- Posts: 1700
- Thank you received: 0
An Introduction To Security
20 years 6 months ago #803
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
An Introduction To Security was created by sahirh
As security is my pet topic and the amount of traffic on the security and firewalls forum is slow at best, I thought I'd just post a few links for people who want an introduction to security in general :
-- General Information --
www.securityfocus.com - A very good site with all the latest news, a very good library and tools collection as well as sections dedicated to basics, intrusion detection, penetration testing etc. Also home of the Bugtraq mailing list.
www.sans.org - A site with excellent resources in its reading room, people who submit papers there are trying for a certification and as a result its mostly original material and of a very high calibre.
www.security-portal.com - A good general security site.
-- Vulnerability Lists --
www.cert.org - The CERT coordination center provides updates on the latest threats and how to deal with them. Also has very good best practice tips for admins.
www.securityfocus.com/archive/1 - This is the link to Bugtraq, the best full disclosure security mailing list on the net. Here all the latest vulnerabilities get discussed way before you see them being exploited or in the press. The guys here predicted blaster and slammer weeks before they hit the net.
www.insecure.org - The mailing lists section has copies of bugtraq, full disclosure, security-basics, security-news etc etc. Also the home of nMap
-- Penetration Testing --
www.insecure.org/nmap - The top port scanner / network mapper ever. Totally free, supports advanced scans such as SYN stealth scans, ACK, FIN scans, FTP bounce scans, totally anonymous idle scans etc. Now also includes version grabbing (tells you what server is listening on a port, eg IIS webserver). It also features OS detection, and can tell you what OS the target is running.
www.grc.com - For windows home users, the site is home to Shields Up, which can test your home connection for file sharing vulnerabilities, do a port scan etc, all online
www.eeye.com - Home of the Retina Security Scanner. Considered the industry leader.
www.nessus.org - Open source vulnerability scanner, and IMNSHO the best one going. If you're a tiger team penetration tester and you don't point nessus at a target, you're either really bad at your job or have a very large ego. If there's a vulnerability in a system, nessus will find it.
-- Prevention --
www.zonelabs.com - ZoneAlarm personal firewall for windows, considered the best, and also the market leader
www.sygate.com - Sygate Personal Firewall, provides more configuration options than ZoneAlarm, but is consequently harder to use.
-- Libraries --
www.secinf.net - Huge selection of articles basically windows security related. Blatantly sponsored by GFI, but what the heck :)
www.searchsecurity.com - A techtarget site which you should sign up for, very good info. Chris writes for searchnetworking.com its sister site.. I don't think the references could be much better.
-- Exploit websites --
Note : these are not your run of the mill 'how to get my girlfriends hotmail password' type sites. They contain advanced information and research
www.antioffline.com - A very good library section on buffer overflows etc
www.packetstormsecurity.nl - The largest selection of tools possible.
That should provide you with ample reading and testing material
Just remember that what can be used for a legitimate purpose can be used for devious purposes as well.. Don't be an idiot, I can gaurantee you that if you run around trying to break into other peoples networks you will be caught. Don't confuse 'cracking' with 'hacking', crackers are the scourge of the net.. and we should be grateful to hackers who point out holes in the software we use and ensure that the net ends up being safer for us.
Have Fun,
Sahir.
-- General Information --
www.securityfocus.com - A very good site with all the latest news, a very good library and tools collection as well as sections dedicated to basics, intrusion detection, penetration testing etc. Also home of the Bugtraq mailing list.
www.sans.org - A site with excellent resources in its reading room, people who submit papers there are trying for a certification and as a result its mostly original material and of a very high calibre.
www.security-portal.com - A good general security site.
-- Vulnerability Lists --
www.cert.org - The CERT coordination center provides updates on the latest threats and how to deal with them. Also has very good best practice tips for admins.
www.securityfocus.com/archive/1 - This is the link to Bugtraq, the best full disclosure security mailing list on the net. Here all the latest vulnerabilities get discussed way before you see them being exploited or in the press. The guys here predicted blaster and slammer weeks before they hit the net.
www.insecure.org - The mailing lists section has copies of bugtraq, full disclosure, security-basics, security-news etc etc. Also the home of nMap
-- Penetration Testing --
www.insecure.org/nmap - The top port scanner / network mapper ever. Totally free, supports advanced scans such as SYN stealth scans, ACK, FIN scans, FTP bounce scans, totally anonymous idle scans etc. Now also includes version grabbing (tells you what server is listening on a port, eg IIS webserver). It also features OS detection, and can tell you what OS the target is running.
www.grc.com - For windows home users, the site is home to Shields Up, which can test your home connection for file sharing vulnerabilities, do a port scan etc, all online
www.eeye.com - Home of the Retina Security Scanner. Considered the industry leader.
www.nessus.org - Open source vulnerability scanner, and IMNSHO the best one going. If you're a tiger team penetration tester and you don't point nessus at a target, you're either really bad at your job or have a very large ego. If there's a vulnerability in a system, nessus will find it.
-- Prevention --
www.zonelabs.com - ZoneAlarm personal firewall for windows, considered the best, and also the market leader
www.sygate.com - Sygate Personal Firewall, provides more configuration options than ZoneAlarm, but is consequently harder to use.
-- Libraries --
www.secinf.net - Huge selection of articles basically windows security related. Blatantly sponsored by GFI, but what the heck :)
www.searchsecurity.com - A techtarget site which you should sign up for, very good info. Chris writes for searchnetworking.com its sister site.. I don't think the references could be much better.
-- Exploit websites --
Note : these are not your run of the mill 'how to get my girlfriends hotmail password' type sites. They contain advanced information and research
www.antioffline.com - A very good library section on buffer overflows etc
www.packetstormsecurity.nl - The largest selection of tools possible.
That should provide you with ample reading and testing material
Just remember that what can be used for a legitimate purpose can be used for devious purposes as well.. Don't be an idiot, I can gaurantee you that if you run around trying to break into other peoples networks you will be caught. Don't confuse 'cracking' with 'hacking', crackers are the scourge of the net.. and we should be grateful to hackers who point out holes in the software we use and ensure that the net ends up being safer for us.
Have Fun,
Sahir.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
20 years 5 months ago #1613
by naddyboy
Replied by naddyboy on topic Quick Links ?
Hi Sahir,
Do you have some quick links on Security and Tools exclusive to Microsoft operating systems ?
A list of MS-DOS commands for Windows 2000 ?
some good tools for port scanning ?
Thanx
Syed
Do you have some quick links on Security and Tools exclusive to Microsoft operating systems ?
A list of MS-DOS commands for Windows 2000 ?
some good tools for port scanning ?
Thanx
Syed
Time to create page: 0.152 seconds