|Topics > Resources|
CERT (Computer Emergency Response Team) is run by the Software Engineering Institute at Carnegie Mellon University. The site offers the latest news regarding vulnerabilities, conducts ongoing research, and specializes in security incidents.
SANS Institute Online http://www.sans.org/newlook/home.htm
SANS provides security alerts, information on current research, and a certification program. They have a wide variety of security articles as well as information regarding upcoming conferences.
SecurityFocus features the latest news and articles regarding vulnerabilities, research, products, and even includes resources for network security novices.
Security Portal offers current articles on security, including articles from other magazines. The site is a very broad resource, covering topics such as viruses, cryptology, firewalls, operating system security, and much more.
Whitehats Network Security Resource http://www.whitehats.com/
Whitehats "acknowledges that hacking in the benevolent sense is critical to the evolution of our information society." Their site focuses upon penetration testing, network defense, and intrusion detection. They also include the latest news and anticipations of upcoming hacks or vulnerabilities.
This page has links to several technical papers on cryptography.
Cryptography Defined/Brief History http://www.eco.utexas.edu/faculty/Norman/BUS.FOR/course.mat/SSim/history.html
This site provides a basic overview of cryptography. It also includes links to information about algorithms and other useful information.
Cryptography: The Study of Encryption http://world.std.com/~franl/crypto.html
The page provides a resource for encryption along with links to other sites.
This article discusses firewall technology, packet filtering, application-level technology,
stateful inspection, adaptive proxy, functionality, technology leaders, and selection guidelines.
The Resource: Rotherwick Firewall Resource
Zeuros Network Solutions
This Web site links to information about firewall and Internet security.
Why You Need a Firewall Cisco Systems
This paper discusses security issues when connecting to the Internet, including kinds of attacks.
This page provides some information regarding the types of questions people should ask when considering a new IDS. The page also includes interviews with vendors and security experts.
Intrusion Detection FAQ Version 1.51
This is an extremely helpful IDS resource from SANS. It includes basic definitions, product information, incident handling, and much more.
Next Generation Intrusion Detection in High Speed Networks http://www.nai.com/media/pdf/nai_labs/ids.Pdf
Network Associates provides a helpful article that explains the various types of intrusion detection and current limitations.
Cisco provides a comprehensive outline of policy creation and implementation. They address risk analysis, prevention, and incident response, amongst other issues.
Network Security Policy: Getting It on Paper http://www.nwconnection.com/jan.97/secpol17/
Novell provides a helpful article that outlines the process of drafting and implementing a useful network security policy.
UC Davis Computer and Network Use Policies http://it.ucdavis.edu/policies/
UC Davis provides a great example of network security policies through their own existing policies. They cover issues such as electronic communication, network use, and more.
The Network Security Library has a page devoted to the issue of Network
Security Policies and features a number of good article on the issue:
The nation of Singapore has been called a leader in the area of
e-government. They have a Web page that does a good job of describing the
basic elements of a security policy:
The State of Texas Department of Information Resources (DIR) publishes a set of guidelines intended to assist state agencies, institutions of higher education, and other public institutions achieve their security goals and create an information security policy:
The National Institute of Standards and Technology (draft version of Internet Security Policy)
Technical Guide at: http://csrc.nist.gov/isptg
This document is intended to help an organization create a coherent
Internet-specific information security policy and it provides sample policy statements for low, medium and high risk/protection environments
The University of London provides an example of a policy that is at a lower level and covers more details. The policy attempts to encompass the entire organization and illustrates strong distinctions between the various levels of administration. All relevant laws and regulations are also mentioned in the policy. http://www.uel.ac.uk/it/it_networksecuritypolicy.htm
The University of Auburn's policy is low level and addresses many of the network use issues that UEL lacked. Additionally the Auburn policy is more applicable to each and every member of the university. http://www.auburn.edu/network_policies.html
SANS provides an article by Ronald Black that explains basic scanning techniques, such as ICMP, TCP, or UDP.
Network and Host-Based Vulnerability Assessment http://documents.iss.net/whitepapers/nva.pdf
ISS provides a helpful article that explains the functionality of scanners and describes their use in monitoring potentially threatening activity on the network.
This article, from Information Security Magazine, provides an in-depth look at current assessments offered by vendors. They describe the importance of the service level agreement (SLA), incident response behavior, and they also interview several vendors.
SECURE STRATEGIES http://www.infosecuritymag.com/articles/september00/features3.shtml
Information Security Magazine takes a closer look at penetration testing in this article. They discuss attack types, enumeration, vulnerability mapping, and more.
SIDEBAR: PENETRATION TESTING: MYTH VS. REALITY http://www.infosecuritymag.com/articles/september00/features4.shtml
This article also appears in Information Security Magazine; it is a brief discussion that dispels certain common myths regarding penetration testing.