Hyperlink: Security: Centers
Meta-Reference on Information Technology

Security Entities and Centers

• CERT Coordination Center (CERT/CC)
  Computer Emergency Response Team (CERT) / Control Center.
  CERT/CC were started by the Defense Applied Research Projects Agency (DARPA, U.S. Department of Defense) in December 1988, after the Morris Worm incident crippled approximately 10% of all computers connected to the Internet. The CERT/CC is a center of Internet security research and development, operated by Carnegie Mellon University, Software Engineering Institute (SEI).
  Vulnerabilities, incidends and fixes; Security practices and evalutations; Survivability research and analysis; Training and education. Alerts, Events, Papers, FTP Archives, Security Improvement (modules, practices, implementations), Tech Tips, Annual Reports, Other Sources (books, groups and mailing lists, tools, Internet Security Glossary [RFC-2828]).
  
  • CERT Knowledgebase:
    US-CERT Vulnerability Notes Database, Automated Incident Reporting (AirCERT), Vulnerability Reports Catalog (restricted-access, handled according to CERT/CC Vulnerability Dislosure Policy), Special Communications Database (restricted-access).
  • CERT/CC Advisories
  • Home Network Security
    This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of always-on or broadband access services (such as cable modems and DSL).
    Home Network Security (mirror) at US-CERT.
  • Before You Connect a New Computer to the Internet: guidance for users connecting a computer to the Internet for the first time.
• Internet Security Alliance (ISA)
  Despite the very real threats present, ISA provides members with a single portal for up to-the-minute threat reports, best security practices, risk management strategies, and more, which will give them the edge in the competitive and volatile environment of the Internet. Working Groups, Conferences, News, Resources.
  The alliance is a collaborative effort between CERT Coordination Center (CERT/CC) at Carnegie Mellon University's SEI, and the Electronic Industries Alliance (EIA), a federation of trade associations.
• FIRST - Forum of Incident Response and Security Teams
  FIRST Member Teams Information.
• Center for Education and Research in Information Assurance and Security (CERIAS)
  Purdue University
  CERIAS is a world's foremost university center for multidisciplinary research and education in areas of information security (computer, network, and communications security), and information assurance. The pioneer laboratory COAST - Computer Operations, Audit, and Security Technology, of Purdue University Computer Science Department, is now part of CERIAS.
  COAST Hyperlink: Security Links
• SANS Institute - System Administration, Networking, and Security
  Resources, Security Digests, Events, Publications, Alerts and Analysis.
  The Top 20 Internet Security Threats - How To Eliminate - SANS Resources.
  
  • SANS - Internet Storm Center (ISC)
    Cooperative Cyber Threat Monitor and Alert System - Current infosec news and analysis.
  • SANS Free Security Newsletter Service
    Security Alert Consensus (SAC) and SANS NewsBites - weekly, SANS Windows Security Newsletter - monthly.
• US-CERT - United States Computer Emergency Readiness Team
  Established in 2003 to protect the United States Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.
  Prepare: configure your computers and networks to defend against future threats.
  Respond: respond current threats to your computers and networks.
• Computer Incident Advisory Capability (CIAC), U.S. Department of Energy
  Security Bulletins, Tools and Resources.
• CSRC - Computer Security Resource Center, NIST
  National Institute of Standards and Technology (NIST), USA.
  Advisories, Cryptography, Security Research and Technology, Security Testing, Management and Guidance.
  Computer Security and the Law, by Gary S. Morris.
• ISSA - Information Systems Security Association
  ISSA is the world's premier association for information security professionals, with 22 years of existence (since 1985) and over 100 chapters around the world.
• Common Vulnerabilities and Exposures (CVE)
  Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides standardized common names for vulnerabilities and other information security exposures. CVE aims to standardize the names of all publicly known vulnerabilities and security exposures, making it easier to share data across separate network security databases and tools that are CVE-compatible. CVE also provides a baseline for evaluating the coverage of an organization's security tools. CVE content is determined by the CVE Editorial Board, composed of experts from the international information security community. The MITRE Corporation maintains CVE and manages the Editorial Board.
• Computer Security Institute (CSI)
  CSI is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional, since 1974.
  CSI/FBI Annual Computer Crime and Security Survey (PDF download, through free registration). Eleventh Annual CSI/FBI Computer Crime and Security Survey 2006, 2005 CSI/FBI Survey (2005 Survey HTML).
  CSI Blog.
• National Infrastructure Protection Center (NIPC)
  The National Infrastructure Protection Center (NIPC) serves as a U.S. government critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response.
  NIPC is located in the FBI's headquarters building in Washington, DC, USA.
• Computer Crime & Intellectual Property Section (CCIPS)
  United States Department of Justice. Computer Crime, Intellectual Property, Electronic Evidence, Other High Tech Legal Issues.
• AusCERT - Australian Computer Emergency Response Team
  Resources: Security Advisories and Bulletins, Security Tools Archive, AusCERT Papers, References and other sources of information.
• CERT.br -- Computer Emergency Response Team Brazil
  Brazilian Computer Emergency Response Team. Antigo NBSO - NIC BR Security Office, que passou a se chamar CERT.br em 31 de maio de 2005. Created by The Brazilian Internet Steering Committee and maintained by the Brazil's Network Information Center (NIC.br). NBSO acts by coordinating the actions and providing information to sites involved on security incidents. The Network Security Working Group has several subgroups working on security tools, docs and drafts for emergency procedures and organizational standards for the Internet/BR.
  Cartilha de Segurança para Internet, destinada a usuários da Internet (HTML e PDF).
  Práticas de Segurança para Administradores de Redes Internet, manual and checklist (HTML and PDF).
  
