Information System Security Links 

Frequently Asked Questions (FAQ) A FAQ is a summary document written by knowledgeable individuals for a particular topic and it contains commonly requested information about the topic.

• Compromise
• Security Patches
• SGI Security FAQ
• Sniffer
• Vendor Contacts
• Applet Security
• Setup of Anonymous FTP
• Internet Firewalls
• Java Security
• Kerberos
• MIME Object Security Services (MOSS)
• Pretty Good Privacy (PGP)
• Riordan's Internet Privacy Enhanced Mail (RIPEM)
• Secure Shell (Ssh)
• World Wide Web (WWW) Security

Security Advisories A number of groups from around the world provide information about security vulnerabilities and methods to remove or reduce the danger of particular vulnerabilities for different computer operating systems. This page contains references to advisories from various different organizations .

• 8lgm Advisories
• AUSCERT Advisories
• Bugtraq Archives
• CERT Advisories ( Searchable Index )
• CIAC Bulletins
• DFN-CERT
• Linux Security Alert from Linux Emergency Response Team.

General Topics Many articles have been written about various topics in computer and network security that have been published on the Internet.

• Single Documents
  • CERT Coordination Center Generic Security Information
  • NIST Special Publication 800-12, An Introduction to Computer Security
  • Object Management Group (OMG) White Page on Security
  • Selecting Good Password
• Collections of Documents
  • Articles by NIH Authors
  • CIAC Documents
  • The Cryptography Project
  • FIRST Security Papers
  • Information Warehouse! Technical Publications
  • Miscellaneous Security Papers (ftp)
  • Raptor Systems Security Library
  • Online Rainbow Series Books

Specialized Topics Many articles have been written about various topics in computer and network security that have been published on the Internet.

• Java

  • Java Applet Security:Sockets
  • Java Security
  • Java Security:From HotJava to Netscape and Beyond
  • Low Level Security in Java
  • Security in Java

• Network

  • Internet Spoofing Reference
  • Packet Filtering for Firewall Systems
  • Securing NIS
  • Security in a Public World:A Survey
  • Things that Go Bump in the Net

• PGP

  • PGP:The Privacy Wars
  • PGP:a Nutshell Overview

• Unix

  • An Architectural Overview of Unix Network Security
  • Crash Course in X Windows Security
  • How to improve Security on SunOS 4.1.3
  • Improving the Security of Your Site by Breaking Into it
  • On the (in)Security of the Windowing System
  • Securing X Windows
  • UNIX Computer Security Checklist from AUSCERT
  • X Windows Security

• Windows NT

  • Security of Windows NT Server
  • Understanding Virus Behavior in the Windows NT Environment
  • Windows NT Security
  • Windows NT Security Issues

Newsletters There are some magazines available online that provide timely information about computer security.

• Computer Incident Advisory Capability (CIAC) Notes
  features information about computer security threats for Macs, PCs, Unix systems as well as other systems.
• Cipher Newsletter
  A Newsletter of the IEEE Committee on Security & Privacy provides a wide range of information of current news in the field.
• Netsurfer Focus
  The newsletter focuses on areas of interest to a netsurfer. Several past issues have featured information on various areas of computer security.
• Secure News
  A Newsletter for Data and System Security from Innovative Security Products features information on current events.

Security NewsGroups USENET newsgroups can be useful to obtain current information of a specific topic. Some newsgroups are a better source of information than others.

• alt.disasters.planning
• alt.hackers
• alt.security
• alt.security.alarms
• alt.security.keydist
• alt.security.pgp
• alt.security.ripem
• alt.security.tscm
• comp.os.netware.security
• comp.protocols.kerberos
• comp.risks
• comp.security.announce
• comp.security.firewalls
• comp.security.misc
• comp.security.pgp
• comp.security.unix
• comp.virus
• info.firewalls-digest
• misc.security
• sci.crypt
• sci.crypt.research

Computer Security Organizations A number of computer security organizations exists that provide information to the public or to their members.

• 8LGM
• American Society for Industrial Security
• Canadian Society for Industrial Security
• CERT Coordination Center
• Communications Security Establishment
• Computer Security Institute
• Electronic Frontier Foundation
• Forum of Incident Response and Security Teams (FIRST)
• FIRST Member Security Teams
• Information Systems Security Association (ISSA)
• International Association for Cryptologic Research
• Italian Computer Antivirus Research Organization
• National Computer Security Association
• National Security Institute

Organizations with Computer Security Subgroups:

• Internet Engineering Task Force (IETF) Security Working Group

Security World Wide Web (WWW) Sites This page contains pointers to WWW sites that provide information about computer security. The sites are organized by topic.

• General Topics

• Alex Security Links
• bsy's Security Related Net-pointers
• CERT Coordination Center
• CIAC Security Web Site
• COAST Home page
• Computer Security Resources from National Security Institute (NSI)
• Cypherpunks
• Cryptorebel and Cypherpunks by Vince Cate
• IETF Security Working Groups
• Internet Security A Library of Congress Internet Resource Page
• Linux Security
• Microsoft Internet Security Framework
• Network/Computer Security Technology
• Netsurfer Focus:Computer and Network Security
• Network Security Page from Centre de Recherche Public Henri Tudor, Luxembourg ( Abbreviated form )
• NIST Computer Security Resource Clearinghouse
• Oxford University---Computer & Information Technology Security
• Pilot's Network Security Guide
• SAIC Security Library
• Security from Einet Galaxy
• Security, Computers & Combinations Thereof by Stefan Petersson of Chalmers University of Technology, Sweden
• Security Advisories
• Security and Cryptography from Sirene Pointers.
• Security FAQs
• Security Documents
• Security Programs
• Security Reference Index from Telstra Corporation, Australia
• Security-Related Files by Szymon Sokol of Stanislaw Staszic University of Mining and Metallurgy, Poland
• Silicon Graphics Security Headquarters
• Spaf's Hotlist--Computer Security
• The Üebercracker's Security Web (You'll need a browser that support HTML 3.0 to view this page.)
• The Vantage
• Yahoo's Security and Encryption
• Archive of Information Security
• Bill Wall's Security Links
• BSY's Resources
• CIAC - Security Tools
• COAST Hotlist:Computer Security, Law & Privacy
• Computer and Network Security Reference Index
• Computer Virus
• Counterpane Crypto Links
• Crypto Survey - Foreign Products
• Digital Signature Links
• Documents about Email Security and Public Key Infrastructures (PKI)
• Dudley's Security Index
• Electronic Payment Schemes
• Galaxy TradeWave Security Links
• Hacker Security Links
• Hackers by Nerd World Media
• Hacking Links
• IDI's Internet Links Concerning Security
• Information Security Archive
• Information Security Institute
• Intellectual Property Links
• International Cryptography
• International Crypto FTP Sites
• Internet Security Links
• ISDN&EDI Lab. Research Parts !!
• Jim Ebright's Network Security Homepage
• Jim Gray's Page of Links
• KARL:The Official Kaplan's AuditNet Resource List
• The Laboratory for Information Security
• Links to Other Security Related Sites
• Matt's Unix Security Page
• Mez's Web Security References
• National Computer Security Association (NCSA)
• Neil's Security and Privacy Resources
• Network/Computer Security Technology
• Network Security Web Page
• NIH Unix Security Information
• NIST Computer Security Resource Clearinghouse
• Outside Information Security Links
• Penn Computing - University of Pennsylvania
• PGP and Encryption Resources
• Security and Cryptography
• Security and Encryption Resources and Links
• Security and Hackerscene
• Security Info
• Security Related Links
• Security Solutions Online
• Security Vendor Links (NCSA)
• Security World Wide Web (WWW) Sites
• Shortcut to Cryptography
• Security Server
• SINUS Security Related Links
• Spaf's Hot List
• Squirrel.com Home Page
• Telstra - Computer and Network Security Reference Index
• TNO Physics and Electronics Laboratory
• UK Internet Security Directory
• W3C Security Resources
• Warinet Haven
• Weitse's Tools and Papers
• What's New on Computer Security Pages
• World Wide Web Links to Anti-Virus Software & Sites
• World Wide Web Links to Cryptographic (PGP) Software & Sites
• World Wide Web Links to Government, Military, Intelligence & Law Enforcement Sites
• WWW Security Links
• Yahoo Security Resources
• 1997 RSA Security Solutions Catalog

