Here's all sorts of links to security related things, ftp sites, mailing lists, everything!

HTTP Sites

CIAC Security Web Site.
CIAC is the U.S. Department of Energy's Computer Incident Advisory Capability.

SRI Computer Science Lab.
SRI has responsibility for the ACM Forum on Risks in the Use of Computer and Related Systems. Here you'll find a link to it.

SRI WWW Server

SAIC WWW server
Science Applications International Corporation has an MLS (Multi-Level Security group that specializes in computer security and secure UNIX

Purdue COAST Project
(Computer Operations, Audit and Security Tools). A great ftp site collecting many things pertinant to security.

Raptor Eagle Network Isolator.
Raptor Systems markets a commercially available internet firewall.

Digital Secure Systems
digital markets a series of products and services for internet security.

Computer Systems Consulting (CSC)
CSC has much of the information and tools available to the cracker community.

RSA Data Security, Inc.'s Home Page.
RSA provides the defacto industry standard in public key encryption.

Cryptography, PGP, and Your Privacy
This is a part of the WWW Virtual Library Subject Catalogue.
It collects together in one place a readable overview of the subjects, with hypertext links to other places.

NIST WWW - Home Page

The National Institute of Standards and Technology has a lot of information on computer security. Try the keyword "security" from their search tool.

The Secure HyperText Transfer Protocol
This is the draft text for an RFC (Request For Comment) being circulated to elicit public comment.

Christopher L. Menegay's Security page
This site contains explicit information about how to break into Unix systems. It also details how to stop these methods. A valuable service. Knowing this information is out there helps administrators.

Security Reference Index
Tansu collects information related to computer security.

Unix Security
This section of the Advanced Laboratory Workstation Project contains a lot of information on security, including access to governmental bulletins.

NASA Automated Systems Incident Response Capability
Not really of much use, you can't go beyond an introductory screen without authorization.

General FTP Sites

The National Institute of Standards and Technology's Computer Science Laboratory, Computer Security Divison FTP site. You might want to select the index.html file once there for a cleaner interface.

Computer Emergency Response Center FTP site. Many advisories and tools are available here.

Computer Incident Advisory Capability Ftp site.

COAST Security FTP Archive
Computer Operations, Audit and Security Tools ftp site.

Greatcircle FTP Server (firewalls)
This is the system the firewalls mailing list lives on, and contains an extensive list of documentation and other useful information about firewalls.

Trusted Information Systems (TIS) FTP Server
TIS does consulting in the firewalls market. They also have a very complete suite of software to implement a firewall available by anonymous ftp.

AT&T FTP Server

Athena FTP Server
From MIT, the Athena Project has more to offer than X. Among other things, you'll find kerberos software here, as well as a great collection of USENIX papers, and other tasty tidbits.

SURAnet security archive. They have CERT and CIAC alerts, NIST publications, Department of Defense Alerts, pagers, security programs, etc...

DDN Security Bulletins FTP Server
This is the NIC's security ftp server. Skip all the files starting with ddn-security- until you get down to ddn-security-8901. All the previous ones will just tell you that the naming conventions have changed, and you're looking at the wrong file.

Texas AMU security tools
Texas A&M, in response to being broken into, has developed a lot of expertise in detecting and preventing breakins. Here you'll find papers and tools.

While intended for the use of NEC and it's subsidiaries, this site always has a nifty assortment of tools for socks, sudo, cops, etc...

The Secure HyperText Transfer Protocol

Dartmouth Security Tools
Matt Bishop's cool collection of papers and programs related to security, including passwd+.

COAST - intrusion_detection
AI and statistical tools to detect intrusion.

SRI's NIDES Next-Generation Intrusion Detection System

Gopher Sites

NIST Main Gopher

NIST Security Gopher

FIRST Gopher

CSC Security Gopher

Security, , Audit & Control (SIGSAC)

News Groups




FTP Sites for FAQs

FAQ for

FAQ for

FAQ for comp .security.misc

FAQ for

FA A Q for

FAQ for

FAQ for

FAQ for

FAQ for comp.virus

FAQ for Firewalls

FAQ for Privacy Enhanced Mail (PEM)

FAQ for

FAQ for

FTP Alert Sites

NASIRC - NASA Automated Systems Incident Response Capability

CERT - Computer Emergency Response Team

ASSIST - Automated Systems Security Incident Support Team


CIAC - Computer Incident Advisory Capability

FIRST - Forum of Incident Response and Security Teams

AUSERT - Australian Security Emergency Response Team