Computer and Network Security Links

Acronyms and Abbreviations.
(http://iase.disa.mil/acronym.html)

AFCEA: Armed Forces Communications and Electronics Association.
(http://www.afcea.org) Events, courses, and Signal Magazine, often
including INFOSEC and related science and technology.

American Cryptogram Association
(http://www.und.nodak.edu/org/crypto/crypto/) Nonprofit organization
devoted to disseminating cryptographic knowledge. Dates from the 1920's.

ANSI/National Standards Systems Network (http://www.nssn.org/)
Links/searches hundreds of organizations which develop, distribute and use
technical standards.

Assorted Security Information Sources
(http://galaxy.einet.net/galaxy/Engineering-and-Technology/Computer-Technology/Security)
Guide to information security information sources.

AUSCERT: Australian Computer Emergency Response Team
(http://www.auscert.org.au/) Security points of contact, papers, advisors
and alerts, tools, events, news, other.

bsy's Security Related pointers
(http://www.cse.ucsd.edu/users/bsy/sec.html)
List of pointers to security related information.

Canadian Communications Security Establishment (http://www.cse.dnd.ca)
Manuals, guides, products, training schedules, public key infrastructure,
other links.

Center for Democracy and Technology (http://www.cdt.org/crypto/)
U.S. Cryptographic Policy and issues as well as links to other
cryptography sites.

CERT Coordination Center (http://www.cert.org/) Focal point for
facilitating response to computer security events on the Internet.

CERT-NL: Netherlands Computer Emergency Response Team Home Page
(http://cert-nl.surfnet.nl/home-eng.html) Security bulletins, reports, news, papers,
tools, workshops.

CIAC: Computer Incident Advisory Capability (http://www.ciac.org/ciac/)
Department of Energy's information security server. Documents, tools,
information.

Cipher - Newsletter of the IEEE CS TC on Security and Privacy
(http://www.ieee-security.org/cipher.html) Security news,
conference reports, commentary, standards, other IEEE security items.

CNS: Computer Network Security
(http://www.cert.lu/security/)
Network security documents, FAQs, RFCs, news, tools, bibliography, links.

COAST Homepage
(http://www.cs.purdue.edu/coast/coast.html)
Collection of security-related papers and tools.

Computer Security History Project
(http://seclab.cs.ucdavis.edu/projects/history/
A Collection of seminal papers, technical reports, and other documents
related to early computer security efforts. Many of these reports have
not receieved wide dissemination as they were produced under contract
for the U.S. Department of Defense.

Computer Security Information
(http://www.alw.nih.gov/Security/security.html)
Information about computer security organized by topic.

Computer Security Research Laboratory at UC Davis
(http://seclab.cs.ucdavis.edu) Intrusion detection, system design,
protocols, vulnerabilities, auditing, viruses, cryptography etc.

Croation Cryptography Reference Center
(http://pgp.rasip.fer.hr/)
PGP and related crypto-topics.

"Crypto*Log" Guide to Internet Cryptography
(http://www.uni-mannheim.de/studorg/gahg/PGP/cryptolog1.html)
Security equipment, algorithms, laws, networks, standards,
software, vulnerabilities etc.

CryptoBytes newsetter
(http://www.rsasecurity.com/rsalabs/cryptobytes/)
Online newsletter from RSA. Current and past issue available.

Cryptographer's Homepages
(http://www.inf.ethz.ch/personal/camenisc/cryptographers.html)
Links to Homepages of some cryptographers.

Cryptography and Security
(http://theory.lcs.mit.edu/~rivest/crypto-security.html)
Pointers galore to other web pages about cryptography and security.

Cryptography in Europe
(http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html)
European cryptography-oriented links.

Cryptography Library
(http://philby.ucsd.edu/cryptolib/)
A library for researchers interested in the theory of cryptography.

Cryptography Resources
(http://www.scs.carleton.ca/~csgs/resources/crypt.html)
Links to cryptorelated centers, FAQs, indexes, newsgroups, and software.

CSI: Computer Security Institute (http://www.gocsi.com/) Information
security issues, trends, laws, surveys, training, guides, and organization
activities.

CSIS: Center for Secure Information Systems
(http://www.isse.gmu.edu:80/~csis/) List of security links, announcements,
research, literature, societies, courses, software etc.

CUISP: College and University Information Security Professionals
(http://web.mit.edu/security/www/cuispnew/cuisp.htm) Professionalization
exams, events, references, policies, plans, FAQs, standards, tools, links
etc.

