Rex Global Computer and Network Security Links

• ABA Information Security Committee
  (http://www.abanet.org/scitech/ec/isc/home.html) Information, news and law sites for electronic commercial law covering issues such as digital signatures.

• Acronyms and Abbreviations. (http://iase.disa.mil/acronym.html)

• AFCEA: Armed Forces Communications and Electronics Association.
  (http://www.afcea.org) Events, courses, and Signal Magazine, often
  including INFOSEC and related science and technology.

• American Cryptogram Association (http://www.und.nodak.edu/org/crypto/crypto/) Nonprofit organization devoted to disseminating cryptographic knowledge. Dates from the 1920's.

• ANSI/National Standards Systems Network (http://www.nssn.org/) Links/searches hundreds of organizations which develop, distribute and use technical standards.

• Assorted Security Information Sources (http://galaxy.einet.net/galaxy/Engineering-and-Technology/Computer-Technology/Security) Guide to information security information sources.

• AUSCERT: Australian Computer Emergency Response Team (http://www.auscert.org.au/) Security points of contact, papers, advisors
  and alerts, tools, events, news, other.

• bsy's Security Related pointers (http://www.cse.ucsd.edu/users/bsy/sec.html) List of pointers to security related information.

• Canadian Communications Security Establishment (http://www.cse.dnd.ca) Manuals, guides, products, training schedules, public key infrastructure, other links.

• Center for Democracy and Technology (http://www.cdt.org/crypto/) U.S. Cryptographic Policy and issues as well as links to other cryptography sites.

• CERT Coordination Center (http://www.cert.org/) Focal point for facilitating response to computer security events on the Internet.

• CERT-NL: Netherlands Computer Emergency Response Team Home Page (http://cert-nl.surfnet.nl/home-eng.html) Security bulletins, reports, news, papers, tools, workshops.

• CIAC: Computer Incident Advisory Capability (http://www.ciac.org/ciac/) Department of Energy's information security server. Documents, tools, information.

• Cipher - Newsletter of the IEEE CS TC on Security and Privacy (http://www.ieee-security.org/cipher.html) Security news, conference reports, commentary, standards, other IEEE security items.

• CNS: Computer Network Security (http://www.cert.lu/security/) Network security documents, FAQs, RFCs, news, tools, bibliography, links.

• COAST Homepage (http://www.cs.purdue.edu/coast/coast.html) Collection of security-related papers and tools.

• Computer Security History Project http://seclab.cs.ucdavis.edu/projects/history/ A Collection of seminal papers, technical reports, and other documents related to early computer security efforts. Many of these reports have not received wide dissemination as they were produced under contract for the U.S. Department of Defense.

• Computer Security Information (http://www.alw.nih.gov/Security/security.html) Information about computer security organized by topic.

• Computer Security Research Laboratory at UC Davis (http://seclab.cs.ucdavis.edu) Intrusion detection, system design, protocols, vulnerabilities, auditing, viruses, cryptography etc.

• Croation Cryptography Reference Center (http://pgp.rasip.fer.hr/) PGP and related crypto-topics.

• "Crypto*Log" Guide to Internet Cryptography (http://www.uni-mannheim.de/studorg/gahg/PGP/cryptolog1.html) Security equipment, algorithms, laws, networks, standards, software, vulnerabilities etc.

• CryptoBytes newsetter (http://www.rsasecurity.com/rsalabs/cryptobytes/)
  Online newsletter from RSA. Current and past issue available.

• Cryptographer's Homepages (http://www.inf.ethz.ch/personal/camenisc/cryptographers.html) Links to Homepages of some cryptographers.

• Cryptography and Security (http://theory.lcs.mit.edu/~rivest/crypto-security.html)
  Pointers galore to other web pages about cryptography and security.

• Cryptography in Europe (http://www.modeemi.cs.tut.fi/~avs/eu-crypto.html)
  European cryptography-oriented links.

• Cryptography Library (http://philby.ucsd.edu/cryptolib/) A library for researchers interested in the theory of cryptography.

• Cryptography Resources (http://www.scs.carleton.ca/~csgs/resources/crypt.html)
  Links to crypto related centers, FAQs, indexes, newsgroups, and software.

• CSI: Computer Security Institute (http://www.gocsi.com/) Information
  security issues, trends, laws, surveys, training, guides, and organization activities.

• CSIS: Center for Secure Information Systems (http://www.isse.gmu.edu:80/~csis/) List of security links, announcements, research, literature, societies, courses, software etc.

• CUISP: College and University Information Security Professionals
  (http://web.mit.edu/security/www/cuispnew/cuisp.htm) Professional exams, events, references, policies, plans, FAQs, standards, tools, links etc.

