Security

CERT Coordination Center (CERT/CC)

www.cert.org

This is a great site to visit to learn about new vulnerabilities on the Web. Information about viruses, bugs in important software products, and new attack programs can be found here. CERT is funded by the U.S. government and operates out of Carnegie Mellon University. CERT provides training courses and publications relating to security issues. If you want to keep yourself up-to-date, you can subscribe to the CERT Advisory Mailing List (highly recommended). In many cases, CERT quickly publishes fixes to security problems that occur on the Net. If you are a network administrator, or in a position of security administration for a network, you should definitely bookmark this Web site.

Computer Incident Advisory Capability (CIAC)

www.ciac.org

This is another Web site operated by the U.S. government, specifically the Department of Energy. It functions much like CERT, by detecting and reporting on potential security issues on the Internet, and applications that are vulnerable to attack. CIAC offers training classes, and links to articles relating to security issues.

Forum of Incident Response and Security Teams (FIRST)

www.first.org

An international organization (of which CIAC is a member) is composed of both governmental organizations and academic ones, and is used to coordinate security incidents among these various members . Without a central focal point, many separate organizations would be working on similar problems or the same incident separately. FIRST enables member organizations to communicate with each other and thus speed up the process of disseminating information and resolving security issues on the Internet.

NTBugtraq

www.ntbugtraq.com

This is a valuable resource for those operating Windows operating systems. Although it was first set up to report on security issues relating to Windows NT, it has continued to grow to encompass the newer Microsoft operating systems and software. NTBugtraq is basically just a mailing list that you can sign up for to receive current security issues relating to Microsoft products. If you use any Windows products in your network, then this list (along with Microsoft's own mailing list) is a must for the network administrator. This mailing list is a two-way proposition. You can read about security issues, as well as post your own observations. There is also an archive of older posts that can be very useful for those who are just starting to learn about security issues relating to Microsoft products.

Symantec Security Response

securityresponse.symantec.com

This site is operated by a vendor of antivirus and other software. Similar to the previous sites, this site offers information about the latest viruses, as well as advisories about programs that expose your network to attack. The site's Threat List and Virus Encyclopedia link can give you a lot of information about recent malicious programs. Because this is a vendor site, you can also find links to purchasing vendors ' products, as well as tools that can be used to remove certain virus, work, and other similar programs.

OpenSSL Project

www.openssl.org

This site is dedicated to creating and supporting an open -source toolkit that you can use to develop Secure Sockets Layer (SSL) as well as Transport Layer Security (TLS) applications. You can find source code as well as documentation at this site. For more information about SSL, see Chapter 38, "The Secure Sockets Layer (SSL) Protocol."

Internet Firewalls: Frequently Asked Questions

www.interhack.net/pubs/wfaq

This FAQ contains voluminous information about firewalls and how you can use them to assist in protecting your network. The FAQ was created by Matt Curtin and Marcus J. Ranum. Ranum was one of the original developers of early firewalls, so he should know what he is talking about. This FAQ is an excellent place to start learning about firewall techniques, as well as what they can or cannot do to protect your network. This site is a must for anyone who works with firewalls, whether a hardware or a software solution. To make things easier to understand, this FAQ contains diagrams that help to explain the concepts covered in this FAQ.

The Firewall Toolkit (FWTK)

www.fwtk.org

The Firewall Toolkit consists of proxy applications that an advanced user or administrator can use to construct a firewall. This Web site provides the needed information. Chapter 49, "Firewalls," contains information about proxies and how they work. In that chapter you can learn the difference between proxies and packet filters, among other firewall techniques.

This Web site gives you the software needed to construct your own proxy applications. You can download the source (coded in the C language) from this site, as well as documentation and tutorials that can assist you if you want to use the FWTK in your network. Another note: Marcus J. Ranum, along with others at Digital Equipment Corporation, were instrumental in creating the first proxy-based firewall. It is available as a commercial product in addition to the software you can download from this site. The FWTK was developed as a marketable product by Digital, and was used by the U.S. government when it was first put online and needed some sort of protection for its connection to the ARPANET.