| Featured Sites |
 |
| • CERT -
CERT, track security threats, subscribe to the CERT mailing list |
| • (New) Help Net Security -
Very well done security resource including news, resources, and links for security professionals |
| • (New) IT Toolbox -
Content, community, and service for Security professionals. Providing technical discussion, job postings, an integrated directory, news, and much more. |
| • NT Bug Tracking -
Keep track of security holes in Windows operating systems |
| • SecurityDocs.com -
Useful directory of security white papers, well categorized. |
| • Slashdot -
Online forum discussing relevant technology topics, many of which revolve around security and privacy. |
| • (New) Tysak Technologies Security Training -
Tysak is a leading IT security trainer for end-users and professionals. Courses include Tysak Security Awareness training, Countermeasures Against Hacking, and authorized Check Point, Internet Security Solutions, and NetScout classes. Tysak customers can choose from a full range of options: self-paced e-learning courses, traditional instructor-led courses in classrooms, and instructor-led courses over the Internet. And the modalities can be blended as needed. |
| • (New) WindowSecurity.com -
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals covering topics such as firewalls, viruses, intrusion detection and other security topics. |
|
|
(Contribute
a link to this site) |
|
• Surveillance Security cameras - WECU Surveillance.com supplying Surveillance Security cameras, systems and equipment
to business and retail clients |
| • Above Security - Above Security is a specialized managed monitoring and intervention service provider |
• AccuHash Integrity Windows Software - AccuHash 2.0 is windows utility to protecting the integrity and verify the accuracy of data files using checksum calculation (CRC32, MD5 and SHA-1) algorithms.
Adding an little checksum file (own XML-based #ml and also SFV, MD5SUM and BSD-style formats supported) to your data files will allow in further easily to verify their integrity at any time. |
| • ACID (especially useful with snort) - The Analysis Console for Intrusion Databases (ACID) is a PHP- based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools. It is especially useful with Snort. |
| • Acunetix Web Vulnerability Scanner - Acunetix Web Vulnerability Scanner - audits websites and web applications for vulnerabilities to SQL Injection, Cross Site Scripting, Directory Traversal attacks and more. |
| • Advanced Port Explorer from Diamond CS - Port Explorer is another excellent tool from DiamondCS. Port Explorer is an advanced network tool that is easy to use but very powerful. It allows you to look at the network/Internet connections of your computer in a highly effective manner. It offers precision port-to-process mapping capabilities, but it has many other capabilities including hidden server detection (allowing you to detect most remote access trojans simply by looking at the display to see red sockets), a packet-sniffer (you can even spy on individual sockets), as well as 7 unique utilities. |
| • anti-phishing working group - The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types. Phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. Pharming uses the same kind of spoofed sites, but uses malware/spyware to redirect users from real websites to the fraudulent sites. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince recipients to respond to them. |
| • Apache-SSL - Apache-SSL is a secure Webserver, based on Apache and SSLeay/OpenSSL |
| • Armana Security Ltd - Network security consultants based in UK specialising in intrusion detection systems, email management, policy management and firewalls. |
| • Ashland Institute for Strategic Studies - The Ashland Institute for Strategic Studies, Inc. delivers timely, relevant, cost effective and actionable intelligence using open sources and a national network of experts. AISS is committed to providing understandable answers to complex questions by incorporating current best thinking, practices and technologies to deliver truly added value to the initial data collected. Founded by James Adams, member of the National Security Agency’s Advisory Board and the founding Chairman of the Technology Advisory Panel of the Signals Intelligence Directorate at NSA, which is responsible for oversight of all technology programs. |
• ASP based utility which lets you document your network infrastructure - It is a ASP based utility which lets you document your network infrastructure. It allows for technology planning and lets you inventory your equipment using an online scanner.
myCMDB is a web based network inventory and configuration management solution. It allows you to address fundamental questions about your equipment: What do I own and where is it? Who has access to it? Which systems are vulnerable? Am I in license compliance?
myCMDB does not require discovery agents or upfront software purchases. It is an all in one solution without external software dependencies. It offers a very short implementation cycle which lets you immediately understand your asset portfolio.
