Security Links

 

Bookmarks

Advisories

Bugtraq mailing list archives

Center for Internet Security

CERT Coordination Center

CIAC Security Web Site

COAST Security Archive

Dan Farmer - Abstract

Directory of _pub_auscert_papers

Forum of Incident Response and Security Teams

ICSA 2000 _ WE SECURE THE WEB !

Information Security Center

National Computer Security Association

NCSA Main Menu

NIST Computer Security Resource Clearinghouse

NTAdvice - NTBugtraq

SANS Home Page

Secure Networks Inc.

SUNSeT - Stanford University Network Security Team

The Computer Security Institute

TPEP Rainbow Series Library

Audit Tools

AGIS Corp.

AntiOnline - Computer Security - Hacking & Hackers

Cheops Network User Interface

Exploit world

Foundstone - Free Tools

Home

Internet Maniac ver 1.0

Internet Security Systems, Inc.

Linux IP Spoofer

Matt's Unix Security Page

MCN's Intrusion Tools

Most Popular Freeware on GRC.COM

Netcat

Nmap -- Stealth Port Scanner For Network Security Auditing, General Internet Exploration &

Nomad Mobile Research Centre - Files

Quality Security Tools

Sam Spade

SATAN

Sniffit Page

SYN Flood DoS attack Experiments

Top 75 Network Security Tools

Unix System Monitoring Tools

WebTrends Security Scanner

Welcome to ipsecurity

Windows Software

WWDSI's Saint Information

Crack Tools

CRAK Software Password Recovery Excel,Word, WordPerfect, 123 - File Saver for Wordprocessors an

ScanPro (aka ScanNT) Enterprise Password auditor for Windows NT

Cryptography_VPNs

PGP

MIT distribution site for PGP

SSH

Free SSH Programs.

OpenSSH

PuTTY_ a free Win32 telnet_ssh client

SSH - Front Page

SSH - Products - SSH Protocols - SSH protocols

SSH2 Quick Start

The Secure Shell (SSH) FAQ - Frequently Asked Questions

TTSSH_ An SSH Extension to Teraterm

SSL

Apache-SSL

C2Net Software, Inc.

mod_ssl_ The Apache Interface to OpenSSL

Setting up a CA using free software

VPN-Routers

CoSine Communications __ A leading Provider of Managed IP Service Delivery Platforms

ftp___ftp.cosine.net_

@stake LC3

Alec Muffett's Home Page

APPLIED CRYPTOGRAPHY, SECOND EDITION Protocols, Algorithms, and Source Code in CTable of Contents

Bookmark Our Bookmarks on Virtual Private Networks

BYTE Magazine - November 1997 _ BYTE Software Lab Report _ Extend Your Net with VPNs

Certicom

Comprehensive list of Public Key Infrastructure (PKI) links

Counterpane Homepage

Counterpane Labs

Crypto and Security Courses

Cryptome

Cylink Corporation_

distributed.net - Node Zero

EFF DES Cracker Project

Entrust Technologies_ Orchestrating Enterprise Security

GnuPG - The GNU Privacy Guard

Handbook of Applied Cryptography

IP Security Protocol (ipsec) Charter

IRE

John the Ripper -- password cracker

KyberPASS

MIT distribution site for PGP

Osicom Technologies

Quadralay Cryptography Archive

Ronald L. Rivest _ Cryptography and Security

RSA Data Security Inc.

SecuriTeam.com ™ (Xavior - a customizable brute force password cracker)

The International PGP Home Page

V-ONE Corporations Short Bus Site for The Hip and Cool

VeriSign

Virtual Private Network Consortium -- VPNC

VPN Info on the World Wide Web

Welcome to CyberSafe

Welcome To RSA Security Inc. -- The Most Trusted Name in e-Security_ Authentication, Encryption

Hacker

----===== Mint Dimension H_P_V_A_C Resources =====----

2600 Magazine

ANONYMOUS SURFING

Black Hat Windows Security 2003 Topics and Speakers

Entrance to the HackerZ Hideout

Filez - Search 75M files and 1000s of servers for freeware, shareware, & commercial software

Fyodor's Exploit world

Index of -~modify-texts-faqs

main - Harley's Place

Netsurfer Focus_ Computer and Network Security

Welcome To Microcrap

Worst Case Scenario

Intrusion Detection

An Introduction to Intrusion Detection

CFR - Recent Advances in Intrusion Detection (RAID'98)

CSI Intrusion Detection System Resource

DIRT- Data Interception by Remote Transmission, law enforcement software, police software, inve

Haystack Labs, Inc.

