dc.sage Computer Security Page

These pages are maintained by Rob Jenson. If you have any comments, suggestions, corrections, things to add, or if you find broken links, please let me know.

Introduction

Computer Security covers a lot of ground. Simplified to a paragraph, it involves the following:

prevention of unauthorized use of your computer and network resources.
protection of the data on your computers from unauthorized access.
prevention of the modification and/or deletion of your data.
protection of the privacy of legitimate users of your systems.
recovery procedures if a security breach occurs.
As a systems administrator, you are responsible for the security of the computers in your care. These pages can't convey everything that an experienced security professional knows. Hopefully, these pages will provide you with some useful pointers to resources that you will need. If you have comments, or suggestions, please pass them along to me.

The Forum of Incident Response Teams (FIRST)

FIRST is a coalition of incident response teams which exchange information and coordinate response activities to computer security events. If you experience a computer break-in, your first and best point of contact will be the incident response team for your site. Here is the complete list of contact numbers for FIRST teams. The sites below have web pages in the U.S.

CERT - The Computer Emergency Response Team. If your organization does not have an incident response team, these are the folks to contact. The phone number is (412) 268-7090.
ASSIST - U.S. Department of Defense Automated Systems Security Incident Support Team. The web page isn't up yet. The phone number is (800) 357-4231.
U.S. Department of Energy's CIAC - Computer Incident Advisory Capability. The phone number is (510) 422-8193.
NASIRC - NASA Automated Systems Incident Response Capability. For NASA centers and the International Aerospace Community. (WWW Access may be restricted from non-NASA sites). The phone number is (800) 762-7472.
NAVCIRT - Naval Computer Incident Response Team. Supports all Department of the Navy activities. Phone number is (800) 628-8893.

Computer Security Research Groups

Everyone listed below is involved in computer security somehow. In some cases, such as NIST, they have provided a clearinghouse of computer security information. Some of the other groups here are research groups, or even 'reformed' hakkers who are now sharing their old tricks with the Internet community. All provide some interesting information and resources.

COAST Computer Operations, Audit, and Security Technology project at Purdue University.
Center for Secure Information Systems at George Mason University. in Northern VA.
NIST's Computer Security Resource Clearinghouse This seems to be a nice collection of documents and links that have be pulled together in one place.
Computer Security Group at University of Cambridge (UK).
SRI Computer Security Lab
8lgm - Eight Little Green Men ... Security advisories and exploitation details of known holes in operating systems. Who are these guys and should you trust them? Their web site doesn't reveal any answers to these questions, but they seem to know these holes very well!

Individual Computer Security Meta-pages

Some of these probably contain new and interesting things, and some of them are probably more of the same. Your mileage may vary (YMMV).

Charles Hoynowski's Page A long list of links to information pages, Internet resources, and FAQs on computer security.
Info Security Heaven - Searchable Indices of many security mailing lists and bulletins.
NIH Security Pages - These are really nicely organized and informational.
Niels Provos's Security Pages.
Rick Garvin's Page - Some papers, some pointers to RFCs, some useful links, all from a fellow dc.sage-er and computer security expert.
SAIC System Development Operation Center Security Library.
TEZCAT Communication's Pages - Some good pointers and papers.
Margaret Turner's Ecommerce/Security Pages.
Security and Privacy Issues webspace by Neil F. Johnson.
MLD's UNIX Security Page an outstanding layout of papers, FAQs, links, etc. set up by Matthew Deter.

FAQs and Data (Security Related)

Many of these are a must read for new systems administrators.

Mailing Lists and Newsgroups

As with all newsgroups, there can be a significant amount of noise-to-signal ratio that you have to weed through. There are many people with an opinion on computer security ... your mission, should you choose to accept it, is to determine which of these people present an informed opinion from which you can draw your own conclusions! Be aware that not all news servers carry all newsgroups.

USENET News Groups

Generic Security Newsgroups

Cryptography and Cryptology

Privacy Systems

Specific Operating System Lists

Crackers, Hackers, Phreakers, and Friends

Archives from Mailing Lists

I'd like to grow this section ... if you know where these lists are archived, please let me know.

Bugtraq Archives - Bugtraq is a mailing list designed for the detailed and open discussion of security vulnerabilities in UNIX systems.
Firewalls Mailing List Archives.

Internet Mailing Lists

Bugtraq
Firewalls Mailing List.

Return to the top of this page.

Return to the security pages.

Return to the dc.sage home page.

Author: Rob Jenson
Last Revised: $Date: 1997/04/26 17:45:59 $ $Revision: 1.3 $

dc.sage gratefully acknowledges the sponsorship of Heller Information Services for this and other Internet services.
This document is © copyright 1996, 1997 Robert B. Jenson. All Rights to use of and reproduction of the content is granted freely to all members of dc.sage. All other rights reserved.
These pages maintained by: The dc.sage Web Folks.