Information Security
Security Resource Links
I STRONGLY recommend frequent backup of critical files using a utility like Zip Backup to CD. (Note this is not a University endorsement of a particular product, but a professional recommendation).
Advanced Encryption Standard (AES) Development Effort
Advanced Laboratory Workstation System
The ALWS, Center for Information Technology, National Institutes of Health. With links to Linux and other computer security information.
"AntiOnline, one of the most respected and visited information security portals on the internet, is an internationally renowned computer security firm with an unmatched record of tracking computer hackers. We provide very focused content to our users which means that we're able to provide very targeted users to you."
"A global leader in Internet content security, developing enterprise solutions for Internet use and access, software protection, authentication and electronic software distribution. "
"AXENT Technologies, Inc. a global leader in information security, provides e-security solutions that maximize its customers' business advantage. Also conducts a series of Web seminars that focus on computer security issues."
"This page features general information about computer security. Information is organized by source and each section is organized by topic. See the Table of Contents for a more detailed look at the organization of this site."
"The CERT® Coordination Center (CERT/CC) is a center of Internet security expertise. It is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. "
The Center for Security Policy
"The Center for Security Policy exists as a non-profit, non-partisan organization to stimulate and inform the national and international debate about all aspects of security policy, notably those policies bearing on the foreign, defense, economic, financial and technology interests of the United States."
"A worldwide leader in securing the Internet. As Tier-1 provider of IP-based e-business infrastructure, Internet security is a core component of our Web Hosting, IP Telecom, Managed Connectivity, and Managed Security service offerings."
Computer Operations, Audit, and Security Technology (COAST)
"COAST-- Computer Operations, Audit, and Security Technology -- is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. We focus our research on real-world needs and limitations, with a special focus on security for legacy computing systems. "
"The Common Criteria represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community. "
Computer Incident Advisory Capability
"CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. This central incident handling capability is one component of all encompassing service provided to the DOE community. The other services CIAC provides are: awareness, training, and education; trend, threat, vulnerability data collection and analysis; and technology watch. This comprehensive service is made possible by a motivated staff with outstanding technical skills and a customer service orientation. CIAC is an element of the Computer Security Technology Center (CSTC) which supports the Lawrence Livermore National Laboratory (LLNL). "
Computer Security Resource Center (CSRC) - NIST
"This site contains information about a variety of computer security issues, products, and research of concern to Federal agencies, industry, and users. This site is operated and maintained by NIST's Computer Security Division as a service to the computer security and IT community."
Computer Security Lab at UC Davis
"Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional. Since 1974, CSI has been providing education and aggressively advocating the critical importance of protecting information assets. CSI sponsors two conference and exhibitions each year, NetSec in June and the CSI Annual in November, and seminars on encryption, intrusion management, Internet, firewalls, awareness, Windows and more. "
"This web page provides daily selections of news and other information pertaining to computer/network security. The page is designed to allow busy professionals to browse each day's new information in 10 minutes or less. No claim is made that this is an exhaustive source for all developments in the security field; instead, access is provided to the kind of quick, daily updates that we believe the majority of readers will find most useful."
Computer Security Technology Center
"Located at the Lawrence Livermore National Laboratory, the CTSC provides solutions to U.S. Government agencies facing today's security challenges in information technology. We maintain information protection core-competencies through high-tech, integrated INFOSEC incident response, product development, and consulting services. "
"Counterpane Internet Security, Inc. provides a full range of dynamic Managed Security Monitoring services that enable safe e-business. The Company's innovative services are centered around a global network of Secure Operations Centers, staffed by teams of expert security analysts and backed by the most current intelligence resources. "
"An IT focused knowledge site with information on a variety of topics including Security."
"Rick Smith's site for information on texts, lectures and other infomration on data security."
Deakin University ITS Security
"University security site with an excellent review and presentation of the German IT Baseline protection manual. Additional security links."
Disaster Recovery Information Exchange
"eSecurityOnline.com LLC is a security organization dedicated to providing corporate security professionals with the knowledge and resources needed to help protect all of their data, applications, operating systems, networks and devices. (branch of Ernst & Young)"
Electronic Privacy Information Page (EPIC)
"EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. EPIC works in association with Privacy International, an international human rights group based in London, UK and is also a member of the Global Internet Liberty Campaign, the Internet Free Expression Alliance, the Internet Privacy Coalition, the Internet Democracy Project, and the Trans Atlantic Consumer Dialogue (TACD)."
"F-Secure is a leading strategic provider of powerful data security solutions. Customers in nearly every industry, both private and Government, rely on our products to secure information. F-Secure supports businesses with a broad range of centrally managed and widely distributed best-of-breed data security applications built on a highly scalable management infrastructure. "
Federal Best Security Practices
"The Security Practices Subcommittee (SPS) of the CIO Council has designed this web site primarily as an educational resource for Federal security professionals. A best security practice (BSP) is a existing method, proven effective and validated by actual experience, that people use to perform a security-related task."
"This is a large collection of papers about various different computer security issues. These papers were originally a part of Forum of Incident Response and Security Teams' (FIRST) 1994 Security Tools and Techniques CD-ROM. "
"Security and Disaster Recovery Software and Information from an InfoWorld columnist."
"Compiled by the VPN Mailing List and Richard Smith's book."
"I am an independent security consultant. The works on this site were developed by me for free in my free time."
"ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information. The ICAT Metabase is a product of the Computer Security Division at the National Institute of Standards and Technology."
