Resources

The following books and Web sites provide additional information about a wide range of computer security topics.

Books and Articles

Microsoft Windows 2000 Resource Kit (Microsoft Press, 2000)
The Windows 2000 Resource Kit provides information not found in the core documentation as well as software tools on a CD.

Howard, M., Designing Secure Web-Based Applications for Microsoft Windows 2000 (Microsoft Press, 2000)
This book provides an authoritative and pragmatic end-to-end view of Windows 2000 security topics. It provides a complete picture of Windows 2000 Web server, including component-level and database security features and considerations.

Amoroso, E., Fundamentals of Computer Security Technology, (Prentice-Hall, 1994)
A must-have for anyone involved in security, this books starts by covering the threats to computer systems (which motivate the field of computer security); then it discusses all the models, techniques, and mechanisms designed to thwart those threats, as well as known methods for exploiting vulnerabilities. It closes with the security evaluation of computer systems in order to grade a particular implementation of computer security. Keep your eyes open for the next edition of this one.

Scambray, McClure, and Kurtz, Hacking Exposed, Second Edition (Osborne/McGraw-Hill, 2000)
This book covers all aspects of network security, including informational scans and probes, password vulnerabilities, dial-up networking insecurities, buffer overflows, Web and e-mail insecurities, Trojans, and back doors. The authors use high-profile attacks and case studies to illustrate network vulnerabilities and show you how to implement security on your own system.

Cheswick and Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker (Addison Wesley Longman, Inc., 1994)
The authors describe how to plan and execute a security strategy that will deter most determined and sophisticated hackers without downgrading your access to Internet services. They provide a step-by-step plan for setting up a firewall, as well as information on cryptography and the tools used by hackers. Keep your eyes open for the second edition of this book, which is due out in February 2001.

Web Sites

http://www.w3.org/Security/Faq/
The WWW Security FAQ, maintained by World Wide Web Consortium (W3C), provides a good starting point for anyone interested in learning about Internet and WWW security issues and technologies.

http://www.microsoft.com/technet/security/
Microsoft TechNet main security topics page. From this link, you have access to the latest security bulletins, software patches, and other resources, such as security articles, case studies, security tools, and training information.

http://www.cert.org/
The home page for the Computer Emergency Response Team (CERT) of the Internet. From here you can access all the CERT security advisory bulletins, report an incident, and gain information about security-related topics, such as viruses and firewalls. CERT also hosts discussion forums, provides mailing lists, and maintains an extensive biographical section for books and articles related to security.

http://www.cerias.purdue.edu/
The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University is the foremost university center for multidisciplinary research and education in areas of information security. CERIAS supports various security projects, and its Hotlist page (http://www.cerias.purdue.edu/hotlist/) is one of the most extensive collections of security links on the Internet. The Hotlist is divided into the following subject areas: System Security, Network Security, Organizations and Agencies, Intrusion Detection, Cryptography, Education, Publications, Events & Call for Papers, Commercial Sites, Virus Detection, and Electronic Law.

http://www.sans.org/
The SANS (System Administration, Networking, and Security) Institute is one of the foremost organizations supporting cooperative research and education organization among system, security, and network professionals. SANS publishes security bulletins, digests, and books as well as hosts security conferences and workshops throughout North America. SANS also provides several security certifications that are recognized throughout the computer industry.

http://www.gocsi.com/
The Computer Security Institute (CSI) co-sponsored the "1999 CSI/FBI Computer Crime and Security Survey" and, in addition to offering conferences and seminars on security topics, they provide summary information about security vendors' products, such as firewalls.

http://csrc.nist.gov/
The CSRC (Computer Security Resource Center) is operated by Computer Security Division (http://www.itl.nist.gov/div893/) of the National Institute of Standards and Technology. The site contains information about a variety of computer security issues, products, and research of concern to federal agencies, industry, and users. The CSRC is a clearinghouse "to make publicly and easily available a wide collection of valuable computer security resources, including: computer security related topics, publications, testing materials, training materials, standards, policies, organizations, and event information."

http://www.insecure.org/
This site, offered by a self-proclaimed hacker (Fyodor), contains general security information as well as specifics about hacking tools.

http://www.technotronic.com/rfc.html
The Technotronic Security Information site provides information about RFCs, protocols, security tools, and security-related documentation.

http://www.antionline.com/
AntiOnline is a solid site for anyone who wants to obtain security information and tools.

http://www.securityfocus.com/frames/index.html?focus=Microsoft
The Bugtraq site is a moderated discussion area for posting and reading information about security bugs for the various operating systems. This is a good resource for finding out about bugs as soon as the hackers do. Intrusion Detection, Penetration Testing, VPN, and Firewall mailing lists are also available at this site.

http://www.2600.com/
"2600 The Hacker Quarterly" is one of the first hacker publications to appear on bookstore shelves. It's the premiere site for serious hackers and in a way, the first "legitimate" hacker site.

http://www.uha1.com/
The United Hackers Association site features an interesting disclaimer on its home page: "The information provided on these pages are for educational purposes only. The authors of this site are in no way responsible for any damage that is the result of the use of the information provided on this site." In addition to providing a vast archive of security articles and tools, it's a well-designed and attractive Web site.

http://www.geocities.com/Area51/Zone/9885/hacker.htm
Last, but not least, there's the Hacker Corner, with its collection of tools and articles. Interestingly enough, it's made possible by Yahoo's Geocities free Web site service.



Microsoft Application Center 2000 Resource Kit 2001
Microsoft Application Center 2000 Resource Kit 2001
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 183

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net