98 Managing Network Vulnerability Assessment
Exhibit 5. The SecurityFocus Web Site (Continued)
Technical (Bottom-Up) Methodology 99
mailing lists that you can receive on a number of different subjects
from Linux security to penetration testing. SecurityFocus is also home
to bugtraq, the mailing list that alerts subscribed users to newly uncov-
ered bugs. In addition to alerts, this site also contains news stories on
the front page — all in all an amazing site.
Pop-Ups: No
Adult Content Banners: No
Web Site: 2600
URL: http://www.2600.com (Exhibit 6)
Description: The 2600 Web site can be reached at www.2600.<almost
anything>. This is the Web site for the popular magazine that covers
the hacker scene and hacker issues. There are articles, past issues of
the magazine online, and mp3 talks from the large hacker conferences.
While their charter is hacking, sometimes the site will digress into other
issues.
Pop-Ups: No
Adult Content Banners: No
Exhibit 6. The 2600 Web Site
100 Managing Network Vulnerability Assessment
Web Site: Pelttech
URL: http://www.pelttech.com (Exhibit 7)
Description: This is the companion Web site to the book you are currently
reading. Most of the tools that we discuss later in this chapter are listed
on the Web site for download. The site also contains links to other
security sites, as well as articles and papers on security issues. The site
is also a companion to the Computer Security Institute’s “How to
Conduct a Technical Network Vulnerability Assessment” course.
Pop-Ups: No
Adult Content Banners: No
Listing of Other Security Web Sites
Exhibit 8 provides a listing of other security Web sites.
Protecting Yourself from Internet Sources
You may be somewhat fearful going to the hacker sites listed above from
your home Internet service provider (ISP) account or your work Internet
connection. Here are a few, very basic steps that you can take to minimize
your exposure by going to these sites. [Note: We are not aware of any of the
Exhibit 7. The Pelttech Web Site
Technical (Bottom-Up) Methodology 101
Exhibit 8. Listing of Other Security Web Sites
Site Name Description
URL
@Stake Famous site for new vulnerabilities and l0pht crack (the famous NT password
cracker)
http://www.atstake.com/research/
redirect.html
Hacking Exposed Once a book, now a Web site; also has a good links page http://www.securityfocus.com
Antionline Once a site that was devoted to death and destruction, now a good
informational resource
http://www.antionline.com
HackersClub This site is different from the site above because it contains a good number
of articles
http://www.hackersclub.com
Razor An elite cracking team’s Web page
http://firestarter.sourceforge.net
Freesoft The Internet’s best collection of RFCs and essays, searchable by a number
of fields; a must for people studying for CISSP
http://www.freesoft.org
Secureforge Home of an easy-to-use Linux GUI for configuring ipchains-based firewalls http://firestarter.sourceforge.net
PhoneBoy The home of the unofficial Firewall-1 FAQ
http://www.phoneboy.com
COAST Security Archive The archive contains several thousand tools and documents in all aspects
of security
http://www.cs.purdue.edu/coast/
archive/Archive_Indexing.html
CyberArmy Searchable underground Web directory
http://www.cyberarmy.com
Hack Canada Security information, archives, news, tips, and tools
http://www.hackcanada.com
Hacker News Network The news and views affecting the computer security industr
y http://www.hackernews.com
InfoSysSec Security news, links and information
http://www.infosyssec.org/
infosyssec/index.html
ListQuest Hosts searchable archives of the BugTraq mailing list, as well as the
possibility to search in RFCs
http://www.listquest.com
Net Security News about new exploits found, advisories, archive of antiattack tools
Neworder Security Web portal
http://neworder.box.sk
packet storm Really huge and searchable archive of security tools, texts, files, exploits http://packetstorm.securify.com
rootshell Exploits and vulnerabilities archive
http://rootshell.com
Securiteam.com The news and new tools in computer security
http://www.securiteam.com
102 Managing Network Vulnerability Assessment
Security Stuff for
Beginners
A nice reading, both for newbies and profies; basic security infoormation
and advanced stuff
http://www.mpx.com.au/~coupe
Security white papers by
Lance Spitzner
White papers covering the methodology of the average script kiddie, what
to look for in your logs to determine what tools were used, and most
important, how to armor your Linux and Solaris firewalls
http://www.enteract.com/~lspitz/
papers.html
SecurityNews.org Contains in-depth information on a wide range of security topics, including
security organizations, education, certification programs, jobs, books,
mailing lists, and news groups; the link database contains encryption,
UNIX/Linux, NT, underground, and security vendor links
http://www.securitynews.org
TwistedinterneT
ServiceS International
Inc.
Provides news and tools for your security-related items of interest; fine text
library and file archive
http://www.twistedinternet.com
Underground News Security, cracking, satellite news, nice files archive, and more http://www.undergroundnews.com
Anti-Hacking Information about how to try and stop hackers; protection programs
http://antihacking.cjb.net
checksum.org Tutorials, NT text, UNIX text, anonymity, crypto, defaced, discussion, tools,
etc.
http://www.checksum.org
Computer Security
Information
Page features general information about computer security
http://www.alw.nih.gov/Security/
security.html
Computer security news Moreover news headlines, daily related news feedback http://w.moreover.com/
computersecurity
Cotse news Security news, advisories
http://www.cotse.com/newz
Criptonomicon Internet security and privacy, with information and examples
http://www.iec.csic.es/
criptonomicon
CyberArmy hacksearch h/p/c/v Web directory
http://www.cyberarmy.com/search
Darktide Inc. The selected and commented news, programming/Linux/encryption help
and FAQs, interviews
http://www.darktide.com
Digital Avatar’s Matrix Security tools, information, news
http://snow.icestorm.com/damatrix
Exhibit 8. Listing of Other Security Web Sites (Continued)
Site Name Description
URL
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.