Cover V08, I09


Use the 'Net to Secure Your Nete

James W. Meritt

As you have no doubt seen in the popular media, security throughout the 'Net is almost a lost cause. There are three obvious reasons for this: “Don't care”, “Don't know”, and “Don't have the resources” to secure the network even if you did care and did know. Reading this article somewhat belies the “don't care” part, and I hope to furnish information to help the “don't know”. Since there is much you can do for little or no money, there may be some help here for the “don't have”, too. The following sites are ones that I have found to be most informative and most stable (they have been there and up every time I've checked for years). There are many, many other security-related resources on the 'Net, but these should furnish a good start.

Official Sites

There is an assortment of official sites with a great deal of information on network security. Among them is the Computer Security Institute, which is the oldest international membership organization offering training specifically targeted to information security professionals at:

The Computer Security Resource Clearinghouse at:

is designed to collect and disseminate computer security information and resources to help users, systems administrators, managers, and security professionals better protect their data and systems.

The Department of Energy Information server at:

is designed to enhance information security data sharing. Their Computer Incident Advisory system is at:

Informative Sites

Along with these sites, there are others containing immediately relevant information.

is the InfoWar Web site for Information Warriors. The National Computer Security Association reading room is at:

There is a large collection of papers about various different computer security issues at:

Mailing Lists

A variety of mailing lists concerned with security issues are listed at: \

They have been archived at:

Plans, Policy, and Procedures

The organizational policies are necessary to provide a security architecture for all of a company's operations. The policies undergo normal review procedures, and then are approved by agency management for implementation. Planning network security -- what needs to be done and what documents and policies need to be established -- are described in:,


The tools that you may need to secure your network may be available at both “official” and “unofficial” (hacker) sites. They can be found at: and

You can use tools that crackers might use in order to check your own site for vulnerabilities.


Finally, if you can't find help any other way, there is a list of computer security-related people at:

These are very busy people, and there is no guarantee that they will have an opportunity to assist you, though I have found them extremely helpful.

Hot List

AntiOnline/Hacking and Hackers --

COAST Security FTP Archive --

Computer Incident Advisory Capability --

Computer Security Institute --

Computer security people --

Computer Security Resource Clearinghouse --

DOE Information Security server --

FIRST Security Papers --

INFOWAR: Information Warriors --

List of security mailing lists -- \
news-items/old-news-ite ms/951223.listoflists.html

Mailing lists --

Minimize Business Losses Through Proactive Planning --

NCSA Reading Room --

Network Security and Network Monitor Programs --

Network Security Planning -- \

Prior Planning Precludes Poor Performance: Plans, Policies and Procedures -- \

Publicly Available Mailing Lists --

Rootshell --

Wietse's tools and papers -- n

About the Author

Jim Meritt is currently working for Wang Global, Inc as a Senior Security Analyst, and has been involved with UNIX systems and networking for more than a decade. His email address is: