Links

• IEEE Computer Society Digital Library
• ACM Digital Library
• Information Assurance Support Environment (IASE)
• Information Assurance Technology Analysis Center (IATAC)

References

• Security General
• Security Guidelines
• Incident Response
• Portals & Publications
• Firewalls
• Forensics

Security (Overview, General, Opinions)

Best Practices in Network Security by Fred Avolio
Conducting A Security Audit: An Introductory Overview: by Bill Hayes
Cross Platform Security Analysis by Anton Chuvakin
Federal Cybersecurity: Get a Backbone by Marcus Ranum
Hammering Out a Secure Framework by Mike Fratto
The Rise and Fall of Internet Security: A Story in Two Parts by Fred Avolio
The State of Systems Security by Ron Dufresne
Vulnerability Assessment Survey at SecurityFocus.com
Best Practices for Securing Enterprise Networks by Dave Piscitello and Lisa Phifer
Rethinking Network Security  

Security (Guidelines)

Organization for Economic Co-operation and Development (OECD) Guidelines for the Security of Information Systems and Networks (9 pervasive principles for information security upon which several other guides are based.)
Internet Security Alliance (ISA):  Common Sense Guides for Senior Managers
SANS - Top 20 Internet Security Attacks Target
Cyber Security and Consumer Data: What’s at Risk for the Consumer?
Department of Trade and Industry: Code of Practice for Information Security
Information Security Governance Institute: Guidance for Boards of Directors and Executive Management
Association of Small Business Development Centers Network (ASBDC) e-Security Guide for Small Business
US-CERT: Small Business Best Practices (Internet Security Alliance and Small Business Working Group

Incident Response & Advisory Centers

Cert(sm) Coordination Center. CERT studies Internet security vulnerabilities, provides incident response services, publishes security alerts, researches security and survivability, and develops information to help you improve security at your site.

Center for Education and Research in Information Assurance and Integrity. CERIAS provides innovation and leadership in technology for the protection of information and information resources, and in the development and enhancement of expertise in information assurance and security.

Computer Incident Advisory Capability. CIAC provides computer security services to employees and contractors of the DOE, and serves as a primary resource for anyone with an interest in security issues.

Forum of Incident Response and Security Teams (FIRST)T). FIRST fosters cooperation and coordination in incident prevention among a variety of computer security incident response teams from government, commercial, and academic organizations to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.

The Information Warfare Site. This site is an online resource that aims to stimulate debate about a range of subjects from information security to information operations and e-commerce. It is the aim of the site to develop a special emphasis on Europe.

Trust Services Criteria

Portals, Info Sites & Publications

All-Internet-Security.com Directory is an established and active marketplace for free, shareware and Internet Security resources. .

Crypto-gram is a monthly email newsletter on cryptography from Bruce Schneier, discusses current issues in cryptography.

Fyodor's Good Reading List is an interesting and eclectic collection of security related resources.

The e Internet Protocol Journal

InteractiveInfoSec is a very good place for novices to security. The "see a hacker", "Be a Hacker" and "Stop a Hacker" are very good instructionals for those who want to Know the Enemy (thank you, Lance Spitzner).

The Journal of Internet Security provides a DeLiberation Extranet to inform professionals and support discussions of electronic banking and commerce issues.
 

Intrusion Detection, Sniffing, Hacking, Anti-Hacking, Forensics

Carnivore and Open Source Software by Steve Bellovin
Honeypots: Sweet Idea, Sticky Business by Dave Piscitello
Your First Penetration Test by Dave Piscitello
Intrusion Detection and DDOS Protection by David Piscitello
Tapping, Tapping On My Network Door by Steve Bellovin
What Broadcast Traffic Reveals by Dave Piscitello
Tracking intruders by Rik Farrow
Intrusion Detection Provides A Pound Of Prevention by Mark Abene, Gerald L. Kovacich, and Steven Lutz
Network Intrusion Detection Signatures (Part 2), by Karen Kent Frederick>
NFR eases intrusion detection by David Piscitello
Passive Fingerprinting by Lance Spitzner
Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring
Sniffing (network wiretap, sniffer) FAQ by Robert Graham
Studying Normal Traffic(Part 1), by Karen Kent Frederick
Intrusion detection...or prevention? by Dave Piscitello

Firewalls

Access control: Beyond Firewalls by Stephen Reed
Application Gateways and Stateful Inspection by Fred Avolio
Beyond Firewallsby Stephen Reed
Building your firewall by Carole Fennelly (3 parts)
CSI Firewall Product Search Center maintained by Rik Farrow
Distributed, Host-Resident Firewalls by Avi Fogel
Firewall Configuration Problems by Rik Farrow
Firewalling Your Personal Perimeter by David Willis
Firewalls Performance Measurement Project index maintained by Marcus Ranum
Firewalls Overview by Kurt Seifried
Firewalls: Evolve or Die by Kurt Seifried
Fortifying your Firewall by Peter Morrissey
How and When to Use 1:1 NAT by David Piscitello
How to Perform Effective Firewall Testing by E. Eugene Schultz
How to Pick a Firewall with the Right Stuff by Rik Farrow
How to Pick an Internet Firewall by Marcus Ranum
Internet Firewalls:Frequently Asked Questions maintained by Marcus Ranum Interdepartmental Firewalls: Where to Put Them (and Why) by David Piscitello
NIST Guidelines on Firewalls and Firewall Policy
Linux Security: Firewalls
NT Firewalls: Tough Enough by David Newman, Helen Holzbaur, and Michael Carter
On the Topic of Firewall Testing by Marcus Ranum
Personal Firewalls by Mandy Andress
Testing firewalls and IDS with Ftester by Andrea Barisani
The Design of a Secure Internet Gateway by W. Cheswick
The Ultimate Firewall by Marcus Ranum
Thinking About Firewalls V2.0: Beyond Perimeter Security by Marcus Ranum How Computer Security Works: Firewalls by W. Cheswick and S. Bellovin
Implementing a Distributed Firewall by Steve Bellovin, S. Ioannidis, A. Keromytis, and J. Smith
The ULTIMATELY Secure Firewall by Marcus Ranum
The Failure of Firewalls - A Critical Look at an Information Security Panacea by Rob Thomas
 

Forensics

Digital Discovery and Recovery by Mike Dockery
LogAnalysis.org
Electronic Evidence Gathering by Henry B. Wolfe
Internet Forensics: Common Tools by Bill Hancock
What's that entry in my log? by Dave Piscitello
ICMP Ports List by Kurt Seifried
Log Analysis Resources maintained by Tina Bird and Marcus Ranum