Home

Internet Tools, Inc.

Intrusion Detection FAQ

Intrusion Detection Pages

Network Flight Recorder, Inc.

Raid2000 Home Page

Riptech

SnortSam - Home

Welcome to Network ICE

WheelGroup Corporation

Logging Tools

Logsurfer Homepage

Perl Tools for download

Sawmill log analyzer; log file analysis; log analysis program

Swatch

Microsoft

ALL THE LATEST WINDOWS SECURITY NEWS!

Beginner's guide to armoring NT 4.0

Big Brother Inside Homepage

Center for Internet Security - Standards

Donald Dick's official page

Download NSA Windows NT Study

Exploit world

February 1997 _ Web Project _ NT Security

Future IT Home Page

Microsoft Security Advisor Program

New NTonline Page

Nomad Mobile Research Centre - NT Files

NT Security - Frequently Asked Questions

NT Security Suggestions

NTAdvice - NTBugtraq

NTSAfe

ntsecurity - NT Security Home

Procedures for Hardening Windows NT_

Securing Windows NT Installation _ [Microsoft Windows NT Server 4.0; installation; security fea

Somarsoft, Inc.

Stefan Norberg

Trusted Systems Services - Windows NT Security

Windows NT administration and Windows NT security management software tools

Windows NT Security Guide

Windows NT security news and related sites

Windows NT Security_ Step-by-Step

Misc. Info

Directory of _pub_security

Electronic Mail Policy

Safe Internet Programming_ Publications

Welcome to Securityinfo.com

Other Firewalls

FireTower, Inc. - Raptor Firewall FAQtory

Firewall Builder

Firewalls Mailing List by subject

Firewalls_ Don't Get Burned

NETSYS.COM Technical Library_ Internet Security_ Firewalls

Network-1 Homepage (Design1)

Raptor Application Firewall for Network Security

Signal 9 Solutions

StorageTek Network Systems Group Home Page

Trusted Information Systems

WatchGuard Firewall

Welcome to NetCitadel website!

Welcome to the Private I Home Page!

WinGate Proxy Server, Firewall, and DHCP Server for Windows 95 and NT WinGate

Personal Firewalls

LeakTest -- Hardware Firewalls_NAT Routers

Practically Networked Home

SofaWare Home Page

Zone Labs - Home

Policy

Computer Forensics Analysis

Computer Security Administration Policies , Procedures & Guidelines

Forensic Computing & Analysis

ISC2 CISSP Home Page

Rainbow Series

TPEP Rainbow Series Library

Remote Access

Aventail Managed VPN_ Securing Your Business Communication

CRYPTOCard Corporation, Network and Computer Security

FreeRADIUS.org

Funk Software, Home

http___www.vpnet.com_

New Oak Communications - Welcome

TCP_IP Filtering

Cyber Patrol - Internet Filtering Software

Sequel Technology

WebSENSE MainPage

Virus

AVG Anti-Virus

Trend Micro, Incorporated

Vulnerabilities

INFOWAR.COM

L0pht Heavy Industries Archives

Matt's Unix Security Page

Nomad Mobile Research Centre

PHRACK MAGAZINE ONLINE ARCHIVE

t e c h n o t r o n i c . c o m

WarDialers

.[packet storm]. - http--packetstormsecurity.org-

PhoneTag by Teltech Systems, Inc.

Web Security

Maxum Development

The WWW Security FAQ

@Guard ("AtGuard")_ Enhance Performance, Privacy, and Protection on the Internet

AIS Security Portal

Anonymizer

ASTALAVISTA.BOX.SK

AttackPortal.net

BSI-DISC website for BS 7799

Bugtraq Mailing List Archive_ By Thread

Cerberus Information Security, Ltd

CERTAr Security Improvement Modules

Computer Security Information

Computer Security News Daily - Latest Stories

Corporate Espionage _ What It Is, Why It Is Happening in Your Company, What You Must Do About It

COTSE-Bugtraq Archives 2000

Crowds Home Page

Denial of Service (DoS) Attack Resource Page

DMW Worldwide

EnsureTek Home Page

Global Intrusion Detection - INCIDENT.ORG

godot's muse

Hacking and Hackers - Computer Security Programs Downloading Search Engines Portal News

Home

http--www.fish.com-titan-

HTTP___Search.SecurePoint.COM

ICSA 2000 _ WE SECURE THE WEB !

Insecure.org -- Computer Security, Nmap, Port Scanner, Exploit World, Exploits, Hacking, Hacker

internetMCI Security Engineering

Jerboa Inc._ Information Security Services

Linux Security - The Community's Center For Security

NCSU SHANG_ Papers

netsec.pl

Network Security Library Last additions

Network Security Library

NIPC Home

NSA INFOSEC Page - INFOSEC Assessment Methodology (IAM)

NSW

Nyheter 1999-02

OpenBSD Security

P G C I

Placing Backdoors Through Firewalls

Privacy Analysis of your Internet Connection

Rainbow Series Library

s e c u r i t y f o c u s

s e c u r i t y w a t c h . c o m

SamSpade.org

SANS Institute Online - Home Page

SecureLogix (TM) Corporation - TeleSweep Secure Distributed Scanner for Telephone Lines

SecuriTeam.com â,¢ (Main Page)

Security 7

Security Management Online

security resource net's computer security

SecuritySense

Signal 9 Solutions

Snort Rules from rapidnet.com

SocketWatch

Solaris Security Guide

Sun Enterpriseâ,¢ Network Security Service - Community Source Licensing

t e c h n o t r o n i c . c o m

The Black Hat Briefings Security Conference Homepage

The Computer Security Institute

The Internet Security Conference

The Nemesis Project - a TCP_IP Packet Injection Suite

The Packetfactory

This is the Senate Judiciary Committee Privacy in the Digital Age_A  A Resource for Internet Us

Titan

Vendor Secutiry Contacts

{_[Genocide2600.com]_}

 

 

Other Security Links:

 

• "Guidelines for Developing Penetration ‘Rules of Behavior’" by Nancy Simpson
• Social Engineering Fundamentals, Part I: Hacker Tactics by Sarah Granger, SecurityFocus Online
• A Common Compromise - The SE Job (Social Engineering) by Stephen K. Gielda
• Domain names
• Vulnerabilites & Exploits
• Penetration Testing – Is it right for you? by Jimmy Braden
• Penetration Testing: The Third Party Hacker by Jessica Lowery
• CERT Guide to System and Network Security Practices by Julia H Allen, ISBN: 020173723X
• Computer Crime Investigator's Toolkit: Part I and Part II
• Penetration Test Zero Knowledge Checklist by Jean-Luc Adam
• Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS by David Kinn and Kevin Timm
• Tools
• ISS
• NMAP
• NESSUS
•  
• ISS Internet Scanner
• "Scanning and Defending Networks with Nmap" by By Rich Jankowski
• Farmer, Dan and Venema, Wietsa "Improving the Security of your site by breaking into it" Sun Microsystems (11/29/00)
• "Know Your Enemy II: Tracking the Blackhat's Moves" June 2001 from Project Honeynet
• Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses by Edward Skoudis, Radia Perlman (editor), ISBN# 0130332739
• Hacking Exposed: Network Security Secrets & Solutions, by Scambray, Joel, Stuart McClure and George Kutz, 2nd Edition, McGraw Hill, 2001.
• Peter Norton's Network Security Fundamentals by Peter Norton and Mike Stockman
• Network Intrusion Detection: An Analyst's Handbook, by Northcutt, Stephen, Judy Novak, 2nd edition, New Riders, 2001
• The NESSUS website
• Hackers Know the Weakness in Your System. Shouldn't You?: AntiOnline
• CyberCop Scanner
• Penetration Testing on 802.11b Networks by Benjamin Huey
• "Anatomy of a friendly hack" by Winn Schwartau, Network World, 2/2/98
• "Penetration Testing Methodology for fun and profit" by Efrain Torres
• "Secure Strategies: Penetration Testing Exposed" , Information Security Magazine
• Intro to ARP Spoofing by Sean Whalen, Sophie Engle, Dominic Romeo
• WEP Password Cracker by Tim Newsham

 

• "The Twenty Most Critical Internet Security Vulnerabilites", SANS Institute
• "Information Security Reading Room", SANS Institute

 

• "Vulnerability Assessments: The Pro-active Steps to Secure Your Organization" by Robert Boyce
• Computer Forensics: Incident Response Essentials by Warren Kruse and Jay Heiser, Addison-Wesley ISBN# 0201707195
• Incident Response: Investigating Computer Crime by Kevin Mandia and Chris Prosise, McGraw-Hill Professional Publishing; ISBN: 0072131829
• "Vulnerability Assessment" document by Susan Cima
• The Definitive Guide to Business Resumption Planning by Leo A. Wrobel Jr., Artech House ISBN# 0890069484
• Threats and Vulnerabilities Featured Articles
• "Instant Messaging: How Secure Is It?" by Susan Willner
• The Instant Messaging Menace: Security Problems in the Enterprise and Some Solutions by Dan Frase
• A Common Compromise - The SE Job (Social Engineering) by Stephen K. Gielda
• "Why Financial Institutions are So Easily Hacked" by Gilian Technologies
• Forensic Computer Analysis: An Introduction by Dan Farmer and Wietse Venema
• Computer Crime Investigator's Toolkit: Part I and Part II
• SSL Man-in-the-Middle Attacks by Peter Burkholder
• Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS by David Kinn and Kevin Timm

 

HTCIA (High Technology Crime Investigation Association)

 

Denial of Service Attack Resources website

 

• Incident Response by Richard Forno, Kenneth R. Van Wyk, O'Reilly & Associates; ISBN: 0596001304
• Incident Response: A Strategic Guide to Handling System and Network Security Breaches by Russell Shumway, E. Eugene Schultz, New Riders Publishing; ISBN: 1578702569
• CISSP Exam Cram: Exam chapter 9, by Mandy Andress, The Coriolis Group; ISBN: 1588800296
• "Anatomy of a friendly hack" by Winn Schwartau, Network World, 2/2/98
• NT4 Intrusion and Security by Mnemonic
• Cross-Site Scripting Vulnerabilities by Mark Shiarla
•  
• "Information Security Reading Room", SANS Institute
• How to Become a Hacker by Eric S. Raymond

 

"Understanding Cyber Attacks" – Foundstone

 

 

• SANS Document on Security Assessments Guidelines for Financial Institutions by Karen Nelson
• Cisco Security Technologies document
• A Qualitative Risk Analysis and Management Tool – CRAMM by Zeki Yazar
• An Overview of Threat and Risk Assessment by James Bayne
• Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS by David Kinn and Kevin Timm

 

Security Policies:

• Information Security Forum
• "Policies and Procedures" by Michele Crabb-Guel
• Business Recovery Checklist by KPMG
• "Security Policy: What it is and Why - The Basics" by Joel S. Bowden
• Prioritizing Security Efforts: Create Structure from Disorder by Rich Mogull
• Email Policy article on reasons you need to have one.
• AITP Email Policy Model
• CSPR: Sample email and voice policies
• IEEE Email Policy
• Windows NT Domain Password Policy Recommendation
• "Computer Virus Policy, Training, Software Protection and Incident Response for the Medium Sized Organization: A How-To Guide" by Chris Gullett
• Virus Detection and Prevention Tips by McAfee
• How to develop a Network Security Policy
• FTC Issues Financial Information Safeguards Rule document
• Writing Information Security Policies by Scott Barman, New Riders Publishing; ISBN: 157870264X
• Information Security Policy Manual by Edmond D Jones, Rothstein Associates; ISBN: 1931332096
• Information Security: Policies and Procedures A Practioner's Reference by Thomas R Peltier, CRC Press - Auerbach Publications; ISBN: 0849399963
• The E-Policy Handbook: Designing and Implementing Effective E-Mail, Internet, and Software Policies by Nancy L. Flyn, AMACOM; ISBN: 0814470912
• HISM (The Handbook for Information Security Management) by by Tipton and Krause
• 10 Tips for Creating a Network Security Policy
• Network Security Policy Best Practices White Paper from Cisco
• Penetration Testing – Is it right for you? by Jimmy Braden
• Dangerous Technology: Management Beware by Brent McKinley
• "Security Policy: Where to Begin" by Laura Wills
• "Policies and Procedures" by Michele Crabb-Guel
• The E-Policy Handbook: Designing and Implementing Effective E-Mail, Internet, and Software Policies by Nancy L. Flyn, AMACOM; ISBN: 0814470912
•  

