INLS 566, Resources

Resources

INLS 566, Information Security

Previous sessions of INLS 566 (aka INLS 187)

Other items of interest

General resources

Yahoo's security categories: http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption, includes all kinds of links, including hacker pages, software, Web security, etc.
The Internet Storm Center, tracking security incidents around the world

Windows/NT Security Note that almost all the other resources listed tend to focus on Unix security.

Software: Microsoft Baseline Security Analyzer for any Windows system.
Software: LANguard freeware NT security checker and integrity checker
Company: Microsoft's security pages, includes link to NT pages.
Company: Internet Security Systems includes archives of mailing lists, and pointers to tools.
Company: Kane Security Analysis, includes a tool for monitoring multiple servers.
Reference: You can also look up protocols, acronymns and other terms at whatis.com

Various Resources

Amy Friedlander, Allison Mankin, W. Douglas Maughan, and Stephen D. Crocker, "DNSSEC: A Protocol Toward Securing the Internet Infrastructure", Communications of the ACM, vol. 50, no. 6 (June 2007), pp. 44-50. (A survey of DNS, and the security extensions proposed c. 2004, which would add cryptographic authentication to DNS servers.)
PGP FAQs, including information about cryptography in general from www.pgpi.org (home of PGP)
NIST's Computer Security Resource Clearinghouse. A variety of government-directed security resources.
Nice collection of security information and forums on the Internet at Tom Dunigan's Security pointers page
Lots of Crypto links

Laws and Policies

Privacilla, privacy policy watchdog and information site
North Carolina General Statutes and General Assembly information.
The United States Code (U.S.C.), indexed and searchable. This is one of the most useful and current resources for the whole Code. Also see the next link:
United States House Virtual Law Library, for searching the US Code. Also see THOMAS at the Library of Congress, for full details on present legislation and all recent past legislation.
Cases, Statutes & Topical Highlights in Cyberspace Law & Policy, from the UCLA Online Institute for Cyberspace Law & Policy. Many important legal decisions, but not updated since Sep 2000.
EPIC's Wiretapping pages tracks what's going on in the area of monitoring of audio and electronic communication
ChillingEffects.org, a clearinghouse with legal advice on "cease and desist" letters.
Research on Web credibility at http://www.webcredibility.org/
PL 107-56 (H.R. 3162), the USA PATRIOT Act
The legal right to export crypto was analyzed for Debian. Here's information about their ability to export crypto in open source.

Key privacy organizations

EPIC, action clearinghouse for electronic privacy
Electronic Frontier Foundation, includes some good policy documents and archives
Truste, with privacy standards
understaningprivacy.org, privacy information and advocacy

Incident reporting, also some updates and announcements

Academics

SANS, home of several security certification programs. Also see their reading room for online documents of many types.
CERIAS, at Purdue (COAST is now part of CERIAS). The FTP Archive contains lots of security software.
US Davis SecLab: http://seclab.cs.ucdavis.edu.

Get the Code, Stay Informed

Hacker Hangouts and Information

Products, Software and Services

RSA, involved in encryption standards and policy
McAffee, anti-virus software
SecurityFocus, home of BugTRAQ and other mailing lists. Security consulting and services.
Symantec, makers of Norton Anti-Virus and other products.

Hacker Publications

Miscellany

CODIS, the FBI's Combined DNA Index System.
Sarah Gordon's Web site. Sarah has done research on hackers and their characteristics, and seems to have a solid background & integrity.

Humor.

Most recently updated: Thursday, 2-August-2007