The Ten Immutable Laws Of Computer Security

News and resource sites

ACSAC information security bookshelf

Security Researchers & groups

Rain Forest Puppy
David A Wheeler
Gene Spafford
Georgi Guninski
Carl Ellison
David Dittrich
Last stage of Delirium
Whitehats Security community
The Church of the Swimming Elephant
CounterPane Labs.
Subterrain security group
Underground Systems Security Research
The Unamerican Gentlemen's Club
Darthmouth PKI lab papers

Various OS security links

Securing NT Guidelines
Stefan Norbergs Securing Windows page
Harden NT Workstation
M$ Guide to securing NT
Microsoft Technet security
Windows Security administration
Armoring NT 4
Hardening Windows 2000 Guide
Sun Blueprint - Solaris Operating Environment Security
The Solaris Security FAQ
Solaris hardening and security
Solaris 2.6 Install/Configure
Armoring Solaris
Sun Security bulletin archive
CIS benchmark and scoring/scanning tools for solaris
Tru64 Security Guide
CERT security Guidelines
Cert security improvements
CERT Unix security checklist

Application security

Securing an ASP Application
SQL Server Security
SQL Security
X security
Apache security
Apache tutorials
iPlanet security resources
Michael Han's ssh page
Securing MySQL

Network security

nidsbench - a network intrusion detection system test suite
IDS faqs
Network Security Library
ICMP Usage In Scanning
Cautionary Tales: Stealth Coordinated Attack HOWTO
Internet Firewalls FAQ
Bluetooth Security
Network discovery

Security management, policy and process improvement

IT Security Cookbook
Circle of Security
CERT Security Practices and Evaluations
Counterpane Literature
NIST: Computer and Information Security Policy
Creating, Implementing and Managing the Information Security Life cycle
A New Approach to the Specification of General Computer Security Policies.
Secure Strategies
Securityflaw's Bible for Information Security
How to develop a network security policy
NIST: Internet Security Policy: A Technical Guide
ISO17799 Compliance & Positioning
NIST: Management Guide to the Protection of Information 
Risk-Assessment Strategies
Quantifying risk
The Trinity of a Quality Information Security Policy
Why Security Policies Fail
You've been hacked: Should you tell the world?
DSS Academy Security Awareness Page


Encryption, Cryptography And Security Related Links
Attack trees
The inevitablity of failure
Internet Security Auditing
W3C Security Resources
The deception toolkit
To build a honeypot
The inevitability of failure
DNSSEC resources
New Order
The Open-Source Security Testing Methodology Manual
Detecting LKM rootkits
US National Infrastructure Protection Center
Detecting backdoors and Detecting Stepping-Stones
Covert Channels
Common vulnerabilities and exposures
How to break out of a chroot() jail
Security Horizon
Useful security documents
Infosyssec Security portal
RSA Security's crypto FAQ
SANS Index of FAQs
Network World Fusion security newsletters archive
Wireless Security Meta-FAQ
The Protection of Information in Computer Systems
Biometrics, Access control, smart cards: A not so simple combination
Journal of Internet Security
Computer Security Resource Centre
The 'Security Digest' Archives
The Unix Auditor's Practical Handbook

Incident response
Secure Deletion of Data from Magnetic and Solid-State Memory
Security Unit

Handheld stuff

Palms and RSA keys
Windows CE Security