These are some of the information resources and hardware and software tools that may be useful in securing your systems and services.  This list includes things that Montebello Partners has found to be useful, and is not intended to be exhaustive.  Please if you have comments or suggested additions.

Security News

These provide news and commentary on the industry.

• SecurityFocus
• CSO magazine online
• Richard Stiennon's Threat Chaos blog concentrates on storage security.
• Bruce Schneier's blog concentrates on policy and security.
• Montebello Partners monthly security update.

Bulletins

These provide current information about known vulnerabilities.

• SANS Top 20 Vulnerabilities is the best place to start.  It lists the most commonly-exploited vulnerabilities.
• CERT has an authoritative security notification service, which will alert you to new vulnerabilities as they are discovered by researchers.  Hackers exploit these vulnerabilities on a widespread basis as soon as four weeks after CERT notification, so it's important to implement CERT recommended fixes quickly.
• Microsoft Security Notification Service is important if you have Microsoft servers and clients.
• Cisco's PSIRT Security Advisories is useful if you have Cisco networking equipment.

Regular Events

These are regular Bay Area events focussed on security.

• SDForum's monthly security SIG
• The bay area chapter of the FBI-sponsored Infragard for protecting critical infrastructure.

Security Guides

These are general guides to securing systems and networks.

• Computer Security FAQ
• Linux Security
• Solaris Security
• Cisco Security
• CERT ftp configuration guide

Books

These are some of the best  references on Security:

• Applied Cryptography, by Bruce Schneier, is the most popular reference on the applied mathematics of cryptography.  Good for software developers.
• Hacking Exposed: Network Security, is a great overview on cracking and how to thwart it, great for a network operations perspective.

Firewalls

These products block and track hostile access to your network.

• Sonicwall is an easy-to-use firewall hardware appliance.
• Cisco PIX is a series of high-end hardware firewall.
• Checkpoint is high-end firewall software which usually runs on a dedicated server.
• ZoneAlarm is a free software firewall for a single computer connected to the Internet through a broadband connection such as DSL, ISDN, or Cable.
• IPChains is the packet-filtering firewall system built into Linux.

Virus Scanners

These products detect and block hostile software on your desktop computer.

• NAI's McAfee VirusScan
• Symantec's Norton AntiVirus

Encryption Software

These products protect sensitive data and passwords, and authenticate users.

• FreeS/WAN (Linux VPN)
• OpenSSH (Secure Telnet)
• PGP (Email/file encryption, and VPN client)
• GnuGP (Freeware version of PGP encryption)

Network Scanners

These products help to identify known vulnerabilities in your systems.

• NMap is the most popular Unix port scanner, used by other tools
• Nessus scans a network for vulnerabilities.
• Saint  scans a network for vulnerabilities. (uses nmap)
• Sara is based on Saint and Satan.
• X-probe is a remote OS-identification scanner
• NetCraft is a simple free web-site server identifier
• Whisker is a Perl-based Open Source CGI/web vulnerability scanner
• Nikto is like Whisker, but updated more frequently

Windows Surveillance

• Spytech SpyAgent
• WebWatcher
• Spector Pro

Host Scanners

• COPS scans a Unix system for vulnerabilities.
• Tiger scans a Unix system for vulnerabilities.

Intrusion Detection

An Intrusion Detection System (IDS) monitors your systems and alert to possible malicious activity.  A Network IDS looks at network traffic and takes action when it sees suspicious packets.  A Host-base IDS looks at log files or other host-based information to generate alerts.

• Snort is a popular Open Source Network IDS.
• RealSecure and BlackICE from ISS include Network and Host instrusion detection.
• Tripwire checks for system changes.
• Logcheck sends email alerts about suspicious system log entries.
• TCPWrappers allows or denies connections from specified hosts.
• Sniffer Pro
• Network Flight Recorder is a network IDS.
• The Cisco PIX has some IDS features available through the "ip audit" command.
• Dragon

Network Sniffers

These products allow you to monitor network traffic.

• TcpDump selectively captures and dumps network packets
• Ethereal is a traffic analyzer for Unix and Windows
• dsniff
• ESniff
• IPTraf is a Linux network traffic analyzer
• ntop creates web pages summarizing web traffic
• Multi-Router Traffic Grapher (mrtg) creates web pages summarizing snmp devices
• Getif is an SNMP manager and browser

Password Strength Checkers

These products identify easily guessable passwords.  Passwords should be long, and should contain letters, numbers, and punctuation.

• Crack
• John the Ripper
• L0ophtcrack
• Outlook PST password stripper

Analysis Tools

• Graphviz is an open-source data-driven network grapher

Pen Test Tools

• spike and spike proxy
• metasploit
• Reverse Engineering Compiler
• Nipper packet editor
• hexedit hex editor
• tcpreplay replays captured packets

Network testing tools

• Netcat
• Hping

Special Editors

• hexedit

Linux-Specific

NT-Specific

• Getacct
• chklock
• nbtscan
• sid2user

Novel-Specific

• Pandora
• chknull
• SNMP

Network Routing

• Arpredirect
• SNARP

Wireless Scanners

• Netstumbler
• Kismet

Technical Documentation

These provide reference documentation on some network protocols.

• RFC 1700 (known port numbers)
• Unknown port numbers
• ICMP parameters
• Finger protocol
• Other RFC's

  Search RFC's: