CISSP Study Material / Bookmarks

Mostly from the CISSP All-in-One Guide

(Last updated August 25, 2006, 5:20:08 (EDT)

http://www.cccure.org/CISSP OSG - Open Study Guide, lots of information, links to good security web sites, etc.
http://secinf.net/info/misc/handbookCISSP Chp 3 Reference
http://csrc.ncsl.nist.govCISSP Chp 3 Reference
http://www.sans.org/CISSP Chp 3 Reference
http://www.securityauditor.net/CISSP All-in-One Chp 3 ref
http://www.all.net/journal/netsec/9703.htmlCISSP All-in-One Chp 3 ref
http://www.ncsa.uiuc.edu/People/ncsairst/Policy.htmlCISSP All-in-One Chp 3 ref - Policies
http://www.security.kirion.net/securitypolicy/CISSP All-in-One Chp 3 ref - Policies
http://www.sans.org/newlook/resources/policies/policies.htmCISSP All-in-One Chp 3 ref - Policies
http://www.baselinesoft.com/CISSP All-in-One Chp 3 ref - Policies
http://www.information-security-policies-and-standards.com/CISSP All-in-One Chp 3 ref - Policies
http://www.sans.org/infosecFAQ/securitybasics/class.htmCISSP All-in-One Chp 3 ref - Data Classification
http://www.cissps.com/CISSP All-in-One Chp 3 ref - Internal responsibility, training
http://groups.yahoo.com/group/CISSP-DiscussCISSP Discussion Group
http://biometrics.cse.msu.edu/CISSP All-in-One Chp4 - Biometrics
http://webusers.anet-stl.com/~wrogers/biometricsCISSP All-in-One Chp4 - Biometrics
http://www.engr.sjsu.edu/biometricsCISSP All-in-One Chp4 - Biometrics
http://www.hill.com/archives/password.shtmlCISSP All-in-One Chp4 - Passwords
http://www.rsasecurity.com/products/securid/authenticators.htmlCISSP All-in-One Chp4 - Authenticators
http://www.networkcomputing.com/1018/1018f1.htmlCISSP All-in-One Chp4 - Authenticators
http://www.javaworld.com/javaworld/jw-12-1997/jw-12-javadev.htmlCISSP All-in-One Chp4 - Smart Cards
http://www.scia.org/CISSP All-in-One Chp4 - Smart Cards
http://developer.netscape.com/docs/manuals/security/SSO/contents.htmCISSP All-in-One Chp4 - Single Sign On
http://www.opengroup.org/security/sso/CISSP All-in-One Chp4 - Single Sign On
http://www.ietf.org/html.charters/cat-charter.htmlCISSP All-in-One - Chp 4 - Kerberos
http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.htmlCISSP All-in-One - Chp 4 - Kerberos
http://www.mit.edu/afs/athena.mit.edu/astaff/project/kerberos/www/papaers.htmlCISSP All-in-One - Chp 4 - Kerberos
http://www.cosic.esat.kuleuven.ac.be/sesame/html/sesame_what.htmlCISSP All-in-One - Chp 4 - Sesame Reference
http://www.cosic.esat.kuleuven.ac.be/sesame/html/sesame_links.htmlCISSP All-in-One - Chp 4 - Sesame Links
http://security.isu.edu/isl/dac.htmlCISSP All-in-One - Discretionary Access Control
http://security.tsu.ru/info/rainbow/tg03.htmCISSP All-in-One - Discretionary Access Control
http://www.contrib.andrew.cmu.edu/usr/shadow/kerberos.htmlCISSP list - Kerberos
http://www.isi.edu/~brian/security/kerberos.htmlKerberos
http://research-istw.saic.com/cace/overview.htmlCISSP All-in-One - Chp4 - Mandatory Access Control
http://csrc.nist.gov/publications/nistpubs/800-7/node36.html#SECTION05161000000000000000CISSP All-in-One - Chp4 - Mandatory Access Control
http://csrc.nist.gov/publications/nistpubs/800-7/node37.html#SECTION05612000000000000000CISSP All-in-One - Chp4 - Sensitivity Labels
http://www.ietf.org/html.charters/aaa-charter.htmlCISSP All-in-One - Chp 4 - Access Control / AAA
http://directory.google.com/Top/Computers/Security/AuthenticationCISSP All-in-One - Chp 4 - Access Control / AAA
http://csrc.nist.gov/publications/nistpubs/800-7/node2.htmlCISSP All-in-One - Chp 4 - Access Control / AAA
http://www.robertgraham.com/pubs/network-intrusion-detection.htmlCISSP All-in-One Chp4 - IDS
http://www.gocsi.com/intrusion.htmlCISSP All-in-One Chp4 - IDS
http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htmCISSP All-in-One Chp4 - IDS
http://project.honeynet.org/CISSP All-in-One Chp4 - Honeypots
http://www.sans.org/newlook/resources/IDFAQ/honeypot3.htmCISSP All-in-One Chp4 - Honeypots
http://www.sans.org/infosecFAQ/hackers/hackers_list.htmCISSP All-in-One Chp 4 - Some Attack Methods
http://www.howstuffworks.com/ram.htmCISSP All-in-One Chp 5 - Computer Architecture
http://www.softpanorama.org/Internals/index.shtmlCISSP All-in-One Chp 5 - Computer Architecture
http://www.kernel.org/pub/linux/libs/security/Orange-Linux/refs/Orange/OrangeI-II-6.htmlCISSP All-in-One Chp 5 - Security Models, TCB
http://citeseer.nj.nec.com/299300.htmlCISSP All-in-One Chp 5 - Security Models, TCB
http://www.ccert.edu.cn/documents/fcvol1.pdfCISSP All-in-One Chp 5 - Security Models, TCB
http://www.cs.cornell.edu/html/cs513-sp99/NL05.htmlCISSP All-in-One Chp 5 - Security Models, TCB
http://www.cs.cornell.edu/html/cs513-sp99/NL03.htmlCISSP All-in-One Chp 5 - Security Domains, Least Privilege, Resource Isolation
http://www.iwar.org.uk/comsec/resources/standards/rainbow/NCSC-TG-028.htmCISSP All-in-One Chp 5 - Security Domains, Least Privilege, Resource Isolation
http://www.kernel.org/pub/linux/libs/security/Orange-Linux/refs/Orange/OrangeI-II-2.htmlCISSP All-in-One Chp 5 - Security Domains, Least Privilege, Resource Isolation
http://www.cccure.org/Documents/HISM/087-089.htmlCISSP All-in-One Chp 5 - Security Models
http://all.net/books/ip/Chp3-3.htmlCISSP All-in-One Chp 5 - Security Models
http://infoeng.ee.ic.ac.uk/~malikz/surprise2001/spc99e/article1/CISSP All-in-One Chp 5 - Security Models
http://www.wi-inf.uni-essen.de/~ifs/summerschool/CISSP All-in-One Chp 5 - Security Models
http://www.tpub.com/ans/51.htmCISSP All-in-One - Chp 5 - Security Modes of Operation
http://security.isu.edu/isl/atcse385.htmlCISSP All-in-One - Chp 5 - Security Modes of Operation
http://www.cs.nps.navy.mil/curricula/tracks/security/notes/chap02_17.htmlCISSP All-in-One - Chp 5 - Security Modes of Operation
http://security.tsu.ru/info/rainbow/std003.htmCISSP All-in-One - Chp 5 - Security Modes of Operation
http://chacs.nrl.navy.mil/publications/CHACS/1997/jifi_web/node24.htmlCISSP All-in-One - Chp 5 - Security Modes of Operation
http://www.dss.mil/isec/ch8nispom/toc.htmCISSP All-in-One - Chp 5 - Security Modes of Operation
http://www.boran.com/security/tcsec.htmlCISSP All-in-One - Chp 5 - Trust & Assurance, System Evaluation Methods
http://williamstallings.com/Extras/Security-Notes/lectures/trusted.htmlCISSP All-in-One - Chp 5 - Trust & Assurance, System Evaluation Methods
http://wwww.jos.org/doc/security/ob_index.htmlCISSP All-in-One - Chp 5 - Trust & Assurance, System Evaluation Methods
http://www.radium/ncsc.mil/tpep/library/rainbowCISSP All-in-One - Chp 5 - Rainbow Series
http://csrc.ncsl.nist.gov/secpubs/rainbow/CISSP All-in-One - Chp 5 - Rainbow Series
http://www.fas.org/irp/nsa/rainbow.htmCISSP All-in-One - Chp 5 - Rainbow Series
http://secinf.net/rainbowe.htmlCISSP All-in-One - Chp 5 - Rainbow Series
http://www.cesg.gov.uk/assurance/iacs/itsec/index.htmCISSP All-in-One - Chp 5 - Information Technology Security Evaluation Criteria
http://www.cordis.lu/infosec/src/crit.htmCISSP All-in-One - Chp 5 - Information Technology Security Evaluation Criteria
http://www.iwar.org.uk/comsec/resources/standards/itsec.htmCISSP All-in-One - Chp 5 - Information Technology Security Evaluation Criteria
http://csrc.nist.gov/ccCISSP All-in-One - Chp 5 - Common Criteria
http://www.commoncriteria.org/CISSP All-in-One - Chp 5 - Common Criteria
http://www.rycombe.com/cc.htmCISSP All-in-One - Chp 5 - Common Criteria
http://nces.ed.gov/pubs98/safetech/chapter5.htmlCISSP All-in-One Chp 6 - Physical Security
http://netsecurity.about.com/library/weekly/aa020501a.htmCISSP All-in-One Chp 6 - Physical Security
http://security.org/dial-80/links.htmCISSP All-in-One Chp 6 - Physical Security
http://www.eb-datacenters.com/tech/sec1198.htmlCISSP All-in-One Chp 6 - Physical Security
http://www.itl.nist.gov/fipspubs/0-toc.htmCISSP All-in-One Chp 6 - Physical Security
http://www.iso.chwww.salford.ac.uk/iti/books/osi/osi.htmlAll-in-One Chp 7 - OSI Model
http://www.wizard.com/users/baker/public_html/NetTutor.htmlAll-in-One Chp 7 - OSI Model
http://www.protocols.com/All-in-One Chp 7 - OSI Model
http://directory.google.com/Top/Computers/Internet/Protocols/All-in-One Chp 7 - OSI Model
http://grouper.ieee.org/groups/All-in-One Chp 7 - TCP/IP
http://www.lantronix.com/learning/wp/index.htmlAll-in-One Chp 7 - TCP/IP
http://archives.neohapsis.com/archives/cisspstudy/CISSP List Archive
http://grouper.ieee.org/groups/802All-in-One Chp 7 - LAN Media Access Technologies
http://web66.coled.umn.edu/ConstructionAll-in-One Chp 7 - LAN Media Access Technologies
http://www.iol.unh.edu/consortiums/fe/All-in-One Chp 7 - Ethernet
http://alumni.caltech.edu/~dank/feAll-in-One Chp 7 - Ethernet
http://www.ots.utexas.edu/ethernet/100mbps.htmlAll-in-One Chp 7 - Ethernet
http://www.8025.org/All-in-One Chp 7 - Token Ring
http://www.faqs.org/faqs/LANs/token-ring-faqAll-in-One Chp 7 - Token Ring
http://www.techfest.com/networking/lan/token.htmAll-in-One Chp 7 - Token Ring
http://www.iol.unh.edu/consortiums/All-in-One Chp 7 - FDDI
http://www.cicese.mx/~aarmenta/frames/redes/fddi/FDDIFAQ.htmlAll-in-One Chp 7 - FDDI
http://www.nswc.navy.mil/ITT/x3t12All-in-One Chp 7 - FDDI
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ipmulti.htmAll-in-One Chp 7 - IP Multicast
http://www.transition.com/learning/whitepapers/colldom_wp.htmAll-in-One Chp 7 - Collision Domains
http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.htmlAll-in-One Chp 7 - ARP
http://www.freesoft.org/CIE/Topics/61.htmAll-in-One Chp 7 - ARP
http://www.ee.siue.edu/~rwalden/networking/icmpmess.htmlAll-in-One Chp 7 - ICMP