 

Forensics and Incident Response:

• Computer Forensics: Incident Response Essentials by Warren Kruse and Jay Heiser, Addison-Wesley ISBN# 0201707195
• Incident Response: Investigating Computer Crime by Kevin Mandia and Chris Prosise, McGraw-Hill Professional Publishing; ISBN: 0072131829
• Incident Handling Step by Step: Unix Trojan Programs SANS Institute
• Logfile Analysis: Identifying a Network Attack by Michael Fleming

 

Security Awareness:

• "Security Awareness Starts in IT" by William Farrar
• "Policies and Procedures" by Michele Crabb-Guel
• Social Engineering Fundamentals, Part I: Hacker Tactics by Sarah Granger, SecurityFocus Online
• "The Ultimate Defense of Depth: Security Awareness in Your Company" by Brian D. Voss
• A Multi-level Defense Against Social Engineering by David Gragg
• Creating the Effective Information Security Awareness Program and Demonstration by Fred Hinchcliffe
• "Security Awareness Training and Privacy" by Michelle Johnston
• "Awareness, A Never Ending Struggle" by Douglas Alred
• Security Awareness Training from The US National Institute of Health (NIH)
• A Common Compromise - The SE Job (Social Engineering) by Stephen K. Gielda
• Dangerous Technology: Management Beware by Brent McKinley
• Methods and Techniques of Implementing a Security Awareness Program by William Hubbard

 

 

• "Selling Security To Management" by Jeff Hall
• "A Proactive Defence to Social Engineering" by Wendy Arthurs

 

Authentication:

• "RADIUS – A Protocol for Centralized Authentication" by William F. Evans, FAIC
• White Papers on Authentication from SANS
• "A Short History of Cryptography" by Fred Cohen
• " List of Certification Authorities", maintained by Juan A. Avellan
• "The Essential Role of Trusted Third Parties in Electronic Commerce" by Froomkin, Michael

 

Architecture:

• One Approach to Enterprise Security Architecture by Nick Arconati
• How to develop a Network Security Policy
• HISM (The Handbook for Information Security Management) by by Tipton and Krause
• 10 Tips for Creating a Network Security Policy
• Network Security Policy Best Practices White Paper from Cisco
• Writing Information Security Policies by Scott Barman, New Riders Publishing; ISBN: 157870264X
• Information Security Policy Manual by Edmond D Jones, Rothstein Associates; ISBN: 1931332096
• Information Security: Policies and Procedures A Practioner's Reference by Thomas R Peltier, CRC Press - Auerbach Publications; ISBN: 0849399963
• Security Architecture Design, Deployment, & Operations. by King, Dalton, Osmanoglu. New York: RSA Press, 2001
• Security Entities Building Block Architecture by Markus Vilcinskas, Microsoft TechNet
• Building an Enterprise Security Architecture by Michael Roberti
• Security Architecture Model Component Overview by Scott M. Angelo

 

 

Intrusion Detection:

• Intrusion Detection, Network Security Beyond the Firewall by Terry Escamilla, John Wiley & Sons ISBN# 0-471-29000-9
• Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt, Donald McLachian, Judy Novak , New Riders Publishing ISBN# 0735710082
• Intrusion Detection by Rebecca Gurley Bace, Pearson Higher Education ISBN# 1578701856
• Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS by David Kinn and Kevin Timm
• Justifying the Expense of IDS, Part Two: Calculating ROI for IDS by David Kinn and Kevin Timm
• Selecting an Intrusion Detection System by Kathleen Buonocore
• FAQ: Network Intrusion Detection Systems
• The ABCs of IDS (Intrusion Detection Systems) by by Carolyn Meinel
• Computer Crime Investigator's Toolkit: Part I and Part II
• Intrusion Detection by Lance E. Spitzner
• An Introduction to Intrusion Detection Assessment
• SSH and Intrusion Detection by Heather M. Larrieu
• Snort Install on Win2000/XP with Acid, and MySQL for Dummies by Christina Neal
• Logfile Analysis: Identifying a Network Attack by Michael Fleming
• Intrusion Detection and Analysis: Theory, Techniques and Tools by Tod Beardsley
• Intrusion Detection Using EtherPeek NX and EtherPeek by WildPackets
• Checkpoint
• Enterasys website
• Cisco Intrusion Detection System - IDS (NetRanger)
• Intrusion Detection, An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response by Edward Amoroso ISBN: 0966670078
• Intrusion Signatures and Analysis by Mark Cooper, Stephen Northcutt, Matt Fearnow, Karen Frederick, ISBN #0735710635
• "The Future of IDS" by Matthew Tanase
• IETF Working Group: Intrusion Detection Exchange Format
• SANs Institute Reading List for Intrusion Detection articles
• Cisco Secure Intrusion Detection System by Earl Carter, Rick Stiffler; Cisco Press; ISBN: 158705034X
• FAQ: Network Intrusion Detection Systems
• A Thousand Heads Are Better Than One – The Present and Future of Distributed Intrusion Detection by Robert Zuver
• Network-vs. Host-based Intrusion Detection Internet Systems Security
• Analysis Techniques for Detecting Coordinated Attacks and Probes by John Green , David Marchette and Stephen Northcutt
• Hackers' Tricks to Avoid Detection by Chris Prosise and Saumil Udayan Shah
• Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events by Richard Bejtlich
• A Practical Guide to Running SNORT on Red Hat Linux 7.2 and Management Using IDS Policy Manger MySQL+IIS+ACID From your Workstation by William Metcalf

 

IPSec – VPNs:

• A Technical Guide to Ipsec Virtual Private Networks, by James S Tiller, Auerbach Publications; ISBN: 0849308763
• Virtual Private Networks: Technologies and Solutions by Ruixi Yuan, W. Timothy Strayer, Addison-Wesley Pub Co; ISBN: 0201702096
• CCSP Cisco Secure VPN Exam Certification Guide (1-58720-070-8) Official self-study guide for the Cisco 9E0-121 and 642-511 CSVPN exams
• A Technical Guide to Ipsec Virtual Private Networks, by James S Tiller, Auerbach Publications; ISBN: 0849308763
• MPLS and VPN Architectures: A Practical Guide to Understanding, Designing and Deploying MPLS and MPLS-Enabled VPNs
  by Jim Guichard, Ivan Pepelnjak, Cisco Press; ISBN: 1587050021
• Enhanced IP Services for CISCO Networks: A Practical Resource for Deploying Quality of Service, Security, IP Routing, and VPN Services
  by Donald C. Lee, Cisco Press; ISBN: 1578701066
• Windows 2000 Virtual Private Networking (VPN) by Thaddeus Fortenberry, New Riders Publishing; ISBN: 1578702461

 

PKI:

• Understanding Digital Signatures: Establishing Trust Over the Internet and Other Networks by Gail Grant, McGraw-Hill, ISBN# 0070125546
• Public Key Authentication Framework: Tutorial by Robin Whittle
•  
• Cryptography and Network Security Principles and Practice by William Stallings, chapter 16, ISBN 0-13-869017-0
• RSA's PKCS (Public-Key Cryptography Standards) webpage
• A Short History of Cryptography by Fred Cohen
• "Why Cryptography is Harder than it Looks" by Schneier, Bruce
• List of Certification Authorities, maintained by Juan A. Avellan
• The Essential Role of Trusted Third Parties in Electronic Commerce by Froomkin, Michael
• PKI-Law Web Site - Excellent web site on PKI and the Law, maintained by Charles Merrill, Esq.
• Digital Signature Guidelines (American Bar Association Guidelines - free download)
• Attend vendor class(es) and/or review study materials for one of the following products:
• PKI Resources

 

Secure Remote Access:

• Interviewing and questioning skills
• Configure computers for secure remote administration by Carnegie Mellon Software Engineering Institute (CERT)
• Secure Access of Network Resources by Remote Clients by G Mac Donald
• A Guide to Managing Remote Users by John Shireley
• Managing Security in a Mobile Environment by Warren Cartwright
• Securing Remote Users VPN Access to Your Company LAN by Klavs Klavsen
• "Policies and Procedures" by Michele Crabb-Guel
• How to develop a Network Security Policy
• SANS Document on Security Assessments
• Cisco Security Technologies document
• Writing Information Security Policies by Scott Barman, New Riders Publishing; ISBN: 157870264X
• Information Security Policy Manual by Edmond D Jones, Rothstein Associates; ISBN: 1931332096
• Information Security: Policies and Procedures A Practioner's Reference by Thomas R Peltier, CRC Press - Auerbach Publications; ISBN: 0849399963

Knock Knock…Who’s there? Do you know who is accessing your VPN? by Norma Jean Schaefer

 

 

Security Auditing:

• Standard for Auditing Computer Applications by Martin A. Krist, Auerbach ISBN# 0849399831
• HISM by by Tipton and Krause, chapter 10 Physical Security
• Security, ID Systems and Locks: The Book on Electronic Access Control by Joel Konicek and Karen Little, Butterworth-Heinemann ISBN# 0750699329
• Cisco Security Technologies document
• Auditing Inside the Enterprise via Port Scanning & Related Tools by Bob Konigsberg
• FTC Issues Financial Information Safeguards Rule document
• A Qualitative Risk Analysis and Management Tool – CRAMM by Zeki Yazar

Internet Security Auditing website

AUDITING & SYSTEMS: EXAM QUESTIONS AND EXPLANATIONS, 9th Edition, Irving Gleim and William A. Hillison

 

CISA:

Become familiar with and complete requirements to become a CISA - Certified Information Systems Auditor. The CISA designation is awarded to those individuals with an interest in Information Systems auditing, control, and security who have met and continue to meet the following requirements: the successful completion of the CISA Examination; Information Systems auditing, control or security experience (minimum 5 years); Code of Professional Ethics; the Continuing Education Program; and Information Systems Auditing Standards.

Use the following study materials to help you:

• Self Study:
• Content areas for the CISA exam:
• The IS Audit process
• Management, planning and organization of IS
• Technical infrastructure and operational practices
• Protection of information assets
• Disaster recovery and business continuity
• Business application system development, acquisition, implementation and maintenance
• Business process evaluation and risk management
•  
• CISA Examination reference materials website for textbooks
• Obtain industry certification
• CISA website

 

Microsoft Security:

Take advantage of the IIS 'What If' security tool TechRepublic article

IIS Security Planning Tool from Microsoft

 

 

HIPAA:

• HIPAA Advisory website
• HIPAA-Compliant Configuration Guidelines for Information Security in a Medical Center Environment by Robert Grenert
• Impact of HIPAA Security Rules on Healthcare Organizations" by Tim Ferrell
• "HIPAA Compliance: Cost-Effective Solutions for the Technical Security Regulations" by Tautra Romig
• HIPAA privacy changes trickle down to IT by Edward Hurley, Assistant News Editor 28 Mar 2002, SearchSecurity

HIPAA comply Homepage

• The Latest on HIPAA (The Health Insurance Portability and Accountability Act) Including Final Rules for EDI Transactions and Code Sets, plus Privacy (published December 28, 2000) - whitepaper from First Consulting Group
• HIPAA Road Map to Administrative Simplification by Computer Sciences Corporation

 

Calendar for HIPAA Training Seminars

CHIME (College of HealthCare Information Management Executives)

 

 

Firewalls:

• Firewalls and Internet Security: Repelling the Wily Hacker, 2nd edition by William R. Cheswick & Steven M. Bellovin, Addison-Wesley
• Building Internet Firewalls by Brent Chapman &Elizabeth D. Zwicky, O'Reilly & Associates
• Cryptography and Network Security: Principles and Practice, 2nd edition, chapter 16, by William Skillings, Prentice Hall ISBN# 0-13-869017-0
• CCSP Cisco Secure PIX(R) Firewall Advanced Exam Certification Guide (1-58720-067-8) Official self-study guide for the Cisco 9E0-111 and 641-521 CSPFA exams
• The Installation and Configuration of a Cisco PIX Firewall with 3 Interfaces and a Stateful Failover Link by Steve Textor
• Configuring a