Sanam's Security Zone Main page

In this Security Zone from Sanam, you will find links to Information System, Security related links - including Security sites, magazines/newsgroups, Vulnerabilities, Firewall, Intrusion Detection System, Hackers & Crackers, Protocols & Cryptography. There are also links for CISSP & CCNA exam.

If you find any broken links or want to add any links here, let me know. If you want to encrypt the mail, my PGP Key is here.

Check out what anybody from Internet can find out about you and your PC - Analysis, Shields Up ( from Gibson ).

Check out my other pages : Home, Win2000, India, Web, Cricket, Online Library.

SECURITY RELATED SITES :

Securityfocus - good site with news & articles : also hosts Bugtraq and other mailing list archives
Securitynewsportal - latest breaking news on security
Infosyssec - great site with many links, papers, tools & search engine
CERT - internet security incidents reporting center @ Carnegie Mellon University
- Security Improvement Modules for Server, Desktop, Firewalls, Intrusion
- Virus Resources
SANS - System Admin, Networking, and Security. Many documents and alerts/News
            - Model Security Policy
            - Incidents.org : Sans' center for intrusion detection analysis, forensics and incident handling
            - Reading Room - large library of research reports
CIAC - Computer Incident Advisory Capability from Dept. of Energy
NIPC - Natinal Infra. Protection Center (from FBI & Dept of Justice)
COAST (Computer Operations, Audit, and Security Technology) project at Purdue University.
IETF Security Area, IETF RFC page, Site Security Handbook, IT Security Handbook
Computer Security Resource Clearinghouse (from national Inst. of Std & Tech) - policies drafts
The Computer Security Institute
Black Hat Conferences - check out these media archives for all previous briefings/presentations
Secure.net - listing of cryptographic, security, encryption, PKI, law, privacy sites
l0pht.com - many tools to find security holes like L0phtcrack, ncat ( now for NT )
Security in Windows @ SearchWin2000.com
Information Warfare, Security Search Engine, Network Ice - Infosec DB
Network Security Library - many good books and papers
Secure Zone, NewOrder - lots of sites and tools
Policy :
Number 1 Security tool - Policy
How to Develop a Network Security Policy - from Sun
A Guide for Drafting Comprehensive and Effective Computer Policies
Acceptable Use Policy
Certification : CISSP ( from ISC ), GIAC(Global Incident Analysis Center - Level one Security Cert., Certified Intrusion Analysts ( from SANS )

BACK TO TOP

MAGAZINES :
- SC Info Security Magazine
- Security Magazine
- Info Security Magazine ( from ICSA )
- Computer Security News Daily
- Cipher - Newsletter from IEEE Tech. Committee on Security & Privacy
- Phrack.com
- Infowar - Warfare & Security Global Clearinghouse
- Internet Security Review Magazine
- Security Advisor - site for expert advice
- Sunworld Unix Security - from IT World
- Federal Computer Week - good source of info on US Government IT
- Microsoft Security Advisor, NT Security, LAN Magazine, PC Computing, PC Lube & Tune, PC Magazine Online, PC Week Online

The Orange Book - U.S. DeptOfDef. doc. outlines trusted computer system evaluation criteria and requirements. ( HTML file around 275K ).
Other Rainbow series - click here

BACK TO TOP

MAILING LISTS :
- NTBugtraq - mailing list for the discussion of security exploits and security bugs
- ISS (Internet Sec Sys ) - X-Force, NT Security, IDS and many more
- Sans.org - Alerts & Newsletter
- CERT Advisory mailing list - from CERT® Coordination Center
- Firewall mailing list - at GNAC, The Firewall-Wizards, TIS Toolkit
- Newsletter from Checkpoint, Cisco, Microsoft, SUN
- Security Digest - from ICSA.net - InfoSec Magazine
- For archive of many mailing list, visit Neohapsis
- Many mailing lists @ SecurityFocus - ( IDS, Bugtraq, Pen-Test, Vuln-Dev, Incidents, etc )
- SecurePoint - many Firewall & IDS mailing list archive
NEWSGROUPS : ( Visit Deja News and search for group, if you don't have news server )

Checkpoint - Firewall-1, VPN-1, Floodgate-1, Opsec

alt.security

alt.security.pgp
alt.2600, alt.2600.hackerz
alt.crackers

comp.lang.java.security
comp.os.netware.security
comp.os.ms-windows.nt.admin.security
comp.security.announce
comp.security.misc
comp.security.ssh

comp.security.unix
comp.security.pgp, comp.security.pgp.discuss, comp.security.pgp.resources, comp.security.pgp.tech
comp.security.firewalls
comp.society.privacy
microsoft.public.proxy

microsoft.public.win2000.security

Some very good Yahoo groups (you might have to subscribe to read some): firewalls, CISSP-Discuss, CISSPforum (only for CISSPs), BCPforum

BACK TO TOP

Products/Services :

Counterpane, ISS, ODS (Kane Sys, CMDS), Cybersafe

PGP, RSA, Tripwire, Lancope, Checkpoint

SATAN (Security Administrator's Tool for Analyzing Networks)

NT Objectives - Network Security Auditing Tools

BACK TO TOP

VULNERABILITIES :

Vulnerabilities - General, Root Shell

CVE (Common Vulnerabilities & Exposure project) @ Mitre Corp.

