A Survey of Security-Related Online Resources
This document adapted from a posting to comp.security.unix authored by
Vin McLellan. There were some indications that at least portions of
this list were extracted from an equivalent WWW document. He writes:
(Please add new sites or suggest potential sources. New www (web) sites
are popping up daily; and I'm sure I don't know about some gophers that
are treasures. This is mostly the work of others that's I've picked up
here and there; I'd credit if I could. If there isn't a Master Directory
like this regularly posted on this list, the community should keep this up
to date and circulating. Corrections are always welcome.)
-Vin McLellan (firstname.lastname@example.org), The Privacy Guild
SRI Computer Science Lab
- SRI has responsibility for the ACM Forum on Risks in the Use of Computer
and Related Systems. Here you'll find a link to it.
SRI WWW Server
- see also
Purdue COAST Project
- (Computer Operations, Audit and Security Tools).
A great ftp site collecting many things pertinant to security
Digital Secure Systems
- Digital markets a series of products and services for internet security.
Computer Systems Consulting
- CSC has much of the information and tools available to the cracker
RSA Data Security, Inc.'s Home Page
- RSA provides the defacto industry standard in public key encryption
NIST WWW Home Page
- The National Institute of Standards and Technology has a lot of
information on computer security
The Secure HyperText Transfer Protocol
- This is the draft text for an RFC (Request For Comment) being
circulated to elicit public comment
Christopher L. Menegay's Security Page
- This site contains explicit information about how to break into
Unix systems. It also details how to stop these methods. A valuable
NASA Automated Systems Incident Response Capability
- Not really of much use, you can't go beyond an introductory screen
General FTP Sites Interested in Comp Security
NIST FTP Server
- The National Institute of Standards and Technology's Computer
Science Laboratory, Computer Security Divison FTP site.
You might want to select the index.html file once there for a cleaner interface.
CERT FTP Server
- Computer Emergency Response Center FTP site.
Many advisories and tools are available here.
CIAC FTP Server
- Computer Incident Advisory Capability ftp site
COAST Security FTP Archive
- Computer Operations, Audit and Security Tools ftp site
Greatcircle FTP Server (firewalls)
- This is the system the firewalls mailing list lives on, and
contains an extensive list of documentation and other useful information about
Trusted Information Systems (TIS) FTP Server
- TIS does consulting in the firewalls market. They also have a very
complete suite of software to implement a firewall available by
AT&T FTP Server
Athena FTP Server
- From MIT, the Athena Project has more to offer than X. Among other
things, you'll find kerberos software here, as well as a great
collection of USENIX papers, and other tasty tidbits.
SURA FTP Server
- SURAnet security archive. They have CERT and CIAC alerts, NIST
publications, Department of Defense Alerts, pagers, security programs,
DDN Security Bulletins FTP Server
- This is the NIC's security ftp server.
Skip all the files starting with ddn-security- until you get down to
ddn-security-8901. All the previous ones will just tell you that the
naming conventions have changed, and you're looking at the wrong file.
Texas AMU security tools
- Texas A&M, in response to being broken into, has developed a lot of
expertise in detecting and preventing breakins. Here you'll find papers
NEC.COM FTP Server
- While intended for the use of NEC and it's subsidiaries, this site
always has a nifty assortment of tools for socks, sudo, cops, etc...
Dartmouth Security Tools
- Matt Bishop's cool collection of papers and programs related to
security, including passwd+.
- AI and statistical tools to detect intrusion.
SRI's NIDES Next-Generation Intrusion Detection System
NIST Main Gopher
NIST Security Gopher
CSC Security Gopher
Security,Audit & Control (SIGSAC)