Cert(sm) Coordination Center. CERT studies Internet security vulnerabilities, provides incident response services, publishes security alerts, researches security and survivability, and develops information to help you improve security at your site.

Center for Education and Research in Information Assurance and Integrity. CERIAS provides innovation and leadership in technology for the protection of information and information resources, and in the development and enhancement of expertise in information assurance and security.

Common Vulnerabilities & Exposures Web Page. A dictionary for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. Hosted by Mitre.

COAST Homepage. COAST (Computer Operations, Audit, and Security Technology) is a multiple project, multiple investigator laboratory in computer security research in the Computer Science Department at Purdue University. COAST publishes a newsletter and hosts a calendar of security events.

Federal Bureau of Investigation Evidence Response Team. FBI personnel who specialize in organizing and conducting major evidence recovery operations. They manage the identification, collection, and preservation of evidence at crime scenes. ERTs are prepared to respond to major case situations in an efficient fashion to ensure that critical evidence is identified and gathered for forensic analysis.

Federal Bureau of Investigation National Infrastructure Protection Center. NIPC's mission is to serve as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures. These include telecommunications, energy, banking and finance, water systems, government operations, and emergency services.

Forum of Incident Response and Security Teams (FIRST). FIRST fosters cooperation and coordination in incident prevention among a variety of computer security incident response teams from government, commercial, and academic organizations to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.

The Information Systems Audit and Control Association & Foundation. ISACA defines standards, guidelines and procedures for IS Auditing and standards and ethics for Information Systems Control Professionals.

The Center for Internet Security. CIS provides guidelines, policy templates, and assessment software to assist organizations and individuals in improving host security.

The Information Warfare Site. This site is an online resource that aims to stimulate debate about a range of subjects from information security to information operations and e-commerce. It is the aim of the site to develop a special emphasis on Europe.

National Security Administration. NSA provides a series of Security Recommendation Guides. We'd tell you more, but then we'd have to shoot you.

The WildList Organization. WildList is a premier source of information on viruses found spreading In the Wild.

Virtual Private Network Consortium. VPNC is the international trade association for manufacturers in the VPN market.

Portals, Info Sites & Publications

2600 offers security related news and subscriptions to this well-known magazine.

All-Internet-Security.com Directory is an established and active marketplace for free, shareware and Internet Security resources.

The Beginner'sCryptography Page offers an introduction to cryptographic techniques and provides a wealth of links to other online cryptography resources.

Crypto-gram is a monthly email newsletter on cryptography from Bruce Schneier, discusses current issues in cryptography.

Fyodor's Good Reading List is an intersting and eclectic collection of security relatedresources.

The Hacker News Network provides daily updated information security news and commentary.

The Internet Protocol Journal published by Cisco Systems. serves as an informational and educational resource for engineering professionals involved in the design, development, and operation of public and private internets and intranets.

InteractiveInfoSec is a very good place for novices to security. The "see a hacker", "Be a Hacker" and "Stop a Hacker" are very good instructionals for those who want to Know the Enemy (thank you, Lance Spitzner).

The Journal of Internet Security provides a DeLiberation Extranet to inform professionals and support discussions of electronic banking and commerce issues.

NewOrder is a resource for people to help avoid being hacked, security and exploiting related files and links.

Rik Farrow's Network Defense columns, from Network Magazines, are archived here.

Open Web Application Security Project (OWASP) is an open source community resource to advance knowledge about web application and web services security issues. Among the many projects, OWASP has produced a Guide to Building Secure Web Applications, and hosts many columns on web application and server security.

Packet Storm claims to be the largest and most up to date library of information security information in the world. Packet Storm is a security resource that provides the mechanism for both the underground and the corporate communities to converge and direct their efforts towards sharing security information.

TechTarget's SearchSecurity.com offers a comprehensive Security specific search engine.

SecuriTeam.comis a security news web site containing all the newest security information from various mailing lists, hacker channels and our own tools and knowledge.

The Internet Security Conference (TISC) is a conference archive and host to the Insight Security newsletter.

Windows & .NET Magazine's Security Administrator section of discusses NT/W2K/XP security issues, tips, and new products. It's a good source for learning the latest NT security breaches and corresponding hot fixes.

SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public. offersThis portal has an large collection of free tools.

SecurityNews.org professes to provide Security News for Security Professionals. In addition to news stories, you'll find links to other security related material.

TALISKER'S NETWORK SECURITY TOOLS PAGE offers a plethora of security tools and software.

The TruSecure white paper library offers a variety of technical, strategic, and non-technical papers on information security.

VPNlabs is an open community for researching, reviewing, and discussing Virtual Private Networks. Find VPN software and VPN news, download free personal firewalls, and troubleshoot your existing VPN solution.

eCrime

The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond (2006)
Crimeware: Understanding New Attacks and Defenses (2008) by Markus Jacobson
Understanding and Countering the Phishing Threat
Online identity theft: Phishing technology, chokepoints and countermeasures
A Call for Action: Report from National Consumers League Anti-Phishing Retreat
Convention on Cybercrime, Council of Europe
Stanford Draft (Sofaer/Goodman)
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants

Security (Overview, General, Opinion)

A Computer and Network Security Primer by Fred Avolio
A Multi-Dimensional Approach to Internet Security by Fred Avolio
A Network Perimeter with Secure External Access by Fred Avolio and Marcus Ranum
Are You Prepared In The Event Of A Disaster? by Mark T. Edmead
Best Practices in Network Security by Fred Avolio
Conducting A Security Audit by Bill Hayes
CSI/FBI Computer Crime and Security Survey at CSI
Cross Platform Security Analysis by Anton Chuvakin
Enough Already, Time to get Serious About Hacking by Marcus Ranum
Event Correlation in Security by Anton Chuvakin
Federal Cybersecurity: Get a Backbone by Marcus Ranum
The Electronic Frontier: The Challenge Of Unlawful Conduct Involving the Use of the Internet (no attribution)
Guarding the Crown Jewels - An Overview of Computer & Internet Security by Curt Wilson
Hammering Out a Secure Framework by Mike Fratto
Have a Cocktail: Computer Security Today by Marcus Ranum
Information Risk Assessment: Practices of Leading Organizations United States General Accounting Office
Log Analysis Resources maintained by Tina Bird and Marcus Ranum
Managing Electronic Records and Evidence by Jeffrey H. Matsuura
Managing security and complexity on a tight release schedule and other high-level ramblings by Marcus J. Ranum
Network 10: The next Y2K problem? by Marcus Ranum
Network Address Translation: Hiding in Plain Sight by Mike Fratto
Protecting Network Infrastructure at the Protocol Level by Curt Wilson
Security Basics Forum at SecurityFocus.com
Selling Security Hype by Marcus Ranum
Social Engineering: The Threat and The Solution by Chris Tobkin
The Sad and Increasingly Deplorable State of Internet Security by Stephen Kent and David Piscitello
The State of Systems Security by Ron Dufresne
Threats, Vulnerabilities and Real-World Responses: The Foundations of the TruSecure Process by M. E. Kabay
What I Worry About by Marcus J. Ranum
Vulnerability Assessment Survey at SecurityFocus.com
Best Practices for Securing Enterprise Networks by Dave Piscitello and Lisa Phifer
Rethinking Network Security by Lisa Phifer

Broadband Local Access & Security

CLECs Should Be Proactive In Security by David M. Piscitello
EtherLECs and Security by David M. Piscitello
Extending the Perimeter: Protecting the Telecommuter and the Road Warrior (Part 1, Part 2) by Fred Avolio
Firewalls & DSL by David M. Piscitello
Host and Network Security in the Internet Age: DSL, @Home, ISDN, etc. by David Dittrich
Residential Broadband Access and the Teleworker: Security Considerations for the IT Manager by David Piscitello
Security and xDSL 4 part series, by David Piscitello
Securing Residential Broadband Connections:The Personal Firewall Approach by Lisa Phifer
Why Metro Area EtherLECs Should (Still) Worry about DDOS Attacks by David M. Piscitello
Security Guidelines for your broadband network Microsoft
The true killer application for broadband local access by Dave Piscitello
Securing the broadband network by Sushilkumar Nahar
Securing the broadband Internet Netscreen

