wpe13.jpg (12021 bytes)

Information Sources

Up ]

Information Sources
Updating
Testing
Physical Protection
Child Protection
Virus Protection
Firewalls
Privacy
Suites
Content Security

This page has details of how some of the resources available to keep up to date with the latest issues to help you maintain your security.

 

This site!

The e2chameleon Information Security Resource has the latest information security related news provided by Security News Portal on its Welcome page.  The Viruswatch page has the latest on viruses, malicious code, system vulnerabilities and information security related news, constantly updated courtesy of Kaspersky Labs, SecurityTracker.com, Sophos and Trend Micro. There is also free online virus checking courtesy of BitDefender and Panda Software.

 

About AntiVirus Software

This site has lots of information about computer viruses, malicious code and anti-virus software. It includes an encyclopaedia of viruses and hoaxes, lists to software vendors, interesting articles and lots more. It also includes a free mailing list you can subscribe to to keep you up to date with the latest issues. There is also a forum and chat room for you discuss virus related issues. The site can be found at http://antivirus.about.com.


About Internet / Network Security

This web site has loads of information on security related issues, products and news and has email newsletters to keep you up to date with the latest issues. here is also a forum and chat room for you discuss security related issues. The site is at http://netsecurity.about.com.

 

AVIEN

The Anti-Virus Information Exchange Network is an international community that shares information in order to reduce the spread of viruses and other malicious code. AVIEN itself is only open to organisations with more than 1500 PC's but smaller organisations can subscribe to the Early Warning System (AVIEN-EWS). The EWS membership is made up of both normal businesses who need to protect their systems and anti-virus vendors. More details can be found at http://www.avien.org.


Center for Internet Security

This is a not for profit organisation providing methods and tools to improve, measure, monitor, and compare the security status of Internet connected systems Their site is at http://www.cisecurity.org/.


CERT

CERT, part of Carnegy Mellon University in the United States are experts in the field of Internet related security. As well as hosting a web site full of useful information for both corporate administrators and home users at  http://www.cert.org they provided two mailing lists.   Advisories alert to you to newly discovered vulnerabilities explains how to protect yourself (by either reconfiguring your system or installing software upgrades or patches). The Summaries mailing list is issued every quarter and provides information  on the Internet attacks and vulnerabilities noted over the passed three months.  To subscribe to the CERT mailing lists, send an email to majordomo@cert.org with the text subscribe cert-advisory In the body of the message.

CIAC

This is the US Department of Energy's Computer Incident Advisory Capability. Although intended for the Department of Energy there is a large amount of freely available information, including advisories and bulletins covering system vulnerabilities. This is also the home of Hoaxbusters, as site providing information on computer virus hoaxes. The main site is at http://www.ciac.org/ciac/ and Hoaxbusters is at http://hoaxbusters.ciac.org/.


CSO Online

This is an online resource for security executives. and is the website of CSO magazine (which is free to qualified readers in the US and Canada). The site has a lot of information including news, research and career management. There are also a number of newsletters for you to subscribe to. The site can be found at http://www.csoonline.com


eSecurity Planet

This site links to alerts, trends, resources, products, services and views. For more information go to http://www.esecurityplanet.com.

ExtremeTech Security

The ExtremeTech site includes information on security and privacy related issues, news stories, products and services. You can alsosubscribe to their free email newsletter. For more information go to http://www.extremetech.com.

 

Help Net Security

This site contains news, articles and advisories as well as information on vulnerabilities, viruses and software. You can also subscribe to their weekly newsletter. Their site is at http://net-security.org.

Interpol

This is an international law enforcement agency that covers technology related crime as part of its portfolio. Its technology related reports can be found at http://www.interpol.com/Public/TechnologyCrime/default.asp.  


ISS X Force Security  Center

This site, managed by ISS, the developers of intrusion detection systems, regularly publish alerts and advisories are well as maintaining a database of vulnerabilities, all of which are free to access. They also provide information on the state of global security. There are a number of email newsletters that you can subscribe to. For more information go to http://www.iss.net/security_center/.


IT Toolbox Security

This is the security portal for IT Toolbox. It contains articles on all aspects of information security, products and events (even jobs). It also hosts free discussion groups and email lists. The site is at http://security.ittoolbox.com/.
 

IT World Security

This is the Security section of IT World (surprisingly enough). It contains news, webcasts, whitepapers and newsletters. The site is at http://security.itworld.com.


Microsoft Security Update

Microsoft runs a free security bulletin service designed for home and small business users, which alerts customers to vulnerabilities found in its products.  More information on this can be found at http://register.microsoft.com/subscription/subscribeme.asp?id=166

 

Microsoft Security Notification Service

This service, geared towards IT professionals, contains more technical information that that provided in the Microsoft Security Update. Go to  http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/notify.asp for more information.


Microsoft Security & Privacy Web Site

This web site brings hosts Microsoft Security Bulletins and virus alerts and contains lots of useful information on the secure configuration of Microsoft systems, whether you are a novice home PC user or a corporate system administrator. There are also online communities so you can discuss security issues with others. The site can be found at http://www.microsoft.com./security.

