Security
Topics > Resources

IT Security
Overview


Firewalls

Intrusion
Detection

Security
Policies

Vulnerability
Assessments

Cryptography

Portal
Review

Scanners

Against
Security?

 

Contents

GENERAL NETWORK SECURITY RESOURCES

CERT Coordination Center http://www.cert.org/
CERT (Computer Emergency Response Team) is run by the Software Engineering Institute at Carnegie Mellon University. The site offers the latest news regarding vulnerabilities, conducts ongoing research, and specializes in security incidents.

SANS Institute Online http://www.sans.org/newlook/home.htm
SANS provides security alerts, information on current research, and a certification program. They have a wide variety of security articles as well as information regarding upcoming conferences.

SecurityFocus http://www.securityfocus.com
SecurityFocus features the latest news and articles regarding vulnerabilities, research, products, and even includes resources for network security novices.

SecurityPortal http://www.securityportal.com
Security Portal offers current articles on security, including articles from other magazines. The site is a very broad resource, covering topics such as viruses, cryptology, firewalls, operating system security, and much more.

Whitehats Network Security Resource http://www.whitehats.com/
Whitehats "acknowledges that hacking in the benevolent sense is critical to the evolution of our information society." Their site focuses upon penetration testing, network defense, and intrusion detection. They also include the latest news and anticipations of upcoming hacks or vulnerabilities.

top

CRYPTOGRAPHY RESOURCES

Cryptography FAX http://www.faqs.org/faqs/cryptography-faq/
This page has links to several technical papers on cryptography.

Cryptography Defined/Brief History http://www.eco.utexas.edu/faculty/Norman/BUS.FOR/course.mat/SSim/history.html
This site provides a basic overview of cryptography. It also includes links to information about algorithms and other useful information.

Cryptography: The Study of Encryption http://world.std.com/~franl/crypto.html
The page provides a resource for encryption along with links to other sites.

top

FIREWALL RESOURCES

Firewalls: A perspective CNET Enterprise
http://enterprise.cnet.com/enterprise/0-9567-7-2481743.html
This article discusses firewall technology, packet filtering, application-level technology,
stateful inspection, adaptive proxy, functionality, technology leaders, and selection guidelines.

The Resource: Rotherwick Firewall Resource
Zeuros Network Solutions
http://www.zeuros.co.uk/generic/resource/firewall/
This Web site links to information about firewall and Internet security.

Why You Need a Firewall Cisco Systems
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch2.htm
This paper discusses security issues when connecting to the Internet, including kinds of attacks.

top

IDS RESOURCES

CSI Intrusion Detection System Resource
http://www.gocsi.com/intrusion.htm
This page provides some information regarding the types of questions people should ask when considering a new IDS. The page also includes interviews with vendors and security experts.

Intrusion Detection FAQ Version 1.51
http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
This is an extremely helpful IDS resource from SANS. It includes basic definitions, product information, incident handling, and much more.

Next Generation Intrusion Detection in High Speed Networks http://www.nai.com/media/pdf/nai_labs/ids.Pdf
Network Associates provides a helpful article that explains the various types of intrusion detection and current limitations.

top

POLICY RESOURCES

Network Security Policy: Best Practices White Paper http://www.cisco.com/warp/public/126/secpol.html
Cisco provides a comprehensive outline of policy creation and implementation. They address risk analysis, prevention, and incident response, amongst other issues.

Network Security Policy: Getting It on Paper http://www.nwconnection.com/jan.97/secpol17/
Novell provides a helpful article that outlines the process of drafting and implementing a useful network security policy.

UC Davis Computer and Network Use Policies http://it.ucdavis.edu/policies/
UC Davis provides a great example of network security policies through their own existing policies. They cover issues such as electronic communication, network use, and more.


The Network Security Library has a page devoted to the issue of Network
Security Policies and features a number of good article on the issue:
http://www.secinf.net/ipolicye.html

The nation of Singapore has been called a leader in the area of
e-government. They have a Web page that does a good job of describing the
basic elements of a security policy:
http://secinf.net/info/policy/netsec1.htm

The State of Texas Department of Information Resources (DIR) publishes a set of guidelines intended to assist state agencies, institutions of higher education, and other public institutions achieve their security goals and create an information security policy:
http://www.dir.state.tx.us/IRAPC/practices/index.html

The National Institute of Standards and Technology (draft version of Internet Security Policy)
Technical Guide at: http://csrc.nist.gov/isptg
This document is intended to help an organization create a coherent
Internet-specific information security policy and it provides sample policy statements for low, medium and high risk/protection environments
top

Examples of Network Security Policies

The Computer Security Policy at the University of Texas-Austin is generally a high-level policy that passes most of the responsibility to the individual departments. It does address most of the 10 elements of a security policy listed above.
http://www.utexas.edu/admin/dp/computer.security/comsecurity.html

The University of London provides an example of a policy that is at a lower level and covers more details. The policy attempts to encompass the entire organization and illustrates strong distinctions between the various levels of administration. All relevant laws and regulations are also mentioned in the policy. http://www.uel.ac.uk/it/it_networksecuritypolicy.htm

The University of Auburn's policy is low level and addresses many of the network use issues that UEL lacked. Additionally the Auburn policy is more applicable to each and every member of the university. http://www.auburn.edu/network_policies.html
top

SCANNER RESOURCES

How Does Network Security Scanning Work Anyway? http://www.sans.org/infosecFAQ/securitybasics/netsec_scanning.htm
SANS provides an article by Ronald Black that explains basic scanning techniques, such as ICMP, TCP, or UDP.

Network and Host-Based Vulnerability Assessment http://documents.iss.net/whitepapers/nva.pdf
ISS provides a helpful article that explains the functionality of scanners and describes their use in monitoring potentially threatening activity on the network.

top

VULNERABILITY ASSESSMENT RESOURCES

MANAGING MANAGED SECURITY http://www.infosecuritymag.com/articles/january01/cover.shtml
This article, from Information Security Magazine, provides an in-depth look at current assessments offered by vendors. They describe the importance of the service level agreement (SLA), incident response behavior, and they also interview several vendors.

SECURE STRATEGIES http://www.infosecuritymag.com/articles/september00/features3.shtml
Information Security Magazine takes a closer look at penetration testing in this article. They discuss attack types, enumeration, vulnerability mapping, and more.

SIDEBAR: PENETRATION TESTING: MYTH VS. REALITY http://www.infosecuritymag.com/articles/september00/features4.shtml
This article also appears in Information Security Magazine; it is a brief discussion that dispels certain common myths regarding penetration testing.

top