www.29soft.com
|
|
www.29soft.com |
| System Security and Computer Security |
|
 |
 |
 |
 |
System Security and Computer Security - Knowledge Bases
Ajax
US & International Government Military, Intelligence & Law Enforcement
Agency Access
bsy's Security Related Net-pointers (Bennet Yee)
BugNet
Since 1994, BugNet has delivered leading-edge information on PC software bugs,
alerting readers to glitches, analyzing software trends, and compiling the industry's
most comprehensive database of computer bug fixes.
CIAC Security Web Site
The CIAC Website provides an extensive, comprehensive resource for diverse computer
security issues. These resources are presented in various forms and topics and
are available to the public as well as the DOE (Department of Energy) community.
COAST Hotlist: Computer Security, Law and provacy (Purdue University)
COAST-- Computer Operations, Audit, and Security Technology -- is a multiple
project, multiple investigator laboratory in computer security research in the
Computer Sciences Department at Purdue University. It functions with close ties
to researchers and engineers in major companies and government agencies.
Computer Crime Problems Research Center.
A Ukraine based resource
Computer Crimes, Laws and Related Information (City University of Hong Kong)
An extensive collection of references
Computer Emergency Response Team
"The CERT Coordination Center is part of the Survivable Systems Initiative
at the Software Engineering Institute, a federally funded research and development
center at Carnegie Mellon University. We were started by DARPA (the Defense
Applied Research Projects Agency, part of the U.S. Department of Defense) in
December 1988 after the Morris Worm incident crippled approximately 10% of all
computers connected to the Internet. Originally, our work was almost exclusively
incident response. Since then, we have worked to help start other incident response
teams, coordinate the efforts of teams when responding to large-scale incidents,
provide training to incident response professionals, and research the causes
of security vulnerabilities, prevention of vulnerabilities, system security
improvement, and survivability of large-scale networks"
Computer Security (Wayne Summers)
Computer Security should be a major concern of all those using computers today.
This list includes many of the best sites on the Internet concerning computer
security, computer crime and computer viruses.
Computer Security FAQs
The Computer Security Institute
Computer Security News Daily - Latest Stories
Computer Security Resource Clearinghouse (NIST)
The Computer Security Resource Clearinghouse (CSRC) is designed to collect and
disseminate computer security information and resources to help users, systems
administrators, managers, and security professionals better protect their data
and systems. A primary goal of the CSRC is to raise awareness of all computer
systems users -- from novice to expert -- about computer security. This is perhaps
the most important way of improving information systems security.
Distributed Attack Tools - understanding them and defending against them (Packet
Storm)
"Packet Storm is the largest Internet security tools database in the world.
We provide intelligence ranging from security tools to system defense and assessment
information. Understanding that there is no way we can begin to design and develop
stronger systems and defenses unless we know what vulnerabilities exist, Packet
Storm follows a strict policy of full-disclosure, publishing all pertinent information
that we receive on security related materials."
Electronic Commerce, Smart Cards and Security Resources (S. Prasad)
Encryption and Security-related Resources (Peter Gutmann)
A very extensive collection of resources
Firewall Industry Guide (ICSA)
Originally, the term firewall referred to a construction technique designed
to prevent the spread of fire from one room to another, which is obviously not
what the Firewall Industry Guide is about! We are talking about Internetwork
firewalls, also called Internet firewalls. The term network firewall is typically
defined as a system or group of systems that enforces an access-control policy
between two networks. It may also be defined as a mechanism used to protect
a trusted network from an untrusted network [Kurtz]. Firewalls have become a
security "must have" now that so many organizations are connecting
their internal networks to external networks such as the Internet
Firewalls FAQ
Forum On Risks To The Public In Computers And Related Systems
HACKER WHACKER Security Sites (Wallyware, Inc.)
List of sites that contain the most up-to-date, and useful news and information
ICSA Certified Firewall Products
Established in 1989 as an independent corporation, ICSA has successfully led
the security industry in the development of high quality security products through
product certification programs and in establishing better security practices
through management of multiple security-focused consortia
ICSA Information Library - White Papers
Information Security Policies & Computer Security Policies Directory (The
Information Security Policies & Standards Group)
"Information security policies underpin the security and well being of
information resources.. they are the foundation, the bottom line, of information
security within an organization. "
Information Security Resources/Links (ISSA)
An extensive range of links, covering security tools, virus information, security
alerts, security resources and security list servers, as well as links to disaster
information
Information Security Search Engine
Information Technology Security - links to resources
The Communications Security Establishment (CSE) is a federal government lead
agency that delivers Information Technology Security (ITS) solutions to the
government of Canada.
