There are many valuable security resources on the Internet. One reason for this is that one site's poor security can have an affect on everyone else's security on the Internet. Hackers will often compromise sites simply to use them as bases of operation against other sites. For example, the string of recent (Feb 2000) web server denial of service attacks would not have been possible without an array of previously compromised hosts acting as agents for the attack programs.

Because of this, it is in the best interests of all security professionals to help advance the state of Internet security as whole.

Terminology clarifications:

• Hacking - Has two definitions. One is that it is any tricky or clever computer manipulations, for good or bad. That is the original definition. The second definition is that it is the misuse of other people's computers such as break ins and denial of service attacks, whether clever or not. Old school "hackers" really dislike the fact that the second definition is the more generally used one now. I will go with the mainstream and use the second "hacking" definition.
• Cracking - The term old school hackers use to describe hacking for bad purposes.
• Blackhat - The "bad guys", people who advocate cracking of other people's computers.
• Whitehat - The "good guys", people who are anti-cracking such as security professionals. This group may include "reformed" blackhat people.
• Script Kiddies - A derisive term for crackers who have no particular skills at cracking, but just know how to use tools that other people have written in order to cause trouble. It doesn't matter too much whether your site was defaced by a script kiddie or a true cracker, your site was still trashed. True crackers should be viewed as more of a threat than script kiddies since crackers are more likely to be able to do something interesting like stealing credit card numbers once they get in. But script kiddies are much more numerous.
• Denial of Service Attack - An attempt to make a computer unusable by others. This does not generally entail gaining access to a system, it just makes it so that no one else can gain access either. Denial of service attacks are sometimes used in tandem with system penetration attacks.

WARNING:

If you start surfing to security sites and start visiting "blackhat" / pro-hacking sites, it is not unheard of for those sites to probe the computers that visit them for vulnerabilities. Just something to be aware of. I haven't knowingly put any links in on this page to sites like that, but as you start following links, be aware that this can happen.

Also note that the mirrored hacked sites on attrition.org often have profanity or obscene photos on them.

Recommended Web Sites

Virginia Tech, and Randy Marchany, a senior computer systems engineer at Virginia Tech, have a wealth of useful information available on the Internet. The root directory for much of this information is http://courseware.vt.edu/marchany/, but some of the high lights are:

• Virginia Tech Information Security Web page.
• Helpful tools: risk analysis templates, security audit checklists, business recovery plan templates.
• Class notes from a variety of presentations, including E-commernce security, top security threats, and Solaris Systems administration.

The CERT.org is sponsored by the Carnegie Mellon Software Engineering Institute. This organization is a clearing house of information regarding security vulnerabilities and vendor responses. It collects and summarizes reports of security threats and viruses, and provides a great deal of technical information. This includes a good tech tips page with white papers on topics such as OS hardening and how to respond to security breaches.

The NIPC is the FBI's National Infrastructure Protection Center.  It is a clearing house for US Government sponsored computer security information.  They issue threat warnings, and take reports of computer crime.  If you want to report a computer crime, this form is a good place to start.  http://www.nipc.gov/incident/incident.htm.  The site also has contact information about FBI field offices.  Since many computer crimes cross state boundaries, the FBI is often the appropriate party to contact regarding computer crime.

ICSA.net is a trade organization of Internet Service Providers with a mission to help improve the security of the Internet, and help prevent denial of service attacks.

The SANS institute is a professional organization that focuses on Systems Administration, Networking, and Security. This site also contains a wealth of information, including systems hardening scripts, incident response guidelines, sample security policies, etc. This organization sponsors several excellent seminars a year. SANS members have online access to old conference material.

COAST (Computer Operations, Audit, and Security Technology) is a web site sponsored by Purdue University. It contains a comprehensive hotlist page pointing to many valuable security resources on the Internet. It also hosts an FTP site containing many security tools.

Rootshell is a bit of a controversial site. One school of thought is that programs that exploit security holes should be made freely available in order so that they systems administrators have access to the same tools that hackers have. Rootshell subscribes to this point of view. It publishes information about security holes and also publishes source code that can be used to exploit these holes. Reviewing this site periodically can be valuable as a way to keep abreast of the threats that systems face from hackers.

Attrition is also a bit of a controversial site. It provides a variety of security information, but the most interesting part of the site is the mirrors of hacked web sites. Attrition strives to get word of web sites that have been hacked before they are taken down and reloaded. They then grab a copy of the hacked web site's HTML and archive it for posterity. Attrition only counts web sites that they can personally verify as being hacked, so their counts are on the conservative side. Even so, I was quite surprised just how many web sites are defaced each month. Attrition is often notified by hackers that they have hacked a web site before anyone else knows about it. Attrition first mirrors the web site, then automatically notifies the contact names registered for the DNS domain that their site has been hacked. Attrition specifically asks to NOT be notified in advance of pending hacks. And if they do receive advance word of an impending hack, they will notify the authorities when they receive the warning.

Some people say that Attrition encourages hacking by providing publicity to hackers. But many security professionals and law enforcement officers use this site as a valuable resource. Of course sites that have been hacked are probably not happy to have the incident recorded for posterity, so that may also affect people's opinions of Attrition.

Hacker News is another site that takes an objective look hacking and system cracking.

2600 is the site associated with the print magazine 2600. This magazine has been around for quite some time. It is much more on the pro-hacker side of the spectrum, and is generally considered a blackhat site.

Firewall Web Sites

• The Phoneboy is the definitive Firewall-1 resource.
• Lance Spitzer's web page has great information about armoring Solaris and NT and white papers about Firewall-1
• www.securepoint.com has searchable archives of the Firewall-1 and other email distribution lists.