The internet may have introduced more computer-security vulnerabilities than mortal man (or woman) can cope with. But what the Net has caused, the Net also can help with. The Sm@rt Partner Techno Team surveyed the security community and also scouted some spots for ourselves, and we came up with this list of resources for the security conscious.
If you've been steeped in security, you'll recognize most of these sites. If you are an up-and-coming type or just idly curious, this list should be a gold mine for you and your partners.
However, we're not making any promises. Like the dynamic nature of the Net, some sites can come and go. Many sites are maintained as a hobby or in the interest of the general public. Please don't blame us if an attack or lack of attention makes any of these sites inaccessible.
What | Where |
Must See | |
| SecurityFocus | www.securityfocus.com |
| Find the Bugtraq newslist here, along with 17 other moderate newslists and forums. If you can only visit one site, this is it. | |
Don't Be Vulnerable | |
| CERT Coordination Center | www.cert.org |
| Well-known authority for e-mail alerts on widespread computer threats. Training and analysis services, too. | |
| SANS Institute | www.sans.org |
| Not to be confused with storage-area networks, the group has its own attack response center (GIAC), performs salary surveys, and offers on-demand, weekly and monthly security newsletters. | |
Secure Yourself Here | |
| Computer Security Institute | www.gocsi.com |
| Highly regarded site publishing studies on security issues. | |
| Center for Information Technology | www.alw.nih.gov/ |
| Security. A good list of security resources from white papers to newsgroups | |
| National Institute for Standards and Technology | hcsrc.nist.gov |
| Write a security policy from the papers posted in the archives. Also has good crypto stuff. | |
| Astalavista | Astalavista.box.sk |
| The only Web search engine today devoted exclusively to security issues. Mirrored around the world. | |
| ICSA.net | www.icsa.net |
| Learn how to secure systems from virus attack at this site. | |
| Talisker's IDS List | www.networkintrusion.co.uk |
| The place to start your search for intrusion-detection products | |
| Purdue University COAST | www.cerias.purdue.edu/coast |
| A good, but "aging," list of security resources. | |
| Guardian Digital | www.linuxsecurity.com |
| Resources, papers and newsletters for the penguin faithful. | |
At the Edge | |
| Securify | Packetstorm.securify.com |
| Get an update on what the enemy's doing here. | |
| L0pht Heavy Industries | www.l00ht.com |
| With a capital L and a zero, this pun on dietary foods offers several serious tools for security personnel and the underground alike. | |
| Insecure | www.insecure.org |
| Underground site that is the home of the nmap stealth port scanner. Lists the top 50 recommended tools from security grunts | |
| Phrack | phrack.infonexus.com |
| Site of an irregularly published magazine from the security underground. Worth a visit each month or so. | |
| 2600 | www.2600.com |
| Home of the original phone phreak; good place for a glance at what the digital fringe is doing. | |
| Attrition | www.attrition.org |
| Get security and cryptography news here. Great computer attack analysis and some great graphs to stick in presentations for the suits. | |
| Hacker News Network | www.hackernews.com |
| Cool feature: the latest news on security and privacy on your wireless Palm Pilot. | |
Check Out These Other Sites | |
| Vmyths | www.vmyths.com |
| Point users to this site to dispel those idiotic urban myth e-mails. | |
| About.com | urbanlegends.about.com/ |
| urbanlegends.about.com Like Vmyths, this site provides information on myth e-mails. | |
| Parallax Research | www.parallaxresearch.com |
| Military and information warfare references. Worth a dash by. | |
| C4I | www.c4i.org |
| Intelligence-community and computer-security articles. Pass by when you have some time on your hands. | |