How To Stay Informed About Computing Security Alerts and Issues

Keeping up with what's happening in the world of information and computing security is a never-ending process, especially for those who are responsible for the operation and administration of large, multi-user server systems and/or handle programming and development of software applications that use or are accessible from the Internet. There are literally thousands of viruses, worms, trojans and other forms of computer attacks that are still active, in some cases years after their first appearance. And, of course, new ones appear almost on a daily basis. Knowing where to look for information is a vital part of keeping your system(s) protected.

Publicly Accessible Websites

There are many excellent websites that deal with security in a variety of ways. The following are a few of the more authoritative and popular ones:

Computer Emergency Response Team (CERT) - www.cert.org

This Federally-funded operation is based at Carnegie-Mellon University in Pittsburgh, and is a primary source of up-to-date, accurate information and assessment of current and recent computing security alerts.

SANS Institute (SysAdmin, Audit, Network, Security) - www.sans.org

Like CERT, the SANS site contains information on current and recent security alerts, and many other resources, including a "reading room" where visitors can research white papers on a multitude of security-related topics. SANS is also one of the leading providers of top-quality security training courses.

Internet Storm Center - www.incidents.org

This is actually a major sub-site of SANS. It displays in graphic and text format the current trends and frequencies for the computing exploits and attacks that are currently most prevalent around the world, with links to information detailing how to detect, prevent and recover from them.

SecurityFocus - www.securityfocus.com

A complete "e-zine" devoted to articles, columns, op-eds, alerts and reader feedback dealing with virtually all information security-related topics.

The Register - www.theregister.com

Hosted in the UK, the Register covers computing in general, including security, and often with a typically British skeptical and irreverent eye. Their motto: "Biting the hand that feeds IT." Be sure to allot at least a full day to catch up on the complete "Bastard Operator From Hell" series, a.k.a. "BOFH".

Penn-hosted E-mail Discussion Lists ("listservs")

Penn Information Security sponsors and operatesl a listserv that is available to system administrators for discussion of security issues:

• security-sig (Security Special Interest Group)

Subscriptions to this lists isrestricted to Penn e-mail addresses only. . If you wish to join this list, you must subscribe from your Penn address. To do so, send e-mail to the following address:

listserv@lists.upenn.edu

You may leave the 'Subject:' line blank if desired. In the body of the message, write:

subscribe security-sig youraddress@yourhost Your Name

e.g., "subscribe security-sig jsmith@myhost.upenn.edu John Smith"

You will receive notification via e-mail when your subscription has been approved, along with a message containing basic listserv instructions.

Last updated: Tuesday, January 2, 2007