|
|
|
Security
|
Topics > Resources |
Contents
GENERAL NETWORK SECURITY RESOURCESCERT Coordination Center http://www.cert.org/CERT (Computer Emergency Response Team) is run by the Software Engineering Institute at Carnegie Mellon University. The site offers the latest news regarding vulnerabilities, conducts ongoing research, and specializes in security incidents. SANS Institute Online http://www.sans.org/newlook/home.htm SANS provides security alerts, information on current research, and a certification program. They have a wide variety of security articles as well as information regarding upcoming conferences. SecurityFocus http://www.securityfocus.com SecurityFocus features the latest news and articles regarding vulnerabilities, research, products, and even includes resources for network security novices. SecurityPortal http://www.securityportal.com Security Portal offers current articles on security, including articles from other magazines. The site is a very broad resource, covering topics such as viruses, cryptology, firewalls, operating system security, and much more. Whitehats Network Security Resource http://www.whitehats.com/ Whitehats "acknowledges that hacking in the benevolent sense is critical to the evolution of our information society." Their site focuses upon penetration testing, network defense, and intrusion detection. They also include the latest news and anticipations of upcoming hacks or vulnerabilities. top CRYPTOGRAPHY RESOURCESCryptography FAX http://www.faqs.org/faqs/cryptography-faq/This page has links to several technical papers on cryptography. Cryptography Defined/Brief History http://www.eco.utexas.edu/faculty/Norman/BUS.FOR/course.mat/SSim/history.html This site provides a basic overview of cryptography. It also includes links to information about algorithms and other useful information. Cryptography: The Study of Encryption http://world.std.com/~franl/crypto.html The page provides a resource for encryption along with links to other sites. top FIREWALL RESOURCESFirewalls: A perspective CNET Enterprisehttp://enterprise.cnet.com/enterprise/0-9567-7-2481743.html This article discusses firewall technology, packet filtering, application-level technology, stateful inspection, adaptive proxy, functionality, technology leaders, and selection guidelines. The Resource: Rotherwick Firewall Resource Zeuros Network Solutions http://www.zeuros.co.uk/generic/resource/firewall/ This Web site links to information about firewall and Internet security. Why You Need a Firewall Cisco Systems http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch2.htm This paper discusses security issues when connecting to the Internet, including kinds of attacks. top IDS RESOURCESCSI Intrusion Detection System Resourcehttp://www.gocsi.com/intrusion.htm This page provides some information regarding the types of questions people should ask when considering a new IDS. The page also includes interviews with vendors and security experts. Intrusion Detection FAQ Version 1.51 http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm This is an extremely helpful IDS resource from SANS. It includes basic definitions, product information, incident handling, and much more. Next Generation Intrusion Detection in High Speed Networks http://www.nai.com/media/pdf/nai_labs/ids.Pdf Network Associates provides a helpful article that explains the various types of intrusion detection and current limitations. top POLICY RESOURCESNetwork Security Policy: Best Practices White Paper http://www.cisco.com/warp/public/126/secpol.htmlCisco provides a comprehensive outline of policy creation and implementation. They address risk analysis, prevention, and incident response, amongst other issues. Network Security Policy: Getting It on Paper http://www.nwconnection.com/jan.97/secpol17/ Novell provides a helpful article that outlines the process of drafting and implementing a useful network security policy. UC Davis Computer and Network Use Policies http://it.ucdavis.edu/policies/ UC Davis provides a great example of network security policies through their own existing policies. They cover issues such as electronic communication, network use, and more. The Network Security Library has a page devoted to the issue of Network Security Policies and features a number of good article on the issue: http://www.secinf.net/ipolicye.html The nation of Singapore has been called a leader in the area of e-government. They have a Web page that does a good job of describing the basic elements of a security policy: http://secinf.net/info/policy/netsec1.htm The State of Texas Department of Information Resources (DIR) publishes a set of guidelines intended to assist state agencies, institutions of higher education, and other public institutions achieve their security goals and create an information security policy: http://www.dir.state.tx.us/IRAPC/practices/index.html The National Institute of Standards and Technology (draft version of Internet Security Policy) Technical Guide at: http://csrc.nist.gov/isptg This document is intended to help an organization create a coherent Internet-specific information security policy and it provides sample policy statements for low, medium and high risk/protection environments top Examples of Network Security PoliciesThe Computer Security Policy at the University of Texas-Austin is generally a high-level policy that passes most of the responsibility to the individual departments. It does address most of the 10 elements of a security policy listed above.http://www.utexas.edu/admin/dp/computer.security/comsecurity.html The University of London provides an example of a policy that is at a lower level and covers more details. The policy attempts to encompass the entire organization and illustrates strong distinctions between the various levels of administration. All relevant laws and regulations are also mentioned in the policy. http://www.uel.ac.uk/it/it_networksecuritypolicy.htm The University of Auburn's policy is low level and addresses many of the network use issues that UEL lacked. Additionally the Auburn policy is more applicable to each and every member of the university. http://www.auburn.edu/network_policies.html top SCANNER RESOURCESHow Does Network Security Scanning Work Anyway? http://www.sans.org/infosecFAQ/securitybasics/netsec_scanning.htmSANS provides an article by Ronald Black that explains basic scanning techniques, such as ICMP, TCP, or UDP. Network and Host-Based Vulnerability Assessment http://documents.iss.net/whitepapers/nva.pdf ISS provides a helpful article that explains the functionality of scanners and describes their use in monitoring potentially threatening activity on the network. top VULNERABILITY ASSESSMENT RESOURCESMANAGING MANAGED SECURITY http://www.infosecuritymag.com/articles/january01/cover.shtmlThis article, from Information Security Magazine, provides an in-depth look at current assessments offered by vendors. They describe the importance of the service level agreement (SLA), incident response behavior, and they also interview several vendors. SECURE STRATEGIES http://www.infosecuritymag.com/articles/september00/features3.shtml Information Security Magazine takes a closer look at penetration testing in this article. They discuss attack types, enumeration, vulnerability mapping, and more. SIDEBAR: PENETRATION TESTING: MYTH VS. REALITY http://www.infosecuritymag.com/articles/september00/features4.shtml This article also appears in Information Security Magazine; it is a brief discussion that dispels certain common myths regarding penetration testing. top |