Endpoint Security, Admission Control

PC Disk Encryption: A Lesson Learned and Recommendations by Fredrick M. Avolio
Server vs. Client-based Protection by David Piscitello
Stored File Encryption: Boiled Eggs And Scrambled Data by Phil Carden
Antivirus Resources Core Competence
Spyware Resources Core Competence

Endpoint security and admission control: necessary but not sufficient by Dave Piscitello
Take Stock of Enpoint and Admission Control Now" by Dave Piscitello
Five Steps to Enforcing Your Endpoint Security by Frederick Felman
Wireless endpoint security: Tie up the loose ends by Douglas Schweitzer
Agentless Endpoint Security Brad Feld
What is a blended threat? by Dave Piscitello

Security and the DNS

DNSSEC Security Extensions
BIND news and DNS alternatives by Jeremy Reed
DNS Abuse by !Hispahack
DNS Configuration, Management and Troubleshooting by Joel Snyder
DNS may be giving away your secrets by Rik Farrow
MaraDNS: Working Towards a More Secure DNS by Sam Trenholme
Protecting yourself, hiding your DNS entries a CPIO Project
Secure BIND Template Version 2.1 by Rob Thomas
Securing an Internet Name Server by Cricket Liu
Softpanorama DNS Security Page
Add "Protect Domain Name" To The Security Checklist
DNS Pharming
Is Your Caching Resolver Polluting the Internet?
Anatomy of a DNS DDoS Amplification Attack
It's Time for Enterprises to Take on DNS SECurity
Worrisome Threat of DNS DDoS Attacks
The dark side of name DNS error resolution

Denial of Service (DOS) Attacks

A stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, and others
Internet Denial of Service: Attack and Defense Mechanisms by Jelena Mirkovic, Sven Dietrich, David Dittrich, Peter Reiher
CERT/CC Denial of Service
Understanding Denial-of-Service Attacks
Trends in Denial of Service Attacks
How a 'denial of service' attack works - CNET News
A trinoo/TFN/stacheldraht agent scanner (C source code, BETA) by Dave Dittrich, Marcus Ranum, George Weaver, David Brumley, and others
AntiCode
AntiOnline
Distributed Denial of Service Attacks by Rik Farrow>
Why Metro Area EtherLECs Should (Still) Worry about DDOS Attacks by David Piscitello
How a denial-of-service attack works - Security- msnbc.com
Defending against a Denial-of-Service Attack on TCP
What is a Denial of Service (DoS) attack?
Preventing Denial of Service Attacks
Distributed Denial of Service (DDoS) Attacks/tools by David Dittrich
Egress Filtering by Mark T. Edmead
Egress Routing
Anatomy of an Amplified Distributed Denial of Service Attack by David Piscitello
DNS Distributed Denial of Service (DDoS) Attacks (SAC008)
Future denial of service attacks by Kurt Seifried
Strategies to Protect Against Distributed Denial of Service
Hacker News Network
How to Spot Source Address Spoofing by Rik Farrow
Information on network ingress filtering, RFC 2267
The Worrisome Threat of DNS DDoS Attacks by David Piscitello
Distributed Denial of Service Attacks
Quality of Service for Denial of Service Attack Prevention by Steve Kohalmi, Randy Charland
Network Defense Richard Power & Rik Farrow's archive of Network Magazine columns
Some TCP/IP Vulnerabilities: Weaknesses, attack tools, defenses by David Dittrich
SYN cookies by D. J. Bernstein
The "stacheldraht" distributed denial of service attack tool by David Dittrich
The "Tribe Flood Network" distributed denial of service attack tool by David Dittrich
The DoS Project's "trinoo" distributed denial of service attack tool by David Dittrich
Denial of Service (DoS) Attack Resources

