The Security Resource Library
Courtesy of Core Competence, Inc.
- Firewalls
- Phishing
- Spyware
- Security Library
- Windows 7
- Windows XP Security
- Windows XP SP2
- Viruses, Worms
- VOIP Security
- Incident Response, Advisories
- Portals & Publications
- Security: General
- Authentication, PKI, IdM
- Intrusion Detection
- VPNs, IPsec, SSL, SSH
- Firewalls
- Secure Email, Spam
- Extranet, B2B, B2C, Privacy
- Secure Broadband Access
- Desktop Security
- Security & DNS
- Denial of Service Attacks
- Operating System Security
- 3rd Party Host Scanners
- Wireless LAN Security
- Anti-Hacking, Forensics
- Secure Programming
- Application Security
- Web Server Security
- Spyware
- Viruses, Worms
- VOIP Security
This page uses style sheets created by Ruthsarian Labs
Incident Response & Advisory Centers
Cert(sm) Coordination Center. CERT studies Internet security vulnerabilities, provides incident response services, publishes security alerts, researches security and survivability, and develops information to help you improve security at your site.
Center for Education and Research in Information Assurance and Integrity. CERIAS provides innovation and leadership in technology for the protection of information and information resources, and in the development and enhancement of expertise in information assurance and security.
Common Vulnerabilities & Exposures Web Page. A dictionary for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. Hosted by Mitre.
COAST Homepage. COAST (Computer Operations, Audit, and Security Technology) is a multiple project, multiple investigator laboratory in computer security research in the Computer Science Department at Purdue University. COAST publishes a newsletter and hosts a calendar of security events.
Federal Bureau of Investigation Evidence Response Team. FBI personnel who specialize in organizing and conducting major evidence recovery operations. They manage the identification, collection, and preservation of evidence at crime scenes. ERTs are prepared to respond to major case situations in an efficient fashion to ensure that critical evidence is identified and gathered for forensic analysis.
Federal Bureau of Investigation National Infrastructure Protection Center. NIPC's mission is to serve as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against our critical infrastructures. These include telecommunications, energy, banking and finance, water systems, government operations, and emergency services.
Forum of Incident Response and Security Teams (FIRST). FIRST fosters cooperation and coordination in incident prevention among a variety of computer security incident response teams from government, commercial, and academic organizations to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.
The Information Systems Audit and Control Association & Foundation. ISACA defines standards, guidelines and procedures for IS Auditing and standards and ethics for Information Systems Control Professionals.
The Center for Internet Security. CIS provides guidelines, policy templates, and assessment software to assist organizations and individuals in improving host security.
The Information Warfare Site. This site is an online resource that aims to stimulate debate about a range of subjects from information security to information operations and e-commerce. It is the aim of the site to develop a special emphasis on Europe.
National Security Administration. NSA provides a series of Security Recommendation Guides. We'd tell you more, but then we'd have to shoot you.
The WildList Organization. WildList is a premier source of information on viruses found spreading In the Wild.
Virtual Private Network Consortium. VPNC is the international trade association for manufacturers in the VPN market.
Portals, Info Sites & Publications
2600 offers security related news and subscriptions to this well-known magazine.
All-Internet-Security.com Directory is an established and active marketplace for free, shareware and Internet Security resources.
The Beginner'sCryptography Page offers an introduction to cryptographic techniques and provides a wealth of links to other online cryptography resources.
Crypto-gram is a monthly email newsletter on cryptography from Bruce Schneier, discusses current issues in cryptography.
Fyodor's Good Reading List is an intersting and eclectic collection of security relatedresources.
The Hacker News Network provides daily updated information security news and commentary.
The Internet Protocol Journal published by Cisco Systems. serves as an informational and educational resource for engineering professionals involved in the design, development, and operation of public and private internets and intranets.
InteractiveInfoSec is a very good place for novices to security. The "see a hacker", "Be a Hacker" and "Stop a Hacker" are very good instructionals for those who want to Know the Enemy (thank you, Lance Spitzner).
The Journal of Internet Security provides a DeLiberation Extranet to inform professionals and support discussions of electronic banking and commerce issues.
NewOrder is a resource for people to help avoid being hacked, security and exploiting related files and links.