Pre-packaged reports allow you to export and sort the data in Microsoft Excel or to print summary lists and detailed reports right from the myCMDB web pages.
Our online system scanner determines configuration elements without any manual input and lets you inventory a new system within a minute. |
| • Attrition.org - This is an excellent site, but perhaps one of its highlights is its mirror/catalog of previously defaced websites (hacked sites). Showing this to management can be an effective way of educating them about the risks they face (selling security). |
• Automatic-Backups - Automatic-Backups.com provides an online backup system to secure your data and automate your backups.
|
• Automatic-Backups - Automatic-Backups.com provides an online backup system to secure your data and automate your backups.
|
| • Awareness materials, Creative Content - www.NoticeBored.com - fresh awareness materials on a different information security topic every month. Creative content addresses staff, managers and IT professionals. Free newsletters, samples and white papers available. |
| • Biometrics forum - The mission of the Biometrics Institute is to be a forum for biometric users and other interested parties and to facilitate the wider use of biometrics. |
| • Biometrics resources - Biometrics information resource including guides, articles, and applications |
| • Bonded Sender Spam Control - Originators of legitimate email can now post a financial bond to ensure the integrity of their email campaign. Receivers who feel they have received an unsolicited email from a Bonded Sender can complain to their ISP, enterprise, or IronPort and a financial charge is debited from the bond. |
| • Caine and Abel and more - A collection of hacking tools including Caine and Abel, which allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes and analyzing routing protocols. Other tools include arp poisoning, spoofing, etc. |
| • CERT - CERT Coordination Center - This is a federally funded security center which provides security vulnerability alerts, reports, fixes, and other security information. They also provide an essential advisory and vulnerability summary mailing list. |
| • Cert(sm) Coordination Center - CERT studies Internet security vulnerabilities, provides incident response services, publishes security alerts, researches security and survivability, and develops information to help you improve security at your site. |
| • CIAC- Incident advisotry - CIAC - Computer Incident Advisory Capability CIAC is run directly by the US Department of Energy and is a fairly good source of security bulletins. |
| • Cisco Secure Access Control Server (ACS) - Cisco Secure ACS offers centralized command and control for user authentication, authorization, and accounting from a Web-based, graphical interface, and distributes those controls to access gateways in thenetwork. |
| • COAST Homepage - COAST (Computer Operations, Audit, and Security Technology) is a multiple project, multiple investigator laboratory in computer security research in the Computer Science Department at Purdue University. COAST publishes a newsletter and hosts a calendar of security events. |
| • COBIT, ISO 17799 Article - A nice article by Gene Spafford discussing the information control role of COBIT versus the security requirements perspective of other standards such as ISO 17799 |
| • CommView LAN Analyzer - Windows-based LAN Analyzer. Note this tool also provides a very easy-to-use interface for crafting your own IP packets, useful for advanced vulnerability analysis. |
| • ConfigureSoft ECM - Configuresoft ECM www.configuresoft.com -- provides continuous configuration managment. Registry, file system, programs, settings,etc --- complete change history. |
| • Content Authentication - Authentication and audit capabilities for the enterprise document creation, storage, editing and reuse, targeted towards regulation compliance, provides strong evidence of "who did what and when." |
| • Cotse security web page - security information resource useful for system administrators (vulnerabilities, papers, links) |
| • Crypto links - Collection of crypto-related links from the author of Crypto++ |
| • DallasCon Security Training - The DallasCon Information and Wireless Security Conference is now in its fifth successful year! DallasCon continues the tradition of being the most respected security conference in the Southwest. Come see presentations on the latest information security topics, sign up for our hands-on boot camps and stay to enjoy everything the city has to offer. |
• Data Recovery Aid - Data recovery for hard drives, RAID data recovery, Exchange data recovery, compact flash, floppy/zip disks and more.
|
| • Data recovery services - DriveSavers data recovery services. Be sure to checkout their museum of Disk-Asters! |
| • Defeating a Ethernet switches with dsniff - Ethernet switching and VLAN's can certainly improve security. However, they, by no means, protect against interfaces running in promiscuous mode. Dsniff proves that point well, showing how various methods including spoofing can be used to hack through switched Ethernet environments. |
| • DigiStamp Inc. - A trusted time stamp service for data authentication that is based on PKI and XML digital signature standards. |
| • Discount Security Cameras - Discount Security Cameras - Professional security cameras and complete analog and digital recording systems for cctv applications. Online store or call toll-free. |
| • DVR Camera recording systems - World EyeCam offers security cameras and DVR (digital video recording) equipment conveniently bundled together. |
| • Electronic Privacy Information Center - EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. |
| • Enterprise CM Products - EnterpriseCM, Inc. (ECMI) is a professional services organization focused exclusively on business and technology Enterprise Change and Configuration Management. |
• Etterncap - Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many features for network and host analysis.
|
| • Evidan Identity and Access Management - Evidian AccessMaster Secure Access Manager (Standard and Web Editions) provides centralized authentication and authorization manager for the extended enterprise. |
• Evidian - Security policy management, access control, delegated security provisioning, for telcom, portal and enterprises.
|
• Evidian SSO Xpress - Evidian SSO Xpress–Standard Edition provides a plug-and-play entry-level Single Sign-On solution for Windows users. It offfers a a modular and extensible solution to grow later with your needs and business. Features: Single sign-on to all applications - Safe SSO implementation - Plug-and-play setup and deployment - 24x7 availability and scalability -
Self-learning mode for instant ID/password management - Open, extensible, standards-based solution |
| • Examples of DoS attacks - Another classic Phrack article illustrating various attacks, useful for historical purposes and understanding how solid attacks are crafted and executed. |
| • F5 Networks - Global Leader in Application Traffic Management - As the pioneer in Application Traffic Management, F5 continues to lead the industry by driving more intelligence into the network to deliver advanced application agility. F5 products ensure the secure and optimized delivery of applications to any user, using any device, anywhere in the world. Through its flexible and cohesive architecture, F5 delivers unmatched value by improving the way organizations serve their employees, customers and constituents -- while dramatically lowering operational costs. Products include application firewalls, load sharing, SSL termination, SSL VPN's, SSL Acceleration, and more. |
| • F5 Networks, a Global Leader in Application Gateways and SSL Acceleration - As the pioneer in Application Traffic Management, F5 continues to lead the industry by driving more intelligence into the network to deliver advanced application agility. F5 products ensure the secure and optimized delivery of applications to any user, using any device, anywhere in the world. Through its flexible and cohesive architecture, F5 delivers unmatched value by improving the way organizations serve their employees, customers and constituents -- while dramatically lowering operational costs. Products include application firewalls, load sharing, SSL termination, SSL VPN's, SSL Acceleration, and more. |
• Fairfax Electronics a to z in low voltage - Carries a wide array of low-voltage security products, ranging from cctv, digital video recorders, access control systems, intercoms, surveillance cameras / systems, alarms,
and locking devices. This site offers a comprehensive selection of physical security devices.
|
| • FBI National Infrastructure Protection Center - NIPC's mission is to serve as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures. These include telecommunications, energy, banking and finance, water systems, government operations, and emergency services. |
| • Financial digital signatures and trust - Sets standard for financial digital signatures (such as the Identrus application programming interface browser plug-in signature standards) and defines infrastructure for interoperable identity management. |
• Fingerprint recognition - Provider of Fingerprint recognition hardware and software (Integrated into Active Directory)
|
| • FIPS 140-2 - Federal (NIST) requirements for cryptographic modules |
| • Firewall policy Auditing, Tracking and Compliance - Tufin Technologies is the leading provider of Firewall policy Auditing, Tracking and Compliance solutions. Tufin SecureTrack provides comprehensive Change Control, Auditing and Monitoring for Firewalls, enabling IT security teams to control their policy |
| • Firewalls FAQ - Internet firewalls frequently asked questions, comprehensive and well done |
| • Forum of Incident Response and Security Teams (FIRST) - FIRST fosters cooperation and coordination in incident prevention among a variety of computer security incident response teams from government, commercial, and academic organizations to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large. |
| • fwlogwatch - A packet filter and firewall log analyzer. It works with Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX and Windows XP firewall. |
| • GFI LANguard - System integrity monitor (SIM) software for intrusion detection |
• GFI LANguard Network Security Scanner - GFI LANguard Network Security Scanner (N.S.S.) checks a network for possible security vulnerabilities by scanning the entire network for missing security patches, services packs, open shares, open ports, unused user accounts and more. With this information (displayed in customizable reports), administrators can easily lock down their network against hackers. GFI LANguard N.S.S. can also remotely deploy missing patches and service packs in applications and OS. GFI LANguard N.S.S. is the leading Windows security scanner and very competitively priced.
