Note: You can view the full content of our pages on any browser or Internet device. However, our pages look best in browsers that support Web Standards.
There are many security portals with links to numerous web sites related to security. Several good portal sites are:
The SANS (SysAdmin, Audit, Network, Security) Institute provides a reading room with over 1300 articles and references related to information security. (Posted November 25, 2002.) http://rr.sans.org/index.php
SecurityFocus, Inc. provides a library of reviews, articles, and white papers related to computer security. (Posted November 25, 2002.) http://online.securityfocus.com/library
Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS) provides a hotlist of links to websites, publications, and events in security. (Posted November 25, 2002.) http://www.cerias.purdue.edu/infosec/hotlist/
The Computer Emergency Response Team Coordinating Center, located at the Software Engineering Institute at Carnegie Mellon University, is a center of Internet security expertise. The center’s research involves handling computer security incidents and vulnerabilities, publishing security alerts, researching long-term changes in networked systems, and developing information and training to help improve security at your site. (Posted November 25, 2002.) http://www.cert.org/
The Institute for Electrical and Electronics Engineers (IEEE) Computer Society, Technical Committee on Security and Privacy maintains a good listing of journals and conferences in security. http://www.ieee-security.org/ Its newsletter, Cipher, provides information on past and upcoming workshops and conferences, book reviews, and reports all related to computer security. (Posted November 25, 2002.) http://www.ieee-security.org/cipher.html
We do not intend to try to improve on their work. In this list we will try to give pointers to our favorites, some less well-known sites that we think have interesting information for instructors or students. We have organized the links by chapter just for readability. When something new catches our attention we will update this site, so please check back frequently for new links. And if you have a relatively unknown link that you would like to share, please pass it along.
"Securing the Cloud," an article from The Economist (October 24, 2002) reports that digital security is now everyone’s concern. According to a popular industry statistic, "most firms spend more on coffee than on computer security." However, as companies increase their security budgets, they will need to hire additional security specialists and better identify threats, both big and small. (Posted November 25, 2002.) http://www.economist.co.uk/surveys/displayStory.cfm?story_id=1389589
Peter Neumann, a principal scientist at the SRI International Computer Science Laboratory, has researched computer systems and networks, security, reliability, survivability, safety, and many risk-related issues such as voting-system integrity, crypto policy, social implications, and human needs including privacy. His website contains several links about risks in using computer systems and related technologies. (Posted November 25, 2002.) http://www.csl.sri.com/users/neumann/neumann.html
The Computer Science and Telecommunications Board (CTSB) of the National Research Council, National Academy of Sciences provides independent advice to the federal government on technical and public policy issues related to computing and communications. CTSB’s latest report, Cybersecurity Today and Tomorrow: Pay now or Pay Later, presents a very convincing, and very readable, analysis of the sorry state of cybersecurity today. As the title implies, the question for cybersecurity is not if one will be attacked but when. Defenses today can protect against attacks tomorrow. (Posted November 25, 2002.) http://www7.nationalacademies.org/cstb/pub_cybersecurity.html
SSH is a leading developer of Internet-based data security technologies and solutions, especially cryptography products. Its website provides an introduction to cryptography, algorithms, protocols and standards, references, and additional online resources. The website also provides a series of white papers on cryptography, such as securing remote connections and enabling virtual private networks (VPNs). (Posted November 25, 2002.) http://www.ssh.com/support/cryptography/index.html and http://www.ssh.com/support/documentation/white_papers/
Professor Thomas Huckle, of the Institute for Informatics, provides general links on software bugs and glitches and links to specific examples (e.g., Ariane 5 explosion; euro conversion rounding errors). (Posted November 25, 2002.) http://wwwzenger.informatik.tu-muenchen.de/persons/huckle/bugse.html
Bugtoaster is a site that tracks bugs (flaws that cause crashes). Their software can be downloaded and installed onto a computer. If that computer crashes, the software will send a description of the crash to Bugtoaster. When enough crashes occur from a single product, the vendor is notified so the problem can be addressed. The site also provides statistics for the most prevalent problems with applications, operating systems, etc. (Posted November 25, 2002.) http://www.bugtoaster.com/
The Biometric Consortium serves as the U.S. Government’s focal point for research, development, test, evaluation, and application of biometric-based personal identification/verification technology. The site provides information about government, industry, and academia biometric-related events, articles and publications. (Posted November 25, 2002.) http://www.biometrics.org/
EyeDentify Europe N.V. is a company that has developed a retinal scanner for identification and access control. Retinal scanning is one method of biometrics, a means of identifying a person by measuring a particular physical or behavioral characteristic that is later compared to a library of characteristics belonging to many people. The site provides information of the technical features of this technology. (Posted November 25, 2002.) http://www.eye-dentify.com/
