Information Assurance Online Resources

Online resources have been organized by topic. Select a topic below to view the list of compiled resources pertaining to that subject.

• Secunia Advisories News Feed
• Introduction to Information Security
• The Need for Security
• Legal, Ethical and Professional Issues in Information Security
• Risk Management
• Planning for Security
• Security Technology: Firewalls and VPNs
• Security Technology: Intrusion Detection, Access Control, and Other Security Tools
• Cryptography
• Physical Security
• Implementing Information Security
• Security and Personnel

Secunia Advisories News Feed

Recent Secunia Advisories:

[3/5] WS_FTP Home / Professional Format String Vulnerability
[3/5] Papoo "suchanzahl" SQL Injection Vulnerability
[3/5] Ad Board "id" SQL Injection Vulnerability
[3/5] IBM WebSphere Portal Server Authentication Bypass
[1/5] PHPizabi "id" Information Disclosure and Manipulation
[2/5] Debian update for postfix
[2/5] NOAH Unspecified Cross-Site Scripting Vulnerability
[2/5] Interleave Information Disclosure Security Issues
[3/5] SFS Affiliate Directory "id" SQL Injection Vulnerability
[3/5] MailScan for Mail Servers Web Administration Interface Multiple Vulnerabilities

Introduction to Information Security

Related Resources:

• A Short History of Cryptography by Fred Cohen
• Webopedia Phishing Definition
• Wikipedia Phishing Definition
• Committee on National Security Systems Web Site
• National Training Standard for Information Systems Security (INFOSEC) Professionals (Adobe PDF)

The Need for Security

Related Resources:

• Internal and External Causes of Business Interruptions section of Business Continuity Planning: A Comprehensive Approach by Virginia Cerullo and Michael J. Cerullo
• A Taxonomy of Computer and Network Attacks from CERT
• Spyware (Definition and Categories) from Microsoft
• Viruslist.com
• Virus Types and Categories by Panda Software
• Malicious Codes in Depth by Mohammad Heidari or PDF Version
• Compilation of Threats and Attacks by A. Seazzu
• The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them) - Originally from Time Magazine - SecurityTeam.us
• A Hacker Games the Hotel by Kim Zetter - Wired News (7.30.2005)
• Annual hacking game teaches security lessons - SecurityFocus (8.05.2005)
• Windows Vista first virus appears - TechWorld (8.05.2005)

Legal, Ethical and Professional Issues in Information Security

Related Resources:

• New Mexico Computer Crimes Act
• New Mexico House Bill 514
• Institute for Information Infrastructure Protection
• 40M Credit Cards Hacked (CNN.com)
• BJ's Wholesale suspects credit card leak (MSNBC.com)
• Hacker hits up to 8M credit cards (CNN.com)
• Additional Information about Laws and various public and private entities by A. Seazzu
• Federal Trade Commission - Your National Resource for ID Theft
• Wireless network hijacker found guilty - Silicon.com (7.22.2005)
• 40,000 ID fraud cases recorded in 2005 - Silicon.com (8.05.2005)

Risk Management

Related Resources:

• Risk Management (Carnegie Mellon Software Engineering Institute)
• 7 Principals of Risk Management
• The Institute of Risk Management

Planning forSecurity

Related Resources:

• COBIT
• Policies by D. Kilman (Sandia National Laboratories)
• Writing Policies, Rules and Guidelines (MIT Information Services and Technology)
• NIST Contingency Planning Guide (PDF)
• CPM Group
• Disaster Recovery Journal

Security Technology: Firewalls and VPNs

Related Resources:

• The OSI Model
• The TCP/IP Protocol
• IP Numbering and Subnetting
• IP Subnetting, Variable Subnetting, and CIDR (Supernetting)
• Packet Structures
• Network Technologies (General Overview)
• Active Ports Utility
• Network Address Translation
• Are firewalls expendable? (NetworkWorld)
• The future of IT security is fewer walls, not more (ZDNet UK)

Security Technology: Intrusion Detection, Access Control, and Other Security Tools

Related Resources:

• Intrusion Prevention Systems: the Next Step in the Evolution of IDS by Neil Desai
• IDS Information
• SNORT
• SNORT Tutorial by Patrick Harper
• Sam Spade
• XploiterStat Lite
• Nmap
• Firewalk
• HPING
• Winfingerprint
• GFI LANGuard 30 day evaluation download
• Nessus
• NeWT Vulnerability Scanner
• Ethereal
• NetStumbler
• AirSnare

Cryptography

Related Resources:

• FileCheckMD5
• HashCalc (ZIP Archive)
• HashTab (EXE)
• SecExMD5+ 30 day demo (EXE)
• StegoArchive.com/

Physical Security

Related Resources:

• NTFS
• Using Local Policy to Turn Off Windows Features by amset.info
• Microsoft PowerToys for Windows XP by Microsoft
• How do I *really* disable auto-play in Windows XP? by Leo Notenboom
• Microsoft Windows Unspecified USB Device Driver Vulnerability
• Reset Passwords When a Staff Member Leaves
• How to Bypass BIOS Passwords by LabMice.net
• Social Engineering Fundamentals, Part I: Hacker Tactics by Sarah Granger
• CompuTrace

Implementing Information Security

Related Resources:

• The National Institute of Standards and Technology (NIST) - Security Considerations in the Information System Development Lifecycle (PDF)
• SecurityDocs.com - Security in Software Applications
• Center for Information Technology at the National Institute of Health (NIH)

Security and Personnel

Related Resources:

• CISSP Certification
• Security+, CISSP and TICSA