Course Resources

Foundstone - Foundstone is a company that offers enterprise risk solutions. However, they also make available a good collection of whitepapers, free tools, webcasts and security videos.

SANS Institute - The SANS Institute offers a wealth of resources on security training, certification and information.

SecurityFocus - a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network admins.

Organizations/Projects

RSA - The company founded by the MIT scientists who developed public key encryption (It's currently owned by EMC).

PGP - A competitor to RSA. Phil Zimmerman developed PGP (Pretty Good Privacy) as a free alternative to the patented, commercial RSA software.

ICSA Labs - A division of Verizon, ICSA Labs is a good source of network security information.

Trend Micro - A company that specializes in Internet security solutions.

McAfee - McAfee provides anti-virus software and is a decent source of information.

IBM Internet Security Systems - A good source for training, whitepapers and security knowledge.

CERT - Home of the Computer Emergency Response Team

Security Focus - Home of the Bugtraq database

Windows Resources

Freshmeat - The latest in open-source, free software is available here.

Cygwin - Free, open source tools for Windows users. Let loose the geek within.

XLiveCD - allows users to connect to *NIX systems, run graphical apps remotely, all without installing anything. Based on Cygwin.

Applications and Tools

(Note: some of these sites might not be accessible from the Westwood LAN)

Wireshark - This is a free, open-source network analyzer that is available in UNIX and Win32 versions.

OpenSSH - An open-source implementation of Secure Shell (SSH), includes both server and client.

OpenSSL - An open-source implementation of SSL (Secure Socket Layer), which allows you to set up secure, encrypted network connections.

Top 75 Network Security Tools - Just what the name implies. Some are commercial, some open-source, some for Windows, some for UNIX, etc.

Schneier on Security - Bruce Schneier's weblog

InfosecWriters.com - A site for security specialists who wish to share their experiences and expertise.

PacketStorm - A listing of DOS, DDOS and other vulnerability assessment tools.

SSL Certificates HOWTO - How to manage a certificate authority (CA), issue and sign certificates.

Local Area Security Linux - Another live, bootable CD, based on DS Linux. Comes in two sizes - 185 megabytes and 215 megabytes- and it can run entirely in RAM. Very good, compact toolkit and a nice complement to Knoppix STD.

General Resources

GoCertify - A nice site that has information on just about every technical certification you can get -- who offers it, what you need to get it, where you can get training and where/how you can take the test.

BrainBench - Another certification site, but this one does their own online certification exams in a wide variety of technical subjects.

Safari - As technical professionals, one of the things you will need to have is a reference library. Safari, from O'Reilly Press, offers online access to thousands of technical books and manuals with the ability to search, print and bookmark content. I already have shelves of books both at home and in my office as well as technical journals at hand, but Safari has been a tremendous help to me when I need to get up to speed on a topic quickly. It's by subscription (I don't get any kickbacks from this) and they start at $10/month.

Google Hacks (Courtesy of johnny.ihackstuff.com)

Plug the search terms in these files into Google to see how many people leave themselves wide open and vulnerable on the Internet.

Hacking Footholds - Information that could be used to gain a foothold on a vulnerable site

Online Shopping Info - Queries that can reveal online shopping information like customer data, suppliers, orders, etc.

Sensitive Info - Not passwords, but certainly information you don't want to leave laying around.

Juicy Info - Interesting stuff

Login Pages - Front pages for Web-based administration software.

Passwords - 'Nuff said.

Vulnerable Network Data - Firewall logs, honeypot logs, network information, IDS logs, etc.

Vulnerable Servers - Reveals servers with specific vulnerabilities.

Online References

FAQs Online - Here's the one-stop shop for looking up Internet FAQs (Frequently Asked Questions) and RFCs(Requests For Comments). 

Just for Fun

User Friendly - Yet another comic strip that looks at the funny side of computing.

Computer Stupidities - This site collects actual dialogues between real users and real tech support folk. The range of misunderstandings and confusion is frequently hilarious.

Peter's Evil Overlord List - Thinking about a career as an Evil Overlord? Think you have what it takes to be the next Darth Vader? Check out this site for a collection of SuperVillain Do's and Don'ts including 'My ventilation shafts will be too small to crawl through'.

The Voice Actor Page - Want to know who does the voice of Larry 3000 on Time Squad?  Find the answer to this and many more questions about the men and women who do the talking for your favorite cartoon characters.  Search alphbetically by show title or actor name.  (By the way, Larry is voiced by none other than Mark Hamill.) 

Computer Features - A funny look at some features you may need on your computers.

What NOT to Do During "The Return of the King" - Very funny and somewhat nasty.

DISCLAIMER: The views expressed on this site are those of the author and are not necessarily those of his employer, Westwood Technical College or its affilliates. This material is intended to supplement the class lectures and text and is not required to complete the course.

You can e-mail me here .