These resources have received
|Color code: Pay SitesFree Sites|
About provides an overview of the basics of security. The directory is in the left column.
Astalavista "is one of the world's most popular and comprehensive computer security web sites. Astalavista.com was originally founded in 1997, by a hacker computer enthusiast. The name of the site came from the unforgettable line in the Terminator 2 movie - "Hasta Lavista baby". Since then, the site became the underground's most respected and well maintained portal for anything you ever wanted to know about hacking and security. The enormous database, the constant updates, the unique nature of the content published, the new services and features, all offered for free, turned Astalavista.com into what it is today - a cult! Our site is visited by home and enterprise users, universities, government and military institutions on a daily basis, we are currently attracting more than 100,000 unique visitors per day, making the site an extremely popular security portal." The members only area is located here.
ASIS is an international organization of security professionals, including managers and directors of security with 33,000 members. Membership fee is $100/yr. They produce Security Management magazine which provides free online access to their back issues.
CERT is a federally funded security R&D (research and development) center at Carnegie Mellon University in Pittsburgh, PA. CERT's goals are "to respond to major security incidents and analyze product vulnerabilities, To ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks, and to analyze the state of internet security and convey that information to the system administrators, network managers, and others in the internet community."
"The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls." They offer free CIS Benchmarks which enumerate security configuration settings and actions that "harden" your systems and represent a prudent level of due care and best-practice. Consensus among hundreds of security professionals worldwide has defined these particular configurations. The Benchmarks are widely accepted by U.S. government agencies for FISMA compliance, and by auditors for compliance with the ISO standard as well as GLB, SOX, HIPAA, FIRPA and other the regulatory requirements for information security.
CSI (Computer Security Institute) is a membership organization specifically dedicated to serving and training the information, computer and network security professional. Membership is $224/year. They have an archive of free webcasts on security topics.
CSRC (Computer Security Resource Center) is a subdivision of NIST (National Institute of Standards and Technology). Their mission is to improve information systems security by sharing information. They offer keyword searching of their database.
Honey Pots and its linked companion sites provide tutorials and whitepapers on security issues.
The Institute for Information Infrastructure Protection (The I3P) is a Consortium that includes academic institutions, federally-funded labs and non-profit organizations that brings experts together to identify and help mitigate threats aimed at the U.S. information infrastructure. It has a keyword searchable database and a directory of organizations that work in the area of cyber security.
IBM Security Resource Center provides security resources and links.
ICSA Labs is an independent division of Cybertrust, has been the security industry's central authority for research, intelligence, and certification testing of products. ICSA Labs sets standards for information security products and certifies over 95% of the installed base of anti-virus, firewall, IPSec, cryptography, and PC firewall products in the world today. On their site are lists of security products that have been certified.
Information Security Magazine provides full access to security articles in all current and back issues.
InfoSysSec is a comprehensive portal for Information System Security Professionals. Yahoo editors say it is the best of it kind. Sample security policies can be found.
The ISF (Information Security Forum) is an independent, not-for-profit, international association of over 260 companies - including 50% of Fortune 100 companies - and public sector organizations, which fund and cooperate in the development of practical research about information security. Provides authoritative best-practice material and tools, developed with US$75 million already invested, to member companies. It provides two free sample reports for visitors on the home page - the ISF Security Standard and a Windows 2000 Security Checklist.
ISSA (Information Systems Security Association) is a not-for-profit, international organization of information security professionals and practitioners. Membership dues are $95/year.
Microsoft Security Portal is Microsoft's launch point for security coverage for Windows systems by category home user, small business, IT professional, and developer.
RSA Security provides products to protecting online identities and digital assets and has a strong reputation built on a 20-year history. They put on the annul RAS Security Conference to share information and exchange ideas on technology trends and best practices in identity theft, hacking, cyber-terrorism, biometrics, network forensics, perimeter defense, secure web services, encryption and related topics.
SANS Institute (SysAdmin, Audit, Networking, and Security) provides security training and resources. These are some useful places on this site: resource portal, reading room, sample security policies, security checklists, and the quarterly list of Top-20 security vulnerabilities.
SearchSecurity lists security whitepapers by category. It is a subset ofIT resources.
SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. It has over 18 million page views a month and 2.5 million unique users annually.
IE-SpyAd is Eric Howes' anti-spyware portal and is one of the most complete available. The current version of IE-SpyAd, a restricted site list, can be downloaded.
Symantec has a wealth of information about viruses on their website.
TechRepublic offers free and fee-based (, $90/yr) memberships. This site is for IT professionals and offers a wealth of free resources online books, white papers, forums, mailing lists, and articles. They also sell tutorial CDs on system administration, project management, security, etc. The security portal is here: .
Vmyths provides information on virus hoaxes.
Windows Security is a rich resource for all topics related to computer and network security issues on Windows systems. It includes articles, security tests, forums, newsletters, tutorials, white papers, and links.