|
| • GFI LANguard Security Events Log Monito - GFI LANguard Security Event Log Monitor performs event log based Intrusion detection and network wide event log management. Archives & analyses event logs of all network machines and alerts you in real time to security issues, attacks and other critical events. Free 1 server – 5 workstation available for download! |
| • GFI LANguard Security Events Log Monitor - GFI LANguard Security Event Log Monitor performs event log based Intrusion detection and network wide event log management. Archives & analyses event logs of all network machines and alerts you in real time to security issues, attacks and other critical events. Free 1 server – 5 workstation available for download! |
| • GFI LANguard Security Events Log Monitor - GFI LANguard Security Event Log Monitor performs event log based Intrusion detection and network wide event log management. Archives & analyses event logs of all network machines and alerts you in real time to security issues, attacks and other critical events. Free 1 server – 5 workstation available for download! |
| • GFI Web Monitor for ISA Server - GFI's WebMonitor for ISA Server is a freeware utility for ISA server that allows you to monitor the web sites being browsed by network users and the files they are downloading - in REAL TIME. It also allows administrators to block current web connections as needed. Key features include - Easy checking of web and FTP browsing activity from anywhere in the network, native integration with ISA Server as a web filter, Blocks web access/downloads in progress and Web-based interface enables viewing from anywhere in the network. |
| • Gibson Research - Home of ShieldsUp! online vulnerability testing (very basic testing), LeakTest, and more |
| • Global Data Integrity- Windows Integrity Management Software - Global Data Integrity provide the advanced data integrity monitoring and modification detection solution Xintegrity Professional. Xintegrity Professional detects all changes to Windows systems, whether malicious, accidental or during new software installation. |
| • GnuPG - GnuPG stands for GNU Privacy Guard and is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC 2440. As such, it is aimed to be compatible with PGP |
| • GSS-API - The Generic Security Service Application Program Interface (GSS-API), as defined in RFC-1508, provides security services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments. |
| • Hosted SSL-Based Email Provider - 4securemail.com provides hosted email services for individuals and implements SSL access for web-based email and also SSL-based POP mail access for enhanced security. |
| • IETF Geographic Location/Privacy (geopriv) - The primary task of this working group will be to assess the the authorization, integrity and privacy requirements that must be met in order to transfer geographic location information about certain resources or entities. These applications include navigation, emergency services, management of equipment in the field, and other location-based services. |
| • Imprivata - Offers a gateway appliance that works with client software to create single-sign-on control over custom and Web-based applications |
| • Information Security Institute - Information Security Institute is a provider of security training. Features ethical hacking, intrusion prevention, SCADA Security, computer forensics and web application hacking training. |
| • Infosec Writers - Papers submitted by security professionals are published on the site and archived for readers. Categories include cryptography, email security, exploitation, firewalls, forensics, honeypots, IDS, malware & wireless security. The Infosec Writers awards book prizes for writers. |
• Innovative and unique Hidden Camera & Spy Camera Shop - How about a surveilance camera in a teddy bear or perhaps disguised in a boom box or
computer speakers? This unique site offers an innovative selection of video cameras.0
1ashop offers pinhole cameras, hidden cameras, spy cameras, nanny cams, surveillance
cameras, palm size digital video recorders. |
| • insecure.org - Good reading, links, and tools for lockdown, intrusion detection, and vulnerability analysis. Home for the nmap port scanner. |
| • Institute for Security and Open Methodologies - The Open Source Security testing Methodology Manual (OSSTMM) is a free, peer-reviewed handbook for security testing covering security for the following sections: wireless, communications, physical, Internet, processes, information. It's available for download at http://www.osstmm.org. The methodology is an international standard for security testing used by IT consultancies, financial institutions, government offices, and legal firms worldwide due to it's unique ability to offer low-level tests for many international laws on privacy and security. |