  • Brazilian Brazilian CSIRTs Contact Information
• RNP CAIS - Centro de Atendimento a Incidentes de Segurança [Portuguese]
  By RNP - National Research Network, Brazil. O CAIS registra e acompanha problemas de segurança no backbone e PoPs da RNP, incluindo auxílio à identificação de invasões e reparo de danos causados por invasores. Cabe, ainda, ao CAIS a disseminação de informações sobre ações preventivas relativas a segurança de redes. Filiado ao FIRST desde setembro de 2001.
• Secunia Advisories
  Secunia monitors vulnerabilities in more than 4000 products, including: operating systems, browsers, IMs, anti-virus, firewalls, routers, and much, much more.
  Secunia Blog, used to communicate their opinions about vulnerabilities, security, ethics, and their responses to articles, research papers, and other blog entries regarding Secunia and vulnerabilities.
• Institute for Security and Open Methodologies (ISECOM)
  ISECOM is an open-source, collaborative, non-profit (in the USA and Spain since January 2001), scientific security research organization and community, registered in Catalunya, Spain. They are dedicated to providing practical security awareness, research, certification and business integrity. ISECOM provides certification, training support, and project support services for non-partisan and vendor-neutral funding of projects and infrastructure. Their research, training programs, standards, and best practices are truly neutral, performed without commercial, national or partisan influence. All documents are available under Copyleft and the Open Methodology License.
  OSSTMM - Open Source Security Testing Methodology Manual, by Pete Herzog, is a peer-reviewed methodology for performing security tests and metrics.
  Research: Business Integrity, Child Security and Safety, Networking Protocols - Open Protocol Resource Project (OPRP) by Dru Lavigne, Security Metrics - Risk Assessment Values (RAVs), Teen Security Awareness - Hacker Highschool, Trusted Computing - Applied Verification for Integrity and Trust (AVIT), Security Models - Security Operations Maturity Architecture (SOMA), Security Tools, Secure Programming.
• SUNSeT - Stanford University Network Security Team
  Stanford's Computer Security Office
• ICSA Labs
  A division of TruSecure Corporation (icsa.net).
  ICSA Labs sets standards and certification for commercial security products. ICSA Product Certification: Anti-Virus Software, Network Firewalls, IPSec Products, Cryptography Products.
  ICSA Labs also coordinates numerous industry consortia to facilitate information sharing and standardization practices within the security industry. Consortia and communities: Anti-Virus, Cryptography, Firewall, IDS - Intrusion Detection Systems, IPSec, ISPSec - Internet Service Providers Security, PKI - Public Key Infrastructure.
• West Coast Lab's Checkmark
  Checkmark is a system which tests and certifies computer security products. Anti-Virus Level 1, Anti-Virus Level 2, Trojan, Firewall, VPN, Application Gateway.
• IETF Security Area
  Internet Engineering Task Force (IETF).
• IEEE Technical Committee on Security and Privacy (TCSP)
  IEEE Computer Society.
  Cipher: The Newsletter of the IEEE Computer Society Technical Committee on Security and Privacy. Cipher Past Issues Archive. Cipher Book Reviews.

