Use the 'Net to Secure Your Nete
James W. Meritt
As you have no doubt seen in the popular media, security throughout the 'Net is almost a lost cause. There are three obvious reasons for this: Don't care, Don't know, and Don't have the resources to secure the network even if you did care and did know. Reading this article somewhat belies the don't care part, and I hope to furnish information to help the don't know. Since there is much you can do for little or no money, there may be some help here for the don't have, too. The following sites are ones that I have found to be most informative and most stable (they have been there and up every time I've checked for years). There are many, many other security-related resources on the 'Net, but these should furnish a good start.
There is an assortment of official sites with a great deal of information on network security. Among them is the Computer Security Institute, which is the oldest international membership organization offering training specifically targeted to information security professionals at:
The Computer Security Resource Clearinghouse at:
is designed to collect and disseminate computer security information and resources to help users, systems administrators, managers, and security professionals better protect their data and systems.
The Department of Energy Information server at:
is designed to enhance information security data sharing. Their Computer Incident Advisory system is at:
Along with these sites, there are others containing immediately relevant information.
is the InfoWar Web site for Information Warriors. The National Computer Security Association reading room is at:
There is a large collection of papers about various different computer security issues at:
A variety of mailing lists concerned with security issues are listed at:
They have been archived at:
Plans, Policy, and Procedures
The organizational policies are necessary to provide a security architecture for all of a company's operations. The policies undergo normal review procedures, and then are approved by agency management for implementation. Planning network security -- what needs to be done and what documents and policies need to be established -- are described in:
The tools that you may need to secure your network may be available at both official and unofficial (hacker) sites. They can be found at:
http://www.antiOnline.com/ and http://www.rootshell.com/
You can use tools that crackers might use in order to check your own site for vulnerabilities.
Finally, if you can't find help any other way, there is a list of computer security-related people at:
These are very busy people, and there is no guarantee that they will have an opportunity to assist you, though I have found them extremely helpful.
AntiOnline/Hacking and Hackers -- http://www.antionline.com/
COAST Security FTP Archive -- ftp://coast.cs.purdue.edu/pub/tools/
Computer Incident Advisory Capability -- http://ciac.llnl.gov/
Computer Security Institute -- http://www.gocsi.com/
Computer security people -- http://now.cs.berkeley.edu/~daw/people/compsec.html
Computer Security Resource Clearinghouse -- http://csrc.ncsl.nist.gov/
DOE Information Security server --
FIRST Security Papers -- http://www.alw.nih.gov/Security/first-papers.html
INFOWAR: Information Warriors -- http://www.infowar.com/
List of security mailing lists --http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/ \
Mailing lists -- http://www.tryc.on.ca/mailinglists.html
Minimize Business Losses Through Proactive Planning -- http://www.area-development.com/AUG96_14.HTM
NCSA Reading Room -- http://www.ncsa.com/readingroom/
Network Security and Network Monitor Programs --http://www.ecst.csuchico.edu/~thuff/newtools.html
Network Security Planning -- http://www.reliable.net/ \
Prior Planning Precludes Poor Performance: Plans, Policies and Procedures -- http://www.info-sec.com/internet/ \
Publicly Available Mailing Lists -- http://www.neosoft.com/internet/paml/
Rootshell -- http://www.rootshell.com/
Wietse's tools and papers --
About the Author
Jim Meritt is currently working for Wang Global, Inc as a Senior Security Analyst, and has been involved with UNIX systems and networking for more than a decade. His email address is: JWMeritt@AOL.com.