CVE: Common Vulnerabilities and Exposures (http://cve.mitre.org/)
A list of standardized names for vulnerabilities and other
names for all publicly known vulnerabilities and security exposures.

DDOS: Distributed Denial of Service Attacks/Tools
(http://staff.washington.edu/dittrich/misc/ddos/)
Information, Tools, and Analysis of Distributed Denial of Service Attacks.

DFN-CERT: German Computer Emergency Response Team Home Page
(http://www.cert.dfn.de/eng/)
Points of contact, web page search. Some English, mostly German.

DOE Information Security Server (http://doe-is.llnl.gov/)
The Server contains tools and documents related to information
security that have been made available by many sources both within
and outside of the DOE.

Dorothy Denning's Home Page
(http://www.cs.georgetown.edu/~denning/)
Papers of Georgetown Prof. Dorothy Denning who contributes mightily to the
INFOSEC/defensive INFOWAR causes.

DSS Academy
(http://www.dss.mil/training/)
INFOSEC courses and schedules.

Electronic Payment Schemes
(http://www.w3.org/pub/WWW/Payments/roadmap.html)
Comprehensive index of electronic payment schemes.

Electronic Commerce Interest Group(http://www.w3.org/ECommerce/) W3C support of
Electronic Commerce, includes electronic payment resources.

Secure Electronic Transaction
(http://www.setco.org/) SET secure electronic
technolgies, technical and business programs, and formal specifications for
secure transactions.

Electronic Privacy Information Center (http://www.epic.org/) Privacy related
press articles, letters, statements, FAQs, laws, standards, links, export
control etc.

FIRST: Forum of Incident Response and Security Teams
(http://www.first.org/) Computer security incident information from over 30
government and private sector response teams.

Fortezza Developers Site
(http://fortezza-support.com/)
Information, documents, software from DoD's Fortezza program office.

Hacker Crackdown
(http://www.lysator.liu.se/etexts/hacker/) Literary
freeware by Bruce Sterling covering early computer crime and police
reactions to it.

Honeynet Project (http://project.honeynet.org/)
An effort to learn the tools, tactics, and motives of the blackhat
community, and share those lessons learned. Contains a number of papers
describing the effort and the information which has been discovered
concerning how hackers operate by watching as they break into systems.

HTCIA: High Technology Crime Investigation Association (http://htcia.org)
Hightech security investigation information, hot list, conferences, laws,
technology etc.

IASCA: Information Systems Audit & Control Assoc.  (http://www.isaca.org)
Standards, conferences, research, research, digital signatures,
good bookstore.

IBM Zurich Security Related Links
(http://www.semper.org/sirene/outsideworld/security.html) Standard,
protocols, cryptography, security, E-commerce, alert sites, newsgroups,
toolkits etc.

IBM Zurich Security Research Group
(http://www.zurich.ibm.com/csc/infosec/) Security technology
research and reports, authenication, E-commerce, links etc.

IETF IP Security Working Group News
(http://www.cs.arizona.edu/xkernel/www/ipsec/ipsec.html)
Meetings, minutes, specifications, drafts, protocols.

IETF RFCs about Security
(http://www.cert.dfn.de/eng/resource/rfc/)
Topics especially related to computer and network security.

IETF: Internet Engineering Task Force
(http://www.ietf.cnri.reston.va.us/home.html) Internet protocols, working
groups, mailing lists, proceedings, RFCs, Drafts, indexes etc.

IFIP: Intl Federation for Info Processing
(http://www.ifip.tu-graz.ac.at/TC11) International Federation for
Information Processing Home Page. Country reps, documents etc.

Incidents.org (http://www.incidents.org/)
Real time information and analysis of ongoing attacks on the Internet.

Index of Cryptography Papers Available Online
(http://www.counterpane.com/biblio/)

Information on cryptography
(http://HTTP.CS.Berkeley.EDU/~daw/crypto.html)
Cryptolinks, documents, groups, tools, and systems.

Information Security Library
(http://security.isu.edu/Readings.htm)
Large searchable library of INFOSEC documents.
(Unfortunately, site is being reconstructed and library is not readily accessible.)

Information Warfare Research Center
(http://www.terrorism.com/infowar/index.html)
Papers, links and forums. High quality material.

Information Warfare Tutorial
(http://carlisle-www.army.mil/usacsl/divisions/std/branches/iw/tutorial/intro.htm)
An advanced course given at the US Army War College.

Information Warfare, A theory of
(http://www.airpower.maxwell.af.mil/airchronicles/apj/szfran.html)
Waging INFOWAR at the strategic and operational levels.

