|
|
|
A good library of textbooks certainly helps keeping your knowledge up to date and your mind sharp, but nothing can beat the up-to-date-ness of a website. To be concerned with IT Security is to be concerned with IT vulnerabilities, available patches, viruses and worms and their reproduction patterns and available countermeasures. Being right into the game requires the alertness to be continuously up to date of what is going on in the field. The links below can prove to be valuable tools:
| Name | Description | Link |
| CERT | CERT/CC is the first and most well known computer security incident response team. The institute is a non-academic unit of Carnegie Mellon University and is funded by the U.S. Department of Defense. Subscribe to its mailing list for advisories and bulletins, however, these are usually almost obsolete and far too few. | http://www.cert.org/ |
| Security Tracker | A portal site listing newly found security vulnerabilities from different sources. A must to verify if the versions of applications, operating systems or appliances you are using have security vulnerabilities. This site is much more detailed and up to date than CERT/CC and also features an RSS feed. | http://www.securitytracker.com/ |
| Secunia | Danish security company issuing security warnings for popular applications and operating systems. They have a mailing list, RSS feed and issue security advisories. | http://secunia.com/ |
| SecurityFocus | A portal site on IT Security, hosting the famous Bugtraq mailinglist, where vulnerabilities are posted as they are discovered. Be sure to certainly check out http://www.securityfocus.com/infocus/basics too, which gives an excellent primer on IT Security basics. | http://www.securityfocus.com/ |
| The SANS Institute | The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. It is one of the primary educational institutes focused on IT Security. Linked with GIAC for Security Certification. SANS trainings aren't cheap in all respects. | http://www.sans.org/ |
| Counterpane | Counterpane is Bruce Schneier's company (see also his book Secrets and Lies in the literature section). Be sure to check out the Crypto-Gram newsletter. Very worthwhile cryptographer's view on Security in the broadest sense. | http://www.counterpane.com/ |
| Reger24.de | Contains a detailed and well explained list of often encountered Windows processes. This can be a great aid to verify if any undesired processes are running on a machine. | http://www.reger24.de/ |
| AnswersThatWork.com | Another good list of windows processes | http://www.answersthatwork.com/ |
| ComputerCops | Paul Laudanski's IT Security portal site. Interesting newsgroups and tools section. | http://www.computercops.biz/ |
| Pedestal WebScan | An ActiveX component that scans your machine settings for security risks and which advises more secure settings. | http://www.pedestalsoftware.com/ |
| von Braun Consultants and Simovits Consulting | A list of often used ports used by Troyan horse programs, with links to the troyan's description pages. | http://www.simovits.com/ |
| CERT Secure Coding Portal | A CERT portal site, containing numerous documents on secure application development techniques for C, C++ and Java. | http://www.cert.org/secure-coding/ |