Good Security Resources on the Web

Excellent Free Security Publications from NIST:

Guidelines on Firewalls and Firewall Policy (1,208 kb)

Introduction to Public Key Technology and the Federal PKI Infrastructure (261,376 bytes)

Intrusion Detection Systems (IDS) (871,060 bytes)

Engineering Principles for Information Technology Security
(A Baseline for Achieving Security) (183,214 bytes)

Security Self-Assessment Guide for Information Technology Systems (458,936 bytes)

Guide for Developing Security Plans for Information Technology Systems (314,006 bytes)

Generally Accepted Principles and Practices for Securing Information Technology Systems (192326 bytes)

Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls (1,109,869 bytes)

This page lists and links to many more free computer security learning resources on the web.

The Open Source Security Testing Methodology Manual (OSSTMM) - The OSSTMM is the open standard for Internet security testing.

Consensus Roadmap for Defeating Distributed Denial of Service Attacks

An Introduction to Intrusion Detection, by Aurobindo Sudaram (50 kb)

Vmyths.com - As the recent sulfnbk.exe virus hoax aptly demonstrated, knowing which viruses are fake is often as important as knowing which viruses are real. The folks at Vmyths.com list known virus hoaxes and offer tips for spotting hoaxes.

Gibson Research Corporation (GRC) - At GRC, you'll find more information about personal security than about corporate security. However, one of the site's recent additions is a fascinating account of a Win2K Denial of Service (DoS) attack and the author's efforts to trace the attack's origin. This site offers an online scanner that lets you test the security of your Internet connection.

Common Vulnerabilities and Exposures (CVE) - Although the CVE site isn't specific to Win2K or NT, it provides a standardized list of names for known security vulnerabilities and exposures. The CVE list is available for free download.

Computer Emergency Re-sponse Team (CERT) - The CERT site, which Carnegie Mellon University operates, publishes Internet security bulletins. The site also offers a collection of best security practices and technical attack-survivability reports.

The Systems Administration, Networking, and Security (SANS) Institute - The SANS site offers Internet security news and common Internet vulnerability lists. To check out an early warning system for Internet attacks, try the Internet Storm Center link.

SecurityPortal - SecurityPortal provides up-to-date news about hot topics such as DSL security and the latest viruses and hoaxes and offers links to security hotfixes. This site also includes a security discussion forum.

SecurityFocus.com - The SecurityFocus site contains security information about most of the popular network platforms. With its extensive list of security white papers, downloadable tools, and links to other security-related sites, SecurityFocus.com includes content for all levels of security-conscious administrators.

Computer Incident Advisory Capability (CIAC) - Run by the U.S. Department of Energy. Contains latest security alerts, virus database and security tools.

CERT- Home of the Computer Emergency Response Team (CERT) Coordination Centre at Carnagie Mellon Software Engineering Institute. Contains advisories, mailing list details and documentation on improving security.

SecurityFocus- News, advisories, tools, information, mailing lists and home of BugTraq.

Windows IT Security (formerly the NT Shop) - NT Security risks, tips, tools, newsletter and FAQ. Regularly updated.

L0Pht Heavy Industries - A company specializing in network and NOS security

En Garde Systems Secure Zone - Computer security information centre with topic search facilities and FAQ

Hacking Exposed - Website to go with the book by McClure, Scambray & Kurtz. Has links to many tools.

Trusted Systems Services - NT Security Consultants and author of the Windows NT Security Guidelines.