• CVE: Common Vulnerabilities and Exposures (http://cve.mitre.org/) A list of standardized names for vulnerabilities and other names for all publicly known vulnerabilities and security exposures.

• DDOS: Distributed Denial of Service Attacks/Tools (http://staff.washington.edu/dittrich/misc/ddos/) Information, Tools, and Analysis of Distributed Denial of Service Attacks.

• DFN-CERT: German Computer Emergency Response Team Home Page
  (http://www.cert.dfn.de/eng/) Points of contact, web page search. Some English, mostly German.

• DOE Information Security Server (http://doe-is.llnl.gov/) The Server contains tools and documents related to information security that have been made available by many sources both within and outside of the DOE.

• Dorothy Denning's Home Page (http://www.cs.georgetown.edu/~denning/)
  Papers of Georgetown Prof. Dorothy Denning who contributes mightily to the
  INFOSEC/defensive INFOWAR causes.

• DSS Academy (http://www.dss.mil/training/) INFOSEC courses and schedules.

• Electronic Payment Schemes (http://www.w3.org/pub/WWW/Payments/roadmap.html) Comprehensive index of electronic payment schemes.

• Electronic Commerce Interest Group (http://www.w3.org/ECommerce/) W3C support of Electronic Commerce, includes electronic payment resources.

• Secure Electronic Transaction (http://www.setco.org/) SET secure electronic technologies, technical and business programs, and formal specifications for secure transactions.

• Electronic Privacy Information Center (http://www.epic.org/) Privacy related press articles, letters, statements, FAQs, laws, standards, links, export control etc.

• FIRST: Forum of Incident Response and Security Teams (http://www.first.org/) Computer security incident information from over 30 government and private sector response teams.

• Fortezza Developers Site (http://fortezza-support.com/) Information, documents, software from DoD's Fortezza program office.

• Hacker Crackdown (http://www.lysator.liu.se/etexts/hacker/) Literary freeware by Bruce Sterling covering early computer crime and police reactions to it.

• Honeynet Project (http://project.honeynet.org/) An effort to learn the tools, tactics, and motives of the blackhat community, and share those lessons learned. Contains a number of papers describing the effort and the information which has been discovered concerning how hackers operate by watching as they break into systems.

• HTCIA: High Technology Crime Investigation Association (http://htcia.org) Hightech security investigation information, hot list, conferences, laws, technology etc.

• IASCA: Information Systems Audit & Control Assoc.  (http://www.isaca.org) Standards, conferences, research, research, digital signatures, good bookstore.

• IBM Zurich Security Related Links (http://www.semper.org/sirene/outsideworld/security.html) Standard,
  protocols, cryptography, security, E-commerce, alert sites, newsgroups,
  toolkits etc.

• IBM Zurich Security Research Group (http://www.zurich.ibm.com/csc/infosec/) Security technology research and reports, authenication, E-commerce, links etc.

• IETF IP Security Working Group News
  (http://www.cs.arizona.edu/xkernel/www/ipsec/ipsec.html) Meetings, minutes, specifications, drafts, protocols.

• IETF RFCs about Security (http://www.cert.dfn.de/eng/resource/rfc/)
  Topics especially related to computer and network security.

• IETF: Internet Engineering Task Force
  (http://www.ietf.cnri.reston.va.us/home.html) Internet protocols, working
  groups, mailing lists, proceedings, RFCs, Drafts, indexes etc.

• IFIP: Intl Federation for Info Processing (http://www.ifip.tu-graz.ac.at/TC11) International Federation for Information Processing Home Page. Country reps, documents etc.

• Incidents.org (http://www.incidents.org/) Real time information and analysis of ongoing attacks on the Internet.

• Index of Cryptography Papers Available Online (http://www.counterpane.com/biblio/)

• Information on Cryptography (http://HTTP.CS.Berkeley.EDU/~daw/crypto.html)
  Cryptolinks, documents, groups, tools, and systems.

• Information Security Library (http://security.isu.edu/Readings.htm) Large searchable library of INFOSEC documents. (Unfortunately, site is being reconstructed and library is not readily accessible.)

• Information Warfare Research Center(http://www.terrorism.com/infowar/index.html) Papers, links and forums. High quality material.

• Information Warfare Tutorial
  (http://carlisle-www.army.mil/usacsl/divisions/std/branches/iw/tutorial/intro.htm)
  An advanced course given at the US Army War College.

• Information Warfare, A theory of
  (http://www.airpower.maxwell.af.mil/airchronicles/apj/szfran.html)
  Waging INFOWAR at the strategic and operational levels.