 

National Infrastructure Protection Center (US)

This is a department of the US Department of Homeland Security. It is a publicly available site whose aim is to serve as a focal point for the assessment, warning, investigation, and response to threats or attacks against US critical infrastructure. Available publications include the fortnightly Cybernotes that contains information on vulnerabilities, viruses and exploits, trends in hacking and other security related information. It also publishes alerts, advisories and assessments on issues thought to be a threat to the US critical infrastructure. The site is at http://www.nipc.gov.

National Infrastructure Security Coordination Center (UK)

This is the UK government Computer Emergency Response Team (CERT) site. It provides information to organisations critical to the UK national infrastructure. The site contents is also freely available to the general public. The site is at http://www.niscc.gov.uk.

03 Security Newsletter

This is a free daily newsletter from Panda, makers of antivirus software. It features the latest news on information security issues, including newly discovered virus and system vulnerabilities. For more information and to subscribe, go to http://www.pandasecurity.com/o3news.htm.

 

Out-Law.Com

This site, from international law firm Masons, is a source of IT and e-commerce advice and support. The site contains free guides on various topics as well as the latest legal news. You can also subscribe to their free weekly newsletter which provides highlights of the news over the past week. Whilst Masons is an international firm, most of the content may be applicable to the UK and Hong Kong only. The site is at http://www.out-law.com.

 

Outpost24

Outpost24 provide IT Security intelligence and support services. Their Early Virus Alerts Service provides you with details of the latest viruses as soon as they discovered. This type of system may be able to inform you of a  threat even before your anti-virus vendor can provide a signature, allowing you to implement a work around to maintain your network integrity. Alerts can be received via text message, email and fax and access to all information is available via Extranet. Live support is available 24x7.  Outpost24 also have a free weekly newsletter covering the latest vulnerabilities and viruses as well as articles on security related subjects. You can contact Outpost24 at http://www.outpost24.com.

 

SANS Institute

The SANS Institute (SANS is short for SysAdmin, Audit, Network, Security) is a research and educational organisation. It contains the combined knowledge of many information security professionals throughout the world and  manages the Global Information Assurance Certification programme. This allows those with technical roles in information protection to gain qualifications which are recognised throughout the world. Their site is at http://www.sans.org. SANS also have a number of newsletters that you can subscribe to, as follows:

SANS Security Alert Consensus

This is a weekly newsletter that includes announcements from CERT, the Global Incident Analysis Center, the US National Infrastructure Protection Center, the US Department of Defense, NTBugtraq, SUN, Microsoft and others. By subscribing to this newsletter you are saved from subscribing to each of those noted individually. More information can be found at http://www.sans.org/newsletters.

SANS NewsBites

This is a weekly summary of information security related news articles published that week. More information can be found at http://www.sans.org/newsletters.

SANS Critical Vulnerability Analysis

This is a weekly email. It details a number of high level vulnerabilities, explains their damage and notes the action that 15 organisations took to mitigate the risk.  More information can be found at http://www.sans.org/newsletters.

SANS PrivacyBits

This is a weekly summary of privacy related news articles published that week. More information can be found at http://www.sans.org/newsletters.

 

SearchSecurity

This site contains news, a security specific search engine, buyers guides, information on products, vendors and events, organised links to relevant web sites, white papers and recommendations on books and training, best practices and research materials. You can ask questions and take part in discussion forums and subscribe to email newsletters. There is also an employment section and each week the site focuses on a specific security related topic. Go to the site at http://searchsecurity.techtarget.com.


SecuriTeam

This is Beyond Security's security portal, providing the latest news, vulnerability and security tool information from a number of sources. You can also ask the experts your security related questions. There are free mailing lists that you can subscribe to. The site is at http://www.securiteam.com/.   



This site, part of the Windows & .NET magazine network contains news, information on new vulnerabilities and articles on numerous security related topics. there are also book and product  reviews. The site offers a subscription based print newsletter and free email newsletters. The site is at http://www.winnetmag.com/WindowsSecurity.

 

Secure Computing (SC) Magazine

This international magazine covers information security news, product reviews, business solutions, articles and other security related information (including events and career opportunities). It is available in print (free to information security professionals in the UK) and additional articles are published online. The also back Info Security News (http://www.infosecnews.com/) the online news portal with free email newsletter.   The main Secure Computing web site is at http://www.scmagazine.com.

The publishers, West Coast Publishing are the owners of West Coast Labs, an independent organisation that tests and rates information security related products and awards its Checkmark certification based on the result. The Checkmark site is at http://www.check-mark.com.

 

Secunia Vulnerability Tracking Service

This service provides you with the latest vulnerability information via email, customised to ensure that you don't need to sift through irrelevant platforms/products looking for issues affecting your organisation. Critical advisories can also be received via text message, ensuring that you get important alerts as soon as they are released. You can access data via an online database  and discuss specific issues with Secunia's experts. A limited weekly vulnerability scanning service (using Nessus) is also included. A free trial is available.  Go to http://www.secunia.com/vulnerability_tracking_service/?menu=prod for information. Additional services (such as task tracking status reports) are available in Secunia's Security Manager and Enterprise Security Manager services.

