Links

  • Department of Homeland Security
  • Statistical Security Engineering Lab
  • National Information Assurance Training and Education Consortium (NIATEC)

    References

    Security (Overview, General, Opinions)

    Best Practices in Network Securityty by Fred Avolio
    Conducting A Security Audit: An Introductory Overview: by Bill Hayes
    Cross Platform Security Analysis by Anton Chuvakin
    Federal Cybersecurity: Get a Backbone by Marcus Ranum
    Hammering Out a Secure Framework by Mike Fratto
    The Rise and Fall of Internet Security: A Story in Two Parts by Fred Avolio
    The State of Systems Security by Ron Dufresne
    Vulnerability Assessment Survey at SecurityFocus.com
    Best Practices for Securing Enterprise Networks by Dave Piscitello and Lisa Phifer
    Rethinking Network Security  

    Security (Guidelines)

    Organization for Economic Co-operation and Development (OECD) Guidelines for the Security of Information Systems and Networks (9 pervasive principles for information security upon which several other guides are based.)
    ISF Security Standard  A Standard of Good Practice for Information Security
    Internet Security Alliance (ISA):  Common Sense Guides for Senior Managers
    ITCG: Information Technology Control Guidelines
    StaySafeOnline – Top 10 Security Tips, Security Test, educational materials and more
    SANS - Top 20 Internet Security Attacks Target
    Cyber Security and Consumer Data: What’s at Risk for the Consumer?
    Department of Trade and Industry: Code of Practice for Information Security
    Information Security Governance Institute: Guidance for Boards of Directors and Executive Management
    Association of Small Business Development Centers Network (ASBDC) e-Security Guide for Small Business
    US-CERT: Small Business Best Practices (Internet Security Alliance and Small Business Working Group

    Incident Response & Advisory Centers

    Cert(sm) Coordination Center. CERT studies Internet security vulnerabilities, provides incident response services, publishes security alerts, researches security and survivability, and develops information to help you improve security at your site.

    Center for Education and Research in Information Assurance and Integrity. CERIAS provides innovation and leadership in technology for the protection of information and information resources, and in the development and enhancement of expertise in information assurance and security.

    Computer Incident Advisory Capability. CIAC provides computer security services to employees and contractors of the DOE, and serves as a primary resource for anyone with an interest in security issues.

    Forum of Incident Response and Security Teams (FIRST)T). FIRST fosters cooperation and coordination in incident prevention among a variety of computer security incident response teams from government, commercial, and academic organizations to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.

    The Information Warfare Site. This site is an online resource that aims to stimulate debate about a range of subjects from information security to information operations and e-commerce. It is the aim of the site to develop a special emphasis on Europe.

    Trust Services Criteria

    Portals, Info Sites & Publications

    All-Internet-Security.com Directory is an established and active marketplace for free, shareware and Internet Security resources. .

    Beginner'sCryptography Page offers an introduction to cryptographic techniques and provides a wealth of links to other online cryptography resources.

    Crypto-gram is a monthly email newsletter on cryptography from Bruce Schneier, discusses current issues in cryptography.

    Fyodor's Good Reading List is an intersting and eclectic collection of security relatedresources.
    The e Hacker News Network

    InfoSysSec is a comprehensive computer and network security resource on the Internet for Information System Security Professionals.

    The e Internet Protocol Journal

    InteractiveInfoSec is a very good place for novices to security. The "see a hacker", "Be a Hacker" and "Stop a Hacker" are very good instructionals for those who want to Know the Enemy (thank you, Lance Spitzner).

    The Journal of Internet Security provides a DeLiberation Extranet to inform professionals and support discussions of electronic banking and commerce issues.
     

    Intrusion Detection, Sniffing, Hacking, Anti-Hacking, Forensics

    Carnivore and Open Source Software by Steve Bellovin
    Honeypots: Sweet Idea, Sticky Business by Dave Piscitello
    Your First Penetration Test by Dave Piscitello
    Intrusion Detection and DDOS Protection by David Piscitello
    Tapping, Tapping On My Network Door by Steve Bellovin
    What Broadcast Traffic Reveals by Dave Piscitello
    Tracking intruders by Rik Farrow
    Intrusion Detection Provides A Pound Of Prevention by Mark Abene, Gerald L. Kovacich, and Steven Lutz
    Network Intrusion Detection Signatures (Part 2), by Karen Kent Frederick>
    NFR eases intrusion detection by David Piscitello
    Passive Fingerprinting by Lance Spitzner
    Passive Network Traffic Analysis: Understanding a Network Through PassiveMonitoring
    Sniffing (network wiretap, sniffer) FAQ by Robert Graham
    Studying Normal Traffic(Part 1), by Karen Kent Frederick
    Intrusion detection...or prevention? by Dave Piscitello

    Firewalls

    Access control: Beyond Firewalls by Stephen Reed
    Application Gateways and Stateful Inspection by Fred Avolio
    Beyond Firewallsby Stephen Reed
    Building your firewall by Carole Fennelly (3 parts)
    CSI Firewall Product Search Center maintained by Rik Farrow
    Distributed, Host-Resident Firewalls by Avi Fogel
    Firewall Configuration Problems by Rik Farrow
    Firewalling Your Personal Perimeter by David Willis
    Firewalls Performance Measurement Project index maintained by Marcus Ranum
    Firewalls Overview by Kurt Seifried
    Firewalls: Evolve or Die by Kurt Seifried
    Fortifying your Firewall by Peter Morrissey
    How and When to Use 1:1 NAT by David Piscitello
    How to Perform Effective Firewall Testing by E. Eugene Schultz
    How to Pick a Firewall with the Right Stuff by Rik Farrow
    How to Pick an Internet Firewall by Marcus Ranum
    Internet Firewalls:Frequently Asked Questions maintained by Marcus Ranum Interdepartmental Firewalls: Where to Put Them (and Why) by David Piscitello
    NIST Guidelines on Firewalls and Firewall Policy
    Linux Security: Firewalls
    NT Firewalls: Tough Enough by David Newman, Helen Holzbaur, and Michael Carter
    On the Topic of Firewall Testing by Marcus Ranum
    Personal Firewalls by Mandy Andress
    Testing firewalls and IDS with Ftester by Andrea Barisani
    The Design of a Secure Internet Gateway by W. Cheswick
    The Ultimate Firewall by Marcus Ranum
    Thinking About Firewalls V2.0: Beyond Perimeter Security by Marcus Ranum How Computer Security Works: Firewalls by W. Cheswick and S. Bellovin
    Implementing a Distributed Firewall by Steve Bellovin, S. Ioannidis, A. Keromytis, and J. Smith
    The ULTIMATELY Secure Firewall by Marcus Ranum
    The Failure of Firewalls - A Critical Look at an Information Security Panacea by Rob Thomas
     

    Forensics

    Digital Discovery and Recovery by Mike Dockery
    LogAnalysis.org
    Electronic Evidence Gatheringby Henry B. Wolfe
    Internet Forensics: Common Tools by Bill Hancock
    What's that entry in my log? by Dave Piscitello
    ICMP Ports List by Kurt Seifried
    Log Analysis Resources maintained by Tina Bird and Marcus Ranum

     

    •