CERT and System Security Information
Reports, Documents for Discussion and CommentsSANS (System Administration, Networking, and Security) Institute.
CVE list is a list of standardised names for Vulnerabilities and other Information Security Exposures aimed to easy sharing data across separate vulnerability databases and security tools. The content of CVE is a result of a collaborative effort of the CVE Editorial Board of many security-related organizations such as security tool vendors, academic institutions, and government as well as other security experts.A Common Language for Computer Security Incidents by John Howard and Tom Longstaff
NIST Recommendation: SP 800-51. Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme, September 2002
"ICMP Usage in Scanning", by Ofir Arkin (PDF, PostScript)
JANET-CERT: Security Information pages
GARR-CERT Security Alerts (Italian)
LUX-CERT Information page
UNINETT security information
Computer Incident Advisory Capability
CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. CIAC is an element of the Computer Security Technology Center (CSTC)
Internet Security Systems, Inc.
Security Focus Vulnerability Database
Hiverworld Public Vulnerability Database
NTBugtraq Vulnerability Database
Latest virus info from Network Associates
SECURITY at ITWorld.com
Authentication - PKI - Biometric - Encryption - Intrusion - Prevention - Firewalls
Unsolicited Commercial Email (Spam) - Technical and Legal issues
Advisory Mailing List
Used to distribute copies of CERT/CC advisories and summaries ISS X-Force Mailing Lists
SecurityFocus Mailing Lists Aarchives
SANS mailing lists
Computer law and legislature in European countries at EuroCERT site
Crypto Law Survey by Bert-Jaap Koops
ICRI, Interdisciplinary Center for Law and IT (Belgium)
Survey by Global Internet Liberty Campaign
Site Security and Incidents Response related RFCs
RFC 2196. Site Security Handbook (replaces
the now obsolete RFC1244)
RFC 2350. Expectations for Computer Security Incident Response (June 1998)
RFC 2505. Users' Security Handbook (Feb 1999)
RFC 2828. Internet Security Glossary
RFC3013. Recommended Internet Service Provider Security Services and Procedures
Current IETF Working Groups
INCH-WG (Incident Handling) - Security Area
The purpose of the Incident Handling (inch) working group is to define
data formats for communication between a CSIRT and its constituency, a
CSIRT and parties involved in an incident investigation and between collaborating
CSIRTs sharing information.
This format will support the now largely human-intensive dimension of the incident handling process. It will represent the product of various incremental data gathering and analysis operations performed by a CSIRT from the time when the system misuse was initially reported (perhaps by an automated system) till ultimate resolution.
Specifically, the working group will address the issues related to representing: the source(s) and target(s) of system misuse, as well as the analysis of their behavior; the evidence to support any analysis results; a scheme to document the incident investigation and analysis process; and constructs to facilitate the exchange of security information across administrative domains (e.g., internationalization, data sensitivity). The WG will investigate the information model needed to support the typical, operational workflow of the incident handling processes found at Internet Service Providers; Managed Security Service Providers; Risk Analysis vendors; and traditional, internal CSIRTs.
IDWG (Intrusion Detection Exchange Format) - Security Area
Scope of IDWG is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to management systems which may need to interact with them. Issues are rather related to operation level than to application. WG Activity contributed by specialists from ISS, Boeing Co, IBM, CyberSafe Corporation, Nokia and some Universities.
Computer Systems Security documents
Rainbow Series Library
The Common Criteria VERSION 2.1/ISO IS 15408 (MIL
site; Common Criteria Project at
NIST; International Common
Criteria Project Home page)
The Common Criteria (CC) is presented as a set of distinct but related parts as identified below.