| • Interesting privacy policy - Who would have thought you could provide a tutorial on Internet addressing while providing a privacy policy? Well, texas.net has done exactly that with this simple discussion. |
| • ISO 17799 User Group - This is an interactive resource dedicated to the ISO 17799 information security standard. |
| • Java/J2EE/MS .Net Security - Three part article from Artec Group examines and compares security design cosiderations for component development and architecture in Java/J2EE and MS .Net |
| • Kerberos - Kerberos is a network authentication protocol developed by MIT. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. |
| • Kyberpass - A comprehensive trust-enabled business integration solution. |
| • LDAP summary, for email addressing - Discusses the use of LDAP within the context of email. Note that email "address books" are only one small part of the overall directory picture-- directory services are much more then a mechanism for shared address books. |
| • LDAPGuru, Inc. - Links to LDAP and other directory service browsers and managers |
| • Libnet packet construction - This tool can be used to craft IP packets for vulnerability testing tools. Libnet is a high-level API (toolkit) allowing the application programmer to construct and inject network packets. |
| • Lockdown online resource - Site dedicated to providing lockdown checklists for Linux, Sun Solaris, Windows and more. Particular useful collection of links. |
| • Microsoft ISA server - The latest version of Microsoft proxy server technology, combined with several other security-related features |
• Microsoft Learning Paths for Security - Use these Learning Paths to find a range of Microsoft training references and resources on security threats and appropriate countermeasures. Learning resources are organized by level (from basic to expert) and provide information on the planning, prevention, detection, and response phases of security implementation.
|
• Microsoft Learning Paths for Security - Use these Learning Paths to find a range of Microsoft training references and resources on security threats and appropriate countermeasures. Learning resources are organized by level (from basic to expert) and provide information on the planning, prevention, detection, and response phases of security implementation.
|
| • Microsoft Security Learning - Great site for references and resources on security threats and appropriate countermeasures. Different security topics/issues highlighted every month. |
| • MIT Distribution for PGP - PGP is used to exchange email securely but also, importantly, to compute a "hash" for open source programs. You should compare the PGP hash "footprint" of open source software you rely on to that provided by the open source authors. |
| • Mixter's guide to cracking - A guide to hacking (cracking). See his discussion about stealth behavior, this is important when detecting to, and responding to, an incident. You need to know what you are, and are not, looking at. |
| • MuteMail Anonymous Email - M u t e M a i l is a SMTP/IMAP/POP3 anonymous email system located offshore in a country with strict privacy laws. Customers can send and retrieve email messages using their favorite email client (Secure Bat!, Outlook, Eudora, Netscape, etc) through SSL. |
| • nCipher - Hardware SSL Accelerators, security and key management. |
| • Nessus security scanner - This is a powerful security scanner (for vulnerability analysis) supported by the Internet community. |
| • Nessus vulnerability analyzer - Part of lockdown is vulnerability analysis and thus these two security elements (Lockdown and IDS/VA) are heavily related. For vulnerability analysis of web servers, nessus is an outstanding open source software tool. |
| • netfilter/iptables project - Discusses ip filtering on Linux platforms through the use of netfilter/iptables software. Note the documentation section containing useful HOWTWO's and FAQ's. |
| • netfilter/iptables project - Discusses ip filtering on Linux platforms through the use of netfilter/iptables software. Note the documentation section containing useful HOWTWO's and FAQ's. |
• NetFrameworks, Sponsors of CriticalSecurity.com - NetFrameworks is a privately held full service security technology consulting based in the Washington DC area. Our clients include small, medium, and large size business worldwide. A small sampling of our past and present clients include Nike, Walt Disney, Lockheed Martin, Zions Bank, Qwest Communications, startup efforts, the North American electric power industry, and government agencies tasked with security and protection of people and national assets.