Specialized Topics

• Cryptography
  • Crypto-Log:Internet Guide to Cryptography
  • Cryptography and Security
  • Cryptography, PGP, and Your Privacy
  • Electronic Frontiers Houston:Pretty Good Privacy Workshop
  • Information about RIPEM
  • International Cryptography Pages
  • The International PGP Home Page
  • Pointers to Cryptographic Software
  • Quadralay's Cryptography Archive
• Electronic Commerce
  • Electronic Commerce from Sirene's Pointers
  • iWorld's Guide to Electronic Commerce
  • W ³ C Electronic Payments
• Firewalls
  • Firewalls
  • Index of firewalls mail list information
  • Listing of Commercial Firewall Products
  • The Rotherwick Firewall Resource
• Java
  • Security on Java Resources
• Kerberos
  • Kerberos by Nair Venugopal of University of Tennessee
  • Kerberos:Authentication for computer networks
  • Kerberos Information and Help by Lenny Miceli of SUNY at Buffalo
  • Kerberos Reference Page by Derrick Brashear of CMU
  • Kerberizing the Web
  • SESAME
  • State of Macintosh Kerberos Authentication
• Steganography
  • Steganography
  • Steganography (Hidden Writing)
• Viruses
  • Computer Viruses
  • Computer Viruses and Security
  • IBM Computer Virus Information Center
  • Italian Computer Antivirus Research Organization
  • Macintosh Virus Information
  • Monkey Shines Virus Web Page
  • The Original J and A Computer Virus Information Page
  • Symantec Anti-Virus Reference Center
  • Virus Bulletin
• World Wide Web (WWW)
  • CERN HTTP Server as a proxy
  • CGI Security
  • Kerberizing the Web
  • Mosaic Security Issues
  • NCSA HTTPd:Security Concerns on the Web
  • NCSA httpd/Mosaic:Using PGP/PEM authentication
  • Netscape:On Security
  • TIS - Security and the World Wide Web
  • W ³ C Security Resources
  • Writing Secure CGI Scripts
  • WWW Security

Other Archives and General Information Security Sites

• InfoSEC Technologies maintain a good site with an extensive collection of information security resources and a reference library .
• Another excellent site for information security is the Computer Crime & Investigations Center maintained by Duncan Kinder .

Computer Crime

• Various information sources are available through the Computer Crime Research Resources .
• The Computer Professionals for Social Responsibility (CPSR) maintain a Computer Crime and Legal Resource Directory .
• The National Fraud Information Center provides timely information on Internet fraud scams including a Daily Fraud Watch .
• Douglas Kieso maintains a White-Collar Crime Links page including topics on computer crime.

Intruders, Intrusions and the Computer Underground

• Crime on the Internet is part of a multimedia encyclopedia concerning computer crime.
• A U.K. based site with articles and commentary on Committing Computer Crimes maintained by Mr. Ronald Thwaites, Q.C..
• The Computer Underground Society provides newswire information on computer crime .
• Fringe Groups
• The Portland Anarchists Web contains many articles concerning technology and anarchy including information warfare.
  

Investigation Techniques

• The FBI's National Computer Crime Squad has a site on the World Wide Web.
• The Royal Canadian Mounted Police maintain a web site which include Information Technology Security Publications .
• Kevin Mason maintains the "Cybercop" web page.
• Homepage for the High Tech Crime Investigation Association (HTCIA) .

