"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford"

RSS

Links PDF Print E-mail

VARIOUS SECURITY SITES

CIRT.net - Suspicion Breeds Confidence
Insecure.org - The home of nmap
SANS Top 20
CGISecurity.com
NSA Security Configuration Guides
Computer Security Resource Center - NIST
TaoSecurity - The Way of Digital Security - Richard Bejtlich's site, approach and publications
CERIAS - Center for Education and Research in Information Assurance and Security
ISSA.org - Information Systems Security Association
stopBADware.org - Regaining Control of Our Computers
Noticebored - Security awareness for governance, risk, compliance and business
Ross Anderson's Economics and Security Resource Page
SecurityPub - Discover and Share

 

ADVISORIES & VULNERABILITIES

FrSIRT
National Vulnerability Database
oCERT  
OSVDB
Secunia
SecWatch
US-CERT 

 

BLOGS

TaoSecurity - Richard Bejtlich's blog
When {Puffy} Meets ^RedDevil^ - geek00l's blog, HeX Live CD coverage
Infosec Potpourri - Network Security Monitoring (NSM) & general InfoSec commentary
The Breach Blog
Sunbelt Blog
TrendLabs Malware Blog
Jeremiah Grossman
Skeptikal.org mckt
Digital Soapbox Rafal Los
Zero Day

 

WEB APPLICATION SECURITY

OWASP - The Open Web Application Security Project
WASC - Web Application Security Consortium 
</xssed> - XSS attacks information 

 

NW SECURITY SITES & ORGS

Washington State High Technology Crimes Investigation Association
ISSA Puget Sound
ISSA Portland
Northwest Warning, Alert, and Response Network

SCANNING & VULNERABILITY ASSESSMENT TOOLS

nmap
Nikto - Web scanner
Nessus - Vulnerability scanner
Metasploit - Framework for penetration testing, IDS signature development, and exploit research.

SEARCH ENGINE SECURITY AUDITING

The "Google Hack" Honeypot
GHDB

STANDARDS & COMPLIANCE

ISO 27001 Security - dedicated to promoting the latest international standards for Information Security Management Systems, the ISO/IEC 27000 ("ISO27k") series.
International ISO 27001 and ISO 27002 (ISO 17799) Community Forum - an interactive resource, designed to enable the free exchange of related ISO information.
The ISO 27000 Directory - An Introduction to ISO 27001, ISO 27002....ISO 27008
CIS Benchmarks - security benchmarks based on recognized best practices for deployment, configuration, and operation of networked systems.
Dejan Kosutic's blog.iso27001standard.com and www.iso27001standard.com - the Information Security & Business Continuity Academy, the largest online resource for ISO 27001 & BS 25999 implementation.

 

POLICY

SANS Security Policy Project 
Yale University Appropriate Use Policy
University of Florida Acceptable Use Policy  

 

IDS, FW, & VPN SOLUTIONS

IPCop - Smoothwall on steroids
Sguil - A true analyst's IDS console
Aanval - Browser based IDS console with numerous features
SSL-Explorer - Browser-based open source SSL VPN
Snort - The de facto standard for intrusion detection/prevention
Emerging Threats - Emerging Threats is a community-based grant-funded security research project focused on network and electronic security related intelligence gathering, analysis, research and resulting data distribution.

 

OPEN SOURCE PROTECTIVE MEASURES

Clam Win - Free antivirus for Windows
OSSEC HIDS - Open source Host-based intrusion detection system

 

RISK MANAGEMENT & ASSESSMENT

SOMAP - Security Officers Management & Analysis Project
PTA - Practical Threat Analysis 
IT Infrastructure Threat Modeling Guide - a Microsoft Solutiuons Accelerator specific to infrastructure threat modeling guidance written by Russ McRee

 

INSTRUCTIONAL

Irongeek - Infosec instructional video

 

RECOMMENDED READING

The Tao of Network Security Monitoring - Richard Bejtlich
Extrusion Detection: Security Monitoring for Internal Intrusions - Richard Bejtlich 
Hackers Beware: The Ultimate Guide to Network Security - Eric Cole
Gray Hat Hacking : The Ethical Hacker's Handbook
Google Hacking for Penetration Testers - Johnny Long
Sys Admin - the journal for UNIX and Linux systems adminstrators
Security Data Visualization - Greg Conti  

 

SECURITY ORIENTED DISTROS

HeX-liveCD
Knoppix-NSM "Network Security Monitoring, helping secure your network"
Helix
BackTrack  

 
< Prev   Next >