oak Ridge Natl Labs
- TechWeb look at VPNs
- VPN Software & Hardware Solutions

 

 

 

 

Wireless Access & Security

- NetStumbler - issues with wireless

- The Unofficial 802.11 Security Web Page

- Wireless Security Network Reference

- WiFi Maps 

 

 

 

 

 

 

 

 

General

- Security Statistics

- Search Security from Tech target

- Security Terms from Whatis.com

- InformIT

- The Center for Internet Security

- National Security Institute (NSI)
- InfoWar.com
- Info Warfare Site (IWS)

- Intro to Computer Security - NIST SP 800-12

- Gibson Research

- Checkmark Product Evaluation

- Generally Accepted System Security Principles (GASSP)

Managed Security Services/Outsourcing

- Symantec

- TruSecure

- ISS X-Force

- Computer Sciences Corporation
 
 

Availability, Reliability, Operations Continuity

- Network InterOp & Reliability Council

Interesting Capability

- Shields Up - testing your internet connection

- Visual Route - uses the OS trace route feature

- Netcraft "Fingerprinting"

- OS Fingerprinting Techniques - how they work

- OS Fingerprinting - see it in action

- URL Trickery - neat

- Buffer Overflows - how they work

- ARIN - WHOIS search

- Gray World - Bypassing firewalls and other security measures

 

 

 

Leading Security Product Vendors

- CISCO                   - Entrust

- Foundstone            -  ISS

- McAfee                  - Mi2g

- Network Associates - RSA Security

- Symantec              - TruSecure

- Verisign                 - Counterpane

 

- Timberline (provides good links to product Vendors)

Privacy

Chilling Effects Clearinghouse

 

Scholarships in IA

Information Assurance Scholarship Program

National Science Foundation Scholarships

CISCO Scholarships

 

Usenet User Groups


  (c) John Saunders 2004