Security Resources - System and Network
Last Updated: 04 Jun 2005
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***
You can find out about securing your systems and/or network
(including OS and TCP/IP issues) at the following sites:
SECURITY RESOURCES
• @Stake ................. http://www.atstake.com/
• BugNet ................. http://www.bugnet.com/
• E-Business Technology .. http://www.ebiz-tech.com/
• CI Security ............ http://www.cisecurity.org/bench_win2000.html
• eSecurity Inc. ......... http://www.esecurityinc.com/
• eSoft .................. http://www.esoft.com/pdf/Whoneedsfirewallprot.PDF
• eWeek .................. http://www.zdnet.com/enterprise/filters/resources/0,10227,6007271,00.html
• ForixNT ................ http://www.forixnt.com/
• Hacking Exposed ........ http://www.hackingexposed.com/
• ICSA.net ............... http://www.icsa.net/
• ICSA Labs .............. http://www.icsalabs.com/
• iDefense ............... http://www.idefense.com/pages/home.asp
• InfoSecSys ............. http://www.infosyssec.net/
• Intellitactics ......... http://www.intellitactics.com/
• Microsoft .............. http://www.microsoft.com/security/
.............. http://www.microsoft.com/security/guidance/
.............. http://www.microsoft.com/windows/security/
.............. http://www.microsoft.com/technet/security/tools.asp
.............. http://www.isaserver.org/
.............. http://www.microsoft.com/technet/security/10imlaws.asp#d
• Network Presence ....... http://www.netpr.com/resources/
• Network Security Lib ... http://secinf.net/
• OceanWave .............. http://www.oceanwave.com/technical-resources/unix-admin/security/
• Okena .................. http://www.okena.com/
• Open Service Inc ....... http://www.openservice.com/
• PracticallyNetworked ... http://www.practicallynetworked.com/sharing/securnet.htm
• SANS Institute ......... http://www.sans.org/
• Security Institute ..... http://www.gocsi.com/
• SecurityFocus .......... http://www.securityfocus.com/
• Security Wizards ....... http://www.securitywizards.com/
• Simovits Consulting .... http://www.simovits.com/nyheter9902.html
• System & Network ....... http://esearch.cc.columbia.edu/acis/security/
• TriGeo Net Security .... http://www.trigeo.com/
• UK Security Online ..... http://www.uksecurityonline.com/threat/
• W3C .................... http://www.w3.org/Security/Overview.html
• Win2K Security ......... http://www.windows2000security.com/
• ZDNet .................. http://www.zdnet.com/enterprise/filters/resources/0,10227,6007271,00.html
VULNERABILITY RESOURCES
• CIAC ................... http://ciac.llnl.gov/ciac/SecurityTools.html
• CERT ................... http://www.cert.org/
• Core Security Tech ..... http://www.corest.com/
• Digital Security ....... http://www.eeye.com/
• DShield ................ http://www.dshield.org/
• eSecurity Inc. ......... http://www.esecurityinc.com/
• eSoft .................. http://www.network-1.com/library/bulletins.htm
• Farm9 .................. http://www.farm9.com/
• ICSA.net ............... http://www.icsa.net/
• iDefense ............... http://www.idefense.com/pages/home.asp
• InfoSecSys ............. http://www.infosyssec.net/
• InfoWorld .............. http://www.infoworld.com/researchtools/subject_index/security.html
• Insecure.org ........... http://www.insecure.org/
• ISS .................... http://xforce.iss.net/
• Linux Security ......... http://www.linuxsecurity.com/advisories/
• L0pht .................. http://www.l0pht.com
• Mischel Internet Sec ... http://www.misec.net/
• Nessus ................. http://www.nessus.org/
• Network Security Lib ... http://secinf.net/
• NewOrder ............... http://neworder.box.sk/
• NTSecurity.net ......... http://www.ntsecurity.net
• Pedestal Software ...... http://www.pedestalsoftware.com/
• SANS Institute ......... http://www.sans.org/
• Secunia ................ http://www.secunia.com/
• SecurityFocus .......... http://www.securityfocus.com/vdb/
MISC RESOURCES
• http://www.microsoft.com/technet/columns/security/essays/10imlaws.asp
• http://www.microsoft.com/technet/security/tools/mbsahome.mspx
• http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx
• http://routergod.com/
• http://www.cisco.com/warp/public/707/newsflash.html
• http://www.dalantech.com/links.shtml#Security%20Links
• http://KB.UltraTech-llc.com/Docs/?File=Secure2000Pro.htm
• http://grcsucks.com/
• http://www.silicondefense.com/support/windows/documentation.php
• http://www.e-security-e-commerce-security.com/toolkit.htm
SECURITY SCANNING SITES
• http://www.pedestalsoftware.com/products/se/downloads/webscan/
• http://scan.sygate.com/probe.html
• http://www.dslreports.com/security/
• http://www.hackerwhacker.com/
• http://security.symantec.com/
• http://www.atelierweb.com/
• http://grc.com/lt/leaktest.htm
• http://grcsucks.com/
MAILING LISTS
• BugTraq ................ http://www.securityfocus.com/forums/bugtraq/intro.html
• Firewalls .............. http://lists.gnac.net/firewalls/
• NTBugTraq .............. http://www.ntbugtraq.com
• NTSecurity ............. http://ntsecurity.ntadvice.com/
FAQs
• IDS FAQ ................ http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
• IDS FAQ ................ http://secinf.net/info/misc/network-intrusion-detection.htm
• Incident Handling ...... http://labmice.techtarget.com/articles/incident_response.htm
PERSONAL NOTES
• Security is not just about tools -- it is about process.
• Security is a combination of product and process. Using
a "secure" product, but having bad processes, will
undermine the security of your environment.
• MSBA is a good tool to start evaluating the security
of your Windows systems.
• Don't scan networks that you're not responsible for,
unless you want a lot of legal problems. Even on your
own network, you should ensure that you have the
appropriate approvals (preferably in writing) before
scanning and probing for vulnerabilities.
• Be careful when using a remote site to perform security
scans or evaluations of your network. You never really
know what might be done with the info they obtain.