• Information Warfare, An Introduction
  (http://www.seas.gwu.edu/student/reto/infowar/info-war.html#Introduction)
  Shows how information warfare is or could be used in the present or in the
  near future.

• Information Warfare, I-War, IW, C4I, Cyberwar (http://www.psycom.net/iwar.1.html) Cyberwar terms, articles, books, research, reports, organizations, techniques, lists etc.

• Information Warfare, What is it? (http://www.ndu.edu/inss/press/nduphp.html) National Defense University Strategic Forum paper by a specialist in information warfare.
  Select Strategic Forum and then scroll down to item 28.

• Infosecurity News Magazine (http://www.infosecnews.com) Press releases and articles, conferences, book reviews, vendors etc.

• INFOWAR and INFOSEC on the Web (http://www.fas.org/irp/wwwinfo.html) A metapage covering INFOWAR and INFOSEC.

• Infowar.com (http://www.infowar.com/) Site of security guru Winn Schwartau.

• inquiry.com (http://www.inquiry.com) Searchable database of over 100,000
  technical articles on information technology.

• International Association for Cryptologic Research (http://www.iacr.org/~iacr/) Conferences and publications devoted to research in cryptology and related fields.

• ISC: Intl Information Systems Security Certification Consortium
  (http://www.isc2.org/) A nonprofit corporation providing a certification program for INFOSEC practitioners.

• ISO: International Organization for Standardization
  (http://www.iso.ch/iso/en/ISOOnline.frontpage) ISO documents relating to security. (Type in search criteria: security)

• ISS: Internet Security System's library (http://www.iss.net/index.php) Vulnerabilities, information and pointers on information security. Select from the Security Center pulldown menu.

• ISSA: Information System Security Association (http://www.issa-intl.org/) International organization of information security professionals. Security-related information.

• ITU: International Telecommunications Union http://www.itu.int/home/index.html Documents addressing security. Search for security.

• Journal of Computer and Comm Security Reviews
  (http://www.cl.cam.ac.uk/users/rja14/#SR) FTP(able) abstracts of presentations from some 40 conferences a year from 1992.

• Journal of Computer Security (http://www.csl.sri.com/programs/security/jcs/) Scope, editors, submission and subscription procedures, and description of recent articles.

• CAPSL (Common Authentication Protocol Specification Language)
  (http://www.csl.sri.com/users/millen/capsl/)

• Lawries Cryptography Bibliography (http://www.cs.adfa.oz.au/cgi-bin/cgiwrap/lpb/bib_lpb) Searchable bibliography to 1,000 articles on cryptography and computer security.

• Mailing Lists for Security Professionals (http://www.iss.net/index.php) List of security mailing lists to help keep professionals abreast of current security information.
  Select Mailing Lists/Newsletters from the Security Center pulldown menu.

• MIT Information Security Office (http://web.mit.edu/security/www/iso1.htm)
  Security plans, programs, network security, virus protection, publications etc

• Money: Past, Present and Future (http://www.ex.ac.uk/~RDavies/arian/money.html)
  The history of money, contemporary developments, and electronic money.

• NASA Automated Systems Incident Response Capability (NASIRC)
  (http://www-nasirc.nasa.gov/index.html) Gives access to much of NASA's repository of information security knowledge.

• Network Security Library (http://secinf.net/ Collection of Network Security papers.

• TruSecure, formerly the NCSA: National Computer Security Association (http://www.trusecure.com/) Gateway to a plethora of information security sites and information.

• Network Rating Model (http://www.radium.ncsc.mil/nrm/nrmovrvw.html) How to assess the security of a network.

• NIAP: National Information Assurance Partnership (http://niap.nist.gov/index.html) A U.S. Government initiative to encourage the development of security products by providing security testing, evaluation, and assessment of products, standards, and security requirements. Joint effort between NSA and NIST. Includes product evaluations, criteria, and security information.

• NIST Computer Security Resource Center (http://csrc.nist.gov/index.html) Variety of computer security resources.

• NSA: National Security Agency home page (http://www.nsa.gov:8080) Some interesting history of cryptography, what NSA does, job opportunities, and a growing INFOSEC page.

• Security Recommendation Guides (http://nsa1.www.conxion.com/) Security Guides produced by the National Security Agency. Provide instructions on how to configure products and systems to limit security vulnerabilities. Includes guides for configuring Windows and Cisco Routers among others.

• NSI: National Security Institute (http://nsi.org/) Security threats, alerts, law, guides, standards, news, related sites.