Intelligent Agents, Information System Security, Information Warfare, and Other
Related Sources (Michael Bowman)
International Computer Security Association (ICSA)
ICSA is known worldwide as the objective source for security assurance services.
Established in 1989 as an independent corporation, ICSA has successfully led
the security industry in the development of high quality security products through
product certification programs and in establishing better security practices
through management of multiple security-focused consortia.
Internet and System Security (Dave Dittrich)
An extensive collection of resources
Internet Explorer Security Center (Scott Schnoll)
The purpose of this web site is to disseminate information regarding the security
issues pertaining to Microsoft® Internet Explorer. This web site is UNOFFICIAL
and in NO WAY sanctioned or authorized by Microsoft Corp.
ISS' X-Force Threat and Vulnerability Database
ISS' X-Force Team continually updates this security repository with the latest
network attack and vulnerability information.
IT Security Cookbook (Sean Boran)
This book is intended as a 'self help' guide to computer & network security,
primarily for security managers, programmers and system administrators.
ITtoolbox Security
Java Security: Frequently Asked Questions (Princeton Secure Internet Programming
Team)
Nothing in life is completely secure; Java is no exception. Several specific
security problems have been discovered and fixed since Java was first released.
If you're using an up-to-date Web browser, you are usually safe against the
known attacks. However, nobody is safe against attacks that haven't been discovered
yet. There are two classes of security problems: nuisances and security breaches.
A nuisance attack merely prevents you from getting your work done - for example
it may cause your computer to crash. Security breaches are more serious: your
files could be deleted, your private data could be read, or a virus could infect
your machine.
Microsoft ISA Server Firewall and Cache resource site
Microsoft Security Advisor Program
NIST Computer Security Resource Clearinghouse
The Computer Security Resource Clearinghouse (CSRC) is designed to collect and
disseminate computer security information and resources to help users, systems
administrators, managers, and security professionals better protect their data
and systems.
NTBugtraq! (Russ Cooper )
NTBugtraq is a mailing list for the discussion of security exploits and security
bugs in Windows NT and its related applications.
Other Sources of Security Information (CERT)
Sources of security information, tools, discussion groups, incident response
help, and more
searchSecurity.com (TechTarget.com)
Security Specific Search Engine
Secure Internet Programming (Princeton University, Department of Computer Science)
"We study problems in computer security, especially mobile code systems
such as Java, ActiveX, and JavaScript. We try to understand how security breaks
down, and to develop technology to address the underlying causes of security
problems."
SecureZone (En Garde Systems)
"Here you will find over a thousand links, which, along with our custom
preferences function, will help you locate the security information you need."
Security (ZDNet's Devhead)
Security and Encryption-related Resources and Links (Peter Gutmann)
Covers Crypto Link Farms, Crypto Archives, Crypto Social Issues, Crypto Software,
Anonymity and Privacy, Random Numbers, Public Key Infrastructure (PKI), Security
Agencies and Organizations, Security Books and Publications, Security People,
Security Problems, Access Control, ata Encryption, Interception and Monitoring,
Investigative Tools, Smart Cards, Security Standards, Laws, and Guidelines
Security FAQs (Internet Security Systems, Inc.)
Includes FAQs on Securing a Network, Compromise, File Sharing, Windows NT, Security
Patches and Network Packet Capture
Security Glossary (Charlie Kaufman, Radia Perlman, and Mike Speciner)
Security in agent-based systems (Massively Distributed Systems Group, IBM)
Agent-based systems require new thinking, to avoid both security holes and unexpected
global effects. When agent-based systems are combined with electronic commerce,
the need for all aspects of security is particularly strong.
Security in Computer Networks (Michael Waidner )
SIRENE (from the German, SIcherheit in REchnerNEtzen) is a loosely collaborating
group of researchers from different organizations. We share an interest in security
and privacy. In particular, we work on multi-party security (also called multi-lateral),
i.e., security without global trust, and where everybody can be held responsible
for their actions. This even works in combination with privacy.
Security Information Management Online Network - SIMON
Security Issues in Embedded Networking (Mark Eichin)
As embedded systems have become more advanced, the tools for working with them
have also improved. Often the easiest way to debug an embedded device is to
hook it up to a local network, and then interrogate the device using remote
debugging tools, often on a workstation of some kind. Many devices continue
to use a network in production, for reporting data or further diagnostics. These
so-called "local" networks are often far more widespread -- that is,
after all, part of their convenience. This convenience can introduce a number
of risks, due to unauthorized access to networked equipment.
