Security Resources

I’ve been doing Computer Security for a few years now and along the way, I’ve picked up a some tips. I thought I’d share a few…

Websites

  • Security Focus - Probably the best general security site around. Read the latest news, learn more through tutorials, and read some security thought leaders. Also home of the famous BugTraq.
  • SANS - Subscribe to newsletters, find out the top 20 security vulnerabilities, and take a look at the state of the Internet all on this great site. Not to mention, the best security training anywhere.

Books

  • Security Engineering - by Ross Anderson - Widen your understanding how to engineer security into any application with this great book. Mr. Anderson uses real-world examples from things like ATM machines, missile fire control mechanisms, and pre-paid power meters to truly illustrate what security control work and which don’t.
  • Hacking Exposed - by Stuart McClure, etc - This book demystifies “hacking.” It moves computer security out of the theoretical and into the practical by showing exactly how attacks are performed and how they can be prevented.
  • CISSP All-in-One Exam Guide - by Shon Harris - Of all the books and materials I used studying for my CISSP exam, this one was the best.

Tools

  • GRC - Wondering what your computer looks like to others on the Internet? Try this free site to test your computer for vulnerabilities.
  • Virus Scanners - The one we have installed at home is Computer Associates’ Etrust. It’s free for a year. If you need to quickly assess if you have a virus, and don’t want to install any software try TrendMicro’s free web-based virus scanner.
  • Sam Spade - Ping, graphical traceroutes, DNS lookups, and email header parsing are just a few cool things this free tool will do for you. Available as a web- or windows-based tool.
  • PGP - Encrypted email, secure storage, and digital signatures are just a few cool things you can do with Pretty Good Privacy (PGP).
  • SuperScan - Free windows-based port-scanning and windows-enumeration tool that very quickly tells you a lot about what’s happening on your network.
  • Password Safe - Want a more secure way of storing your passwords than the post-it notes you use today? It’s free, secure, and easy to use.

Have other cool stuff you want me to include? Drop me a line.

Jamie