http://www.ncmag/com/2001_03/ICMP/All-in-One Chp 7 - ICMP
http://www.ietf.org/html.charters/bridge-charter.htmlAll-in-One Chp 7 - Bridges
http://www.erg.abdn.ac.uk/users/gorry/course/lan-pages/bridge.htmlAll-in-One Chp 7 - Bridges
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/routing.htmAll-in-One Chp 7 - Routers & Routing
http://www.ietf.org/html.charters/wg-dir.htmlAll-in-One Chp 7 - Routers & Routing
http://directory.google.com/Top/Computers/Internet/Routers_and_RoutingAll-in-One Chp 7 - Routers & Routing
http://www.enterasys.com/products/whitepapersAll-in-One Chp 7 - Switches
http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2012.htmAll-in-One Chp 7 - Switches
http://compnetworking.about.com/compute/compnetworking/cs/networknosCISSP All-in-One - Chapter 7 - Network OS
http://web-wise-wizard.com/internet-web-www/internet-dns-explained-tutorial.htmlCISSP All-in-One - Chapter 7 - DNS Explanation
http://216.167.114.240/articles/3956/CISSP All-in-One - Chapter 7 - DNS Explanation
http://dc.qut.edu.au/itb535/pracs/itb535_dns.htmCISSP All-in-One - Chapter 7 - DNS Explanation
http://www.ietf.org/html.charters/ldapext-charter.htmlCISSP All-in-One - Chapter 7 - Directory Services - LDAP
http://www.ietf.org/html.charters/policy-charter.htmlCISSP All-in-One - Chapter 7 - Directory Services - LDAP
http://www.intranetroadmap.com/CISSP All-in-One - Chapter 7 - Intranet
http://www.cio.com/forums/intranetCISSP All-in-One - Chapter 7 - Intranet
http://www.intranetjournal.com/CISSP All-in-One - Chapter 7 - Intranet
http://safety.net/nattech.htmlCISSP All-in-One - Chapter 7 - Network Address Translation
http://www.tcpipprimer.com/nat.cfmCISSP All-in-One - Chapter 7 - Network Address Translation
http://www.homenethelp.com/web/explain/about-NAT.aspCISSP All-in-One - Chapter 7 - Network Address Translation
http://www.iec.org/tutorials/index.htmlCISSP All-in-One - Chapter 7 - Metropolitan Area Networks
http://www.techfest.com/networking/wan.htmlCISSP All-in-One - Chapter 7 - Metropolitan Area Networks
http://www.cisco.com/warp/public/cc/pd/rt/1200/tech/posdh_wp.htmCISSP All-in-One - Chapter 7 - Metropolitan Area Networks
http://www.bell-labs.com/technology/common/t1carrier.htmlCISSP All-in-One - Chapter 7 - Dedicated Links, T1
http://www.dcbnet.com/notes/9611t1.htmlCISSP All-in-One - Chapter 7 - Dedicated Links, T1
http://www.everythingt1.com/CISSP All-in-One - Chapter 7 - Dedicated Links, T1
http://www.freeswan.org/CISSP All-in-One - Chapter 7 - Free S/WAN
http://www.rsasecurity.com/CISSP All-in-One - Chapter 7 - S/WAN
http://www.bell-labs.com/technology/packetCISSP All-in-One - Chapter 7 - Circuit versus Packet Switching
http://www.rad.com/networks/1998/packet/ps.htmCISSP All-in-One - Chapter 7 - Circuit versus Packet Switching
http://www.frforum.com/CISSP All-in-One - Chapter 7 - Frame Relay
http://www.rad.com/networks/tutorial.htmCISSP All-in-One - Chapter 7 - Frame Relay
http://www.alliancedatacom.com/framerelay.aspCISSP All-in-One - Chapter 7 - Frame Relay
http://www.blackbox.nl/techweb/protocol/x25.htmCISSP All-in-One - Chapter 7 - X.25
http://www.patton.com/patton/fridayfax/article23.htmlCISSP All-in-One - Chapter 7 - X.25
http://www.scan-technologies.com/tutorials/ATM%20Tutorial.htmCISSP All-in-One - Chapter 7 - ATM
http://www.atmforum.com/CISSP All-in-One - Chapter 7 - ATM
http://www.ftp.uni-erlangen.de/pub/other/Documents/ISO/asynch-HDLCCISSP All-in-One - Chapter 7 - HDLC
http://www.rad.com/networks/1994/hdlc/hdlc/htmlCISSP All-in-One - Chapter 7 - HDLC - questionable link
http://www.erg.abdn.ac.uk/users/gorry/course/dl-pages/hdlc.htmlCISSP All-in-One - Chapter 7 - HDLC - High-level Data Link Control
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/hssi.htmCISSP All-in-One - Chapter 7 - High-Speed Serial Interface (HSSI)
http://cio.cisco.com/warp/public/459/8.htmlCISSP All-in-One - Chapter 7 - High-Speed Serial Interface (HSSI)
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis3600/voice/4936vqsg.htmCISSP All-in-One - Chapter 7 - VoIP
http://www.ietf.ort/html.charters/iptel-charter.htmlCISSP All-in-One - Chapter 7 - VoIP
http://www.frforum.com/CISSP All-in-One - Chapter 7 - Voice over Frame Relay
http://www.Mot.com/networking/frame-relayCISSP All-in-One - Chapter 7 - Voice over Frame Relay
http://www.Atmforum.com/atmforum/specs/approved.htmlCISSP All-in-One - Chapter 7 - Voice over ATM
http://www.iec.org/tutorials/vtoa/index.htmlCISSP All-in-One - Chapter 7 - Voice over ATM
http://www.paradyne.com/sourcebook_offer.CISSP All-in-One - Chapter 7 - Digital Subscriber Line (DSL)
http://www.dsllife.com/CISSP All-in-One - Chapter 7 - Digital Subscriber Line (DSL)
http://www.nwfusion.com/netresources/dsl.htmCISSP All-in-One - Chapter 7 - Digital Subscriber Line (DSL)
http://www.cablemodeminfo.com/CISSP All-in-One - Chapter 7 - Cable Modem
http://www.linuxdoc.org/HOWTO/PPP-HOWTO/pap.htmlCISSP All-in-One - Chapter 7 - Password Authentication Protocol (PAP)
http://www.ietf.org/html/charters/pppext-charter.htmlCISSP All-in-One - Chapter 7 - Extensible Authentication Protocol (EAP)
http://www.msg.net/kadow/answers/extras/rfc/rfc2284.htmlCISSP All-in-One - Chapter 7 - Extensible Authentication Protocol (EAP)
http://www.microsoft.com/windows2000/library/howitworks/communications/remoteaccess/default.aspCISSP All-in-One - Chapter 7 - Remote Access
http://www.firstvpn.com/papers/nortel/remote.pdfCISSP All-in-One - Chapter 7 - Remote Access
http://www.ietf.org/html.charters/nasreq-charter.htmlCISSP All-in-One - Chapter 7 - Remote Access
http://www.iec.org/tutorials/index.htmlCISSP All-in-One - Chapter 7 - Remote Access
http://www.raid-advisory.com/CISSP All-in-One - Chapter 7 - RAID
http://members.home.com/slater/raid/index.htmCISSP All-in-One - Chapter 7 - RAID - link problem
http://www.infosecuritymag.com/articles/july01/columns_logoff.shtmlCISSP All-in-One - Chapter 8 - History of Cryptography
http://all.net/books/ip/Chapt2-1.htmlCISSP All-in-One - Chapter 8 - History of Cryptography
http://www.cs.cornell.edu/Courses/cs513/2000SP/L23.htmlCISSP All-in-One - Chapter 8 - History of Cryptography
http://www.execpc.com/~alcourt/crypt.intro.htmlCISSP All-in-One - Chapter 8 - History of Cryptography
http://www.trincoll.edu/depts/cpsc/cryptography/index.htmlCISSP All-in-One - Chapter 8 - History of Cryptography
http://dmoz.org/Science/Math/Applications/Communication_Theory/Cryptography/Historical/CISSP All-in-One - Chapter 8 - History of Cryptography
http://www-math.cudenver.edu/~wcherowi/courses/m5410/m5410cc.htmlCISSP All-in-One - Chapter 8 - Cryptography
http://www.math.nmsu.edu/~crypto/Caesar.htmlCISSP All-in-One - Chapter 8 - Cryptography
http://www.ssuet.edu.pk/taimoor/athar/ce-408/encryption/CISSP All-in-One - Chapter 8 - Cryptography
http://home.ecn.ab.ca/~jsavard/crypto/pp0102.htmCISSP All-in-One - Chapter 8 - Cryptography
http://www.jjtc.com/Steganography/CISSP All-in-One - Chapter 8 - Steganography
http://www.rit.edu/~vxr8205/crypto2/cryptopaper.htmlCISSP All-in-One - Chapter 8 - Cryptography
http://www.swiss.ai.mit.edu/6095/articles/froomkin-metaphor/partIC.html#toC27CISSP All-in-One - Chapter 8 - Clipper Chip
http://cse.stanford.edu/class/cs201/current/Projects/clipper-chip/debate.htmlCISSP All-in-One - Chapter 8 - Clipper Chip
http://www.rsa.com/rsalabs/faq/6-2-4.htmlCISSP All-in-One - Chapter 8 - Clipper Chip
http://www.itl.nist.gov/fipspubs/fip185.htmCISSP All-in-One - Chapter 8 - Key Escrow
http://security.isu.edu/isl/fips185.htmlCISSP All-in-One - Chapter 8 - Key Escrow
http://www.cs.georgetown.edu/~denning/crypto/Lathe-Gambit.txtCISSP All-in-One - Chapter 8 - Key Escrow
http://www.sims.berkeley.edu/courses/is224/s99/GroupC/pr2/s4.htmlCISSP All-in-One - Chapter 8 - Key Escrow
http://csrc.nist.gov/publications/nistpubs/800-7/node208.htmlCISSP All-in-One - Chapter 8 - Symmetric Crypto Systems
http://developer.netscape.com/docs/manuals/security/pkin/contents.htmCISSP All-in-One - Chapter 8 - Crypto Introduction
http://www1.tepkom.ru/users/ant/Articles/Pkcstane.htmlCISSP All-in-One - Chapter 8 - Public Key Cryptography
http://csrc.nist.gov/publications/nistpubs/800-7/node210.htmlCISSP All-in-One - Chapter 8 - Asymmetric Encryption
http://www.eco.utexas.edu/~norman/BUS.FOR/course.mat/SSim/history.htmlCISSP All-in-One - Chapter 8 - History of Cryptography
http://www.maths.mq.edu.au/~steffen/old/PCry/report/node8.htmlCISSP All-in-One - Chapter 8 - Asymmetric Cryptography
http://www.emporia.co.za/TechnicalEncryption.aspCISSP All-in-One - Chapter 8 - Encryption - Technical
http://www.rsa.com/rsalabs/faq/3-2.htmlCISSP All-in-One - Chapter 8 - DES
http://axion.physics.ubc.ca/crypt.htmlCISSP All-in-One - Chapter 8 - DES
http://www.cryptography.com/CISSP All-in-One - Chapter 8 - Cryptography Site
http://www.cs.berkeley.edu/~daw/crypto.htmlCISSP All-in-One - Chapter 8 - Crypto
http://csrc.nist.gov/encryption/aes/CISSP All-in-One - Chapter 8 - AES
http://www.rsa.com/rsalabs/faq/3-6-8.htmlCISSP All-in-One - Chapter 8 - AES
http://www.sans.org/infosecFAQ/encryption/blowfish.htmCISSP All-in-One - Chapter 8 - Blowfish Algorithm (Encryption)
http://www.cryptoman.com/elliptic.htmCISSP All-in-One - Chapter 8 - Elliptical Curve Cryptography
http://www.srvbooks.com/CISSP Prep Guide Examination Textbooks, Volume 1: Theory
http://www.isc2.org/CISSP Prep Guide Certification Source
http://www.intiss.com/intisslinks.htmlCISSP Prep Guide - Links about every domain of infosec
http://www.issa-intl.org/CISSP Prep Guide - Information Systems Security Assoc.
