|
|
| Table of Contents |
Organizations exist that specialize in Internet security, providing users with bulletins, Web sites, FTP archives, and advice. In addition to the vendors, government-sponsored groups such as national CERTs, and university organizations, such as COAST, can help you in protecting your systems or dealing with intrusions. Appendix B contains a detailed list of useful sites. This appendix provides a review of the major sites of interest that readers may find useful.
The U.S. Department of Energy’s Computer Incident Advisory Capability group, the CIAC, was created in 1989 in response to the Internet Worm. It primarily serves the DOE from its Lawrence Livermore National Laboratory site, but it also provides e-mail advisories and an FTP/web site for anyone on the Internet. The web site is one of the best security pages, offering advisories, security documents, and FTP links to many significant programs.
Founded by Eugene Spafford, the Purdue University COAST project (Computer Operations, Audit, and Security Technology) is dedicated to improving network security. COAST has an impressive web site, featuring links to large numbers of security sites. Offering a comprehensive FTP archive, COAST features one of the largest collections of papers and tools on the topic of network security. COAST also issues a newsletter. COAST works closely with major companies and government agencies and has created a number of useful tools and informative studies of network security.
The U.S. CERT (Computer Emergency Response Team) was founded in 1989 by the U.S. Department of Defense to protect the infrastructure of the Internet. Situated at Carnegie-Mellon University, in Pittsburgh, Pennsylvania, CERT consists of about a dozen employees who respond to reports from Internet users regarding network security, issuing bulletins, notifying vendors, characterizing the state of the Internet from a security standpoint, working with the mass media to publicize and address concerns, and researching solutions to Internet security problems. CERT is frequently mentioned in media reports from the New York Times to Scientific American.
Some criticize CERT for delaying the release of bulletins; this criticism, however, is unjustified to a certain degree because CERT attempts to ensure that vendors are able to address the vulnerabilities before they announce the hole.
CERT has one of the largest mailing lists for security advisories, with more than 100,000 subscribers. It permits anyone to subscribe. The CERT FTP archive contains a wide range of security programs, as well as every advisory and bulletin that CERT has issued.
The CERT group recommends that you encrypt security information before e-mailing; they support DES, PGP, and PEM. They have a 24-hour hotline at 1-412-268-7090. CERT advisories are posted on comp.security.announce.
Many other countries have also formed CERTs, notably Germany (DFN-CERT) and Australia (AUS-CERT). Visit the FIRST web site for contact information on these and other CERT groups.
The Forum of Incident and Response Security Teams, or FIRST, is a non-profit corporation of representatives from vendors, universities, national and international government agencies, and large private corporate computer users. A complete list of members (currently 45 groups), along with contact information, is available. CERT redirects requests regarding security problems to the appropriate FIRST member, so that they can address the issue and provide resolution information back to CERT for the CERT advisory or bulletin.
FIRST provides a forum for security response teams to share security information, tools, and practices. FIRST sponsors a yearly week-long meeting of representatives, a mailing list for discussions among members, and a point of contact for Internet users with security concerns.
This mailing list sends out advisories and exploit scripts for Unix vulnerabilities. They frequently adhere to full disclosure on security holes, so they are one of the best sources for understanding the source of vulnerabilities.
To subscribe, send the text subscribe 8lgm-list to majordomo@8lgm.org.
bugtraq is another mailing list that involves detailed discussion of Unix vulnerabilities. The amount of traffic (e-mail) generated by this source is enormous. To subscribe, send the text subscribe bugtraq to listserv@netspace.org.
Most vendors have web pages and security response teams that can provide assistance in dealing with network vulnerabilities. The FIRST web page provides contact information, but most vendors typically respond to security-alert@<vendor-domain> (for example, security-alert@hp.com).
Vendors typically offer free security bulletins to anyone who signs up on the appropriate mailing list, along with a web/FTP archive of previous bulletins. Contact your vendor for details on subscribing.
Security product vendors usually offer useful web sites.
Raptor offers information on Integrated Firewall Security Management Software at http:www.Raptor.com.
There are individuals who have created web sites with links to many security pages. These web sites are frequently posted to comp.security.unix and can be quite helpful in locating new FTP archives, tools, or papers. These come and go, but one interesting site is http://www.iesd.auc.dk/~johnson/secure.html.
| Table of Contents |