IEEE Computer Society Technical Committee on Security and Privacy
"The site for security professionals. It is a library of security information with articles, new products, reviews, tests, the latest news and links to all the leading vendors. Visit the site regularly and you'll find it a valuable resource for any aspect of computer security information. "
Information Management and Computer Security
"It is now understood that there are two keys to effective computer use. One is managing the information. The other is ensuring that information remains secure. Information Management & Computer Security tackles these two closely-related issues succinctly and proficiently. Authoritative, practical information presented in a lively, non-technical style. "
Information Systems Security Association
"The Information Systems Security Association (ISSA) is a not-for-profit international organization of information security professionals and practitioners. It provides education forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members."
International Information Systems Security Certification Consortium
"(ISC)², Inc. is an international certification consortium with headquarters based in the United States. Formed in mid-1989, the International Information Systems Security Certification Consortium or (ISC)² was established as a nonprofit corporation to develop a certification program for information systems security practitioners. "
"Atlanta-based security software, hardware and services vendor."
"Information Security Standards developed by the German Bureau of Information Security BSI(Bundesamt für Sicherheit in der Informationstechnik)."
"ITL Bulletins are published by NIST's Information Technology Laboratory, with most bulletins written by the Computer Security Division. These bulletins are published on the average of six times a year. Each bulletin presents an in-depth discussion of a single topic of significant interest to the information systems community. There is a link provided on this page to get non-computer security ITL Bulletins."
"Author of the popular series 'Know your enemy'. Provides information on security issues including firewalls."
"A Startup Linux information site with hacker FAQs on Linux security."
National Colloquium for Information Systems Security Education
"The National Colloquium for Information Systems Security Education (the Colloquium) is established to serve as a living body to bring government, industry, and academia together to meet the challenges of bringing information security and assurances into higher education. "
National Information Assurance Partnership (NIAP)
"The National Information Assurance Partnership (NIAP) is a U.S. Government initiative designed to meet the security testing, evaluation, and assessment needs of both information technology (IT) producers and consumers. NIAP is a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under Computer Security Act of 1987."
"The National Security Institute's website is the premier Internet resource for the security professional. The site features industry and product news, computer alerts, travel advisories, a calendar of events, a directory of products and services, and access to an extensive virtual security library."
National Infrastructure Protection Center (NIPC) of the FBI
"Serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response."
"NetGuard is a worldwide leader in providing security solutions to meet the current and future security needs of enterprises. NetGuard develops and markets innovative products designed to secure data communications, enhance productivity and support network security policies. "
"Link provides information on Nmap as well as links to other security information Nmap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), and TCP/IP fingerprinting (remote host operating system identification)."
NSWC Information Assurance Security
"US Naval Surface Warfare Center's Information Security Division."
"A Mac-based Internet Protection Software for PCs"
"In 1997, a group of security professionals recognized that leading edge companies were moving towards e-business, and those companies would be exposed to a whole world of new Internet threats. Knowing that the types of attacks were continuously changing, they worked together to form Pelican Security."
"A VPN vendor with interesting information resources."
"Recourse is an innovative leader in Internet security delivering next-generation covert security applications. Covert security is redefining network security by enabling businesses on the Internet to contain, control, and track malicious computer attacks. With covert security, companies can gather information about attacks, such as resources attacked, the nature of the attack, and even the attacker's identity, all unbeknownst to the intruder."
"Forum On Risks To The Public In Computers And Related Systems"
" A hacker's perspective on Infomration Security."
"The SANS (System Administration, Networking, and Security) Institute is a cooperative research and education organization through which more than 96,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions for challenges they face. SANS was founded in 1989."
Security Administrators' Integrated Network Tool (SAINT)
"SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public. SecurityFocus.com is a single place, or community, on the Internet where people and corporations can go to find security information and have security questions answered by leading authorities in the industry. "
"An online version of the popular security magazine. The online version includes links to other related topics, search and archives, etc."
"The world's foremost on-line resource and services provider for companies and individuals concerned about protecting their information systems and networks. Recognized as an objective force in the information security industry, SecurityPortal currently serves as the voice of security with its widely distributed e-newsletter and website with thousands of pages of security information."
"A site with various security links, predominately physical security, and presents a number of publications."
"Steganography is the art and science of communicating in a way which hides the existence of the communication. This small site provides some additional information on the subject."
"Formerly ICSA.net, hosts the ICSA Labs, and links to many security interest areas. Has multiple publications. ICSA Labs provides the continuous research, statistics and knowledge that allows ICSA.net to continuously pioneer Internet security. Through the past decade, ICSA Labs has served as the industry's central product certification facility, providing objective analysis of the security tools that are relied on globally for secure network and Internet computing. "
"A well-known providor of Internet Trust Services."
Warroom Research Security Safeguards
"Whitehats is a resource to help network and security administrators by offering free software and community support. Whitehats supports a policy of full-disclosure and user education, and believes in the motto "knowledge is power". Our goal is to empower the network and system administrators with the knowledge and tools required to defend their networks in an ongoing struggle against irresponsible or malevelent attack."
"A Microsoft support site for Windows NT and advanced OS security."
World Intellectual Property Organization (WIPO)
"The World Intellectual Property Organization (WIPO) is an international organization dedicated to promoting the use and protection of works of the human spirit. These works – intellectual property – are expanding the bounds of science and technology and enriching the world of the arts. Through its work, WIPO plays an important role in enhancing the quality and enjoyment of life, as well as creating real wealth for nations."
World Wide Web Consortium (W3C)
"The World Wide Web Consortium (W3C) develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential as a forum for information, commerce, communication, and collective understanding."
***Disclaimer:The information contained in this Web page is provided as a service to the students, faculty and staff of Kennesaw State University, and to futher the information resources of security professionals worldwide. It is intended for professional information use only. The descriptions provided were, in many cases, obtained from the Web site indicated. Presentation of this information does NOT constitute advertisement, or endorsement, by the University System of Georgia, Kennesaw State University or any of the subordinate divisions.