How To Stay Informed About Computing Security Alerts and Issues
Keeping up with what's happening in the world of information and computing
security is a never-ending process, especially for those who are responsible for the operation and administration of large, multi-user server systems and/or handle programming and development of software applications that use or are accessible from the Internet. There are literally thousands of viruses, worms, trojans and other forms of computer attacks that are still active, in some cases years after their first appearance. And, of course, new ones appear almost on a daily basis. Knowing where to look for information is a vital part of keeping your system(s) protected.
Publicly Accessible Websites
There are many excellent websites that deal with security in a variety
of ways. The following are a few of the more authoritative and popular ones:
Computer Emergency Response Team (CERT) - www.cert.org
This Federally-funded operation is based at Carnegie-Mellon University
in Pittsburgh, and is a primary source of up-to-date, accurate information and assessment of current and recent computing security alerts.
SANS Institute (SysAdmin, Audit, Network, Security) - www.sans.org
Like CERT, the SANS site contains information on current and recent
security alerts, and many other resources, including a "reading room" where visitors can research white papers on a multitude of security-related topics. SANS is also one of the leading providers of top-quality security training courses.
Internet Storm Center - www.incidents.org
This is actually a major sub-site of SANS. It displays in graphic and
text format the current trends and frequencies for the computing exploits and attacks that are currently most prevalent around the world, with links to information detailing how to detect, prevent and recover from them.
SecurityFocus - www.securityfocus.com
A complete "e-zine" devoted to articles, columns, op-eds,
alerts and reader feedback dealing with virtually all information security-related topics.
The Register - www.theregister.com
Hosted in the UK, the Register covers computing in general, including
security, and often with a typically British skeptical and irreverent eye. Their motto: "Biting the hand that feeds IT." Be sure to allot at least a full day to catch up on the complete "Bastard Operator From Hell" series, a.k.a. "BOFH".
Penn-hosted E-mail Discussion Lists ("listservs")
Penn Information Security sponsors and operatesl a listserv that is available
to system administrators for discussion of security issues:
- security-sig (Security Special Interest Group)
Subscriptions to this lists isrestricted to Penn e-mail addresses only.
. If you wish to join this list, you must subscribe from your Penn address.
To do so, send e-mail to the following address:
You may leave the 'Subject:' line blank if desired. In the body of the
subscribe security-sig youraddress@yourhost Your Name
e.g., "subscribe security-sig firstname.lastname@example.org John Smith"
You will receive notification via e-mail when your subscription has been
approved, along with a message containing basic listserv instructions.
Last updated: Tuesday, January 2, 2007