Cryptography, Cryptanalysis and Steganography

• Ross Anderson provides information and papers on crypto systems.
• The Government of Canada's Communications Security Establishment provides information technology security for the government of Canada including documentation on various topics such as risk assessment, certification and Internet security.
• Cryptography in Europe contains an extensive collection of links to information pertaining to Europe and individual countries.
• DigiCash Publications page contains numerous articles, press releases and tutorials related to electronic money and privacy.
• Sherry Mayo maintains a Cryptography and PGP Page with information concerning general cyrpto and Australian issues.
• Quadralay's Cryptography Archive has an excellent selection of links and information on a wide range of topics.
• RSA has a home page for software downloads, crypto publications and developer's information.
• Matt Thomlinson's Assorted Cypherpunk Topics provides links to various cypherpunk information including Clipper, digital cash and PGP.

Information Warfare

• Captain James E. Craig maintains links to information warfare interest sites (high graphic content).
• The College of Aerospace Doctrine, Research, and Education publishes the AirPower Journal which contains articles on Information Warfare among other topics.
• Winn Schwartau's infowar.com site has many articles and references pertaining to information warfare and other information security topics.
• Information Warfare, I-War, IW, C4I, Cyberwar from the Institute for the Advanced Study of Information Warfare
• The National Defense University publishes the McNair Paper and the Strategic Forum with occasional articles on information warfare. A search engine for all of the NDU's publications is available.
• Portland Anarchists Web maintains the Netwars Page with links to information warfare documents and sites.
• RAND publishes Electronic Documents and Issue Papers covering information warfare and other topics.
• Warinet Haven also provides pointers to information warfare documents on the net.
  

Legal General legislative information, including pending bills in the U.S. Congress, is provided by: THOMAS . Several on-line law journals provide excellent resources for information on legal issues for computer and networks, both criminal and civil. These include:

• The University of Richmond's Richmond Journal of Law & Technology .
• Federal Communications Law Journal published by the Indiana University School of Law and the Federal Communications Bar Association specializing in Telecommunication Law.
• Journal of Information, Law and Technology from Strathclyde University and the University of Warwick.
• The Journal of Law and Information Science in Australia.
• The Journal on Online Law.
• The Web Journal of Current Legal Issues , a U.K. based legal journal.

Also, there are several law centers and institutes maintaining sites:

• Centre for Law, Computers and Technology with the Law School of the University of Strathclyde.
• The University of Durham's Centre for Law and Computing .
• State Bar of Georgia Computer Law Section provides a website on Net Ethics .
• Tilburg University in the Netherlands hosts the Centre for Law and Informatization .
• Cyberspace Law Institute - a virtual institute.
• Norwegian Research Center for Computers and Law with the University of Oslo.
• UCLA Online Institute for Cyberspace Law and Policy .
• A U.K. based site with articles and commentary on Computer Law maintained by Mr. Ronald Thwaites, Q.C..
• The Intellectual Property Magazine provides timely articles on high tech issues in IP.
• Steptoe & Johnson provide articles on various legal aspects of information technologies.

Information Security in the Medical & Healthcare Industry

• Ross Anderson has published several papers on the Internet concerning Security of Medical Information Systems .
• The Journal of Informatics in Primary Care is a U.K. based journal which publishes articles on information security among other topics.
• Computer-Based Medical Records and Privacy lists 30 titles on technical, security and privacy issues related to online records which can be ordered though the National Technical Information Service .
• The Center for Democracy and Technology provide information on Health Information Privacy Issues .

Methods and Implementations

• CERT is an excellent resource for information on Internet security including an advisories ftp site detailing specific vulnerabilities and available fixes.
• Information on U.S. Government policies for classified information security can be found at the Automated Information Security Policy Review Team (AISPRT) site.
• MCI's Security Engineering web site has general security information and resources.
• National Computer Security Association (NCSA) provides information on viruses, firewalls, web security and more.
• The U.S. Navy's Computer and Telecommunications magazine Chips has many articles dealing with the implementation of security in the Navy's computer systems.
• The European Commission's Secure European System for Applications in Multi-vendor Environment (SESAME) project has information on the system, documentation and a download site for source code.

