Security on site

The internet may have introduced more computer-security vulnerabilities than mortal man (or woman) can cope with. Here's some sites to visit for the security conscious.
Written by Chris DeVoney, Contributor

The internet may have introduced more computer-security vulnerabilities than mortal man (or woman) can cope with. But what the Net has caused, the Net also can help with. The Sm@rt Partner Techno Team surveyed the security community and also scouted some spots for ourselves, and we came up with this list of resources for the security conscious.

If you've been steeped in security, you'll recognize most of these sites. If you are an up-and-coming type or just idly curious, this list should be a gold mine for you and your partners.

However, we're not making any promises. Like the dynamic nature of the Net, some sites can come and go. Many sites are maintained as a hobby or in the interest of the general public. Please don't blame us if an attack or lack of attention makes any of these sites inaccessible.



Must See

SecurityFocus www.securityfocus.com
Find the Bugtraq newslist here, along with 17 other moderate newslists and forums. If you can only visit one site, this is it.

Don't Be Vulnerable

CERT Coordination Center www.cert.org
Well-known authority for e-mail alerts on widespread computer threats. Training and analysis services, too.
SANS Institute www.sans.org
Not to be confused with storage-area networks, the group has its own attack response center (GIAC), performs salary surveys, and offers on-demand, weekly and monthly security newsletters.

Secure Yourself Here

Computer Security Institute www.gocsi.com
Highly regarded site publishing studies on security issues.
Center for Information Technology www.alw.nih.gov/
Security. A good list of security resources from white papers to newsgroups
National Institute for
Standards and Technology
Write a security policy from the papers posted in the archives. Also has good crypto stuff.
Astalavista Astalavista.box.sk
The only Web search engine today devoted exclusively to security issues. Mirrored around the world.
ICSA.net www.icsa.net
Learn how to secure systems from virus attack at this site.
Talisker's IDS List www.networkintrusion.co.uk
The place to start your search for intrusion-detection products
Purdue University COAST www.cerias.purdue.edu/coast
A good, but "aging," list of security resources.
Guardian Digital www.linuxsecurity.com
Resources, papers and newsletters for the penguin faithful.

At the Edge

Securify Packetstorm.securify.com
Get an update on what the enemy's doing here.
L0pht Heavy Industries www.l00ht.com
With a capital L and a zero, this pun on dietary foods offers several serious tools for security personnel and the underground alike.
Insecure www.insecure.org
Underground site that is the home of the nmap stealth port scanner. Lists the top 50 recommended tools from security grunts
Phrack phrack.infonexus.com
Site of an irregularly published magazine from the security underground. Worth a visit each month or so.
2600 www.2600.com
Home of the original phone phreak; good place for a glance at what the digital fringe is doing.
Attrition www.attrition.org
Get security and cryptography news here. Great computer attack analysis and some great graphs to stick in presentations for the suits.
Hacker News Network www.hackernews.com
Cool feature: the latest news on security and privacy on your wireless Palm Pilot.

Check Out These Other Sites

Vmyths www.vmyths.com
Point users to this site to dispel those idiotic urban myth e-mails.
About.com urbanlegends.about.com/
urbanlegends.about.com Like Vmyths, this site provides information on myth e-mails.
Parallax Research www.parallaxresearch.com
Military and information warfare references. Worth a dash by.
C4I www.c4i.org
Intelligence-community and computer-security articles. Pass by when
you have some time on your hands.

Editorial standards