Security Information Centers from Vendors

Microsoft

• Microsoft Security
  Security Bulletins, Resources, Information, Tools & Checklists, Products & Technologies, MSDN Security Site, Security Updates.
  Microsoft Security Index: Books, Community, Developing Secure Applications, Privacy, Products, Securing and Protecting Desktops, Devices and Networks, Security Strategies, Services, Tools, Training, Updates.
• Protect Your PC
  3 steps to help ensure your PC is protected:
  1. Use an Internet firewall
  2. Get computer updates
  3. Use an up-to-date anti-virus software
• TechNet Security Site
  Microsoft TechNet Security Tools and Checklists, Security Administration: Best Practices, Internet/Intranet, Messaging and Collaboration, Database, Network. Hot Fix Central, Security Resources, Security Updates.
  Microsoft IT Pro Security Zone: Microsoft security newsgroups, chats and communities.
• Microsoft Baseline Security Analyzer (MBSA)
  As part of Microsoft's Strategic Technology Protection Program, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA). MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigurations and missing security updates for the following products: Windows NT4, 2000, XP and 2003, Internet Information Server (IIS), SQL Server, Internet Explorer, Exchange Server, Windows Media Player, Microsoft Data Access Components (MDAC), MSXML, Microsoft Virtual Machine (MSVM), Commerce Server, Content Management Server, BizTalk Server, Host Integration Server, Office.
  MBSA uses HFNetChk technology from Shavlik.
• Internet Explorer Downloads
  Critical Updates, Recommended Updates, other downloads.
  Microsoft Internet Explorer Home: Technical Resources, Downloads, general information about IE.
• Windows High Encryption Packs (128-bit)
  128-bit Security cryptography for IE/Windows, now available worldwide (outside USA).
  Internet Explorer High Encryption Pack (128-bit), Windows 2000 High Encryption Pack (128-bit). Download (EN).
• Microsoft Windows Update
  Online utility for download Critical and Recommended Windows security updates.
  Manual Download of Updates and Service Packs:
  • Windows XP Downloads Professional & Home Edition: Windows XP Security Updates and News, Windows XP Service Pack 1.
  • Windows 2000 Downloads: Windows 2000 Critical Updates, Windows 2000 Service Packs.
  • Get the Latest for Windows Me.
  • Windows 98 Downloads: Critical and Recommended Updates.
  • Windows NT Downloads Server & Workstation: Critical and Recommended Updates.
• Microsoft Office Online Updates
  Microsoft Office Downloads.
  Microsoft Office Resource Kit - ToolBoox.
• Microsfoft Security Update e-mail
  Get notified of important security updates. To help you maintain a safe computing environment, Microsoft offers e-mail alerts that notify you when we release an important security bulletin or virus alert, or when you might need to take action to guard against a circulating threat.
  Microsfoft Security Update - Subscribe.
• Scott Schnoll's Internet Explorer Security Center
  Formerly Unofficial Internet Explorer Security FAQ (IESF). Safety and Security, IE Security Issues, Sources, Information from Microsoft, Miscellaneous.

Oracle

• Oracle Technology Network - Security
  Oracle Platform Security. Oracle Security Alerts.
• NGS Software - Advisories
  Security Advisories for Oracle Servers and other products. By NGS Insight Security Research team (NISR).

Mozilla & Netscape

• Mozilla Security Center
  Mozilla Security Projects. Mozilla Foundation Security Advisories for all products, Known Vulnerabilities in Mozilla: SeaMonkey suite, Firefox browser, Thunderbird e-mail client.
  See also information on Mozilla Suite Releases, Firefox Releases, Thunderbird Releases.
• Netscape Security Center
  E-commerce security, Public-key infrastructure (PKI), Personal/Server Certificates, SSL, E-mail Security, Privacy.
• Fortify for Netscape
  Outside USA, Fortify is a wat to update your Netscape browser to support maximum strong cryptography. Fortify for Netscape is a program that provides world-wide, unconditional, full strength 128-bit cryptography to users of Netscape Navigator (v3, v4) and Communicator (v4). Free for non-commercial use.

Apache Software Foundation

Apache httpd

• Apache httpd 2.2 vulnerabilities
  See also Apache httpd 2.0 vulnerabilities e Apache httpd 1.3 vulnerabilities.
• Apache HTTP Server Version 2.2 - Security Tips
  See also 2.0 Security Tips e 1.3 Security Tips.
• Secunia vulnerability reports for Apache httpd
• Apache Security
  Portal of resources, updates, and news maintained by Ivan Ristic, author of book Apache Security (O'Reilly, 2005, 420 pp., ISBN-10: 0-596-00724-8).
• Apache Security from A-Z
  By Lincoln Stein, Open Source Conference, Version 3.
• Securing Apache 2: Step-by-Step
  By Artur Maj, 2004-06-21.

Apache Tomcat

• Apache Tomcat 6.x vulnerabilities
  See also Apache Tomcat 5.x vulnerabilities, Apache Tomcat 4.x vulnerabilities, Apache Tomcat JK Connectors vulnerabilities.
• Secunia vulnerability reports for Apache Tomcat: Apache Tomcat 6.x, Apache Tomcat 5.x, Apache Tomcat 4.x, Apache Tomcat JK Web Server Connector 1.x.