• CNSS: Committee on National Security Systems (http://www.nstissc.gov/) Purpose, authority, history, and constituents of the CNSS.

• OTA: Office of technology Assessment (http://www.wws.princeton.edu/~ota/ns20/pubs_f.html) All of the now defunct Congressional OTA's studies, including INFOSEC-related, from 1974-1995.

• PCERT: Purdue Computer Emergency Response Team
  (http://www.cerias.purdue.edu/pcert/pcert.html) PCERT Charter, points of contact and archives.

• Quantum Cryptography and Computing (http://qso.lanl.gov/qc/) Introduction, activities, and papers plus other sites from the Los Alamos National Labs.

• Rainbow Series Page (http://www.inforeading.com/archive/rainbow/) DoD rainbow books and related documents covering computer security design.

• Risks Forum (http://catless.ncl.ac.uk/Risks) Reports of risks and attacks against computers and related systems. Smoking guns here.

• RSA Laboratories Home Page (http://www.rsasecurity.com/rsalabs/index.html) Security bulletins, tech reports, "Cryptobytes" technical newsletter, services and education etc.

• SANS Institute (http://www.sans.org/newlook/home.php) Security research and education organization sponsoring security professional certification programs. Site contains various security resources.

• SecurityFocus (http://www.securityfocus.com/) Site contains news and information about security, the Bugtraq vulnerability mailing lists archives, other security related mailing list archives, and a library of security papers.

• Security Issues in Embedded Networking (http://www.mit.edu:8001/people/eichin/embedded-kerberos.html) Paper on the Kerberos Authentication System.

• SECURITY Magazine (http://www.secmag.com/) Telecommunications, monitoring, video security, access control. Includes a products database.

• SecuritySearch.net (http://www.securitysearch.net/) A large repository of security information to include vulnerability descriptions, product reviews, news, security papers, and descriptions and links to software security tools.

• SIGSAC: Special Interest Group on Security, Audit and Control
  (http://www.acm.org/sigsac) ACM books, groups, journal, proceedings, educational products, videos etc.

• Sirene Publications, Security Archives (http://www.semper.org/sirene/lit/sirene.lit.html) Cryptography, algorithms, untraceable communications, payment systems, security criteria etc.

• SSE-CMM: System Security Engineering Capability Maturity Model
  (http://www.sse-cmm.org/) Improving processes for building INFOSEC into products and meeting customers' INFOSEC engineering needs.

• Steganography Info and Archive(http://members.tripod.com/steganography/stego.html) Description and history of stegenography. Programs to hide info in image, sound or other files.

• TEMPEST Information Page (http://cryptome.org/nsa-tempest.htm) An unofficial but impressive overview of TEMPEST.

• Top Level Security Issues
  (http://www.penfield-gill.com/BFG/security-paper.html) Discription of 15 top level INFOSEC problems in the global system of interconnected computers.

• TrinityOS: Guides for Securing Linux (http://www.ecst.csuchico.edu/~dranch/LINUX/) Guides and scripts to assist in securing Linux.

• TTAP: Trust Technology Assessment Program (http://www.nsa.gov/isso/bao/cpep.htm) DoD's program to evaluate the security worthiness of commercial products.

• U.S. Navy INFOSEC Website (https://infosec.navy.mil/) Links to information system security information at military, civil agency, and commercial sites.

• UCL Links on Security and Cryptology
  (http://www.dice.ucl.ac.be/crypto/security.html) UCL's Microelectronics Laboratory's Security and Cryptology list.

• UNCLE: Computer Security in Law Enforcement (http://www.uncle.com/) Computer security projects, monthly news, case studies, resource library, downloads.

• Univ. of Cambridge Computer Security Group (http://www.cl.cam.ac.uk/Research/Security/) Schedules of introduction, meetings, seminars, membership, consultancy, etc.

• Virus Database from DOE (http://ciac.llnl.gov/ciac/CIACVirusDatabase.html) Descriptions of viruses from DOE's latest Computer Incident Advisory Capability database.

• Virus Myths (http://www.Vmyths.com/) An irreverent take on virus hoaxes, hyping and hysteria. Includes lists of related books, media, and web sites.

• Viruses and Security (http://www.galaxy.com/cgi-bin/dirlist?node=47622) Computer viruses, an introduction, history, effects, and glossary.

• Voters Telecommunications Watch (http://www.vtw.org/) Encryption issues, including congressional testimony, bills in progress, laws etc.

• World Wide Web Consortium (W3C) (http://www.w3.org/pub/WWW/) Repository of information about the WWW.

• Yahoo! - Computers and Internet:Security and Encryption
  (http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption/) Over 500 information security sites.