|
| • Network IP hijaacking - A paper by Laurent Joncheray on the workings of IP hijacking (hosted by insecure.org, another excellent secure resource) |
| • NEW HYPERLINK - NO DESCRIPTION |
| • NEW HYPERLINK - NO DESCRIPTION |
| • NEW HYPERLINK - NO DESCRIPTION |
| • NIST Bridge Certification Authority (BCA) whitepaper - White paper on Bridge Certification Authorities: Connecting B2B Public Key Infrastructures. It describes different PKI architectures, difficulties in connecting the architectures, and how a BCA addresses these issues |
| • NIST Encryption - National Institute of Standards (NIST) encryption focus area |
| • NMAP - The "nuts-and-bolts" security scanner that allows you to have direct control over the scanning (vulnerability analysis) process. Tools like Nessus make use of nmap. |
| • Oblix COREid - Oblix COREid(R) - Oblix COREid provides an integrated policy-based enterprise identity management and Web access control solution |
| • Online Security - Knowledge is power: learn from intelligence services and hackers methods and secure your Internet connection! Free tutorials and guides for your computer - Security Directory, web forum |
| • Open source access control and authentication - DACS is an open source access control and authentication system for web services and applications. DACS can limit access to any content served by an Apache web server or be used by individual applications, scripts, server software, and CGI programs to supply access control functionality. |
| • OpenLDAP - LDAP (Lightweight Directory Access Protocol). This protocol and servers/clients that support it is often used as a public repository for security credentials. |
| • OpenNetwork DirectorySmart - DirectorySmart is a directory-enabled (LDAP) central framework for managing user identities and access control. |
| • Packtstorm.org - Provides a collection of cracking articles, forums, exploit code, and news. |
• PAM - Pluggable Authentication Modules - Orginally developed by Sun, PAM (Pluggable Authentication Modules) is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users and to change those authentication mechanisms on the fly without recompiling.
|
| • Perforce - Commercial configuration management software |
| • PGP email security - PGP Incorporated, provides commercial PGP-enabled electronic mail security software |
| • PGP, commercial version - PGP Incorporated, provides commercial PGP-enabled electronic mail and security software |
| • Phaos Java security - Phaos markets a trusted product for communicating securely in Java using SSL (Secure Socket Layer) and TLS (Transport Layer Security) protocols. |
| • Phrack - Phrack is an excellent overall security information resource. For training, you can use it to provide insight into the hacker culture and the skill they bring to their work. The cracker Magazine Phrack is an invaluable resource, and is a sporadically released journal of technical papers describing security exploits. |
| • PKI Law - A PKI information exchange emphasizing emerging legal issues |
| • PKI resource - The PKI page, a comprehensive collection of PKI-related links |
| • Privacy Times Newsletter - Subscription-only newsletter Covering privacy & Freedom of Information Law And policy. It is read largely by attorneys and professionals who must stay abreast of the legislation, litigation, and executive branch activities, as well as consumer news, technology trends and business developments. |
• Pro-Max Security Systems - Pro-Max Security Systems offers CCTV Security Cameras and Remote Video Surveillance Systems. They are the manufacturer of the Pro-Max Digital Video Recorders.
|
• Problem Tracker Tracking Software - ProblemTracker Issue and Defect Tracking Software -- Keep track of issues and security violations to make sure that they are properly taken care of.