http://csrc.nist.gov/ccCISSP Prep Guide - Common Criteria
http://www.nipc.gov/CISSP Prep Guide - National Infrastructure Protection Center
http://www.icsa.net/CISSP Prep Guide - TruSecure - ICSA Labs
http://www.cerias.purdue.edu/coast/coast.htmlCISSP Prep Guide - COAST Laboratory, now Center for Education and Research in Information Assurance and Security
http://www.alw.nih.gov/Security/security.htmlCISSP Prep Guide - Computer Security Information - NIH
http://www-cse.ucsd.edu/users/bsy/sec.htmlCISSP Prep Guide - Security Related Pointers
http://www.cerberus-isc.com/resources.htmlCISSP Prep Guide - Cerberus InfoSec Consulting
http://www.gocsi.com/CISSP Prep Guide - Computer Security Institute
http://www.nsa.gov/CISSP Prep Guide - National Security Agency
http://www.nist.gov/CISSP Prep Guide - National Institute of Standards and Technology
http://www.nswc.navy.mil/ISSEC/CIDCISSP Prep Guide - Naval Surface Warfare Center - Information Assurance Office
http://www.cerias.purdue.edu/CISSP Prep Guide - Center for Education and Research in Information Assurance and Security
http://www.sans.org/giactc.htmCISSP Prep Guide - Sans GIAC Training
http://www.giac.org/CISSP Prep Guide - Current SANS Giac Training Site
http://www.isalliance.org/CISSP Prep Guide - Internet Security Alliance
http://www.securityportal.com/CISSP Prep Guide - Security Portal
http://www.fedcirc.gov/CISSP Prep Guide - Federal Computer Information Response Center
http://www.cert.org/CISSP Prep Guide - Computer Emergency Response Team
http://www.ciac.org/ciacCISSP Prep Guide - National Nuclear Security Administration
http://info-sec.com/ciao/63factsheet.htmlCISSP Prep Guide - broken link
http://www.fbi.gov/nipc/welcome.htmCISSP Prep Guide - broken link?
http://www.asisonline.org/CISSP Prep Guide - American Society for Information Security
http://www.bsa.org/CISSP Prep Guide - Business Software Alliance
http://www.eff.org/CISSP Prep Guide - Electronic Frontier Foundation
http://www.fbi.gov/scitech.htmCISSP Prep Guide - broken link
http://www.first.org/CISSP Prep Guide - Forum of Incident Response and Security Teams
http://www.hert.org/CISSP Prep Guide - broken link (Hacker Emergency Response Team)
http://www.htcia.org/CISSP Prep Guide - High Tech Crime Investigation Association
http://www.usenix.org/CISSP Prep Guide - USENIX
http://www.ntbugtrak.com/CISSP Prep Guide - Windows (NT) Bugtrack
http://www.nsi.org/compsec.htmlCISSP Prep Guide - National Security Institute's Security Response Net
http://www.boran.com/securityCISSP Prep Guide - IT Security Cookbook
http://xforce.iss.net/CISSP Prep Guide - Internet Security Systems X-Force Security Center
http://www.itpolicy.gsa.gov/CISSP Prep Guide - US General Services Administration
http://www.nswc.navy.mil/ISSEC/CISSP Prep Guide - Naval Surface Warfare Center - Information Assurance Office
http://www.dda-ltd.co.uk/bs7799.htmlCISSP Prep Guide - CODE of PRACTICE for INFORMATION SECURITY MANAGEMENT
http://www.checkpoint.com/CISSP Prep Guide - Checkpoint, Firewall Vendor
http://www.cisco.com/CISSP Prep Guide - Cisco Systems
http://www.rdvgroup.com/CISSP Prep Guide - Russell Dean Vines Group - NYC Consulting Group
http://www.altdata.com/CISSP Prep Guide - directory listing (broken?)
http://www.corbett-tech.com/CISSP Prep Guide - Corbett Technologies
http://www.strozassociates.com/CISSP Prep Guide - Consulting and Technical Services Firm
http://www.tigertesting.com/CISSP Prep Guide - Penetration Testing - Wall Street NY
http://www.misti.com/CISSP Prep Guide - MIS Training Institute
http://www.securify.com/CISSP Prep Guide - Securify - Policy Driven Network Security Management
http://www.knoll-ogara.com/CISSP Prep Guide - broken link - typo?
http://www.verisign.com/CISSP Prep Guide - Verisign, Inc.
http://www.rsasecurity.com/CISSP Prep Guide - RSA Security
http://www.securecomputing.com/CISSP Prep Guide - Secure Computing
http://www.atomictangerine.com/CISSP Prep Guide - Red Siren Technologies
http://www.infosecnews.com/CISSP Prep Guide - Info Security News
http://rootshell.com/beta/news.htmlCISSP Prep Guide - Hacker Sites - RootShell
http://www.hackers.com/CISSP Prep Guide - Hacker Sites - Hackers.com
http://www.l0pht.com/CISSP Prep Guide - Hacker Sites - l0pht
http://www.thecodex.com/CISSP Prep Guide - Hacker Sites - TheCodex
http://www.defcon.org/CISSP Prep Guide - Hacker Sites - DefCon
http://www.lordsomer.com/CISSP Prep Guide - Hacker Sites - lordsomer
http://www.2600.com/CISSP Prep Guide - Hacker Sites - 2600 Group
http://www.phrack.org/CISSP Prep Guide - Hacker Sites - Phrack
http://www.cultdeadcow.com/CISSP Prep Guide - Hacker Sites - Cult of the Dead Cow
http://www.hfactorx.org/CISSP Prep Guide - Hacker Sites - HFX International
http://www.digicrime.com/CISSP Prep Guide - Hacker Sites - DigiCrime
http://www.hideaway.net/CISSP Prep Guide - Hacker Sites - HideAway
http://www.hackernews.comCISSP Prep Guide - Hacker Sites - HackerNews.com
http://www.crimeonline.org/CISSP Prep Guide - Hacker Sites - Crime Online
http://www.technotronic.com/CISSP Prep Guide - Hacker Sites - Technotronic
http://www.happyhacker.org/CISSP Prep Guide - Hacker Sites - Happy Hacker
http://www.webfringe.com/host/CISSP Prep Guide - Hacker Sites - WebFringe
http://www.rsa.com/rsalabs/faq/4-1-3-1.htmlCISSP All-in-One - Chapter 8 - Cryptography - PKI
http://www.pki-page.org/CISSP All-in-One - Chapter 8 - Cryptography - PKI
http://www.webtools.com/story/security/TLS20010222S0001CISSP All-in-One - Chapter 8 - Cryptography - PKI
http://www.nwfusion.com/research/crypto.htmlCISSP All-in-One - Chapter 8 - Cryptography - PKI
http://csrc.nist.gov/encryption/aes/CISSP All-in-One - Chapter 8 - Cryptography - AES
http://www.counterpane.com/tutorials.htmlCISSP All-in-One - Chapter 8 - Cryptography - Crypto Links & Cryptoanalysis Tutorial
http://www.the-search-directory.com/cryptography/CISSP All-in-One - Chapter 8 - Cryptography - Cryptography Info
http://theory.lcs.mit.edu/~rivest/rfc1321.txtCISSP All-in-One - Chapter 8 - Cryptography - MD5
http://www.stack.nl/~galactus/remailers/attack-3.htmlCISSP All-in-One - Chapter 8 - Cryptography - Attacks Against One-Way Hash Functions
http://www.rsa.com/rsalabs/faq/2-4-6.htmlCISSP All-in-One - Chapter 8 - Cryptography - Crypto Attacks (broken link?)
http://home.ecn.ab.ca/~jsavard/sicrypt.htmCISSP All-in-One - Chapter 8 - Cryptography - Cryptographic Compendium
http://www.rsa.com/rsalabs/faq/CISSP All-in-One - Chapter 8 - Cryptography - Crypto FAQ
http://www.faqs.org/faqs/cryptography-faq/part05/CISSP All-in-One - Chapter 8 - Cryptography - Product Ciphers
http://www.cs.georgetown.edu/~denning/crypto/CISSP All-in-One - Chapter 8 - Cryptography - Cryptography Project
http://www.ssh.fi/tech/crypto/intro.htmlCISSP All-in-One - Chapter 8 - Cryptography - Crypto Intro
http://www.rand.org/publications/RM/RM3765/RM3765.chapter3.htmlCISSP All-in-One - Chapter 8 - Cryptography - Fundamentals of Cryptography
http://www.cs.auckland.ac.nz/~pgut001/tutorial/CISSP All-in-One - Chapter 8 - Cryptography - Huge Crypto Tutorial
http://www.informweb.com/webportal/articles/tosecs.htmCISSP All-in-One - Chapter 8 - Cryptography - Secure e-Commerce Deployment
http://web.mit.edu/network/pgp.htmlCISSP All-in-One - Chapter 8 - Cryptography - PGP
http://www.pgpi.org/doc/pgpintro/CISSP All-in-One - Chapter 8 - Cryptography - Intro to PGP
http://axiom.physics.ubc.ca/crypt.html#PGPCISSP All-in-One - Chapter 8 - Cryptography - PGP Information
http://www.pgpi.org/CISSP All-in-One - Chapter 8 - Cryptography - PGP (International)
http://csgrad.cs.vt.edu/~mlorch/securityprotocols/6.6.htmlCISSP All-in-One - Chapter 8 - Cryptography - Security Protocols
http://www.imc.org/smime-pgpmime.htmlCISSP All-in-One - Chapter 8 - Cryptography - S/MIME
http://www.rsa.com/standards/smime/faq.htmlCISSP All-in-One - Chapter 8 - Cryptography - S/MIME
http://nsi.org/Library/Internet/security.htmCISSP All-in-One - Chapter 8 - Cryptography - S/MIME
http://www.ece.mun.edu/users/kjhan/security/CISSP All-in-One - Chapter 8 - Cryptography - S/MIME
http://www.bankinfo.com/ecomm/setpart1.htmlCISSP All-in-One - Chapter 8 - Cryptography - Secure Electronic Transaction (SET)
http://www.sans.org/infosecFAQ/covertchannels/SET.htmCISSP All-in-One - Chapter 8 - Cryptography - Secure Electronic Transaction (SET)
http://www.cs.jcu.edu.au/~pei/cryptography.htmCISSP All-in-One - Chapter 8 - Cryptography - Secure Electronic Transaction (SET)
http://www.uni-karlsruhe.de/ig25/ssh-faq/CISSP All-in-One - Chapter 8 - Cryptography - SSH FAQ
http://www.onsight.com/faq/ssh/ssh-faq.htmlCISSP All-in-One - Chapter 8 - Cryptography - SSH FAQ
http://wks.uts.ohio-state.edu/sysadm_course/html/sysadm-558.htmlCISSP All-in-One - Chapter 8 - Cryptography - SSH
http://www.ietf.org/html.charters/ipsec-charter.htmlCISSP All-in-One - Chapter 8 - Cryptography - IPSec
http://www.cs.arizona.edu/xkernel/www/ipsec/ipsec.htmlCISSP All-in-One - Chapter 8 - Cryptography - IPSec
http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/ipsec_wp.htmCISSP All-in-One - Chapter 8 - Cryptography - IPSec
http://www.couterpane.com/ipsec.htmlCISSP All-in-One - Chapter 8 - Cryptography - IPSec
http://www.disasterrecoveryworld.com/bia.htmCISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - Business Impact Analysis
http://www.disasterrecoveryworld.com/CISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - Disaster Recovery Information
http://www.business-continuity-and-disaster-recovery-world.co.uk/CISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - UK BCP & DRP
http://www.dri.ca/dric_pp3.htmlCISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - Plan Development
http://www.drj.com/new2dr/model/bcmodel.htmCISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - Planning
http://www.co.cc.va.us/its/models/secpl.htmCISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - BCP & DRP
http://albany.bcentral.com/albany/stories/1999/05/24/focus5.htmlCISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - Business Case for Planning
http://dmoz.org/Business/Industries/Security/Emergency_Management/CISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - Emergency Mgmt.
