A.4 URLs for Security SitesThe number of URLs offering technical help on maintaining security on Linux systems has greatly increased as Linux has become more popular. You must always be careful not to fall into a cracker site, though this usually is obvious. I do suggest surfing the cracker sites occasionally so that you better understand the enemy. A.4.1 Kurt Seifried's SiteKurt is one of the sharpest security consultants around. Do not skip his site (www.seifried.org). See, especially, his Linux Administrator's Security Guide. www.seifried.org/lasg/ A.4.2 Security FocusSecurity Focus is a source for security information. www.securityfocus.com/ A.4.3 ForensicsThe following sites provide tools and advice for forensic computer analysis. They will help you find clues to who broke into your system and how. They are managed by Dan Farmer and Wietse Venema. Their tools are excellent and they are two of the best. www.fish.com/forensics/ www.porcupine.org/forensics/ A.4.4 The Hackerwhacker SiteThis site offers one free security scan of your site. Mostly, this is seeing which ports have programs listening. Its HTML report explains how dangerous the various services are and has links to detailed explanations. Additional usage is reasonably priced. It also has links to a number of security sites. www.hackerwhacker.com/ A.4.5 Cracker Port NumbersThis site lists the usage of various ports, including cracker ports. It is reasonably complete. http://advice.networkice.com/advice/Exploits/Ports/ A.4.6 Understanding Linux VirusesThis site provides descriptions of several Linux and UNIX viruses and how they work. This is presented on the belief that "security by obscurity" is not good security and to aid in recognizing when it happens to you. www.big.net.au/~silvio/ A.4.7 FBI's NIPCThis Web site is for the FBI's National Infrastructure Protection Center. The site still is evolving. www.nipc.gov/ A.4.8 FIRSTThe Forum of Incident and Security Response Teams is an association of people involved with ensuring the security of organizations, many being large organizations. Some organizations will find it worthwhile to join. www.first.org/ A.4.9 Linux Weekly News Security PageThe Linux Weekly News Web site has a frequently updated security page that is accessible from the main page. www.lwn.net/ A.4.10 Linux TodayThe Linux Today Web site has security links that are useful. www.linuxtoday.com/ A.4.11 The SANS InstituteThe SANS Institute is mentioned here for completeness. www.sans.org/ It lists what it considers to be the top 10 vulnerabilities in systems connected to the Internet and some defenses, though not all of these are applicable to Linux systems. www.sans.org/topten.htm |
Top |