Rik Farrow's Network Defense columns, from Network Magazines, are archived here.
Open Web Application Security Project (OWASP) is an open source community resource to advance knowledge about web application and web services security issues. Among the many projects, OWASP has produced a Guide to Building Secure Web Applications, and hosts many columns on web application and server security.
Packet Storm claims to be the largest and most up to date library of information security information in the world. Packet Storm is a security resource that provides the mechanism for both the underground and the corporate communities to converge and direct their efforts towards sharing security information.
TechTarget's SearchSecurity.com offers a comprehensive Security specific search engine.
SecuriTeam.comis a security news web site containing all the newest security information from various mailing lists, hacker channels and our own tools and knowledge.
The Internet Security Conference (TISC) is a conference archive and host to the Insight Security newsletter.
Windows & .NET Magazine's Security Administrator section of discusses NT/W2K/XP security issues, tips, and new products. It's a good source for learning the latest NT security breaches and corresponding hot fixes.
SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public. offersThis portal has an large collection of free tools.
SecurityNews.org professes to provide Security News for Security Professionals. In addition to news stories, you'll find links to other security related material.
TALISKER'S NETWORK SECURITY TOOLS PAGE offers a plethora of security tools and software.
The TruSecure white paper library offers a variety of technical, strategic, and non-technical papers on information security.
VPNlabs is an open community for researching, reviewing, and discussing Virtual Private Networks. Find VPN software and VPN news, download free personal firewalls, and troubleshoot your existing VPN solution.
eCrime resources
The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond (2006) 
Crimeware: Understanding New Attacks and Defenses (2008) by Markus Jacobson
Understanding and Countering the Phishing Threat >
Online identity theft: Phishing technology, chokepoints and countermeasures
A Call for Action: Report from National Consumers League Anti-Phishing Retreat
Convention on Cybercrime, Council of Europe
Stanford Draft (Sofaer/Goodman)
An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants
Security (Overview, General, Opinion)
A Computer and Network Security Primer by Fred Avolio
A Multi-Dimensional Approach to Internet Security by Fred Avolio
A Network Perimeter with Secure External Access by Fred Avolio and Marcus Ranum
Are You Prepared In The Event Of A Disaster? by Mark T. Edmead
Best Practices in Network Security by Fred Avolio
Conducting A Security Audit by Bill Hayes
CSI/FBI Computer Crime and Security Survey at CSI
Cross Platform Security Analysis by Anton Chuvakin
Enough Already, Time to get Serious About Hacking by Marcus Ranum
Event Correlation in Security by Anton Chuvakin
Federal Cybersecurity: Get a Backbone by Marcus Ranum
The Electronic Frontier: The Challenge Of Unlawful Conduct Involving the Use of the Internet (no attribution)
Guarding the Crown Jewels - An Overview of Computer & Internet Security by Curt Wilson
Hammering Out a Secure Framework by Mike Fratto
Have a Cocktail: Computer Security Today by Marcus Ranum
Information Risk Assessment: Practices of Leading Organizations United States General Accounting Office
Log Analysis Resources maintained by Tina Bird and Marcus Ranum
Managing Electronic Records and Evidence by Jeffrey H. Matsuura
Managing security and complexity on a tight release schedule and other high-level ramblings by Marcus J. Ranum
Network 10: The next Y2K problem? by Marcus Ranum
Network Address Translation: Hiding in Plain Sight by Mike Fratto
Protecting Network Infrastructure at the Protocol Level by Curt Wilson
Security Basics Forum at SecurityFocus.com
Selling Security Hype by Marcus Ranum
Social Engineering: The Threat and The Solution by Chris Tobkin
The Sad and Increasingly Deplorable State of Internet Security by Stephen Kent and David Piscitello
The State of Systems Security by Ron Dufresne
Threats, Vulnerabilities and Real-World Responses: The Foundations of the TruSecure Process by M. E. Kabay
What I Worry About by Marcus J. Ranum
Vulnerability Assessment Survey at SecurityFocus.com
Best Practices for Securing Enterprise Networks by Dave Piscitello and Lisa Phifer
Rethinking Network Security by Lisa Phifer