http://www.businesscontinuityworld.com/toolkit.htmCISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - Planning Toolkit
http://www.utoronto.ca/security/drp.htmCISSP All-in-One - Chapter 9 - Disaster Recovery and Business Continuity - UofToronto DRP Resources
http://all.net/books/gassp2/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Generally Accepted System Security Principles
http://www.iab.org/iab/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Internet Activities Board
http://web.mit.edu/security/www/GASSP/gassp021.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Generally Accepted System Security Principles
http://www.cpsr.org/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Computer Professionals for Social Responsibility
http://www.ccure.org/Documents/HISM/522-525.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Hackers and Crackers
http://cui.unige.ch/OSG/courses/infrcom/lectures/security/security.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Introduction to Computing Security
http://www.uwsg.iu.edu/usail/tasks/security/security.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Security and Common Attacks
http://courses.cs.vt.edu/~cs3604/lib/Crime/notes.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Computer Crime
http://netscurity.about.com/cs/socialengineering/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Information about Social Engineering
http://www.sans.org/infosecFAQ/securitybasics/awareness.htmCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Security Awareness
http://www.sans.org/infosecFAQ/social/social_list.htmCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - SANS information about Social Engineering
http://dmoz.org/Computers/Hacking/Groups/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Hacking Groups
http://anticode.antionline.com/text-archive.phpCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Anti-online archive
http://www.qub.ac.uk/mgt/itoc/security.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - broken link?
http://www3.cnn.com/SPECIALS/1999/mitnick.background/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Information about Kevin Mitnick
http://www.soci.niu.edu/~cudigest/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Computer Underground
http://www.loc.gov/copyright/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Copyright information
http://www.eff.org/Intellectual_property/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Intellectual Property
http://www.caltech.edu/ott/security/OIPC_Home.htmCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Office of Intellectual Property Counsel
http://www.ksu.edu/uauc/intprop/tutorial.htmCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Intellectual Property Tutorial
http://www.cert.org/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Computer Emergency Response Team
http://www.sans.org/newlook/publications/incident_handling.htmCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - SANS Incident Handling
http://www.uga.edu/compsec/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Univerity of Georgia - Computer Security
http://www.cert.dfn.de/eng/pre99papers/certbib.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Bibliography of Computer Security Incident Handling Documents
http://csrc.nist.gov/topics/inchand.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - NIST Incident Handling
http://www.bxa.doc.gov/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - US Dept. of Commerce - Bureau of Industry and Security
http://www.ntis.gov/product/export-regulations.htmCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Export Regulations
http://chaos.fedworld.gov/bxa/faq.htmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Export Administration Regulations Marketplace FAQ
http://www.interpol.int/Public/TechnologyCrime/CrimePrev/ITSecurity.aspCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Interpol IT Security
http://www.interpol.com/Public/TechnologyCrime/default.aspCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - Interpol Technology Crime
http://www.cnn.com/2000/TECH/computing/05/18/global.security.idg/CISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - CNN Global Computing Security (2000)
http://cbsnews.com/now/story/0,1597,195452-412,00.shtmlCISSP All-in-One - Chapter 10 - Law, Investigation, and Ethics - CBS News Story about GWBush requiring new security measures
http://www.ietf.org/html.charters/smime-charter.htmlCISSP All-in-One - Chapter 12 - Operations Security - S/MIME Charter
http://www.imc.org/CISSP All-in-One - Chapter 12 - Operations Security - Internet Mail Consortium
http://www.emailman.com/CISSP All-in-One - Chapter 12 - Operations Security - Electronic Mail superhero (grin)
http://idm.internet.com/foundation/imap4.shtmlCISSP All-in-One - Chapter 12 - Operations Security - IMAP4
http://www.rad.com/networks/tutorial.htmCISSP All-in-One - Chapter 12 - Operations Security - Network Tutorial (bad site for deep links)
http://www.faximum.com/faqs/faxCISSP All-in-One - Chapter 12 - Operations Security - Fax Security
http://www.faxserver.comCISSP All-in-One - Chapter 12 - Operations Security - Fax Security
http://www.cccure.org/Documents/Justin_Gibson/Notes_Prep_Guide.docOnline Prep Guide
http://www.cs.unc.edu/~dewan/242/f96/notes/prot/node13.html Bell LaPadula Model
http://www.shmoo.com/securecode/Secure Code
http://www.cs.georgetown.edu/~denning/Dorothy Denning - G'town CS Prof, Info Warfare and Security Research
http://www.information-security-policies-and-standards.com/All-in-One - Appendix A - Security Policies - Information Security Policies and Standards
http://www.sans.org/newlook/resources/policies/policies.htmAll-in-One - Appendix A - Security Policies - SAN Policies
http://www.securityauditor.net/All-in-One - Appendix B - British Standard 7799 - Security Auditor
http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdfAll-in-One - Appendix B - British Standard 7799 - NIST Publication Reviso FAQ
http://www.fas.org/irp/nsaAll-in-One - Appendix C - Who's Who - NSA
http://www.cia.gov/ic/nsa.htmlAll-in-One - Appendix C - Who's Who - NSA (According to the CIA)
http://www.nsa.gov/All-in-One - Appendix C - Who's Who - NSA
http://www.nist.gov/All-in-One - Appendix C - Who's Who - National Institute of Standards and Technology
http://www.csrc.ncsl.nist.gov/All-in-One - Appendix C - Who's Who - National Institute of Standards and Technology
http://www.radium.ncsc.mil/tpepAll-in-One - Appendix C - Who's Who - National Computer Security Center
http://www.iso.ch/All-in-One - Appendix C - Who's Who - International Standards Organization (ISO)
http://www.ansi.org/All-in-One - Appendix C - Who's Who - American National Standards Institute (ANSI)
http://www.ieee.org/All-in-One - Appendix C - Who's Who - Institute of Electrical and Electronic Engineers (IEEE)
http://standards.ieee.org/catalog/contents.htmlAll-in-One - Appendix C - Who's Who - Institute of Electrical and Electronic Engineers (IEEE)
http://www.ieee-security.org/index.htmlAll-in-One - Appendix C - Who's Who - Institute of Electrical and Electronic Engineers (IEEE)
http://www.aspe.os.dhhs.gov/admnsimp/nprm/pvclist.htmAll-in-One - Appendix C - Who's Who - Unknown, broken? link
http://www.hcfa.gov/hipaa/hipaahm.htmAll-in-One - Appendix C - Who's Who - HIPAA
http://www.ahima.org/journal/features/feature.9910.1.htmlAll-in-One - Appendix C - Who's Who - American Health Information Management Association
http://www.wedi.org/public/articles/HSSGuidelines.docAll-in-One - Appendix C - Who's Who - wedi - HSS Guidelines (word doc)
http://www.hipaadvisory.com/views/Patient/myths.htmAll-in-One - Appendix C - Who's Who - Myths and Facts about HIPAA
http://www.fdic.gov/news/financial/2001/fil0103a.htmlAll-in-One - Appendix D - Gramm Leach Bliley Act - Gramm Leach Bliley
http://www.senate.gov/~banking/confAll-in-One - Appendix D - Gramm Leach Bliley Act - Senate Banking
http://www.ftc.gov/privacy/glbactAll-in-One - Appendix D - Gramm Leach Bliley Act - Federal Trade Commission - Gramm Leach Bliley
http://www.privacyheadquarters.com/glb/a_safeguard.htmlAll-in-One - Appendix D - Gramm Leach Bliley Act - Gramm Leach Bliley
https://www.srvbooks.com/cissp_exam.htmSRV Books
http://www.incidents.org/IDS - Incident Sightings
http://niap.nist.gov/niap/projects/systcert-proj.htmlEvaluation Criteria - New NIST Security Standards
http://csrc.nist.gov/publications/fips/index.htmlEvaluation Criteria - NIST FIPS 102
http://www.cisecurity.org/Evaluation Criteria - Center for Internet Security regarding Common Criteria
http://www.lavasoft.nl/Malware - Ad-ware - to scan machines for known spyware
http://online.securityfocus.com/infocus/1263Vulnerability Assessment - SecurityFocus Vulnerability Assessment Survey
http://www.sun.com/solutions/blueprints/0502/816-4816-10.pdfSun Blueprint "How Hackers Do It"
http://www.cccure.org/Documents/CISSP_Summary_2002/index.htmlStudy Guide
http://groups.yahoo.com/group/CISSP_BOSONCISSP BOSON Discussion Group
http://www.alternic.org/drafts/drafts-o-p/draft-orman-public-key-lengths-01.htmlPublic Key Lengths (Crypto)
http://www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdfClass B, bit-level mask according to 3COM
http://searchwin2000.techtarget.com/tips/0,289484,sid1,00.htmlManaging and Supporting Windows OS Network
http://members.aol.com/axcel216/secrets.htmSecrets
http://www.cybertrails.com/~fys/index.htmCyberTrails
http://www.jjtc.com/Security/links.htmSecurity
http://www.alvestrand.no/x400/X.400 Protocol Standard Concerned with Message Handling.
http://www.ietf.org/internet-drafts/draft-ietf-pkix-roadmap-08.txtPKI - IETF PKI Roadmap
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.aspMicrosoft Baseline Security Analyzer
http://cissp.christophstrizik.net/Christoph Strizik's prep information
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/skey.htmlS/Key - Documentation
http://www.esecurity.ch/serieseditor.htmlEsecurity - Series Editor
http://webopedia.internet.com/quick_ref/OSI_Layers.aspOSI Layers
http://paknews.com/main2jun-08.htmlIndian Nuclear System Hacks - Paknews
http://www.landfield.com/isn/mail-archive/1998/Jun/0031.htmlIndian Nuclear System Hacks - Landfield.com
http://www.google.com/search?q=india+nuclear+weapons+hackerIndian Nuclear System Hacks - Google Search
http://www.defencejournal.com/july98/pakneeds1.htmIndian Nuclear System Hacks - defencejournalhttp://www.defencejournal.com/july98/pakneeds1.htm
http://www.afsa.org/fsj/sept00/Denning.htmlIndian Nuclear System Hacks - AFSA.org
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=hackers+bhabaIndian Nuclear System Hacks - Google Search 2
http://www.isaca.org/cobit.htmAudit Information - CobiT
http://www.isaca.org/netcentric.htmAudit Information - ConnecT from ISACA
http://www.sei.cmu.edu/cmm/cmms/cmms.htmlAudit Information - SEI/SSE Capability Maturity Models
http://www.sse-cmm.org/model.htmAudit Information - SEI/SSE Capability Maturity Models
http://cisac.stanford.edu/docs/soohoo.pdfAttack Statistics Information - SooHoo ROI Information (Stanford)
http://www.tdcommercialbanking.com/cashmgmt/biz.jspTD Commercial Bank - Cash Management Information
http://csrc.nist.gov/asset/NIST ASSET - Automated Security Self-Evaluation Tool
http://csrc.nist.gov/asset/ASSET_overview_forum.pdfNIST ASSET - Automated Security Self-Evaluation Tool Paper
http://groups.yahoo.com/group/computerforensicsworld/Computer Forensics - Yahoo! Group - Computer Forensics World
http://vip.poly.edu/kulesh/forensics/list.htmComputer Forensics - Tools List
http://www.seawall.com/forensics.htmlComputer Forensics - Seawall.com
http://forensic.to/forensic.htmlComputer Forensics - forensic.to
http://www.cftt.nist.gov/Computer Forensics - NIST
http://www.accessdata.com/Computer Forensics Tools - WIN32 - FTK (Forensic Tool Kit)
http://www.encase.com/Computer Forensics Tools - WIN32 - EnCase (Law Enforcement Standard)
http://www.toolsthatwork.com/Computer Forensics Tools - WIN32 - Byte Back
http://www.ilook-forensics.org/Computer Forensics Tools - WIN32 - iLook - ext2 support
http://www.porcupine.org/Computer Forensics Tools - Linux - TCT - The Coroners Toolkit
http://www.atstake.com/Computer Forensics Tools - Linux - TASK @stake
http://www.asrdata.com/Computer Forensics Tools - Linux - SMART - X11 - based tool for complete forensic analysis
http://www.incident-response.org/Computer Forensics Tools - Linux - Rob Lee - Incident Response
http://www.crazytrain.com/dd.htmlComputer Forensics Tools - Linux - Paper about using dd - dd is best because it creates a true and accurate bit image copy
http://www.isaca.org/standard/guidelne.htmAudit Information - generic testing methodology in network and/or computer security audits - ISACA is the organization body for IT auditors
http://www.malware.com/Malware - Clever Malware Exploits
http://www.icir.org/vern/papers/backdoor/Backdoor Papers
http://www.lavasoftusa.com/Lavasoft
http://grc.com/optout.htmOptout - attempts to identify "calls home."
