ISEC Resource Sharing
GiGa
Let's all post our fave security resources (and generate some
interesting posts)
Here's my link. IMO this page is more of a 'Quick Start Guide', the
basic (or should I say essential) building blocks of ISEC:
http://www.aon.com/risk_management/information_security/default.jsp
Go through them and let me know what you think about them. Here's my
view:
--- --- ---
I guess this list is ok...but:
- How inappropriate to place "Stamp out spam" 16th prioriy when humans
are the best known threats when it comes to security.
- The list is a bit 'host' oriented, what about the network and all
those open shares & ports huh?
So, what do you think?
--
Giannella
Simon Caruana
A site I found pretty useful would be http://sectools.org/ . Pretty straightforward site but quite useful nonetheless.
Simon
Giannella De Leonardo
And speaking of top lists here's a list of the top 20 ISEC attack
targets for 2006 (according to SANS)
And Internet Exploerer remains steady @ 1st place ...again and
again.
--
Giannella
On Feb 19, 10:03 am, "Simon Caruana" <simon.caru...@gmail.com> wrote:
> Hi there,
>
> A site I found pretty useful would behttp://sectools.org/. Pretty
> straightforward site but quite useful nonetheless.
>
> Simon
>
Sandro Gauci
http://packetstormsecurity.org/ - for a list of files. This is an all
time favorite of mine.
http://securityfocus.com/ - not as good as it used to be - but still
worth a check every now and then
http://www.infosecwriters.com/ - bed time reading. Some good papers..
and some bad ones as well. Always worth a check if you run out of
books and need to check out the latest security papers.
http://msdn2.microsoft.com/en-us/security/default.aspx - because
Microsoft doesn't only give us the most frustrating security holes to
worry about - but also a few good articles :-)
http://secunia.com/ - for a list of all the latest security stuff.
Very good service to the security community and the general public.
http://isc.sans.org/ - SANS have some good content and also some good
certs/certifications. This blog keeps you up to date with the latest
happenings in the security arena.
On Feb 19, 10:30 am, "Giannella De Leonardo" <gdeleona...@gmail.com>
wrote:
Shay Harding
http://www.bluejackq.com/ - Bluejacking information
http://csrc.nist.gov/publications/ - Computer Security Resource Center
http://www.cccure.org/ - Has pretty nice CISSP and CISA practice
quizzes
http://www.sei.cmu.edu/publications/documents/04.reports/04tr010.html
- The Critical Success Factor Method: Establishing a Foundation for
Enterprise Security Management
http://staff.washington.edu/dittrich/misc/ddos/ - Lots of info on DDoS
http://www.drj.com/ - Disaster Recovery Journal
http://monkey.org/~dugsong/dsniff/ - dsniff is a collection of tools
for network auditing and penetration testing
On Feb 19, 9:30 am, "Sandro Gauci" <sandrog...@gmail.com> wrote:
> A few sites that i treasure:
>
> http://packetstormsecurity.org/- for a list of files. This is an all
> time favorite of mine.
>
> http://securityfocus.com/- not as good as it used to be - but still
> worth a check every now and then
>
> http://www.infosecwriters.com/- bed time reading. Some good papers..
> and some bad ones as well. Always worth a check if you run out of
> books and need to check out the latest security papers.
>
> http://msdn2.microsoft.com/en-us/security/default.aspx- because
> Microsoft doesn't only give us the most frustrating security holes to
> worry about - but also a few good articles :-)
>
> http://secunia.com/- for a list of all the latest security stuff.
> Very good service to the security community and the general public.
>
> http://isc.sans.org/- SANS have some good content and also some good
Sandro Gauci
Thanks for the list - very interesting and useful!
DSniff hasn't been updated for a good while now (last official release
was 2000 apparently) - but its still a pretty cool package. I think
that some (or all) of the functions that it is used for have been
surpassed by other software packages. I've used the following
software ..
http://ettercap.sourceforge.net/ - on linux. The latest version is
called ettercap-ng. Able to sniff on switched networks and mess around
with various protocols by making use of plugins.
http://www.oxid.it/cain.html - cain and able on windows. Always worth
checking out ... this is more like a password cracker with balls than
anything else.
On Feb 19, 10:50 pm, "Shay Harding" <kelle...@gmail.com> wrote:
> Here is a list of links I've collected over time:
>
> http://www.bluejackq.com/- Bluejacking information
>
> http://csrc.nist.gov/publications/- Computer Security Resource Center
>
> http://www.cccure.org/- Has pretty nice CISSP and CISA practice
> quizzes
>
> http://www.sei.cmu.edu/publications/documents/04.reports/04tr010.html
> - The Critical Success Factor Method: Establishing a Foundation for
> Enterprise Security Management
>
> http://staff.washington.edu/dittrich/misc/ddos/- Lots of info on DDoS
>
> http://www.drj.com/- Disaster Recovery Journal
>
> http://monkey.org/~dugsong/dsniff/- dsniff is a collection of tools
> for network auditing and penetration testing
>
> On Feb 19, 9:30 am, "Sandro Gauci" <sandrog...@gmail.com> wrote:
>
> > A few sites that i treasure:
>
> >http://packetstormsecurity.org/-for a list of files. This is an all
> > time favorite of mine.
>
> >http://securityfocus.com/-not as good as it used to be - but still
> > worth a check every now and then
>
> >http://www.infosecwriters.com/-bed time reading. Some good papers..
> > and some bad ones as well. Always worth a check if you run out of
> > books and need to check out the latest security papers.
>
> >http://msdn2.microsoft.com/en-us/security/default.aspx-because
> > Microsoft doesn't only give us the most frustrating security holes to
> > worry about - but also a few good articles :-)
>
> >http://secunia.com/-for a list of all the latest security stuff.
> > Very good service to the security community and the general public.
>
> >http://isc.sans.org/-SANS have some good content and also some good
William Bell
http://infosecplace.com - Blogger Michael Farnum describes his daily
goings on, as someone who has moved from the daily operations world,
to the evil world of vendors.
http://matasano.com/log - The Matasano Chargen team of professionals
address mostly application security issues, Thomas is a big fuzzer who
used to work at Arbor, Dave Goldsmith hangs around and gives his
opinion when he feels like it, and Window Snyder CSO at Mozilla chimes
in every now and then.
http://mckeay.net - Martin Mckeay's network security blog is a great
source of ranting!
http://www.metasploit.com/ - YAY! Everyone's favorite exploit engine
http://csrc.nist.gov/ - Yummy documentation for the masses, these docs
come in handy at times.
Sandro Gauci
network administrators.
Of course, you'd probably want to avoid mentioning open ports/shares/
services to end users (to keep them from thinking too much) and refer
them to Tip number 10. As regards the human element - I think that the
webpage does try to cover it by mentioning strong passwords and social
engineering attacks.
I guess if this were aimed towards the network administrator, it would
have been presented very differently - probably something similar to
the SANS Top 20 etc.
Donald Tabone
Social engineering is actually mentioned in one of the tips on the
website.
One particularly interesting website i came across is this security
awareness page.
http://www.ussecurityawareness.org/highres/security-awareness.html
Particularly a set of links offered by ITGI which offer offer a
security baseline for enterprises and security survival kits for a
variety of computer users, namely
· Professional Users
· Managers
· Executives
· Senior Executives
· Boards of Directors/Trustees
· Home Users
In addition there are also a set of security aware posters (JPG's)
which kind of aid to help evangelize security within an organization.
(Such as this one http://www.ussecurityawareness.org/posters/strong_passwords.jpg)