http://polaris.umuc.edu/~flazarus/
IFSM 454 - Information Systems Security Mechanisms , Webliography
Information Resources - A work in Process
General
- http://www.umuc.edu/prog/ugp/ewp_writingcenter/modules/plagiarism/intro.html
How to avoid plagiarism
UMUC's Effective Writing Center is chock full of writing tips. To quote -
"Effective writing is critical to the intellectual life of university students and graduates."
Networks
-
http://www.javvin.com/dictionary.html
Network Protocols Dictionary, Directory, Reference and Guide
The Javvin Company offers a free online Network Protocol Directory and
Index. "A network protocol is a formal set of rules, conventions
and data structure that governs how computers exchange information
over a network." Understanding networks is central to understanding
communications security.
Security
- http://www.cert.org
CERT Coordination Center-Internet Security Expertise
"Established in 1988, the CERT© Coordination Center (CERT/CC)
is a center of Internet security expertise, located at the
Software Engineering Institute, a federally funded research
and development center operated by Carnegie Mellon University."
A related Home Land Security, US Computer Emergency Readiness Team link
http://www.us-cert.gov/index.html
is provided here. US - CERT integrates information contributed by public and private sectors.
-
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/
Cyber War - A program aired on PBS
This program explores the question, "How vulnerable is the US infrastructure
to attack via cyberspace?" A picture of "warriors fighting on the new
battlefield of cyberspace" is presented.
-
http://swiss.csail.mit.edu/6805/
Ethics and Law on the Electronic Frontier
Electronic Surveillance and Copyright Control
An MIT course that discusses "controversies over control of the Internet."
-
http://csrc.nist.gov/fasp/
Federal Agency Security Practices (FASP)
The FASP site site contains Federal Agency policies, procedures and
practices related to security. Included is a listing of best
practices and a frequently asked questions (FAQ) section related to
information technology security issues. This Web site was developed
by NIST to encourage information sharing and collaboration.
-
http://grc.com/intro.htm
Gibson Research–Scan Your Computer for vulnerability
Steve Gibson is a venerable security expert who has provided help,
sometimes controversial, to the masses since the days when DOS was
king. His ShildsUp! test software is a valuable contribution to
Internet safety. In addition he presents a wealth of information on
this site. However do take care and read before you jump.
-
http://www.ssimail.com/Glossary.htm
Glossary of Messaging & Security Terms
A couple hundred or so terms are defined here.
-
http://www.yourwindow.to/information-security/index.htm
Glossary for Information Security
A more extensive list of terms can be found here.
-
http://downloads.securityfocus.com/library/NIST-SP800-42.pdf
Guideline on Network Security Testing
Recommendations of the National Institute of Standards and Technology
(NIST Special Publication 800-42, pdf format)
-
http://www.cacr.math.uwaterloo.ca/hac/
Handbook of Applied Cryptography
by Menezes, van Oorschot and Vanstone
This book traces the history of cryptography and explains the
mechanisms in some detail. It is online and can be downloaded in
pdf format. The hard copy was published by CRC Press -
ISBN: 0-8493-8523-7 October 1996, 816 pages
-
http://computer.howstuffworks.com/identity-theft.htm
How Identity Theft Works
This site defines identity theft and what precautions you need to take
to reduce your exposure. The discussion uses layman's terms making
it easy to understand. Included are many useful links such as those
to the three national credit bureaus and to the Federal Trade
Commission's Identity Theft Web site.
-
http://www.ists.dartmouth.edu/index.php
The Institute for Security Technology Studies (ISTS) at Dartmouth College
ISTS purses research that focuses on the need for security
technology and policy in cyber and emergency response environments.
Numerous papers can be found here that address cyber security in an
interdisciplinary fashion.
-
http://www.nsa.gov/
National Security Agency (NSA)
A national resource for security exploitation.
Mission Statement:
"The ability to understand the secret communications of our foreign
adversaries while protecting our own communications.-- a capability
in which the United States leads the world -- gives our nation a unique advantage."
-
http://www.osvdb.org/
Open Source Vulnerability Database
(OSVDB)
Their goal is to provide vendor neutral technical information on
recently discovered security vulnerability. The OSVDB database is
maintained by security enthusiasts and is free.
- http://www.owasp.org/inde
The Open Web Application Security Project (OWASP)
OWASP was formed in September of 2000. Its purpose is to foster an
open source community where information related to security issues
can be shared. One of its ongoing projects is the yearly publication
of the 10 most critical Web application security issues. In addition
to identifying the issues, defense mechanisms are offered. Another
project is the OWASP Guide to Building Secure Web Applications.
"The Guide is a aimed at architects, developers, consultants and
auditors and is a comprehensive manual for designing, developing and
deploying secure web applications."
- http://www.pgpi.org/
Free PGP Software
The OpenPGP encryption standard was developed from PGP (Pretty Good
Privacy), created by Phil Zimmermann in 1991. It is widely used for
encrypting e-mail with public key cryptography. Be sure you read the
documentation.
-
ftp://ftp.rsasecurity.com/pub/labsfaq/rsalabs_faq41.pdf
RSA Laboratories' Frequently Asked Questions About Today's
Cryptography, Version 4.1
A comprehensive text book covering cryptographic issues published in
2000 by RSA Security Inc.
-
http://surfthenetsafely.com/
Safety on the Internet
This site, authored by Vic Laurie for SeniorNet classes, discusses
security issues in a simple to understand manner.
-
http://www.sans.org/resources/
SANS (SysAdmin, Audit, Network, Security)-An Information and
Computer Security Resource
SANS, a source for information security training and certification,
makes available a large collection of vendor neutral documents related
to information security (INFOSEC). The SANS Institute was established
in 1989 as a cooperative research and education organization. A number
of publications such as a weekly vulnerability digest (@RISK), a
weekly security news digest (NewsBites), the Internet Storm Center,
identified as an early warning system, and flash security alerts
are offered, for the asking, free of charge.
-
http://www.securityfocus.com
SecurityFocusTM
This is a vendor-neutral site that
provides comprehensive, up-to-date Internet related security
information. An impressive library of security related articles is
maintained here. In addition a descriptive listing of newsletters
and mailing lists can be found here. Freeware and shareware security
related tools are also listed. Many of the offered tools are 'rated'
by viewers for example, "Hope no one installed this (password
generator). Well-informed users make better passwords. Not worth $14.
Not worth site security to use. A rubber mallet and an old keyboard
make great passwords."
- Below are links to several trade publications with security related content.
- Access Control & Security Solutions
- eWeek
- InformationWeek
- InformationSecurity
- InfoWorld
- Virus Bulletin
- http://www.wired.com/
Wired Magazine online edition
A technology related news magazine. "computer security" entered into
the news archive search engine netted 400 + hits.
-
http://www.w3.org/Security/Faq/www-security-faq.html
The World Wide Web Security FAQ
A good compilation of frequently asked question related to Web and PC
security. It is interesting to note the following, paraphrased from the
site "The more powerful and flexible the operating system, (e.g., UNIX)
the more open it is for attack through its Web (and other) servers."
Mail comment to:
Professor Ferd Lazarus
Back
Return to Index