http://www.counterpane.com/log-analysis.htmlLog Analysis
http://www.commonwealthfilms.com/Commonwealth Films Training Video Regarding Laptop Theft
http://csrc.nist.gov/publications/drafts/draft-sp800-48.pdfWireless Network Security (NIST 800-48 DRAFT)
http://www.intellitactics.com/Log Monitoring - Intellitactics - Network Security Manager Tool
http://www.standardsdirect.org/iso17799.htmISO 17799
http://news.com.com/2100-1033-939546.html?tag=cd_mhWar-chalking information
http://www.blackbeltjones.com/warchalking/index2.htmlMore info on war-chalking
http://victoria.tc.ca/techrev/secgloss.htm#warchalkingWLAN - Warchalking Information
http://sun.soci.niu.edu/~rslade/secgloss.htm#warchalkingWLAN - War chalking information
http://www.carmichaelsecurity.com/home.htmlMathematical Threat Analysis by Martin Carmichael, PHD. ("Time to Defeat".)
http://www.maresware.com/Forensics - Computer Forensics, Data Analysis, Forensic Software and Instruction (Mares and Company, LLC)
http://www.shebeen.com/iis4_nt4sec.htmWindows Security - NT4 Hardening Techniques
http://www.shebeen.com/w2k/Windows Security - W2K Hardening Techniques
http://www.cio.com/research/security/edit/071702_budget.htmlSecurity Salary Survey - CIO Magazine
http://www.usdoj.gov/criminal/cybercrime/searching.htmlForensics - DOJ Rules of Evidence - CyberCrime Searching
http://www.encase.com/Forensics - Encase
http://www.accessdata.com/Forensics - AccessData
http://www.powerquest.com/driveimage/Forensics - DriveImage
http://www.iss.net/support/documentation/whitepapers/xforce.phpISS WhitePaper - XForce - Including Information about Instant Messenger Risks
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci841963,00.htmlSurnova worm - Instant Messenger & P2P Targetting worm
http://www.openreach.com/ssl/Openreach.com - SSL
http://198.11.21.25/capstoneTest/Students/Papers/docs/FinalPaper3173.pdfCapstoneTest Paper
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.htmlNSA Erasure Algorithm
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.htmlSecure Deletion
http://www.cs.auckland.ac.nz/~pgut001/Secure Deletion Papers by Peter Gutmann
http://www.faqs.org/rfcs/rfc3268.htmlRFC 3268 - SSL using AES encryption
http://www.eskimo.com/~joelm/tempestintro.htmlTempest - LCD information
http://www.noradcorp.com/2tutor.htmTempest - LCD Information
http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Matthew%20CaldwellLogs - "Security Event Correlation - Security's Holy Grail?"
http://story.news.yahoo.com/news?tmpl=story&ncid=582&e=1&cid=582&u=/nm/20020803/wr_nm/tech_defcon_hackback_dc_3Computers Under Attack Can Hack Back, Expert Says
http://www.internetcrimes.com/Forensics and Investigation - Internetcrimes.com
http://www.corpus-delicti.com/eco/Forensics and Investigation - Corpus-delicti.com
http://www.forensics-intl.com/Forensics and Investigation - Forensics-intl.com
http://www.securitytalks.com/forum/index.phpSecurity Talks - cccure.org forums
http://www.secadministrator.com/articles/index.cfm?articleid=23645Risk Assessment - SEC Administrator
http://www.security-risk-analysis.com/Risk Assessment - Security Risk Analysis
http://www.waveset.com/Solutions/rau.htmlRisk Assessment - Waveset Solutions
http://www.spirit.com/CSI/firewalls.htmlPIX Comparison - CSI - Pix Comparison with other products
http://iase.disa.mil/ditscap/ditsapp.htmlDITSCAP - Application Manual (PDF and Plain Text)
http://iase.disa.mil/ditscap/DGM1.docDITSCAP - Guidance Memorandum (Word DOC)
http://penguin.nsm.iup.edu/security/Penetration%20Testing.pptPenetration Testing - Intro (PowerPoint)
http://iase.disa.mil/ditscap/DITSCAP - IASE - Information Assurance Support Environment
http://online.securityfocus.com/idsIDS ROI
http://csrc.nist.gov/publications/nistpubsNIST Pub 800-30
http://csrc.nist.gov/publications/nistbul/NIST Pub 800-30 info
http://www.isalliance.org/Internet Security Alliance Releases Best Practices Manual
http://www.cio.com/archive/021502/security.htmlSecurity ROI
http://www.infosecuritymag.com/2002/jul/curmudgeons_corner.shtmlSecurity ROI
http://rechten.kub.nl/koops/cryptolaw/Crypto Law
http://www.idefense.com/Intell/CI022702.htmlMap IP to Country
http://www.lectlaw.com/def/a161.htmLegal Information
http://www.thelawyerpages.com/legalterms/RThe Lawyer Pages
http://ldml.stanford.edu/cisacpubsearch.iis?-database=publ&-layout=view&-response=viewpub.html&-recordID=35343&-token.cntr=cisac&-token.acro=CISAC&-searchROI Statistics - Another Soohoo link
http://www.thehackerschoice.com/download.php?t=r&d=secure_delete-2.3.tar.gzSecure Delete - Secure Delete
http://www.tippingpoint.com/Tipping Point - IDS/Intrusion Prevention Device
http://www.intruvert.com/IntruVert's IntruShield IDS product
http://www.ipolicynet.com/IDS - iPolicy - High Speed IDS
http://mattche.iiie.disa.mil/ditscap/index.htmlDISA - DITSCAP
http://stewart-clan.org/Router Assessment Tool (RAT)
http://www.cisecurity.org/CISCO RAT
http://www.hsc.fr/ressources/ipsec/ipsec2001/Demo from IPSec 2001 Global Summit
http://www.isfsecuritystandard.com/index_ns.htmInformation Security Forum - Standard of Good Practice
http://www.securityforum.org/menu.htmInformation Security Forum
http://grc.com/dos/sockettome.htmRaw Sockets - XP Raw Socket Debate
http://www.advisor.com/Articles.nsf/aid/SMITT314Raw Sockets - XP Home Debate
http://www.naseo.org/committees/energydata/energyassurance/duffman.pdfExecutive Security Overview
http://www.mitretek.org/pubs/davis_presentation/Threat_Vul_Risk.pptThreat, Vulnerability, Risk - Mitretek Presentation
http://www.trusecure.com/solutions/certifications/ticsa/overview.shtmlTICSA Certification
http://www5.law.com/tx/sub/news/archive/020899/020899p.htmLegal Precedent - Barge Story
http://www.cips.ca/it/resources/default.asp?load=practicesLegal Precedent - Barge Story
http://www.maritimeadvocate.com/i2_tech.htmLegal Precedent - Barge Story
http://www.silentrunner.com/Sniffers - SilentRunner Sniffer (VG review!)
http://packetstormsecurity.org/Sniffers and Exploits - PacketStorm Security Tools
http://www.ftc.gov/os/2002/08/microsoftagree.pdfFTC/Microsoft Order (pdf)
http://www.fas.org/irp/offdocs/pdd/pdd-63.htmGov't Order for CIO - Information Assurance Required by all Dept and Agencies
http://www.ibistek.com/video.htmlUrban Security Vehicle
http://www.hipaaacademy.net/HIPAA Academy
http://www.hipaacolloquium.com/HIPAA - Colloquium
http://www.hhs.gov/news/press/2002pres/20020809a.htmlHIPAA - Privacy Rule
http://users.pandora.be/funi/security/security.htmlBooks - Good Security-related
http://www.theregister.co.uk/content/4/26620.htmlIE Vulnerability - MSIE and Konqueror SSL M-i-M
http://199.94.100.1/resources/centers/sepo/risk/risk_matrix.htmlRisk Analysis - Air Force Risk Matrix tool
http://www.naseo.org/committees/energydata/energyassurance/duffman.pdfRisk Analysis - Duffman Paper
http://www.auditnet.org/docs/riskmgmt.PDFRisk Analysis - Risk Management
http://cissp.christophstrizik.net/Study - Study Info published by Christoph Strizik
http://grc.com/dos/drdos.htmSteve Gibson's description of the drdos attack
http://www3.ca.com/Solutions/Product.asp?ID=165HotFix(es) management - CA's E-Trust Policy Compliance Manager
http://www.stbernard.com/HotFix(es) management - St Bernard - Update Expert
http://www.microsoft.com/HotFix(es) management - MBSA
http://www.microsoft.com/HotFix(es) management - hfnetchk - crippled version of Shavlik product(?)
http://www.ecora.com/HotFix(es) management - Patch Meister
http://www.securitybastion.com/HotFix(es) management - Gravity Storm (Service Pack Manager 2000?)
http://www.microsoft.com/HotFix(es) management - MSUS - Microsoft Update Server
http://web.mit.edu/is/help/wireless/primer.html#privacyWireless - MIT Privacy w.r.t. Wireless Networks
http://www.cissp.co.za/download/setupQA.exeCISSP Q&A pre-beta
http://www.lesbell.com.au/Home.nsf/web/Guidelines+on+Internet+Access+for+Children+and+ParentsGuidelines for Children and Parents - cisspforum author
http://www.vandyke.com/solutions/secure_file_transfer/secure_ftp_vds_solutioSecure FTP - SecureFX - Windows SFTP, FTP, etc. client
http://www.vandyke.com/solutions/secure_file_transfer/index.htmlSecure FTP - Windows SFTP, FTP, etc. client
http://www.healthdatamanagement.com/HDMSearchResultsDetails.cfm?DID=11768Wireless - High Speed wireless bridges
http://www.iatrp.com/NSA IAM Programs - IATRP - INFOSEC Assessment Training and Rating Program
http://www.nsa.gov/isso/iam/index.htmNSA IAM Programs - NSA IAM Page
http://www.technoversity.com/iam.htmNSA IAM Programs - Technoversity IAM training
http://www.darpa.mil/iao/TIASystems.htmDOD TIA - Total Information Awareness (TIA) System
http://www.securityhorizon.com/NSA IAM Programs - Security Horizon - Teaching Prog. 1
http://www.csc.com/NSA IAM Programs - CSC - Teaching Prog 2
http://www.eds.com/NSA IAM Programs - EDS - Teaching Prog 3
http://www.projectscim.com/IM Info - Project SCIM
http://www.commandcode.com/index_flash.htmlIM Info - Command Code
http://www.akonix.com/IM Info - Akonix
http://www.abelard.org/asimov.htmProfession essay - Isaac Asimov
http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdfISO 17799 - NIST FAQ
http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=21733&ICS1=35&ICS2=40&ICS3=ISO 17799 - ISO.org, see information about ISO 13335
http://www.idefense.com/papers.htmlWireless Security - Hacking the Invisible Network
http://csrc.nist.gov/index.htmlNIST - NIST Home Page
http://www.pcworld.com/features/article/0,aid,57966,00.aspSpyware Info - PCWorld Article
http://www.freelists.org/archives/freenet/03-2001/msg00037.htmlSpyware Info - Lavasoft ADware Info
http://www.freelists.org/archives/freenet/03-2001/msg00035.htmlSpyware Info - More ADware info
http://www.salon.com/tech/feature/2002/04/26/anti_spyware/Spyware Info - Salon Article - Spyware vs Anti-spyware
http://download.com.com/3000-2094-10045910.html?legacy=cnetSpyware Info - Ad-aware 5.83 - Download
http://www.hoytstation.com/adaware.htmlSpyware Info - Ad-aware 5.5 Download
http://www.webattack.com/get/adaware.shtmlSpyware Info - Another 5.83 Ad-aware download
http://www.realrates.com/Consulting Rates - Real Rates - Janet Ruhl
http://crypto.cs.mcgill.ca/%7Estiglic/PRIMES_P_FAQ.htmlCrypto - Prime Factoring FAQ
http://www.dga.co.uk/customer/publicdo.nsf/public/WP-HERESYPKI - White Paper
http://www.counterpane.com/pki-risks.htmlPKI - Bruce Schneier's 10 Risks of PKI
http://www.dodpke.com/public_access.aspPKI - DOD PKE - Public Access Information
http://www.pki-page.org/PKI - PKI Page
http://www.pkiforum.org/resources.htmlPKI - PKI Forum
http://www.eema.org/pki-challenge/PKI - PKI Challenge
http://www.pkilaw.com/PKI - PKI Law
http://www-rohan.sdsu.edu/doc/oracle/network803/A54088_01/toc.htmOracle - Security Mechanisms
http://www.pentest-limited.com/oracle-security.htmOracle - Penetration Testing - Oracle Security
http://www.acm.org/technews/articles/2002-4/0906f.html#item1Law Enforcement - Tech Firms Urged to Aid Security Efforts
http://www.pimmel.com/thcfiles.php3War Dialer - THC-Scan
http://catalog.dummies.com/product.asp?isbn=0764516701 Study Books for Dummies
http://www.wiley.com/cda/product/0,,047126802X,00.htmlStudy Books - The CISSP Prop Guide
http://www.amazon.com/exec/obidos/ASIN/0072193530/Study Books All-in-One Exam Guide
http://www.amazon.com/exec/obidos/tg/detail/-/155212889X/Study Books - Secured Computing: A CISSP Study Guide
http://www.amazon.com/exec/obidos/tg/detail/-/078972801X/Study Books Training Guide
http://www.amazon.com/exec/obidos/tg/detail/-/1588800296/Study Books Exam Cram
http://www.amazon.com/exec/obidos/tg/detail/-/0849313503/Study Books - Total CISSP Exam Prep Book
http://www.amazon.com/exec/obidos/tg/detail/-/0072225785/Study Books Certification Passport
http://domino.watson.ibm.com/library/cyberdig.nsf/papers/FDEFBEBC9DD3E35485256C2C004B0F0D/$File/RC22534.pdfCompSec Paper - Thirty Years Later: Lessons from the Multics Security Evaluation, and Multics Security Evaluation: Vulnerability Analysis
http://www.counterpane.com/crypto-gram-0010.html#1Bruce Schneier - the risk of 'semantic' attacks
http://nsa1.www.conxion.com/NSA Security Guides - NSA Security Recommendation Guides
http://www.ciac.org/ciac/techbull/CIACTech02-004.shtmlCIAC - adware, spyware, stealth networks, browser helper objects
http://www.oecd.org/pdf/M00033000/M00033182.pdfSelling Security - OECD Guide
http://www.isalliance.org/news/requestform.phtmlSelling Security - ISA Guide
http://www.techauthor.com/Managers.htmSelling Security - To Managers
http://health-privacy.org/HIPAA - Assessment tools, toolbox, security policy checklist
http://www.infosyssec.org/Infosec Search Engine - infosyssec.org
http://www.transarc.com/Kerberos - AFS - Vendor
http://www.ietf.org/html.charters/krb-wg-charter.htmlKerberos - Kerberos WG
ftp://ftp.ietf.org/ietf-mail-archive/krb-wg/Kerberos - Kerberos Mail Archive
http://www.icsalabs.com/html/communities/ispsec/membership/index.shtmlISP Security Consortium
http://www.itinfosec.com/Collaborative in-depth study area
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci811184,00.htmlVendor-neutral security specifications
http://www.securitytalks.com/Certification Discussions
http://www.giac.org/program.phpSANS GIAC program
http://www.trusecure.com/solutions/certifications/ticsa/requirements.shtmlTICSA Certification Requirements
http://www.commoncriteria.org/docs/ALC_FLR/alc_flr.htmlCommon Criteria - Patch Management
http://www.wired.com/news/business/0,1367,53115,00.htmlNigerian Scam - Wired Business News
http://www.popsubculture.com/pop/bio_project/nigeria-fraud.htmlNigerian Scam - Pop Sub-culture
http://antivirus.about.com/library/hoaxes/blenn419.htmNigerian Scam - Antivirus.about.com - Hoax
http://list-news.com/articles/02september/20020906.htmlNigerian Scam - list-news.com - Hoax
http://www.crimes-of-persuasion.com/Crimes/Business/nigerian.htmNigerian Scam - Crimes of Persuasion
http://home.rica.net/alphae/419coal/419 Scams - rica.net
http://www.securepoint.com/Nokia/FW-1 - Info
http://sec.spruce.se/fw1/Nokia/FW-1 - "Fantastik Checkpoint Documentation"
http://sec.spruce.se/fw1/docs/Nokia/FW-1 - FW-1 Documentation
http://www.securitytalks.com/forum/index.php?c=10Nokia/FW-1 - FW-1 Resource
http://www.phoneboy.com/Nokia/FW-1 - Ex-lvl-3 tech for Nokia - Dameon Welch-Abernathy
http://groups.yahoo.com/group/cisspforum/files/CyberStrategy/cyberstrategy-draft.txtUS CyberStrategy - Text on the CISSP Forum
http://www.counterpane.com/crypto-gram-0209.html#1AES - Attack - Counterpane Crypto-gram
http://www.wayner.org/books/discrypt2/Crypto - Disappearing Cryptography
http://www.wayner.org/books/td/Crypto - Translucent Databases
http://www.ncipher.com/support/advisories/index.htmlCrypto - nCipher
http://securingwireless.intranets.com/WIRELESS - WLAN - Securing 802.11
http://www.flukenetworks.com/us/LAN/Handheld+Testers/WaveRunner/Overview.htmWIRELESS - WLAN - Fluke Wireless Tester
http://www.iss.net/wireless/WLAN_FAQ.phpWIRELESS - WLAN - 802.11 FAQ
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/secwireless.aspWIRELESS - WLAN - 802.11 - Microsoft
http://www.networknews.co.uk/Print/1130380WIRELESS - WLAN - 802.11
http://www.drizzle.com/~aboba/IEEE/WIRELESS - WLAN - 802.11
http://www.ieee802.org/WIRELESS - WLAN - 802.11
http://www.ietf.org/proceedings/02mar/206.htmWIRELESS - WLAN - 802.11 - IETF Proceedings
http://security.tombom.co.uk/shatter.htmlBug Squashing
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320853Bug Squashing
http://www.iccp.org/iccpnew/ccp.htmlCertified Computing Professional
http://sun.soci.niu.edu/~rslade/mnbksccd.htmBOOK - Book Reviews by Rob Slade
http://sun.soci.niu.edu/~rslade/mnbksccd.htmBOOK - Book Reviews by Rob Slade
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htmCisco - SAFE A Security Blueprint for Enterprise Networks
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safes_wp.htmCisco - SAFE Blueprint for Small, Midsize, and Remote-User Networks
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safev_wp.htmCisco - SAFE VPN IPSec Virtual Private Networks in Depth
http://www.sans.org/infosecFAQ/switchednet/switch_security.htmSANS has a nice article on this topic
http://www.cis.ohio-state.edu/cs/Services/rfc/rfc-text/rfc1334.txtPPTP - RFC 1334
http://www.cis.ohio-state.edu/cs/Services/rfc/rfc-text/rfc2637.txtPPTP - RFC 2637
http://www.csoonline.com/research/strategy/index.htmlSecurity Budgeting / Business Cases
http://www.whitehouse.gov/omb/inforeg/infopoltech.html#csSecurity Budgets - OMB
http://shorterlink.com/?PU7OCISecuring XML Book
https://grc.com/x/ne.dll?bh0bkyd2Shields Up!
http://www.aacc.nche.edu/Content/NavigationMenu/ResourceCenter/Projects_Partnerships/OtherInitiatives/Cybersecurity/Cybersecurity.htmThe Role of Community Colleges in Cybersecurity Education
http://www.cisecurity.org/System Hardening tool and checklists
http://sun.com/security/blueprintsSun Security Blueprints
http://sun.com/security/jassSolaris Security Toolkit
http://www.shebeen.com/iis4_nt4sec.htmIIS4/NT4 Security Checklist
http://www.shebeen.com/w2k/W2K Security Checklist
http://www.infoworld.com/articles/ne/xml/02/02/18/020218nenat.xmlNAT Traversal
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-01.txtNAT Traversal - Internet Draft
http://www.eweek.com/article2/0,3959,667348,00.aspQuantum Cryptography
http://mathworld.wolfram.com/news/2002-08-07_primetest/Testing Prime Numbers
http://rr.sans.org/appsec/managers.phpWeb Security - Start with this one...
http://www.idefense.com/idpapers/XSS.pdfWeb Security - good white paper on XSS.
http://www.owasp.org/Web Security - great group, seems like all the leaders in the field are participating.
http://webmaven.mavensecurity.org/Web Security - great site, see his presentations at: <a href="http://www.mavensecurity.com/html/presentations.html">Presentations
http://www.ideahamster.org/projects.htmWeb Security - great think tank of security specialist. They developed guidelines for testing software...
http://online.securityfocus.com/archive/107Web Security - webappsec mailiing list, look through archives of webappsec problems...
http://online.securityfocus.com/archive/1Web Security - bugtraq archives, notice how many bugs are talked about with webapps...
http://rr.sans.org/appsec/SQL_injection.phpWeb Security - great link on SQL injection
http://rr.sans.org/appsec/oracle_db.phpWeb Security - another one on SQL injection
http://www.pentest-limited.com/links.htmWeb Security - good list of links to security sites...
http://www.wiretrip.net/Web Security - home to Rain Forrest Puppy, who many credit as starting all this web hacking stuff.
http://www.attrition.org/Web Security - Web page grave yard, once you get hacked, you end up listed here for the world to see...
http://zone-h.org/Web Security - same as attrition
http://www.mavensecurity.com/munich_class_notes.txtWeb Security - good list of software to check source code and others...
http://stake.com/research/tools/index.htmlWeb Security - good list of automated tools, particularly section 6.
http://stake.com/research/reports/acrobat/rr2001-04.pdfWeb Security - good paper on authentication token security.
http://www.immunitysec.com/spikeproxy.htmlWeb Security - Best automated fuzzer out there?
http://www.nipc.gov/publications/nipcpub/password.htmPasswords 101 - by NIPC
http://www.alw.nih.gov/Security/FIRST/papers/password/dodpwman.txtDepartment of Defense Password Management Guideline - DOD Computer Center
https://infosec.navy.mil/TEXT/COMPUSEC/cross_site.htmlWeb Security - Cross-site Scripting Vulnerability Tools - by NAVY NOSC
https://infosec.navy.mil/TEXT/PRODUCTS/CRYPTO/index.htmlData Cryptographic Security Products - by NAVY NOSC
http://csrc.nist.gov/cc/pp/pplist.htm#CSPPGuidance for COTS Security Protection Profiles - by NIST
http://www.sans.org/newlook/resources/glossary.htmNSA Glossary of Terms Used in Security and Intrusion Detection - by the Sans Institute
http://www.defenselink.mil/specials/websecurity/Web of Security Issues - by Paul Stone of AFIS
http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.htmlPen Test - Improving Security on Your Site by Breaking Into It - by Dan Farmer & Wietse Venema
http://www.azcentral.com/news/articles/1227recordtheft.htmlMedical Info Theft - Large Case of Data Theft
http://www.sltrib.com/2002/Dec/12272002/utah/14893.aspMedical Info Theft
http://www.tricare.osd.mil/newsreleases/2002/news0236.htmMedical Info Theft
http://www.denverpost.com/Stories/0,1413,36%257E53%257E1075256%257E,00.htmlMedical Info Theft
http://www.arizonarepublic.com/arizona/articles/1227recordtheft.htmlMedical Info Theft
http://www.defenselink.mil/news/Dec2002/n12262002_200212264.html^UMedical Info Theft
http://www.omaha.com/index.php?u_np=0&u_pg=36&u_sid=605728Medical Info Theft
http://www.auditnet.org/Security AUDIT - Audit Net
http://www.isaca.org/Security AUDIT - CobiT
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/intwork/inbe_vpn_obwd.aspVPN - Split Tunnel Security - Routing Traffic through VPN client
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/tr500.pdfThe Memorability and Security of Passwords - Some Empirical Results
http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-500.pdfThe Memorability and Security of Passwords - Some Empirical Results
http://www.searchcertify.com/Search Certify
http://www.tscm.com/stu.htmlSecure Telephone Solution
http://web.mit.edu/network/pgpfone/Secure Telephone - PGP Fone
http://www.gd-decisionsystems.com/sectera/gsm/main.htmlSecure Telephone - GSM
http://wireless.securephone.net/index.itt?whatLink=21Secure Telephone - Wireless Secure
http://fire.dmzs.com/Linux Forensics - FIRE (formerly "biatchux")
http://www.lnx-bbc.org/Linux Forensics - Bootable Business Card
http://www.gentoo.org/Linux Forensics - Gentoo Linux - with Bootable Images
http://sourceforge.net/projects/plac/Linux Bootable Business Card with Forensic and Auditing tools
http://www.checkpoint.com/products/solutions/firewall-1gx.htmlGPRS (on top of GSM) and UMTS Firewall
http://www.hut.fi/~jrautpal/gprs/gprs_sec.htmlGPRS Security
http://online.securityfocus.com/news/502editorial by Mark Rasch - Cyberterror
http://www.networkmagazine.com/article/NMG20020930S0008eEye article - Cyberterrorism
http://members.iinet.net.au/~ianw/primer.htmlSCADA
http://www.modular-scada.co.uk/scada.htmSCADA
http://www.webopedia.com/TERM/S/SCADA.htmlSCADA
http://www.westinsolutions.com/SCADA - Water Utilities
http://www.waterisac.org/SCADA - Information Sharing and Analysis Center
http://www.cybercrime.gov/cccases.htmlCyberCrime Cases
http://www.pro-privacy.de/pgp/tb/en/dobbertin.htmMD5 Problem Paper
ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdfMD5 Problem - Newsletter RSA
http://www.cisco.com/public/cons/isp/essentials/Cisco's ISP Essentials
http://www.infosyssec.net/index.htmlSecurity Forums
http://mryowler.netfirms.com/Spamming.docSpammer Tactics
http://www.deathbyice.com/wardriving/WIFI - War Driving
http://www.wigle.net/WIFI - Map
http://wireless.newsfactor.com/Wifi News
http://www.sintelli.com/Vulnerability Database
http://www.securityfocus.com/corporate/products/vdbSecurityFocuse Vulnerability Database
http://www.kb.cert.org/vulsCERT Vulnerability Database
http://icat.nist.gov/NIST Vulnerability Database
http://www.filetrust.com/Cyber Vaults
http://www.cyber-ark.com/html/network_vault.htmCyber Vaults - cyberark
http://www.borderware.com/products/dg/docgateway.htmlCyber Vaults - Borderware - Document Gateway
http://www.commoncriteria.org/cem/cem.htmlCommon Criteria Eval Methodology
http://www.wired.com/news/infostructure/0,1377,56955,00.htmlBug Seekers
http://ettercap.sourceforge.netMitM attacks
http://cio.doe.gov/Documents/revised%20Sec%20Arch.PDFDept o' Energy Cyber Security Architecture
http://www.giac.org/COE.phpSANS GIAC Code of Ethics
http://aptools.sourceforge.netAccess Point Finder - SourceForge
http://airdefense.net/products/airdefense_ids.shtmAP Discovery / Defense Tool
http://home.attbi.com/~digitalmatrix/airsnare/WIRELESS - Air Snare
http://www.cert.org/archive/pdf/cross_site_scripting.pdfCross-Site Scripting Attacks (info at CERT.org)
http://www.spidynamics.com/whitepapers/SPIcross-sitescripting.pdfCross-Site Scripting White Paper
http://www.upgradingandrepairingpcs.com/articles/upgrade12_02_04.aspBasic Forensics - Reading "Formatted Drives"
http://online.securityfocus.com/columnists/57OS Fingerprinting
http://www.sys-security.com/archive/articles/login.pdfOS Fingerprinting - single packet
http://net-services.ufl.edu/network_information/documents/private-ip.htmlPrivate IP Information
http://www.isp-planet.com/technology/nat_ipsec.htmlHow NAT and IPsec can both add to security
http://sourceforge.net/projects/biatchux/Linux Forensics - (Now called FIRE?)
http://enterprisesecurity.symantec.com/Symantec CPE Qualifications
http://www.hirschelectronics.com/hardware.htmCipher Door Locks
http://www.nokey.com/Cipher Door Locks
http://www.lockmasters.com/links/lockhardmanuf.htmlLock Manufacturers
http://www.lsi-lockmasters.com/lsi/traininglist.htmlLockmasters - Training
http://isc.incidents.org/Internet Storm Centers - Incidents.org
http://www.dtic.mil/whs/directives/corres/pdf/d520028_032188/d520028p.pdfOrange Book
http://www.dtic.mil/whs/directives/corres/pdf/i520040_123097/i520040p.pdfDITSCAP instruction
http://www.bankrate.com/brm/news/advice/20030124b.aspFrank Abagnale's advice on mitigating Identity Theft risk
http://www.packet-level.com/"Packet-level stuff for your brains"
http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.pdfICMP Scanning Paper
http://isc.incidents.org/SANS Recommended - Internet Storm Center
http://www.auscert.org.au/SANS Recommended - Australian Computer Emergency Response Team (AUSCERT)
http://www.cert.org/SANS Recommended - CERT Coordination Center
http://www.cert.mil/SANS Recommended - Department of Defense CERT
http://www.fedcirc.gov/SANS Recommended - Federal Computer Incident Response Capability (FedCIRC)
http://www.first.org/SANS Recommended - Forum of Incident Response and Security Teams
http://www.cert.dfn.de/eng/dfncert/SANS Recommended - The German Research Network Computer Emergency Response Team (DFN-CERT)
http://www.nasirc.nasa.gov/incidents.htmlSANS Recommended - NASA Incident Response Center (NASIRC)
mailto:nipc.watch@fbi.govSANS Recommended - Federal Bureau of Investigation (FBI) - National Infrastructure Protection Center (NIPC)
http://www.fbi.gov/contact/fo/fo.htmSANS Recommended - Nearest FBI Field Offices
http://www.ti.terena.nl/teams/SANS Recommended - Full list of Eupropean CERTs
http://www.windriver.com/products/bsd_os/SANS - Vendor-specific - WindRiver (BSD/OS 4.3)
http://www.cisco.com/warp/public/707/sec_incident_response.shtmlSANS - Vendor-specific - Cisco Systems, Inc.
http://www.freebsd.org/security/SANS - Vendor-specific - The FreeBSD Project
http://us-support.external.hp.com/SANS - Vendor-specific - Hewlett Packard
http://www-1.ibm.com/services/continuity/recover1.nsf/ers/HomeSANS - Vendor-specific - IBM
http://www.caldera.com/support/security/SANS - Vendor-specific - SCO Products (Open Linux, Openserver, OpenUnix, UnixWare)
http://www.debian.org/security/SANS - Vendor-specific - Linux (Debian)
http://www.redhat.com/apps/support/SANS - Vendor-specific - Linux (Red Hat)
http://www.microsoft.com/security/SANS - Vendor-specific - Microsoft
http://support.novell.com/SANS - Vendor-specific - Novell
http://www.openbsd.org/security.htmlSANS - Vendor-specific - OpenBSD Project
http://www.sgi.com/support/security/patches.htmlSANS - Vendor-specific - Silicon Graphics, Inc.
http://sunsolve.sun.com/pub-cgi/secBulletin.plSANS - Vendor-specific - Sun Microsystems, Inc.