Misc

• The Center for Decision Support at Idaho State University maintains the Information Security Library .
• The Emergency Response & Research Institute (ERRI) provides law enforcement, fire and emergency services with online information including Computer and other Technology Threats .

Privacy

• Ross Anderson publishes information and papers on Privacy and Freedom Issues .
• The Computer Professionals for Social Responsibilities provide information on many security related topics including privacy.
• The Electronic Freedom Foundation has an extensive archive covering all aspects of privacy and related subjects.
• The Electronic Frontier Ireland promotes digital communications and right of use and privacy.
• The Electronic Privacy Information Center is involved in many privacy aspects and provides up-to-date information on topics such as key-escrow, legislation and more.
• The European Commission Legal Advisory Board provides a Data Protection and Privacy page with references to EU regulations and directives and member country information.

Protocols and Standards

• The U.S. Department of Commerce's National Institute of Standards and Technology maintains the NIST Federal Information Processing Standards site with text in various formats for federal standards, many crypto related.
• RSA Data Security, Inc. has an excellent site for cryptography standards including S/MIME, SET, SWAN, PICA and PKCS.

Virus and other Malicious Code

• David Harley maintains a Virus FAQ site that includes the alt.comp.virus and Viruses and the Macintosh FAQs.
• Data Fellow's (the creator's of F-PROT) have a large collection of virus information, software and databases.
• Galaxy's Computer Viruses and Security provides general information on malicious code.

Security Programs

Below is a list of software used to improve security of computers. At this time most of software is for Unix operating system but a number of these programs have non-Unix versions.

Authentication and Encryption Programs :

Below is a list of programs improves the authentication and/or provides encryption. Authentication is a system used to verify the identity of an entity. An example of the use of authentication is a typical login session. Encryption is the method of secure data by making the information unreadable unless the correct key is known. A password file on Unix systems is an example of the use of encryption.

Kerberos

Kerberos is an authentication system used to protect unsecurity networks. (Export restricted)
Availability:anonymous ftp at athena-dist.mit.edu Additional Info: Kerberos Reference Page

 

MD5

MD5 is a hash function using to the authenticity of a file.
Availability:anonymous ftp at rsa.com Additional Info: RFC 1544 , www.rsa.com

 

MIME Object Security Services (MOSS)

It is an extension of Multi-purpose Internet Mail Extensions (MIME) that provides authentication, integrity, and confidentiality of an email message. (export restricted)  Availability:anonymous ftp at ftp.tis.com Additional Info: MOSS FAQ

 

OPIE

This software provides the ability to generate and use one time passwords. Related tools are also available for Windows, DOS and Mac. Availability:anonymous ftp at ftp.nrl.navy.mil

 

PGP

Pretty Good Privacy (PGP) protects documents such as email from unauthorized reading using public key encryption. (Some versions are export restricted)
Availability:USA and Canada--anonymous ftp at www.eff.org or via web form
Availability:International-- anonymous ftp at ftp.ifi.uio.no Additional Info: Cryptography, PGP, and Your Privacy

 

RIPEM

Riordan's Internet Privacy Enhanced Mail (RIPEM) improves the security of email by verifying the authenticity of the message sender among other things. ( Export restricted)
Availability:anonymous ftp at ripem.msu.edu Additional Info: Information about RIPEM

 

SKey

S/Key generated one time passwords to gain authenticated access to computer hosts.
Availability:anonymous ftp at thumper.bellcore.com or www.first.org

 

SSH

SSH (Secure Shell) is an enhance versions of rlogin , rsh and rcp that provides RSA authentication and encryption of communications as well as many other security improvements. This program has export restrictions for US, France, Russia and possibly other countries!
Availability:anonymous ftp at ftp.cs.hut.fi
Additional Info: Ssh (Secure Shell) Home Page or Ssh FAQ