Up ] [ Link Farm ]
Reload ] [ Top ]
  Security (InfoSec)  

Security Sources - Public

www.sans.org - SANS - best practices and training - Steve Northrup
Incidents news by SANS
www.cert.org - CERT in Pittsburgh
Open Vulnerability and Assessment Language
Sarah from DAG
Next Generation Security Software (commercial) - forked from CERT over early disclosure to 'preferred' paying customers
Cerias - Purdue
SecurityFocus (the former Bugtraq mailing list)
http://www.first.org - First
Open Web Application Security Project (local copy - A Guide to Building Secure Web Applications and Web Services), (local copy - The Ten Most Critical Web Application Security Vulnerabilities)

NIST - Practice Checklist and Implementation Guides
NIST - Special publications
NSA - Security Configuration Guides
www.us-cert.gov - Department of Homeland Security
The Six Dumbest Ideas in Computer Security

Mitre CVE List - All Vendors - lookup
http://www.giac.org/cert.php - giac - Global Information Assurance Certification (part of sans) - with downlinks to their practicals
http://www.giac.org/study_guides.php - giac - study guide farm
http://csrc.nist.gov/pcig/cig.html - NIST checklists direct
Center for Internet Security
www.nstissc.gov/index.html - Committee on National Security Systems (former National Security Telecommunications and Information Systems Security Committee)
Mitre - CVE

non-organizational

Security Focus
insecure
Security Tracker
Securi Team
'ast a la vista/ be be

Security Sources - Private

- Vendor-Sec ML

Tools

arpwatch
The Coroners Toolkit - Farmer and Wietse
dsniff - Dug Song tools
ethereal visualization
ettercap packet dissection and sniffing
John the Ripper - child of Jack - Password brute forceing
Libnet - packet foundry
Columbia U tools compilation
lsof
md5 precomputes - presently a-z;0-9 [8] - soon a-z;A-Z;0-9;symbols [7] and 0-9 [13] as well as complete LM
netwib - packet manipulation libraries, netwox - tui toolbox, and netwag network testing toolbox - graphical front end to netwox
tcpdump - the granddaddy

acid - Analysis Console for Intrusion Databases
nagios - network outage monitoring
Nessus - network vulnerability scanner and inventory
nmap - network port mapping tool
ntop- network traffic probe and visualization
Open NMS - Network management system
OSSIM - Security Infrastructure Monitor - Snort, Acid, Mrtg, NTOP, OpenNMS, nmap, nessus and rrdtool integration (also Jensen Consulting R & D)
mrtg and rrd - network flows logging tools
Snort - pattern matching network intrusion detection system - a nids
Prelude Hybrid Intrusion Detection System
Bro IDS - demoed at SC03 conference

tcpdump - (with pcap)
tcp wrappers - Wietse
tripwire - see also: AIDE, radmind

Network Security bootable ISO toolkit

Reference analysts

Fydor's top 75
PacketStorm
SecurityFocus - test exploits and vendor lookup
Open Source Vulnerability Database
Sun - administrator reference links
SAGE newsletter

Vendors

http://www.pine.nl Netherlands (pretty and well written services list) -

Lab standards

ISO 17025

Bogon compilation
BGP whois
Anit Singh from the trenches

http://seclists.org/lists/nmap-hackers/2003/Oct-Dec/0003.html Top 75 tools: http://www.insecure.org/tools.html Second tier tools: http://lcamtuf.coredump.cx/p0f.shtml - p0f - passive OS fingerprinting Fydor also has a good list of topic mailing lists at: http://seclists.org/

Other Voices

Live CD compilation
Windows toolkit article
Windows password bypass tool
'Fire' - bootable ISO variant of the foregoing
Inside - bootable recovery ISO (w rsync)
Captive - NTFS - RW under Linux
ReactOS - OSS Graphical Windows-like OS which is compatible with Windows NT applications and drivers
System Rescue CD
Belgian Federal Computer Crime Unit - computer forensic investigator (bootable ISO)
RSA SecurID site
SleuthKit

 
Valid HTML 4.0!
  Site search:  
    
    
 
 Modified: Mon, 16 Oct 2006 14:28:30 -0400
Copyright © 2017 R P Herrold
http://herrold.com/security/