Sun Microsystems

• Sun Security
  By Sun Microsystems. Security Overview, Products, Technologies, Business Associates, Support & Services, Glossary, Downloads.
• Sun Security Community - Security Blog
  General, Reference, Alerts, News.

ICQ

• ICQ Security and Privacy Center
  Official ICQ site.
• The ICQ Security Tutorial
  Written by R a v e N. HTML version.
• ICQ Help Network Security
  ICQ Security Alerts. By ICQ Network Help.
• About.com Guides: ICQ Security
  By Laura Schneider, About.com.

Others

• Macromedia Security Zone
  Security patches, bulletins and technical briefs about Macromedia products, specially ColdFusion and JRun servers.
• Red Hat Security Resource Center
  Errata: Security Alerts, Bugfixes, and Enhancements.
• PayPal Security Center
• RealPlayer Security Updates
• McAfee Security Research
  McAfee Research (former NAI Labs) is a world lead in research and development of advanced network and information systems security technology, with international reputation for excellence in this field of research.
• McAfee.com Kids
  This site is dedicated to educating parents, teachers and our young people about the dangers of the Internet and how to avoid them.
• Alladin Security Portal
  Security Center: Security Alerts, Software Security, Content Security, Authentication, Encryption, Security Organizations, Content Security Center, Virus/Vandal Updates, Submit Virus Sample.
  Aladdin Content Security Resource Center
  By Aladdin Knowledge Systems.

Information Systems Audit, Forensics and Control

• Category: Information technology audit
  From Wikipedia, the free encyclopedia. Information technology audit, Information security audit.
• Information Systems Audit and Control Association (ISACA)
  Serving IT Governance Professionals.
  Val IT: governance framework and supporting publications addressing the governance of IT-enabled business investments.
  Professional Certification: Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM).
• ISACA Capítulo SP [Em Português]
  Atendendo aos Profissionais de Governança de TI.
• CNASI - Congresso Nacional de Auditoria de Sistemas, Segurança da Informação e Governança [Em Português]
  Evento anual organizado por IDETI.
• Category: Forensics
  From Wikipedia, the free encyclopedia. Information forensics, Computer forensics.
• Perícia Forense Aplicada à Informática [Em Português]
  Artigos. Informações: Quiz, Notícias, Cursos, Links, Livros, Grupo de Discussão. Revista Evidência Digital.
• IBP Brasil - Instituto Brasileiro de Peritos em Comércio Eletrônico e Telemática
• DFRWS - Digital Forensic Research Workshop
  DFRWS is dedicated to the sharing of knowledge and ideas about digital forensics research. As a non-profit, volunteer organization, DFRWS sponsors annual conferences, technical working groups, and challenges to help drive the direction of research and development.
• Digital Evidence
  Digital Investigation / Forensics and Evidence Research. By Brian Carrier.
• Open Source Digital Forensics
  By Brian Carrier.

Certification for Security Professionals

• (ISC)2
  (ISC)² - International Information Systems Security Certification Consortium.
  CISSP - Certified Information Systems Security Professional.
  SSCP - Systems Security Certified Practitioner.
• CompTIA Security+ Certification
  CompTIA Security+ is a vendor-neutral certification exam endorsed by many large companies worldwide as a reference of competency for foundation-level security practitioners. Domains of Security+ Objectives: General Security Concepts (30%), Communication Security (20%), Infrastructure Security (20%), Basics of Cryptography (15%), Operational/Organizational Security (15%).
• ISECOM/OOSTMM Certification
  By Institute for Security and Open Methodologies (ISECOM).
  OOSTMM Professional Security Analyst (OPSA), Security Expert (OPSE), Security Tester (OPST), Wireless Security Expert (OWSE).
  Security Awareness Instructor - Hacker Highschool Teacher (HSST).
• cccure.org - The CISSP and SSCP Open Study Guides Web site
  By Clement and Nathalie. On this site you will find resources to help you prepare and study for the CISSP, SSCP, CAP, ISSEP, CISM, CISA, ISSPCS, SANS GIAC GCFW certifications. Study Guides, Tips, Links, Forums & mailing lists, Quizzes.
• Cissp.com
  Web portal for certified information systems security professionals. InfoSec Resources & Links. CISSP Book Store.
• Security Certification & cisspstudy Lists
  Lists owned and maintained Scott Sanchez - infosec.gungadin.com and hosted by SecurityFocus: Subscribe.
  Security Certification Discussion List Info & SC List FAQ. Security Certification: Message Archives.
  CISSPStudy Intro & CISSPStudy FAQ. cisspstudy: Message Archives.
• CISSPStudy_1 Discussion Group
  Since March 1999. Hosted by Yahoo Groups.