Information Warfare, An Introduction
(http://www.seas.gwu.edu/student/reto/infowar/info-war.html#Introduction)
Shows how information warfare is or could be used in the present or in the
near future.

Information Warfare, I-War, IW, C4I, Cyberwar
(http://www.psycom.net/iwar.1.html) Cyberwar terms, articles, books,
research, reports, organizations, techniques, lists etc.

Information Warfare, What is it?
(http://www.ndu.edu/inss/press/nduphp.html) National Defense
University Strategic Forum paper by a specialist in information warfare.
Select Strategic Forum and then scroll down to item 28.

Infosecurity News Magazine
(http://www.infosecnews.com)
Press releases and articles, conferences, book reviews, vendors etc.

INFOWAR and INFOSEC on the Web
(http://www.fas.org/irp/wwwinfo.html)
A metapage covering INFOWAR and INFOSEC.

Infowar.com
(http://www.infowar.com/)
Site of security guru Winn Schwartau.

inquiry.com (http://www.inquiry.com) Searchable database of over 100,000
technical articles on information technology.

International Association for Cryptologic Research
(http://www.iacr.org/~iacr/) Conferences and publications devoted to
research in cryptology and related fields.

ISC: Intl Information Systems Security Certification Consortium
(http://www.isc2.org/) A nonprofit corporation providing a certification
program for INFOSEC practitioners.

ISO: International Organization for Standardization
(http://www.iso.ch/iso/en/ISOOnline.frontpage)
ISO documents relating to security. (Type in search criteria: security)

ISS: Internet Security System's library
(http://www.iss.net/index.php)
Vulnerabilities, information and pointers on information security.
Select from the Security Center pulldown menu.

ISSA: Information System Security Association
(http://www.issa-intl.org/) International organization of information
security professionals. Security-related information.

ITU: International Telecommunications Union
(http://www.itu.int/home/index.html
Documents addressing security. Search for security.

Journal of Computer and Comm Security Reviews
(http://www.cl.cam.ac.uk/users/rja14/#SR) FTP(able) abstracts of
presentations from some 40 conferences a year from 1992.

Journal of Computer Security (http://www.csl.sri.com/programs/security/jcs/) Scope,
editors, submission and subscription procedures, and description of recent
articles.

CAPSL (Common Authentication Protocol Specification Language)
(http://www.csl.sri.com/users/millen/capsl/)

Lawries Cryptography Bibliography
(http://www.cs.adfa.oz.au/cgi-bin/cgiwrap/lpb/bib_lpb) Searchable
bibliography to 1,000 articles on cryptography and computer security.

Mailing Lists for Security Professionals
(http://www.iss.net/index.php) List of security mailing lists to
help keep professionals abreast of current security information.
Select Mailing Lists/Newsletters from the Security Center pulldown menu.

MIT Information Security Office
(http://web.mit.edu/security/www/iso1.htm)
Security plans, programs, network security, virus protection, publications etc

Money: past, present and Future
(http://www.ex.ac.uk/~RDavies/arian/money.html)
The history of money, contemporary developments, and electronic money.

NASA Automated Systems Incident Response Capability (NASIRC)
(http://www-nasirc.nasa.gov/index.html)
Gives access to much of NASA's repository of information security knowledge.

Network Security Library
(http://secinf.net/
Collection of Network Security papers.

TruSecure, formerly the NCSA: National Computer Security Asocociation
(http://www.trusecure.com/)
Gateway to a plethura of information security sites and information.

Network Rating Model
(http://www.radium.ncsc.mil/nrm/nrmovrvw.html)
How to assess the security of a network.

NIAP: National Information Assurance Partnership
(http://niap.nist.gov/index.html)
A U.S. Government initiative to encourage the development of security
products by providing security testing, evaluation, and assessment of
products, standards, and security requirements. Joint effort between
NSA and NIST. Includes product evaluations, criteria, and security
information.

NIST Computer Security Resource Center (http://csrc.nist.gov/index.html) Variety of computer security resources.

NSA: National Security Agency home page (http://www.nsa.gov:8080) Some
interesting history of cryptography, what NSA does, job opportunites, and a
growing INFOSEC page.

Security Recommendation Guides
(http://nsa1.www.conxion.com/) Security Guides produced by the
National Security Agency. Provide instructions on how to configure
products and systems to limit security vulnerabilities. Includes
guides for configuring Windows and Cisco Routers among others.

NSI: National Security Institute
(http://nsi.org/)
Security threats, alerts, law, guides, standards, news, related sites.

CNSS: Committee on National Security Systems
(http://www.nstissc.gov/)
Purpose, authority, history, and constituents of the CNSS.