How To Eliminate The Ten Most Critical Internet Security Threats - From SANS

Computer threats & vulnerabilities Database from X-Force ( ISS )

Nikto - good web server scanner

BACK TO TOP

FIREWALL :

FAQ maintained by Marcus Ranum, Mirror FAQ
Firewall-1 FAQ -from Obiwankenobi's Security Page - good implementation faqs
Phoneboy's Firewall FAQ
LSpintzer's Whitepapers - http://www.enteract.com/~lspitz/pubs.html
Some good papers by Steven Bellovin ( author of Repelling Wily Hacker )
Firewall Resources Site - maintained by COAST (Computer Operations, Audit, and Security Technology) project at Purdue University.
FW-1 documents - written by Check Point Technical Consultant Joe
Firewall Wizard's Mailing list archive
Statefull Inspection - Introd, Checkpoint newsgroups
Application Gateways and Stateful Inspection: Comparing and Contrasting
Firewall Forensics - what you see in firewall logs ?

VPN

Virtual Private Network Consortium
VPN page by Tina Bird - good info and many links

BACK TO TOP

INTRUSION DETECTION SYSTEMS :

FAQ I on IDS at SANS, FAQ II By Robert Graham
GIAC - Global Incident Analysis Center from SANS
ICSA.net's ID Community, X-Force ( from ISS - maker of RealSecure )
NSA Glossary of Terms Used in Security and Intrusion Detection
CERT site has info on The Intruder Detection Checklist, NT Intruder Detection Checklist, Recovering from Incident on Unix/NT systems, policies and procedures for responding to intrusions.
Incident Reporting Guideline - How, when and where to report
Do you have an intrusion detection response plan?
Federal Int. Detection Network (FIDNet)
CIDF - Common Intrusion Detection Framework
Network Intrusion - lists all known commercial ID Systems, List II, List III
arachNIDS - attack signature DB from Whitehats { free DDOS scanning service }
50 Ways to Defeat your Intrusion Detection System
Eluding Network Intrusion Detection
A look at whisker's anti-IDS tactics - from RainForestPuppy

BACK TO TOP

HACKERS, CRACKERS & Script Kiddies :

Reading books - Insecure.org, Rootshell
Hacking Textz - many good texts on hack/crack and crypto from KwAnTAM_PoZeEtroN, Mirror Site II, Cracks
Security Vs Insecurity - many links to Hacking, Cryprography and Newsgroups
AntiOnline, Fight back, AntiSearch - search InfoSec sites, HackerNews
Insecure.org -home of Nmap - info on many exploits, scanners and other TOP50 tools
Hackerscatalog, HappyHacker
files & tools @ Technotronic, Neworder, Packetstorm
Ports used by Exploits, List of many Exploits
Tools mentioned in book Hacking Exposed ( one of the top book on this topic )
UBB Code Hackers Hideout - take part in discussion
Scriptkeeper - home of all scripts
Hacked sites mirror : Attrition.org, Alldas.de ( also has some good stats ), Safemode
Sniffing (network wiretap, sniffer) FAQ - good desc. of sniffers, how to detect/defeat them, also have Firewall and IDS FAQ

BACK TO TOP

NETWORKS, PROTOCOLS & CRYPTOGRAPHY :

SSL	SSLeay OpenSSL Apache-SSL web server
SSH	www.ssh.com \| ssh 2.x (ftp) OpenSSH
TCP/IP and IPv6	Cisco - IP Security (IPSec), RADIUS, TACACS+ IPv6 - http://www.ipv6.org/ RFC Index, RFC Editor from IETF Private N/W Range Int'l Assigned Number Authority IP Network Index - An index relating IP network numbers to network names and identities, for class A, B and C networks ISP Page - maps and other info about lots of ISPs
Cryptography	http://www.cs.ubc.ca/spider/mjmccut/crypto.html http://www.cs.auckland.ac.nz/~pgut001/links.html http://dir.yahoo.com/Computers_and_Internet/Security_and_Encryption/
Privacy	Yahoo - full coverage on Internet Privacy Electronic Privacy Info Center Internet Privacy Coalition Privacy Times, Privacy Journal Web Disclosure - how much info peoplez put on the web ? Electronic Frontier Foundation Federal Trade Commission's Privacy page Privacy.net - Consumer Info. Organization Private Citizen - stop Junk calls and junk mails TOOLS : The Anonymizer. Surf the net anonymously Anonymous Remailer - WWW Interface for sending anonymous email Pretty Good Privacy (PGP) - one of free tools to encrypt your mail & disk Guide to Practical Privacy Tools - Softwares available to improve privacy
Audit, Forensic & Incident Response	Dan Farmer's security page (good forensics info) GIAC - Global Incident Analysis Center FedCIRC - Federal Computer Incident Response Capability National Security Agency - NSA CERT- The Computer Emergency Response Team (Carnegie Mellon Uni) CERIAS - Center for Education & Research in Info Assurance & Sec. COAST- Computer Operations, Audit, and Security Technology (Purdue Uni) CSRC - Computer Security Resource Center (NIST) CIAC - Computer Incident Advisory Capability (US Dept of Energy) Incidents.org : Sans' center for intrusion detection analysis, forensics and incident handling