Operating System Security

Linux Security
Center for Internet SEcurity - Linux Benchmarks
Anti-Trojan and Trojan Detection with In-Kernel Digital Signature testing of Executables by Michael Williams
The Linux Security HOWTO Another Paper on Linux Security by Bronc Buster
Basic Steps in Forensic Analysis of Unix Systems by Dave Dittrich
Hacking Linux and How to Stop It by Craig Ozancin
Linux firewalling with ipchains by Vincent Danen
Making UNIX Servers More Secure by Rik Farrow
Secure interprocess communication by D. J. Bernstein
Tuning Solaris for FireWall-1 by Rob Thomas
Linux Security Cookbook - O'Reilly Media
Unix Auditor's Practical Handbook by K. K. Mookhey
Unix Computer Security Checklist
A Linux Security Toolkit
Yo Linux Security Tools
Linux Administrator's Guide
Hacking Linux Exposed
UNIX IP Stack Tuning Guide by Rob Thomas
UNIX Security by guidob

Security (Builds)

Debian Security
Securing Debian - Manual
Debian Linux Security
Debian Security Audit Project
Gentoo Linux Documentation -- Gentoo Linux Security
Gentoo Linux Documentation -- Gentoo Linux Security Advisories
Red Hat Security
Security Features - FedoraProject
Security Quick-Start HOWTO for Red Hat Linux
SUSE Linux Enterprise Security
Ubuntu Security Forums
Security on Ubuntu
The Big Ol' Ubuntu Security Resource - IT Security

A Complete List of Windows Event Identifiers
Cracking User Passwords in Windows 2000
A Starting guide to armoring NT by Lance Spitzner
How to Make Windows 2000 and NT 4 Passwords Uncrackable by Joel Kleppinger
NTBug Traq
NTSecurity.Net
NTToolbox.com
Automated NT Vulnerability Testing by Dave Piscitello
Microsoft Security Bulletins at Microsoft TechNet
searchNT.com
Securing your Operating System: Guidelines for Hardening Windows 2000
A friendly alternative to registry editing by Dave Piscitello
The Microsoft Security Advisor
Security Settings in Windows Server 2003 and Windows XP at Microsoft TechNet
Windows NT Passwords by Bill Wall
Windows 2000 Magazine Online at Microsoft TechNet
Windows 2000 Security Hardening Guide at Microsoft TechNet
Windows 2000: An Early Security Perspective by James Michael Stewart and Ed Tittel
Windows 2000's VPN-Related Security Issues by Lisa Phifer
Windows 2000 Vulnerabilities by Phil Cox
Windows Server 2003 Security Guide at Microsoft TechNet
Stepping up to XP: What to expect at your firewall by Dave Piscitello

Securing XP Desktops: Account and Auditing Policies by Dave Piscitello
Securing XP Desktops: Controlling Local Use and Network Access by Dave Piscitello
Pros and Cons of Windows 7 Security - PC World Business Center
A Guide to Windows 7 Security - PC World Business Center
Windows 7 Security
Windows 7 Security Features
Windows 7 Security Compliance Management Toolkit
Windows 7 Security Enhancements

Wireless LAN Security

Lisa Phifer's WLAN Corner is now hosting the most recent resources, these resources are here for historical purposes. Comprehensive lists of recent wireless and mobility articles by Lisa can also be found at the Core Competence Technology Corner,Wi-Fi Planet ISP-Planet and TechTarget articles lists.