OTA: Office of technology Assessment
(http://www.wws.princeton.edu/~ota/ns20/pubs_f.html) All of the now defunct
Congressional OTA's studies, including INFOSEC-related, from 1974-1995.

PCERT: Purdue Computer Emergency Response Team
(http://www.cerias.purdue.edu/pcert/pcert.html)
PCERT Charter, points of contact and archives.

Quantum Cryptography and Computing
(http://qso.lanl.gov/qc/) Introduction, activities, and
papers plus other sites from the Los Alamos National Labs.

Rainbow Series Page
(http://www.inforeading.com/archive/rainbow/)
DoD rainbow books and related documents covering computer security design.

Risks Forum (http://catless.ncl.ac.uk/Risks) Reports of risks and attacks
against computers and related systems. Smoking guns here.

RSA Laboratories Home Page (http://www.rsasecurity.com/rsalabs/index.html) Security
bulletins, tech reports, "Cryptobytes" technical newletter, services and
education etc.

SANS Institute (http://www.sans.org/newlook/home.php)
Security research and education organization sponsoring security
professional certification programs. Site contains various security
resources.

SecurityFocus (http://www.securityfocus.com/)
Site contains news and information about security, the Bugtraq
vulnerability mailing lists archieves, other security related mailing
list archieves, and a library of security papers.

Security Issues in Embedded Networking
(http://www.mit.edu:8001/people/eichin/embedded-kerberos.html)
Paper on the Kerberos Authentication System.

SECURITY Magazine (http://www.secmag.com/) Telecommunications, monitoring,
video security, access control. Includes a products database.

SecuritySearch.net (http://www.securitysearch.net/)
A large repository of security information to include vulnerabilty
descriptions, product reviews, news, security papers, and
descriptions and links to software security tools.

SIGSAC: Special Interest Group on Security, Audit and Control
(http://www.acm.org/sigsac)
ACM books, groups, journal, proceedings, educational products, videos etc.

Sirene Publications, Security Archives
(http://www.semper.org/sirene/lit/sirene.lit.html) Cryptography,
algorithms, untraceable communications, payment systems, security criteria
etc.

SSE-CMM: System Security Engineering Capability Maturity Model
(http://www.sse-cmm.org/) Improving processes
for building INFOSEC into products and meeting customers' INFOSEC
engineering needs.

Steganography Info and Archive (http://members.tripod.com/steganography/stego.html)
Description and history of steganography. Programs to hide info in image,
sound or other files.

TEMPEST Information Page
(http://cryptome.org/nsa-tempest.htm)
An unofficial but impressive overview of TEMPEST.

Top Level Security Issues
(http://www.penfield-gill.com/BFG/security-paper.html) Discription of 15
top level INFOSEC problems in the global system of interconnnected
computers.

TrinityOS: Guides for Securing Linux
(http://www.ecst.csuchico.edu/~dranch/LINUX/)
Guides and scripts to assist in securing Linux.

TTAP: Trust Technology Assessment Program
(http://www.nsa.gov/isso/bao/cpep.htm)
DoD's program to evaluate the security worthiness of commercial products.

U.S. Navy INFOSEC Website (https://infosec.navy.mil/) Links to
information system security information at military, civil agency, and
commercial sites.

UCL Links on Security and Cryptology
(http://www.dice.ucl.ac.be/crypto/security.html)
UCL's Microelectronics Laboratory's Security and Cryptology list.

UNCLE: Computer Security in Law Enforcement (http://www.uncle.com/)
Computer security projects, monthly news, case studies, resource library,
downloads.

Univ. of Cambridge Computer Security Group
(http://www.cl.cam.ac.uk/Research/Security/)
Schedules of introduction, meetings, seminars, membership, consultancy, etc.

Virus Database from DOE (http://ciac.llnl.gov/ciac/CIACVirusDatabase.html)
Descriptions of viruses from DOE's latest Computer Incident Advisory
Capability database.

Virus Myths (http://www.Vmyths.com/) An irreverent take on virus
hoaxes, hyping and hysteria. Includes lists of related books, media, and
web sites.

Viruses and Security
(http://www.galaxy.com/cgi-bin/dirlist?node=47622)
Computer viruses, an introduction, history, effects, and glossary.

Voters Telecommunications Watch (http://www.vtw.org/) Encryption issues,
including congressional testimony, bills in progress, laws etc.

World Wide Web Consortium (W3C)
(http://www.w3.org/pub/WWW/)
Repository of information about the WWW.

Yahoo! - Computers and Internet:Security and Encryption
(http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/)
Over 500 information security sites.