Secunia also host some free mailing lists. The Advisories list details the latest vulnerabilities and updates as they are discovered an the Weekly Summary, as the name suggests, is a summary of the events that week. You can also find details of vulnerabilities on their site.

 

Secure Business Quarterly

Thai online magazine examines strategic information security issues. Each quarterly issue is focused on one topic and is designed to be accessible to both the technological and business sides of your organisation. Go to http://www.sbq.com for more information.  


Security News Portal

This site has the latest information security related news.It provides the news that you can see on the e2chameleon Welcome page. The site can be found at http://www.securitynewsportal.com/.


SecurityFocus

SecurityFocus, now owned by Symantec,  provides details of many areas of Information Security. They have separate sections focussing on the foundations, Microsoft, Unix, Intrusion Detection Systems (IDS), Penetration Testing,  Incidents and Viruses. Most of these areas also have Mailing Lists associated with them and there are newsletters covering Microsoft security, Linux security  and SecurityFocus itself. There is also a list of the latest vulnerabilities (by vendor or by a direct link to Bugtraq), a library of recommended books and papers, a calendar of events, details of security related tools and service vendors.  Catch them at http://www.securityfocus.com.


Security Tracker

Security Tracker provide a free weekly vulnerability summary email and has the latest vulnerability information on their web site. You can also pay for their Premium Vulnerability Notification Services which can be customised to ensure that you don't need to sift through irrelevant platforms/products looking for issues affecting your organisation. The alerts contain descriptions of both the problem and the solution. A free trial of the Premium service is available. Go to http://www.securitytracker.com for more details.


Stay Safe Online

This site, sponsored by the US National Cyber Security Alliance, contains tips and guides on computer security, links to other security related sites and a test you can take to see how secure you really are. Go to http://www.staysafeonline.info/.

 

Symantec DeepSight Threat Management System

This is a threat notification system based on the correlation and analysis of data from thousands of Intrusion Detection Systems and Firewalls (many industry leaded devices, not just Symantec ones) throughout the world. It also includes data on viruses intercepted by Symantec anti-virus products. In addition to the threat, you are also given details of workarounds, patches etc, that can be used to reduce/remove the threat. Contact Symantec for purchase information, the product web site is at http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=158&EID=0.

 

Symantec DeepSight Alert Services

This system allows you to keep up to date with the threats affecting your systems. Alerts are customised to ensure that you don't need to sift through irrelevant platforms/products looking for vulnerabilities affecting your organisation. Patch information is also included to help you reduce/remove the threat. You can access the system database at any time and manage your tasks tracking using tools provided. Contact Symantec for purchase information, the product web site is at http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=160&EID=0.

 

The Encyclopaedia of Computer Security

This site has news, product and vendor descriptions, papers, tutorials and an excellent clinic where you can ask information security questions. It's an excellent resource for anyone with an interested in information security. You can also subscribe to their monthly news compendium The site can be found at http://www.itsecurity.com.

The Register

This is a irreverent technology news and gossip site with a recruitment section, bookstore and free email newsletter. Security related sections include Internet/Network anti-virus. It can be found at http://www.theregister.co.uk.  

The WildList

The WildList is published by the WildList Organisation International and is a compilation of virus reports from around the world. There are over 65,000 viruses in existance but they are not all in-the-wild" at any one time. The list helps identify what is really out there. Organisations such as ICSA and Virus Bulletin use information from the WildList to check the effectiveness of anti-virus software against viruses known to be "in-the-wild" The list is updated  every month and can be found at http://www.wildlist.org.
 

TruSecure

TruSecure provide risk management products and services. One of their products, Intellishield Alert Manager, is a web based threat intelligence service. Using a profile customised for your organisation you are provided only with information relevant to you. Detailed analysis, rated against urgency, credibility and severity, helps you fully understand the risk and mitigate it.  In addition to flexible alerting options, you can access an online database at any time. One useful feature of the database is to check the vulnerability history of a product you are intending to purchase. Once alerted to a threat you will probably want to analyse it and arrange for it to be removed (if appropriate). The Intellishield system contains a task tracking module that lets you see how your organisation is responding to the threat. The site is at http://www.trusecure.com.

TrueSecure also provide a couple of free newsletters. AlertScape is a free, weekly email containing security related articles, news stories and intelligence alerts. The alerts are rated against urgency, credibility and severity. A monthly newsletter, called ThreatScape is also available.

Vmyths.com

This site specialises in dispelling computer virus hoaxes and urban myths. Some virus hoaxes have caused more damage than  can sometimes cause more damage than real ones and also debunks . You can also sign up for free newsletters. Go to http://www.vmyths.com.

ZDNet Security Update

This is the security section of Tech Update. It covers the latest news and thinking about information security  and has links to security products and services. There is also an email newsletter that you can subscribe to. The site is at http://techupdate.zdnet.com/security.html?tag=tu.gum4. 

Last Updated 16/11/2003