IEEE 802.11 Wireless Standards
IEEE 802.11 TGi Enhanced Security proposals
IEEE 802.1x Port-Based Network Access Control Standards
IETF PPP Extensions WG
Wireless LAN Organization Security White Papers
Bay Area Wireless User Group WiLDing Project
Wireless Anarchy
802.11 Security: Attacks and risks by Bruce Potter and Bob Fleck
All About War Driving
Assessing WLAN Security Threats by Gerry Blackwell
Air Safety by Lisa Phifer
An Initial Security Analysis of the IEEE 802.1X Protocol by Arbaugh, et. al.
Bill Arbaugh's Wireless Security Page
Antennas Enhance WLAN Security by Trevor Marshall
Cigital's ARP Poisoning Paper
Configuring Service Set Identifiers by Lisa Phifer
Consolidation Control Using WLAN Switches by Lisa Phifer
Controlling Wireless LAN Access with 802.1x by Lisa Phifer
Enable 802.1x security in Windows 2000 by Serdar Yegulal
GSM Security Website
Intel's WPA DOS Attack paper
Isolate Your Wireless Network by Dave Piscitello
Large Fat Bloke's 802.11 Page
Locking Down the Airwaves by Dave Piscitello
Microsoft Column on WPA in Windows
Safe WLAN Deployment Checklist by Lisa Phifer
Securing the Small All Wireless Network by Lisa Phifer
Security of the WEP algorithm by Borisov, Goldberg, and Wagner
Security out of Thin Air by Dave Piscitello and Lisa Phifer
Sniffing the Air for Trouble by Lisa Phifer
Stopping WiFi Intruders by Lisa Phifer
Talisker WLAN Security Tools List
Ten Common Questions (and Answers) about Wireless LANs by Lisa Phifer
The Myth of Hiding SSIDs by Robert Moskowitz
The X Factor by Diana Kelley
Tools and Tactics for Safer WLAN Deployment by Dave Piscitello
Understanding Wireless Antennas, (Part I) , (Part II) by Lisa Phifer
Unofficial 802.11 Security Web Page by Bernard Aboba
Weaknesses in the Key Scheduling Algorithm of RC4 by Fluhrer, Mantin, and Shamir
Wi-Fi Planet
Wi-Fi Protected Access Q and A
Wireless ARP Poisoning by Robert Fleck
Wireless in the Enterprise index of TechTarget WiFi articles
WLAN Hotspot Best Practices by Dave Pollino
Wireless Security: A Contradiction in Terms? by Rik Farrow
WLAN security checklist by Brian Clark
Your 802.11 Wireless Network Has No Clothes by Arbaugh, et. al.

Application Stream Hacking, Application Security, Application Protection

A Semantic Attack on URLs by Bruce Schneier
Advanced SQL Injection by Chris Anley
Blind SQL Injectionby Kevin Spett
Blocking Instant Messaging by David Piscitello
CGISecurity's Web Application Document Library
Creating Arbitrary Shellcode in Unicode Expanded Strings by Chris Anley
Exploiting and Protecting Oracle by Pete Finnigan
External Operating System Commands: Backdoor or feature? Hacking with SAP R/3 by Stefan Hoelzner
HTML Form Protocol Attack by Jochen Topf
Hackproofing Oracle Application Server by David Litchfield
Hackproofing Lotus Domino Web Server by David Litchfield
Introduction to LDAP Security by Sacha Faust
FAQ: SQL Injection Attacks Byron Acohido
Oracle Security papers (collection of 65) by Pete Finnigan
Securing the Apache Web Server by Rik Farrow
Security and Peer-to-Peer Applications by Dave Piscitello
Session Fixation Vulnerability in Web-based Applications by Mitja Kolsek
SQL Injection and Oracle, (Part I), (Part II) by Pete Finnigan
The Importance of Application Security by Matthew Levine
Where is Application Protection best applied? by Dave Piscitello
URL Encoded Attacks: Attacks using the common web browser by Gunter Ollmann
Web Application and LDAP Injection by Sacha Faust
Application Proxies Watchguard Technologies
Application Layer Protection by Andrew Conry-Murray
Application Security - Next Layer of Protection by Keith Pasley
Web application security fundamentals Microsoft
Application Layer Filtering (ALF) by Deb Shinder
Improving Web Application Security MSDN
Secure a web application, Java style by Michael Cymerman

Web Server Security

Affordable Web Server Vunlerability Assessment by Dave Piscitello
How to Harden Your Microsoft Web Server (Basics) by Dave Piscitello
How To Secure MS Internet Information Server at Security Wizards (secwiz)
IIS Security and Programming Countermeasures by Jason Coombs
OWASP Guide to Building Secure Web Application and Web Services
Penetration Testing for Web Applications (Part I,Part II, Part III) by Jody Melbourne and David Jorm
Prevention of the OWASP Top 10 in PERL by Daniel Goscomb
Review: Syhunt Web Security Suite by Dave Piscitello
Web Access Security by Chris King
Web Application Security by Eren Reschef, Perfecto Technologies
About Applications Microsoft IIS

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

The Security Skeptic