Security Resources

There are many valuable security resources on the Internet. One reason for this is that one site's poor security can have an affect on everyone else's security on the Internet. Hackers will often compromise sites simply to use them as bases of operation against other sites. For example, the string of recent (Feb 2000) web server denial of service attacks would not have been possible without an array of previously compromised hosts acting as agents for the attack programs.

Because of this, it is in the best interests of all security professionals to help advance the state of Internet security as whole.

Terminology clarifications:


If you start surfing to security sites and start visiting "blackhat" / pro-hacking sites, it is not unheard of for those sites to probe the computers that visit them for vulnerabilities. Just something to be aware of. I haven't knowingly put any links in on this page to sites like that, but as you start following links, be aware that this can happen.

Also note that the mirrored hacked sites on often have profanity or obscene photos on them.

Recommended Web Sites

Virginia Tech, and Randy Marchany, a senior computer systems engineer at Virginia Tech, have a wealth of useful information available on the Internet. The root directory for much of this information is, but some of the high lights are:

The is sponsored by the Carnegie Mellon Software Engineering Institute. This organization is a clearing house of information regarding security vulnerabilities and vendor responses. It collects and summarizes reports of security threats and viruses, and provides a great deal of technical information. This includes a good tech tips page with white papers on topics such as OS hardening and how to respond to security breaches.

The NIPC is the FBI's National Infrastructure Protection Center.  It is a clearing house for US Government sponsored computer security information.  They issue threat warnings, and take reports of computer crime.  If you want to report a computer crime, this form is a good place to start.  The site also has contact information about FBI field offices.  Since many computer crimes cross state boundaries, the FBI is often the appropriate party to contact regarding computer crime. is a trade organization of Internet Service Providers with a mission to help improve the security of the Internet, and help prevent denial of service attacks.

The SANS institute is a professional organization that focuses on Systems Administration, Networking, and Security. This site also contains a wealth of information, including systems hardening scripts, incident response guidelines, sample security policies, etc. This organization sponsors several excellent seminars a year. SANS members have online access to old conference material.

COAST (Computer Operations, Audit, and Security Technology) is a web site sponsored by Purdue University. It contains a comprehensive hotlist page pointing to many valuable security resources on the Internet. It also hosts an FTP site containing many security tools.

Rootshell is a bit of a controversial site. One school of thought is that programs that exploit security holes should be made freely available in order so that they systems administrators have access to the same tools that hackers have. Rootshell subscribes to this point of view. It publishes information about security holes and also publishes source code that can be used to exploit these holes. Reviewing this site periodically can be valuable as a way to keep abreast of the threats that systems face from hackers.

Attrition is also a bit of a controversial site. It provides a variety of security information, but the most interesting part of the site is the mirrors of hacked web sites. Attrition strives to get word of web sites that have been hacked before they are taken down and reloaded. They then grab a copy of the hacked web site's HTML and archive it for posterity. Attrition only counts web sites that they can personally verify as being hacked, so their counts are on the conservative side. Even so, I was quite surprised just how many web sites are defaced each month. Attrition is often notified by hackers that they have hacked a web site before anyone else knows about it. Attrition first mirrors the web site, then automatically notifies the contact names registered for the DNS domain that their site has been hacked. Attrition specifically asks to NOT be notified in advance of pending hacks. And if they do receive advance word of an impending hack, they will notify the authorities when they receive the warning.

Some people say that Attrition encourages hacking by providing publicity to hackers. But many security professionals and law enforcement officers use this site as a valuable resource. Of course sites that have been hacked are probably not happy to have the incident recorded for posterity, so that may also affect people's opinions of Attrition.

Hacker News is another site that takes an objective look hacking and system cracking.

2600 is the site associated with the print magazine 2600. This magazine has been around for quite some time. It is much more on the pro-hacker side of the spectrum, and is generally considered a blackhat site.

Firewall Web Sites

Back Last Updated : May 11, 2001