A Survey of Security-Related Online Resources

This document adapted from a posting to comp.security.unix authored by Vin McLellan. There were some indications that at least portions of this list were extracted from an equivalent WWW document. He writes: (Please add new sites or suggest potential sources. New www (web) sites are popping up daily; and I'm sure I don't know about some gophers that are treasures. This is mostly the work of others that's I've picked up here and there; I'd credit if I could. If there isn't a Master Directory like this regularly posted on this list, the community should keep this up to date and circulating. Corrections are always welcome.) -Vin McLellan (vin@shore.net), The Privacy Guild

HTTP Sites

SRI Computer Science Lab
SRI has responsibility for the ACM Forum on Risks in the Use of Computer and Related Systems. Here you'll find a link to it.
SRI WWW Server
see also
Purdue COAST Project
(Computer Operations, Audit and Security Tools). A great ftp site collecting many things pertinant to security
Digital Secure Systems
Digital markets a series of products and services for internet security.
Computer Systems Consulting
CSC has much of the information and tools available to the cracker community.
RSA Data Security, Inc.'s Home Page
RSA provides the defacto industry standard in public key encryption
NIST WWW Home Page
The National Institute of Standards and Technology has a lot of information on computer security
The Secure HyperText Transfer Protocol
This is the draft text for an RFC (Request For Comment) being circulated to elicit public comment
Christopher L. Menegay's Security Page
This site contains explicit information about how to break into Unix systems. It also details how to stop these methods. A valuable service.
NASA Automated Systems Incident Response Capability
Not really of much use, you can't go beyond an introductory screen without authorization.

General FTP Sites Interested in Comp Security

The National Institute of Standards and Technology's Computer Science Laboratory, Computer Security Divison FTP site. You might want to select the index.html file once there for a cleaner interface.
Computer Emergency Response Center FTP site. Many advisories and tools are available here.
Computer Incident Advisory Capability ftp site
COAST Security FTP Archive
Computer Operations, Audit and Security Tools ftp site
Greatcircle FTP Server (firewalls)
This is the system the firewalls mailing list lives on, and contains an extensive list of documentation and other useful information about firewalls.
Trusted Information Systems (TIS) FTP Server
TIS does consulting in the firewalls market. They also have a very complete suite of software to implement a firewall available by anonymous ftp
AT&T FTP Server
Athena FTP Server
From MIT, the Athena Project has more to offer than X. Among other things, you'll find kerberos software here, as well as a great collection of USENIX papers, and other tasty tidbits.
SURAnet security archive. They have CERT and CIAC alerts, NIST publications, Department of Defense Alerts, pagers, security programs, etc...
DDN Security Bulletins FTP Server
This is the NIC's security ftp server. Skip all the files starting with ddn-security- until you get down to ddn-security-8901. All the previous ones will just tell you that the naming conventions have changed, and you're looking at the wrong file.
Texas AMU security tools
Texas A&M, in response to being broken into, has developed a lot of expertise in detecting and preventing breakins. Here you'll find papers and tools.
While intended for the use of NEC and it's subsidiaries, this site always has a nifty assortment of tools for socks, sudo, cops, etc...
Dartmouth Security Tools
Matt Bishop's cool collection of papers and programs related to security, including passwd+.

COAST- intrusion_detection
AI and statistical tools to detect intrusion.
SRI's NIDES Next-Generation Intrusion Detection System

Gopher Sites

NIST Main Gopher
NIST Security Gopher
FIRST Gopher
CSC Security Gopher
Security,Audit & Control (SIGSAC)