Computer & Network Security Webliography
Basics
- An Overview of TCP/IP Protocols and the Internet
- This paper was originally submitted to the InterNIC and posted on their Gopher site on 5 August 1994. This document is a continually updated version of that paper.
Why Security?
- Computer and Network Security in Small Libraries: A Guide for Planning
- Excellent beginner's introduction to library security issues. Also available as an online tutorial.
- Security of the Internet
- Excellent overview of the issues at stake in securing internetworks.
- Information Technology-Essential but Vulnerable: How Prepared are we for Attacks?
- Congressional Testimony, September 26, 2001
Risk Management
- The New Zealand Society for Risk Management
- Good website that clearly covers risk management
- Homeland Security: A Risk Management Approach Can Guide Preparedness Efforts (PDF)
- Testimony before the Senate Committe on Govermental Affairs, Oct. 31 2001. Interesting not only for its clear definitions, but also for its historical value.
- "OCTAVE" Information Security Risk Evaluation
- Excellent pages from CERT designed to help an organization assess its risk.
Vulnerabilities
- Top Cyber Security Risks
- Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.
- Overview of Attack Trends
- April 8, 2002 paper from CERT giving an overview of recent trends in attacks and vulnerabilities.
Firewalls
- Stateful vs. Stateless IP Filtering
- From Security ProNews, a series of firewall types with good discussions.
- Internet Firewalls - Resources
- From CERIAS - Purdue University, a comprehensive collection of information about Internet firewalls including excerpts from books, papers and articles. It also provides a list of firewall products and firewall tools.
Security Policies
- Users' Security Handbook
- RFC 2504 from the Networking Group is "intended to provide users with the information they need to help keep their networks and systems secure."
- Site Security Handbook
- RFC 2196 from the Networking Group is "a guide to developing computer security policies and procedures for sites that have systems on the Internet."
- The SANS Security Policy Project
- Site devoted to information about developing a security policy; includes templates that can be used to quickly develop a different types of policies.
- Guide for Developing Security Plans for Information Technology Systems (NIST)
- Overview of the security planning process.
