Useful Security Links
FAQs (Frequently Asked Questions) relating to
information security and computer audit
CISA (Certification
Information Systems Auditor) FAQ
Computer Security FAQ
Counterpane's links to crypto & related FAQs
Cryptography FAQ
Cryptography FAQ by RSA Labs
Firewalls FAQ
Hack FAQ
ID card FAQ
Intrusion Detection Systems FAQ
JAVA security FAQ
Kerberos FAQ
Netware hack FAQ ('unofficial')
Network sniffers FAQ
Risk Management FAQ
Security compromise FAQ
Social engineering FAQ
Software testing FAQ
Solaris security FAQ
Windows 2000 FAQ (generic, not just infosec)
Windows NT hack FAQ ('unofficial')
Windows NT security FAQ
WWW security FAQ
Glossaries, dictionaries etc.
CCCL's 'Infosec jargon buster'
Internet security glossary - RFC2828
IT abbreviations and acronyms
NATO glossary of IT security/PKI terminology
TechEncyclopedia - defines 14,000 IT terms
The New Hacker's Dictionary
News sites, webzines, portals etc. - good for lunchtime reading
Camelot knowledge center
ComputerWeekly security news
Computing magazine's information security section
Incidents.org by SANS with 'storm watch' alert status
and daily infosec news
Indian 'Center for IT security'
Information Security magazine from ICSA
Infosyssec portal
Internet Magazine - UK-biased net news
IT-Audit - portal zum thema IT-audit und IT-security
LEXIS-NEXIS topical infosec news and press releases
SearchSecurity.com portal
Secure Computing magazine
Security Administrator webzine (not all free)
Security News Network
SecurityFocus general infosec site (with web interface
to Bugtraq infosec newsgroups)
SecurityPortal - infosec articles, news & links
SecuritySearch.net infosec portal
The Crypt Newsletter
The McKinsey Quarterly
The Register - infosec webzine
Whitehats portal
** S A N S - excellent set of infosec resources &
practical advice - our favourite infosec resource! **
CERIAS - Center for Education and Research in
Information Assurance and Security
CERTŪ Security Improvement Modules
CERTŪ Security Improvement Modules - excellent set of
practical recommendations
CISSP Open Study Guide website
DTI - Business Manager's Guide to Information Security
DTI - Security at Work campaign website
GIAC student papers on infosec basics
IT Security Cookbook - dynamic on-line infosec
reference
Risks forum
Ten current Internet hoaxes
Information security
resources
Firewalls, network & telecomms security
Checkpoint certification programme
Cisco Router security guides from the NSA
Microsoft info on TCP/IP
Microsoft introduction to TCP/IP
Network Security Professional Certification Program
from Learning Tree
PROTOS - security testing of communications protocol
implementations
Firewalls mailing list
Hacking, exploits, vulnerabilities (BEWARE cracker sites!)
AntiOnline - hacking news
Attrition.org
Beyond Security - securiteam.com
CERT Coordination Centre's 'Current activity' page -
recent exploits
Cheating
Counterpane Systems S-MIME password cracker
screensaver
Cracker suite for MS Office & other applications
Cryptome - US-based public disclosure website
DDoS attacks on GRC.COM
HackerZ Hideout
HoneyNet project - straw-man network with monitors
New Order hacking site
NT buffer overflows
Razor hacker site with infosec links and sporadic
papers
Razor infosec papers
Rent-A-Hacker - 'you get exactly what it says on the
label' ...
SecuriTeam.com ™ infosec portal
Social engineering fundamentals, part 1
Totse hacker site
Whitehats dotcom - another penetration tester outfit
with a bunch of resources
Wireless LAN defaults
Incident management & contingency planning
Article on how to design an incident response policy
Business continuity planning booklist
Computer Incident Advisory Center
Disaster Recovery Journal
DRI International professional certification for
business continuity planners
Forum of Incident Response and Security Teams (FIRST)
High Tech Crime Network's certification for IT
forensic specialists
Network downtime cost calculator
CERT mailing list
Information warfare, cyberterrorism
Attack news from Network World magazine
Dorothy Denning's publications
Information warfare links
National Infrastructure Protection Center (NIPC)
President's Commission on Critical Infrastructure
Protection
Infosec organisations
(ISC)2 certification for infosec managers (CISSP)
infosec administrators (SSCP)
American Society for Industrial Security
CESG - UK Government Communications-Electronics
Security Group
Information Security Forum (formerly the European
Security Forum)
ISSA - Information Systems Security Association
IT Governance Institute - new home of COBIT
National Security Institute section on computer
security
Infosec policies & guidelines
Google's section on infosec policies
Human firewall infosec awareness project
Infosec policies presentation slides at SANS