http://www.sans.org/SANS - Security Web Sites - SANS
http://www.sans.org/infosecFAQ/index.htmSANS - Security Web Sites - The SANS Reading Room
http://www.sans.org/giac.htmSANS - Security Web Sites - The SANS - Global Information Assurance Certificate (moved to giac.org/)
http://www.cerias.purdue.edu/coast/SANS - Security Web Sites - COAST Project
http://java.sun.com/security/SANS - Security Web Sites - Java security
http://www.ntbugtraq.com/SANS - Security Web Sites - NT Bugtraq
http://www.nsi.org/compsec.htmlSANS - Security Web Sites - Computer Resource Net's Computer Security
http://boran.com/security/SANS - Security Web Sites - IT Security Cookbook
http://www.tno.nl/instit/fel/intern/wkinfsec.htmlSANS - Security Web Sites - TNO Physics and Electronics Laboratory - Information Security URLography
http://www.atstake.com/SANS - Security Web Sites - @Stake Security
ftp://ftp.porcupine.org/pub/security/index.htmlSANS - Security Web Sites - Wietse's tools and papers
http://xforce.iss.net/SANS - Security Web Sites - ISS X-Force
http://secinf.net/SANS - Security Web Sites - Network Security Library
http://www.securityfocus.com/SANS - Security Web Sites - Security Focus
http://www.nswc.navy.mil/ISSECSANS - Government Security Web Sites - Naval Surface Warfare Center - Dahlgren Lab - Information Assurance Office
http://www.cit.nih.gov/security.htmlSANS - Government Security Web Sites - National Institute of Health - CIT - Information Security
http://cs-www.ncsl.nist.gov/SANS - Government Security Web Sites - National Institute of Standards and Technology - Computer Security Response Center
http://iase.disa.mil/SANS - Government Security Web Sites - DISA Information Assurance Support Environment
http://www.phrack.orgSANS - Underground Security Web Sites - Phrack
http://www.2600.com/SANS - Underground Security Web Sites - 2600 Magazine
http://www.attrition.org/SANS - Underground Security Web Sites - Web Page graveyard
http://lachniet.com/powerpoint/2003-01-29-SterlingHtsEmergencyManagement.pptCyberWar Presentation
http://www.terrorism.com/documents/unrestricted.pdfCyberwar - Unrestricted Warfare (book) - Translated FBIS
http://www.infowar.com/Cyberwar - Information Warfare
http://www.isecom.org/ Institute for Security and Open Methodologies
http://md5deep.sourceforge.net/MD5Deep - recursive MD5 of files throughout a filesystem
http://www.q1labs.com/qvision_slammer_white_paper.pdfSlammer Analysis by Q1Labs
http://www.theregister.co.uk/content/56/29406.htmlSlammer - Symantec Discovery, Chronology
http://www.cert.org/advisories/CA-2003-04.htmlSlammer - CERT CC - Advisory
http://www.microsoft.com/sql/techinfo/administration/2000/security/slammer.aspSlammer - Microsoft Advisory
http://www.npaci.edu/online/v7.3/slammer.worm.htmlSlammer - NPACI.edu analysis
http://www.caida.org/outreach/papers/2003/sapphire/Slammer - CAIDA Paper
http://www.entercept.com/incidents/slammer/Slammer - STOP SQL Slammer Worm (aka Sapphire, SQL Hell)
http://www.foundrynet.com/solutions/appNotes/antiSlammer.htmlSlammer - Foundry - Countering Slammer
http://www.newsfactor.com/perl/story/20574.htmlSlammer - News Factor Story
http://www.counterpane.com/alert-i20030125-001.htmlSlammer - Counterpane Security - Alert
http://www.zdnet.com.au/newstech/security/story/0,2000024985,20271839,00.htmSlammer - ZDNet - Security Research Denies Slammer Involvement
http://www.internettrafficreport.com/event/3.htmSlammer - Internet Traffic Report
http://www.ntsecurity.net/Articles/Index.cfm?TopicID=602Slammer - NTSecurity
http://www.lurhq.com/press_slammer.htmlSlammer - LURHQ - Analysis
http://www.sans.org/alerts/mssql.phpSlammer - SANS - MSSQL
http://www.ietf.org/internet-drafts/draft-gill-btsh-01.txtCISSP / BGP - TTL Security Hack
http://www.nanog.org/mtg-0302/hack.htmlCISSP / BGP - Dave Meyer's Abstract
http://www.nanog.org/mtg-0302/ppt/meyer.pdfCISSP / BGP - Dave Meyer's Talk
http://www.bgpexpert.com/CISSP / BGP - Expert - SoBGP (Secure Origin BGP)
http://www.honeynet.org/scans/scan26/Forensics - Honeynet forensic data
http://www.linuxsecurity.com/feature_stories/data-hiding-forensics.htmlForensics - linuxsecurity.com - data hiding
http://www.cs.mun.ca/~michael/regutils/Forensics - Windows Registry Manip under Linux
http://securehq.com/Firewall "SuperStore." ;)
http://www.lesbell.com.au/Home.nsf/b8ec57204f60dfcb4a2568c60014ed0f/648487a560fcd4c6ca256cb60047950?OpenDocumentLes Bell - Basic Firewall Setup
http://www.sentryfirewall.com/Les Bell - Bootable CDROM Firewall
http://www.lesbell.com.au/Home.nsf/b8ec57204f60dfcb4a2568c60014ed0f/09212fde3c0c7597ca256ce70022e91c?OpenDocumentLes Bell - network-infrastructure-security-related Linux distributions
http://www.lesbell.com.au/Home.nsf/b8ec57204f60dfcb4a2568c60014ed0f/97e8323a9cb248beca256caf0019668c?OpenDocumentLes Bell - webmin write-up
http://www.pestpatrol.com/SPYWARE - another s/w spyware monitor
http://searchsecurity.techtarget.com/Information Resource with discussion on security
http://www.albion.com/security/intro-4.htmlA practical definition of computer security
http://www.si.umich.edu/~presnick/papers/piara/Financial Incentives for Route Aggregation and Efficient Address Utilization in the Internet
http://www.hackbusters.net/Tar Pits - LaBrea
http://www.sbcs.com/security/PowerPoint Presentations for Seminars
http://www.securitystats.com/Security Stats
http://go.microsoft.com/fwlink/?LinkId=15159Technet - W2k3 - Threats and Countermeasures Download
http://go.microsoft.com/fwlink/?LinkId=15160Technet - W2k3 - Threats and Countermeasures Download
http://www.nerc.com/~filez/standards-cyber.htmlHomeland Security - Cyber Security Standards
http://www.whitehouse.gov/homeland/Homeland Security - Whitehouse Office of Homeland Security
http://csrc.nist.gov/focus_areas.htmlHomeland Security - general templates and information
http://www.ferc.gov/Electric/electric.htmHomeland Security - Electric Power Regulations (Federal Electric Regulatory Commission)
http://netfilter.org/documentation/index.html#HOWTOLinux Netfilter How-to's
http://www.nsa.gov/snac/winxp/guides/wxp-1.pdfNSA Securing Windows XP Guide
http://www.giac.org/practical/GSEC/Trevor_Cuthbert_GSEC.pdfGiac.org practical for securing windows
http://www.microsoft.com/windowsxp/pro/using/itpro/default.asp#section6Microsoft - Securing Windows XP Guide
http://www.microsoft.com/security/Windows Security - Microsoft's Site
http://www.ftc.gov/bcp/conline/edcams/infosecurity/index.htmlDewie the Internet Security Turtle
http://www.microsoft.com/security/articles/steps_default.aspConsumer Guide to securing Windows
http://security.kolla.de/Windows Security Scanner
http://lists.netsys.com/pipermail/full-disclosure/Full Disclosure Mailing List
http://invisionfree.com/forums/Forensic_Science/index.phpForensic Bulletin Board
http://www.rtfm.com/upgrade.htmlSecurity Holes - Anyone patch?
http://www.worm.net/Information about the Morris Worm, 1987
http://www.swiss.ai.mit.edu/6805/articles/morris-worm.htmlMorris Work Analysis, additional
http://pages.stern.nyu.edu/~adamodar/New_Home_Page/spreadsh.htmSpreadsheets for calculating values of .... whatever (Including ROI, Added Value, etc.)
ftp://ftp-eng.cisco.com/cons/Cisco's Barry Green - Security, etc. for ISPs, et al.
http://certcities.com/editorial/columns/story.asp?EditorialsID=163Why You Should Care About IIS 6
http://www.theregister.co.uk/content/56/33599.htmlSecuring End User Machines
http://www.michigan.gov/documents/mpsc_blackout_77423_7.pdfOctober 2003 Outage Analysis (Michigan PUC)
http://www.isecom.org/projects/osstmm.htmISECOM - OSSTMM Open Source Security Testing Methodology Manual
http://www.antihackertoolkit.comAnti Hacker Toolkit
http://www.securityhaven.com/settools.htmlSecurity Haven - Vulnerability Assessment Tools
http://www.csl.sri.com/users/ddean/papers/usenix01b.pdfUsing Client Puzzles to Protect TLS - Tenth USENIX
http://www.acm.org/classics/sep95/Reflections on Trusting Trust by Ken Thompson
http://www.acm.org/crossroads/columns/onpatrol/may2001.htmlSecurity in Software Engineering by Nick Feamster
http://www.viacorp.com/auditing.htmlInternet Auditing Tale - Hack Attack
http://www.viacorp.com/crypto.htmlHow electronic encryption works and how it will change your business
http://ip.ludost.net/IP & Network Filtering Template Builder
http://www.ieee802.org/3/10GBT/public/nov03/diminico_1_1103.pdfData Center Design Considerations
http://www.webtechniques.com/archives/1999/08/newton/Design a data center
http://www.politrix.org/foia/tempestTempest Shielding
http://zgp.org/linux-elitists/1062401952.2331.4.camel@polonius.htmlTeergrubing and the legality thereof
http://www.impsec.org/linux/security/scanner-tarpit.htmlthe Scanner Tarpit HOWTO
http://www.claws-and-paws.com/spam-l/spam-l
http://www.abuse.net/spamtools.htmlspamtools
http://www.ripe.net/ripe/wg/anti-spam/RIPE anti-spam working group
http://software.newsforge.com/software/04/02/28/0130209.shtmlScript Kiddie Info
http://downloads.securityfocus.com/library/wf.pdfWorms of the Future by Nicholas Stampf
http://www.ecommercetimes.com/perl/story/security/33344.htmlThe Porous Internet and How To Defend It
http://www.ridex.co.uk/cryptology/Cryptology
http://www.iacr.org/jofc/jofc.htmlJournal of Cryptology
http://www.tcs.hut.fi/~helger/crypto/Cryptology Pointers
http://www.blacksheepnetworks.com/security/resources/solaris8-security-checklist.htmlSolaris 8 Security checklist
http://www.spitzner.net/core7.txtMinimal Install - Solaris 7
http://www.spitzner.net/armoring.htmlArmoring Solaris - Preparing solaris for a firewall
http://www.spitzner.net/armoring2.htmlArmoring Solaris: II - Preparing Solaris 8 64-bit for CheckPoint FireWall-1 NG
http://www.sun.com/security/blueprintsSolaris Blueprint Articles
http://bugmenot.com/Privacy - subscription-less access
http://www.secwiz.com/Default.aspx?tabid=30IDS information
http://www.callio.com/s/w tool for implementing ISO17799/BS7799
http://www.deer-run.com/~hal/sysadmin/pam_cracklib.htmlPam and Cracklib configuration (linux)
http://csrc.nist.gov/pcig/cig.htmlSTIGS, Checklists, Implementation Guides
http://www.puschitz.com/SecuringLinux.shtmlSecuring Linux Production Systems - pam configuration
http://www.samba.netfirms.com/faq.htmSamba setup, configuration, FAQ, tutorial
https://www.biglumber.com/PGP key signing resource site
http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdfDES Standard - FIPS 46-3
http://www.rsasecurity.com/rsalabs/faq/3-1-1.htmlRSA description of the RSA algorithm - crypto
http://www.chaosreigns.com/code/sig2dot/personal.htmlPersonal Web of Trust graph script/software
http://www.ussg.iu.edu/usail/network/nfs/network_layers.htmlNetwork layers - OSI model
http://www.fbi.govFederal Bureau of Investigation
http://www.treas.gov/usssUS Secret Service
http://www.atf.treas.govAlcohol, Tobacco, Firearms
http://www.nipc.gov/National Infrastructure Protection Center (NIPC)
http://www.ftc.gov/Federal Trade Commission
http://www.usdoj.gov/criminal/cybercrime/index.htmlDept. of Justice (DOJ) - Cybercrime
http://www.usdoj.gov/Dept. of Justice (DOJ)
http://demo.dnsdoctor.org/DNS Verification tools
http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.htmlCisco Security Intelligence - Black Hat response
http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtmlCisco IPv6 vulnerability notice - 29 July 2005
http://www.comsmiths.com.au/pam/v1.05/PAM Modules Version 1.05 (pam modules for Solaris 2.6 - 10)
http://blogs.sun.com/roller/page/alecm?entry=solaris_10_security_feature_checklistSolaris 10 security features
http://www.pauldotcom.com/2006/01/wmf_vulneraility_exploits_jus.htmlWMF vunl. exnploits info
http://www.microsoft.com/technet/security/bulletin/advance.mspxMicrosoft WMF bulletin
http://www.usenix.org/events/imc05/tech/ramasubramanian.html DNS - Perils of Transitive Trust in the Domain Name System - Venugopalan Ramasubramanian and Emin Gün Sirer, Cornell University

Disclaimer

This page was written as a study aid, while the author prepared for a CISSP exam. Links on this page are likely to change regularly, as things are updated and as the sites that are linked (these are all off-site links).

If there are bad links on this page, let me know.