The BiometriTech newsletter covers the latest news and articles on biometric issues, implementation obstacles and solutions, and successful installations of biometric components and the results they have yielded. The site provides information on finger identification, voice identification/authentication, facial recognition, and smart card technologies. (Posted November 25, 2002.) http://www.biometritech.com/
The United States, Canada and several European countries joined together to develop a set of common criteria for evaluation of IT security that are broadly useful within the international community. The common criteria is available at the following site. (Posted November 25, 2002.) http://www.commoncriteria.org/
The National Information Assurance Partnership (NIAP), sponsored jointly by the National Institute of Standards and Technology and the National Security Agency, represents the United States within the Common Criteria project. The site provides information as to how the common criteria are implemented in the United States. (Posted November 25, 2002.) http://csrc.nist.gov/cc/
The Defense Advanced Research Projects Agency (DARPA) is funding the Total Information Awareness (TIA) program. TIA’s goal is " to revolutionize the ability of the United States to detect, classify and identify foreign terrorists — and decipher their plans — and thereby enable the U.S. to take timely action to successfully preempt and defeat terrorist acts." The site provides information about the program’s objectives and a detailed chart of the approach. (Posted November 25, 2002.) http://www.darpa.mil/iao/TIASystems.htm
The National Science Foundation Workshop on Next Generation Data Mining (NGDM'02) brought together data mining researchers and practitioners from diverse backgrounds for exploring the challenges and future research directions in data mining. The workshop focused on data mining for pervasive, distributed, and stream applications; data mining for counter-terrorism; scientific data mining; and the Web, semantics, and data mining. The site provides links to the presentations given at the workshop. (Posted November 25, 2002.) http://www.cs.umbc.edu/NGDM02/
Counterpane Internet Security, Inc. is focused on managed security monitoring (MSM). The company monitors networks for suspicious activities, and takes immediate, effective action to keep its clients’ businesses running smoothly. Under the NEWS heading, descriptions of security alerts and incidents can be found. Under the LIBRARY heading, the Crypto-Gram Newsletter and publications from Counterpane Labs can be found. http://www.counterpane.com/ (Posted November 25, 2002.)
See the SANS, Security Focus, and CERT sites referenced under Chapter 1 above for additional information on network security.
The Federal Agency Security Practices (FASP) website is based off the success of the Federal CIO Council’s Federal Best Security Practices pilot effort to identify, evaluate, and disseminate best practices for computer security. The FASP site contains agency policies, procedures and practices; CIO pilot BSPs; and a Frequently-Asked-Questions section. (Posted November 25, 2002.) http://csrc.nist.gov/fasp/
TechTarget’s SearchSecurity.com is a security-specific information resource enterprise for IT professionals. The site has been organized into several categories, one of which is Security Management. Articles and reports on topics such as guidelines, best practices, employee issues, outsourcing, etc. can be found. (Posted November 25, 2002.) http://searchsecurity.techtarget.com/
The SANS (SysAdmin, Audit, Network, Security) Institute provides a security policy resource page that provides information on how to write information security policies, including examples and templates. (Posted November 25, 2002.) http://www.sans.org/newlook/resources/policies/policies.htm
The Electronic Privacy Information Center is a public interest research center established to focus public attention on emerging civil liberties and to protect privacy. The site provides links to articles and reports on computer security, cryptography policy, free speech, the Freedom of Information Act, and privacy. (Posted November 25, 2002.) http://www.epic.org
Computer Professionals for Social Responsibility (CPSR) is an organization that provides the public and policymakers with realistic assessments of the power, promise, and problems of information technology. The site provides links to articles and publications to direct public attention to critical choices concerning the applications of information technology and how those choices affect society. (Posted November 25, 2002.) http://www.cpsr.org/
The site provides a compilation of laws from around the world related to unsolicited bulk and commercial e-mail ("spam"), provided solely for educational and informational purposes. (Posted November 25, 2002.) http://www.spamlaws.com/
Lisa Takeuchi Cullen’s article "Some More Spam, Please," in Time (November 3, 2002) describes how spam both unwanted and wanted (email from merchants that have been given permission to contact the consumer) is on the rise. The next targets of spam appear to be cell phones and pagers, although several states are fighting against it. (Posted November 25, 2002.) http://www.time.com/time/business/article/0,8599,386956,00.html
See sites in Chapter 2: Elementary Cryptography above.
If you are a student interested in learning more about computer security programs located at colleges and universities in the United States, please see the following link.
The National Security Agency has designated 36 universities as Centers of Academic Excellence in Information Assurance Education. The designations were granted following a rigorous review of university applications against published criteria based on training standards established by the National Security Telecommunications and Information Systems Security Committee. The list and links to these university centers can be found at: