University of North Carolina at Chapel Hill
School of Information and Library Science

Online Resources for Information Security

Sections

1. General resources
2. Windows/NT Security
3. Various Resources
4. Laws and Policies
5. Key organizations
6. Incident reporting, also some updates and announcements
7. Academics
8. Get the Code, Stay Informed
9. Hacker Hangouts and Information
10. Hacker Publications
11. Miscellany
12. Humor

General resources

• Yahoo's security categories: http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption, includes all kinds of links, including hacker pages, software, Web security, etc.
• The Internet Storm Center, tracking security incidents around the world

Windows/NT Security Note that almost all the other resources listed tend to focus on Unix security.

• Software: Microsoft Baseline Security Analyzer for any Windows system.
• Software: LANguard freeware NT security checker and integrity checker
• Resources: NTBugTraq includes exploits, mailing lists and other information
• Company: Microsoft's security pages, includes link to NT pages.
• Company: Internet Security Systems includes archives of mailing lists & pointers to tools.
• Company: Kane Security Analysis, includes a tool for monitoring multiple servers.
• Reference: You can also look up protocols, acronymns and other terms at whatis.com

Various Resources

• PGP FAQs, including information about cryptography in general from www.pgpi.org (home of PGP)
• The Orange Book, known formally as: Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) (DoD 5200.28-STD 1985). Fort Meade, MD: Department of Defense, 1985. The Orange Book specifies levels of security and their criteria.
• Common Criteria (ISO 15408) is a more modern security framework under active development in several countries.
• NIST's Computer Security Resource Clearinghouse. A variety of government-directed security resources.
• Nice collection of security information and forums on the Internet at Tom Dunigan's Security pointers page
• Lots of Crypto links

Laws and Policies

• Privacilla, privacy policy watchdog and information site
• North Carolina General Statutes and General Assembly information.
• The United States Code (U.S.C.), indexed and searchable. This is one of the most useful and current resources for the whole Code. Also see the next link:
• United States House Virtual Law Library, for searching the US Code. Also see THOMAS at the Library of Congress, for full details on present legislation and all recent past legislation.
• Cases, Statutes & Topical Highlights in Cyberspace Law & Policy, from the UCLA Online Institute for Cyberspace Law & Policy. Many important legal decisions, but not updated since Sep 2000.
• EPIC's Wiretapping pages tracks what's going on in the area of monitoring of audio and electronic communication
• ChillingEffects.org, a clearinghouse with legal advice on "cease and desist" letters.
• Research on Web credibility at http://www.webcredibility.org/
• PL 107-56 (H.R. 3162), the USA PATRIOT Act
• The legal right to export crypto was analyzed for Debian. Here's information about their ability to export crypto in open source.
• UNC's policies are online at Campus Policies and the more specific electronic policies

Key privacy organizations

• EPIC, action clearinghouse for electronic privacy
• Electronic Frontier Foundation, includes some good policy documents and archives
• Truste, with privacy standards
• understaningprivacy.org, privacy information and advocacy

Incident reporting, also some updates and announcements

• CERT (members only to report): http://www.cert.org
• CIAC (DoD only to report): www.ciac.org/ciac
• FIRST (consortium): http://www.first.org

Academics

• SANS, home of several security certification programs. Also see their reading room for online documents of many types.
• CERIAS, at Purdue (COAST is now part of CERIAS). The FTP Archive contains lots of security software.
• US Davis SecLab: http://seclab.cs.ucdavis.edu.

Get the Code, Stay Informed

• BugTRAQ, see the BugTRAQ FAQ for archives and how to subscribe (at SecurityFocus).
• Cryptome, daily updates of security files and forbidden knowledge.
• Distributed.Net, collectively breaking encryption codes
• Insecure.org's top 50 security tools.
• /. (slashdot), lots of geek news, some good hacker information
• Latest DVD software for Linux at FreshRPMs.net
• snort.org, open source network intrusion detection software

Hacker Hangouts and Information

• C4I.org, good links to many security-related papers, sites and resources
• @stake (includes most of what used to be L0pht Heavy Industries).
• AntiOnline, news and views
• Freshmeat, new software of all types
• Hackers Hall of Fame at the Discovery Channel
• Nomad Mobile Research Center

Products, Software and Services

• RSA, involved in encryption standards and policy
• McAffee, anti-virus software
• SecurityFocus, home of BugTRAQ and other mailing lists. Security consulting and services.
• Symantec, makers of Norton Anti-Virus and other products.
• Zero Knowledge, provides anonymous Web surfing, personal firewalls, and corporate services.

Hacker Publications

• 2600 Magazine: http://www.2600.com/
• Phrack: http://www.phrack.com
• Bonus: The issue of Phrack with the famed E911 document (featured as part of the 1990 Operation Sun Devil; got many people in trouble): Phrack 24 (Feb 25 '89)

Miscellany

• CODIS, the FBI's Combined DNA Index System.
• Sarah Gordon's Web site. Sarah has done research on hackers and their characteristics, and seems to have a solid background & integrity.

Humor.

• The MIT Hacker Gallery, where hacking was invented. Pranks and silliness.