|
| • Protection One - Provider of video surveillance, intrusion detection, and access control |
| • Psionic LogSentry - LogSentry helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. This program is free to use at any site. |
| • Redhat Security - Subscribe to the Redhat Linux security network and keep your systems up-to-date |
| • RSA SecurID - The RSA SecurID® system is a two-factor user authentication solution (i.e. PIN number + hardware token) |
| • RTEK 2000 Security links - Nice collection of links including firewall, protocol, and port-related security resources. |
| • Sam Spade - Online reconnaissance tools and an excellent Windows-based toolkit, useful as part of the IDS process. |
| • samhain integrity checking IDS - samhain is an open source file integrity and host-based intrusion detection system for Linux and Unix. It can run as a daemon process, and and thus can remember file changes - contrary to a tool that runs from cron. |
| • SANS - SANS (System Administration, Networking and Security), organization for security professionals |
| • SANS article on layered security - Article providing a specific implementation example highlighting the power of layered security and address, protocol, and route management and disablement at each layer |
| • SANS DoS Help Page - This site provides tips on helping to defeat Denial of Service Attacks: Step-by-Step |
| • SANS GIAC Training - Syllabus for the SANS Global Information Assurance Certification (GIAC) Security Unilx course. The syllabus itself is a useful lockdown checklist. |
| • SANS home - SANS security training classes and conferences |
| • Secure Cameras - Online store selling security cameras, hidden cameras. |
| • Secure Passage Enterprise Security Management - FireMon, by Secure Passage, is an Enterprise Security Management application that provides visibility to and control of network changes, configurations, and performance. Designed as a security tool, FireMon monitors configurations, evaluates configuration effectiveness, and alerts administrators to changes in configurations. FireMon controls devices by implementing intelligent device information processing and combining it with input from technical experts and customer requirements. |
| • Secure Programming for Linux and Unix HOWTO - This site provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. |
| • Secure Shell - SSH closes many of the security holes opened by connections such as file transfer (ftp) and remote login (telnet, rlogin, etc). SSH allows secured, encrypted remote logins to windows and linux. |
| • SecureSoft USA - Internet security and computer network security, including firewalls, VPN, intrusion detection and virtual private network security systems and solutions. |
| • Security Awareness Blog - Security Awareness for Ma, Pa & the Corporate Clueless is a blog dedicated to helping today's organizations - government, corporate and even home users, build solid security awareness programs. The blog is updated almost daily and encourages feedback from users on what they need to build successful awareness training for end users. |
| • Security Focus and BugTraq - Security Focus provides a database of known vulnerabilities and very detailed exploit information for a large number of systems. It is also quite noteworthy for hosting the Bugtraq mailing list, which is a high-traffic list where, for better or for worse, vulnerabilities and security issues are discussed in depth, often with exploit code. |
• Security Threat Manager with Correlation - Security information management software that uses real time security event correlation between security systems (firewalls, IDS, IPS, AV etc), vulnerability scans and asset values to reduce false positives and deliver real-time threat triage for your company.
|
| • Security Threat Manager with Correlation - Security information management software that uses real time security event correlation between security systems (firewalls, IDS, IPS, AV etc), vulnerability scans and asset values to reduce false positives and deliver real-time threat triage for your company. |
| • Security tracker - Site that maintains a list of vulnerabilties and security alerts |
| • SecurityBugWare - The Security Bugware List Page contains a very nice and large collection of security holes for many OSes. |
| • SecurityFocus Online - A security administrator's morning newspaper. Also home of the BugTraq mailing list. |
| • SecWiz Security Guide - The SecWiz Guide to Network Security is a web collection of documents helping to solve your network security problems in system-specific detail. This website is filled with practical advice, how-to articles, tips, and techniques to help you do your job today. |
| • Smart Card and Biometric solutions - Didya.com carries smart card development kits to help you develop secure applications. Secure your PC with a smart card with our smart card logon kit. Biometric kit with source code to use fingerprints for authentication. |
| • Smart card key management - The SSP Profile Manager manages publc key cryptographic key pairs. Such keys are used by SSL/TLS, for example, to dynamically generate symmetric key pairs. For more information on how SSL/TLS works, see also Eric Greenberg's first book, Network Application Frameworks. |
| • Smart cards - Datakey Inc., provider of smart card products |
| • SnortSnarf - SnortSnarf is a Perl program to take files of alerts from the free Snort Intrusion Detection System , and produce HTML output intended for diagnostic inspection and tracking down problems. The model is that one is using a cron job or similar to produce a daily/hourly/whatever file of snort alerts. This script can be run on each such file to produce a convenient HTML breakout of all the alerts. |
| • Solaris Secure Shell - Supported by Sun and integrated in Solaris 9. Solaris Secure Shell enables users and administrators to, Login to another host securely, over an untrusted network, Copy files securely between the two hosts, Run commands securely on a remote host and Tunnel X-windows network traffic safely. |
| • SQL Injection FAQ - If you develop or use software based on either SQL or mySQL, you should read this FAQ. The principles, however, apply to any scenario wherein user input is placed into programmatic arguments directly-- doing so is bad practice. |
| • SSL v3.0 standard - Specification for Version 3.0 of the Secure Sockets Layer (SSL V3.0) protocol |
| |
Download your free security planning template and