A.4 Security Electronic References
This section contains references to helpful security- related web sites and newsgroups.
A.4.1 Security Web Sites
These web sites are likely to be helpful informational resources. Some will be particularly useful if you have to deal with an attack on your site.
COAST (Computer Operations, Audit, and Security Technology) is a multi-project, multi- investigator effort in computer security research and education in the Computer Sciences Department at Purdue University. COAST contains information about software, companies, FIRST teams , archives, standards, professional organizations, government agencies, and FAQs [A] among other goodies . The WWW hotlist index at COAST is the most comprehensive list of its type available on the Internet at this time. COAST also provides a valuable service to the Internet community by maintaining a current and well-organized repository of the most important security tools and documents on the Internet; you can obtain these via anonymous FTP.
[A] Frequently asked questions.
FIRST (Forum of Incident Response and Security Teams) maintains a large archive of material, including pointers to web pages for other FIRST teams.
CERT-CC (Computer Emergency Response Team Coordination Center) was founded in response to the Internet worm incident in 1988. CERT-CC acts as a clearinghouse for information, and helps organizations respond to security attacks. You can get on CERT-CC's mailing list for security advisories and fixes, and can obtain archived past advisories via anonymous FTP from:
A.4.1.4 World Wide Web Consortium
Here is an explanation of the WWW Consortium (W3C) from their own web site:
"The W3C was founded in October 1994 to lead the World Wide Web to its full potential by developing common protocols that promote its evolution and ensure its interoperability. We are an international industry consortium, jointly hosted by the Massachusetts Institute of Technology Laboratory of Computer Science (MIT/LCS), the Institut National de Recherche en Informatique et en Automatique (INFRIA) in Europe; and the Keio University Shonan Fujisawa Campus in Japan."
Services provided by the Consortium include: a repository of information about the World Wide Web for developers and users, reference code implementations to embody and promote standards, and various prototype and sample applications to demonstrate use of new technology. We especially like their security Frequently Asked Questions (FAQ) link.
A.4.1.5 Web security
Lincoln Stein's FAQ about web security contains a lot of good, practical information, and it is updated on a regular basis.
A.4.1.6 Windows NT security
This site contains information and solicits reports of break-ins. You can get on the mailing list for NT security advisories.
A.4.2 Security Usenet Groups
Several Usenet newsgroups are particularly good sources of information on network security and related topics.
- comp.security.announce ( moderated )
Computer security announcements, including new CERT-CC advisories
Miscellaneous computer and network security
Information about firewalls
- comp.virus (moderated)
Information on computer viruses and related topics
Discussions about cryptology research and application
- sci.crypt.research (moderated)
Discussions about cryptology research
Discussions about risks to society from computers and computerization
Discussions about computer administrative policy issues, including security