BACK TO TOP

CCNA : Cisco Certified Network Associates & CISSP (Certified Info. Sys Security Professional )

Cisco's certification page - for latest info on exam ( CCNA 1.0 is expiring in July 2000 )
Book I used for the study - CCNA Study Guide by Todd Lammle ( Sybex, Hardcover, ISBN 0782123813 )
Some good sites with study guides & sample questions @ Cram Session, MCSE Guide, Mason Tech, Cert Notes, CheckPoint, Group Study, IT 2002, TCP Mag
CCNA Cheat Sheet - from Boson Software ( this one is really helpfull )
Forum at Network Study Guides
Newsgroup/Mailing list/Chat - Groupstudy.cisco (you can chat with some good authors here)
Sample questions @ NetCert, Checkpoint (Doc ), CCPrep, GoCertify
(ISC)2 - administers CISSP & SSCP exams. Maintains CBK (Common Body of Knowledge)
CCCure - CISSP Open Study Guide : great site with many resources, get study guide for each domain here.
CICCP Summary - a good summary on all 10 domains of the exam.
CISSPs.com - bookstore and forum on exam.

BACK TO TOP

Security Books : Here are some good security reference books. Following links are given for Amazon store, but before ordering, check out the comparison prices on this site.

Secrets and Lies - by cryptographer Bruce Scheiner. Good entry level book, not too deep into technical aspect, but covers security from a management perspective. {ISBN: 0471253111}
Process Of Network Security - by Thosmas Wadlow - very good book for InfoSec Planning {ISBN: 0201433176}.
Intrusion Detection Systems - An Analyst's Handbook - by Stephen Northcutt (must buy for any IDS Analyst ) {ISBN: 0735710082}
TCP/IP Illustrated - Vol I - by W. Richard Stevens - (another must buy for IDS/Network analyst ) {ISBN: 0201633469}
Practical Unix and Internet Security - by Simson Garfinkel & Gene Spafford. Good reference book on Unix Security. {ISBN: 1565921488}
Firewall & Internet Security : Repelling the wily hacker - by Steven Bellovin & William Cheswick. Oldie but goldy on Firewall {Free Book}.
Web Security, Privacy & Commerce - by By Simson Garfinkel & Gene Spafford. Get this book if you're handling web server - covers digital certificates, PKI, SSL, etc {ISBN: 0596000456}.
Hacking Exposed - by Stuart McClure, Joel Scambray. Get behind the scene with hacking tools - hands-on book {ISBN: 0072193816}.
Cuckoo's Egg - by Clifford Stoll - probably first recorded hacker pursuit - oldie by goldy.{ISBN: 0743411463}
Know your Enemy - by Honeynet Project team. Book based on two years of research by the Honeynet project. Practical examples are worth the book price {ISBN: 0201746131}.
The Art of Deception - by Kevin Mitnick {ISBN: 0471237124}. Read first chapter of book (which is removed from published book), Web blog of her girlfriend (you will see more of Kevin on TechTV for sure).
CISSP Prep Guide - by Ronald L. Krutz - covers CISSP exam as well as good reference book. {ISBN: 0471413569}
Information Security Management Handbook : 4th Edition ( had 3 volumes ). - edited by Micki Krause & Harold Tipton. All 3 volume contains different topics, so get all 3 to prepare for CISSP as well as for reference. {ISBN: 0849398290, 0849308003, 0849311276}
Crypto - by Steven Levy - (book from author of Hackers), fascinating story behind Crypto revolution. {ISBN: 0140244328}
Applied Cryptography - by Bruce Schneier. Comprehensive coverage on crypto technology {ISBN: 0471117099}.
The Codebreakers - the comprehensive history - David Kahn - get this book if you want to know all about Crypto history.
Free books :
Computer Vulnerabilities - by Knight : good informative whitepaper.
Firewalls Complete - by Marcus Goncalves - {from Network Security Librbary}
Handbook of Applied Cryptography - by Alfred Menezes (reference book)
The Hacker Crackdown: Law and Disorder on the Electronic Frontier - by Bruce Sterling
The Hacker's Handbook (Cornwall) - oldtime hacker info.

BACK TO TOP

Also visit my other pages : Home, Win2000, India, Web, Cricket, Online Library.