Security Mailing Lists FAQ (Internet Security Systems, Inc.)
mailing lists include Alert, Intrusion Detection System, Network Security Assessment,
and NT Security
Security News links (SSE)
Here are links to over 60 of the best Security News sites, many of which are
updated daily
Security Portal - Computer Network Telecommunications Physical Security Information
Systems @ Algonquin College (InfoSysSec, Inc.)
"This Web Site contains over 10,000 Security Articles, Information and
Downloads for Information System Security Professionals"
Security Professionals' sites Links to physical security information
Security Related Links (Secure Electronic Marketplace for Europe) (Michael Waidner)
SEMPER is a European R&D project in the area of secure electronic commerce
over open networks, especially the Internet. It is executed by an interdisciplinary
consortium, combining experts from social sciences, finance, retail, publishing,
IT and telecommunications, and has established liaisons with several related
efforts. SEMPER is part of the European Commission's ACTS Programme (Advanced
Communications Technologies and Services), executing Task 503. Funding is provided
by the partner organisations, the European Union and the Swiss Federal Department
for Education and Science.
Security Research Center (SecurityPortal.com)
Security Resource Center (ZDNet)
Articles, tips, white papers, etc.
Security Risk Analysis Directory
Security Space (E-Soft Inc)
SecuritySpace.com is a web security portal, providing internet security related
news, resources, tools and services
Security World Wide Web (WWW) Sites (Center for Information Technology, National
Institutes of Health, Bethesda, MD)
Security: Frequently Asked Questions (FAQ) (Center for Information Technology,
National Institutes of Health, Bethesda, MD)
SecurityFocus.com
Home of BugTraq
SESAME (A Secure European System for Applications in a Multi-vendor Environment
) (Joris Claessens, Mark Vandenwauver and Paul Ashley)
SESAME (a Secure European System for Applications in a Multi-vendor Environment)
is a European research and development project, part funded by the European
Commission under its RACE programme. It is also the name of the technology that
came out of that project. The SESAME technology offers sophisticated single
sign-on with added distributed access control features and cryptographic protection
of interchanged data. SESAME is a construction kit. It is a set of security
infrastructure components for product developers. It provides the underlying
bedrock upon which full managed single sign-on products can be built. Examples
of such products are ICL's Access Manager and Bull SA's Integrated System Management
AccessMaster (ISM AccessMaster). Siemens (Software & Systems Engineering
Ltd) is also using SESAME technology to improve its secure X.400 mail product
set.
Six Steps Towards Better Security (AppGate)
TECS: The Encyclopaedia of Computer Security (Townsend & Taphouse)
"TECS is a free security resource for anybody interested in IT security.
It is all things security to all security people."
Terms and definitions - Security (PC Webopedia)
See this page for definition of these terms: access, access code, access control,
audit trail, authentication, authorization, bastion host, biometrics, Certificate
Authority, challenge-response, CHAP, Clipper chip, COLD, crack, data integrity,
data vaulting, digital certificate, digital envelope, digital signature, DMZ,
dongle, DoS attack, firewall, hack, hacker, IMEI, IP spoofing, IPsec, Kerberos,
MD5, message digest, NAT, OPS, P3P, packet filtering, PAP, password, phreaking,
PKI, Pretty Good Privacy, RBL, S-HTTP, S/MIME, secure server, security, SET,
smart card, smurf, sniffer, SOCKS, spoof, SSH, SSL, steganography, token, Trojan
horse, username, virus, X.509
Tom Dunigan's Security page (Tom Dunigan)
This page points to resources covering PGP, one-time passwords, kerberos, Crypto
API's, random numbers, secure applications, intrusion detection, vulnerabilities,
Java and WWW, UNIX security, and NT security
Trusted Computing Platform Alliance (TCPA)
The Trusted Computing Platform Alliance, or TCPA, was formed by Compaq, HP,
IBM, Intel and Microsoft. All five companies have been individually working
on improving the trust available within the PC for years. These companies came
to an important conclusion: the level, or "amount", of trust they
were able to deliver to their customers, and upon which a great deal of the
information revolution depended, needed to be increased and security solutions
for PC's needed to be easy to deploy, use and manage. An open alliance was formed
to work on creating a new computing platform for the next century that will
provide for improved trust in the PC platform.
