Security Links

Security Advisory and Certification links

Cert.org INFOSEC U.S. National Security Agency (NSA) CSTC Computer Security Technology Center

Security Standards

Common Criteria This is the only globally accepted security standard that I know of. NSA The National Computer Security Center is resposible for the security of the DoD. CSRC Computer Security Division Maintained by Noational Institute of Standards and Technology ITSEC Europe IEEE Institute of Electical and Electronics Engineers. IETF Internet Engineering Task Force ISOC Internet Society ANA Internet Assigned Numbers Authority, chartered by ISOC Open Group INternational consortium

Useful Web Sites

Sun Security Sun Security Coordination Team CIAC Computer Incident Advisory Center a department of the US DOE Virtual Librarian Links to sites and resources GOCSI Portal - Computer crime and security Infowar infoworld A security page provided by infoworld list security articles by date Digest Risks Digest Secrutityfocus Articles and tools. Security Portal Aritcles, digests and news Search Engine Securitysearch.net Stats Securitystats.com News and statistics USENIX USENIX Advanced Computing Systems Association. SANS SysAdmin, Audit, Network, Security Top 10 The top 10 security threats list by SAN. FAQ World Wide Web Consortium FAQ Site RFC 2196 Security Policies and Procedures Handbook scan detection Review of tools used to detect network scanning (such as Saint). rootprompt RootPrompt.org Nuthin but UNIX Dittrich Some cool networking stuff plus info on DDoS O'Reilly Everybody loves an animal. ftp.cerias.purdue.edu/tools

Sun OE Security Tools and Resources

sun.com/security sunsolve.sun.com A security page on sunsolve blueprints and tools SunScreen Firewall Skip Secures network at IP packet level- on the fly encryption SEAM Sun Enterprise Authentication Mechanism PAM Pluggable Authentication Modules - I think this was a good one by Sun SENSS Sun Enterprise Network Security Service - Java bassed - Audit and Secure MD5 Check md5 checksums

Third Party Security Tools

SAINT (SATAN/SARA) Security Administrator's Integrated Network Tool (scanner) athena cerias-ftp sara Saint documentation saint saint.cf -Detailed info on config file. Courtney (Detects port scans) Detects Saint/Satan/Sara possibly others cerias-ftp softpanorama Gabriel Similar to Courtney (Sun only) ncsu-ftp ciac Tripwire tripwire cerias-ftp Crack password cracker cerias-ftp Alec Muffet John the Ripper password cracker openwall AntiCrack checks passwords before they are encrypted. If ya can find an acitive link let me know. Npasswd replaces passwd command utexas-ftp Nmap port scanner insecure.org and the opponent defeat-nmap Titan Collection of programs that tightens UNIX security Titan Cops Computer Oracle and Password System tries to automate security checks cerias-ftp Tiger Supplements Cops ftp-vanderbilt SUDO root access control online sudo resources CIS free security scanner by Cerberus Information Security CIS Nessus Security Scanner uses nmap among other tools. Nessus Whisker CGI scanner Whisker Tcpdump Network monitoring and data acquisition tcpdump Swatch Simple WATCHdog monitors UNIX log files ftp swatch swatch -c /etc/swatch.sulog.conf -t /var/adm/sulog PGP PGP Kerberos Kerberos Sentinel Detects packet sniffing Sentinel stunnel stunnel Squid Proxy Server Squid

Secure Shell

SSL ssl administration Crytography