8. Mailing Lists and Other Resources

8. Mailing Lists and Other Resources

It would be impossible to list all of the mailing lists and other resources dealing with site security. However, these are some "jump-points" from which the reader can begin. All of these references are for the Internet constituency. More specific (vendor and geographical) resources can be found through these references.

8.1 Mailing Lists

8.1.1 CERT™ Advisory

• Send mail to: <cert-advisory-request@cert.org>

• Message Body: subscribe cert <FIRST NAME> <LAST NAME>

• A CERT advisory provides information on how to obtain a patch or details of a workaround for a known computer security problem. The CERT Coordination Center works with vendors to produce a workaround or a patch for a problem, and does not publish vulnerability information until a workaround or a patch is available. A CERT advisory may also be a warning to our constituency about ongoing attacks (e.g., "CA-91:18.Active.Internet.tftp.Attacks").

• CERT advisories are also published on the USENET newsgroup: comp.security.announce.

• CERT advisory archives are available via anonymous FTP from info.cert.org in the/pub/cert_advisories directory.

8.1.2 VIRUS-L List

• Send mail to: <listserv%lehiibm1.bitnet@mitvma.mit.edu>

• Message Body: subscribe virus-L FIRSTNAME LASTNAME

• VIRUS-L is a moderated mailing list with a focus on computer virus issues.

• For more information, including a copy of the posting guidelines, see the file "virus-l.README," available by anonymous FTP from cs.ucr.edu.

8.1.3 Internet Firewalls

• Send mail to: <majordomo@greatcircle.com>

• Message Body: subscribe firewalls user@host

• The Firewalls mailing list is a discussion forum for firewall administrators and implementers.

8.1.4 USENET Newsgroups

1. comp.security.announce: The comp.security.announce newsgroup is moderated and is used solely for the distribution of CERT advisories.

2. comp.security.misc: The comp.security.misc is a forum for the discussion of computer security, especially as it relates to the UNIX® operating system.

3. alt.security: The alt.security newsgroup is also a forum for the discussion of computer security, as well as other issues such as car locks and alarm systems.

4. comp.virus: The comp.virus newsgroup is a moderated newsgroup with a focus on computer virus issues. For more information, including a copy of the posting guidelines, see the file "virus-l.README," available via anonymous FTP on info.cert.org in the/pub/virus-l directory.

5. comp.risks: The comp.risks newsgroup is a moderated forum on the risks to the public in computers and related systems.

8.1.5 World Wide Web Pages

1. http://www.first.org: Computer Security Resource Clearinghouse. The main focus is on crisis response information; information on computer security-related threats, vulnerabilities, and solutions. At the same time, the Clearing-house strives to be a general index to computer security information on a broad variety of subjects, including general risks, privacy, legal issues, viruses, assurance, policy, and training.

2. http://www.telstra.com.au/info/security.html: This reference index contains a list of links to information sources on network and computer security. There is no implied fitness to the tools, techniques, and documents contained within this archive. Many, if not all, of these items work well but we do not guarantee that this will be so. This information is for the education and legitimate use of computer security techniques only.

3. http://www.alw.nih.gov/Security/security.html: This page features general information about computer security. Information is organized by source and each section is organized by topic. Recent modifications are noted in What's New page.

4. http://csrc.ncsl.nist.gov: This archive at the National Institute of Standards and Technology's Computer Security Resource Clearinghouse page contains a number of announcements, programs, and documents related to computer security.