Timberline Technologies Technical Security Resources

Timberline Technologies Logo
HOME SECURITY PRODUCT LINKS SECURITY RESOURCES

SECURITY WORKSHOPS SECURITY ADVISORY LINKS CONTACT INFORMATION

CONSULTING SERVICES SECURITY NEWS LINKS SITE MAP

New from Timberline Technologies:

Online Cryptography Course

with Lab Exercises

Tell me more ...

Technical Security Resources

Important Note to Surfers: Timberline Technologies takes strict precautions to provide "safe" links. We will not knowingly provide a link to a site with dangerous active content or questionable privacy policies. Nevertheless, we can not guarantee the safety of all links provided. Those who are concerned about browsing securely are advised to use the facilities of BeHidden, safeWeb, Anonymizer or similar service.

Site Name Description

advICE Database of information security and anti-hacker information. Hosted by Network ICE.

All-Internet-Security Impressive list of freeware and shareware security tools. Also, reviews of commercial tools, security news, best practices advice.

ASIS American Society for Industrial Security. ASIS International, with more than 32,000 members, is the largest international organization for professionals responsible for security, including managers and directors of security.

Attrition Good view of the modern hacker scene. A real content site -- not just links to other sites.

*** Note: Some people may find the language and imagery posted on this site to be objectionable. Reader discretion is advised. ***

c:cure BSI-DISC website for the BS 7799 standard.

Center for Internet Security A global, cooperative initiative through which industry, government, and research leaders are establishing basic operational security standards and keeping them up-to-date.

CERIAS Center for Education and Research in Information Assurance and Security. Formerly known as the COAST Lab. Eugene Spafford's center of information security research at Purdue University. Good download source for security tools. Comprehensive library of security documentation. See especially the hotlist page.

Common Criteria Home Page Home page for the international security standards effort.

Computer Immune Systems Interesting computer security research effort at the University of New Mexico.

Computer Security Resource Center NIST site containing information on various security topics, security organizations, publications and training.

ContingencyPlanning.com Provides search engines to find articles, products and vendors for disaster recovery and contingency planning.

COTSE "Church of the Swimming Elephant" security portal. Links to news sources, downloadable tools, opinion columns and games.

Counterpane Systems Bruce Schneier's excellent site contains everything you could ever want to know about cryptography and cryptographic appplications. See, in particular, the Crypto-Gram newsletter archives.

Cryptography Research Good source for academic papers and cutting-edge cryptography research. See especially the resource library.

Cryptome Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on cryptology, dual-use technologies, national security and intelligence -- open, secret and classified documents -- but not limited to those.

CSI Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional. Since 1974, CSI has been providing education and aggressively advocating the critical importance of protecting information assets. CSI sponsors two conference and exhibitions each year, NetSec in June and the CSI Annual in November, and seminars on encryption, intrusion management, Internet, firewalls, awareness, Windows and more.

CSIS Center for Secure Information Systems at George Mason University. Great site for academic papers and information on state-of-the-art information security research.

CyberAngels A cyber-neighborhood watch organization which operates worldwide in cyberspace, through the efforts of over 8,000 volunteers from more than 72 countries. Specially trained volunteers patrol the internet looking for child pornography, child molesters and cyberstalkers. Also offers a wide variety of educational and help services to the internet community at large.

Cybercrimes Hosted by Professor Susan Brenner of the University of Dayton Law School. This web site is devoted to the legal issues that are involved in defining and sanctioning the perpetrators of cybercrimes, e.g., crimes committed against a computer or by means of a computer.

D.O.E SysWorks Great security resources page hosted by Joe Peschel. Lots of free tools for password cracking and key recovery.

Electronic Frontier Foundation Electronic privacy and anti-censorship advocacy group.

FerretSoft Shareware tools for open source research.

FIRST Forum of Incident Response and Security Teams. Coalition of incident response teams from government, industry and academia.

FISSEA The Federal Information Systems Security Educators' Association (FISSEA), founded in 1987, is an organization run by and for federal information systems security professionals. FISSEA assists federal agencies in meeting their computer security training responsibilities.

Hacking Exposed Companion web site to the famous white-hat hacker book by Scambray, McClure and Kurtz. See, especially, the excellent tools section.

Happy Hacker Carolyn Meinel's white-hat hacking site. Lots of information for beginners. Kudos for encouraging young people to participate in hacking contests rather than breaking the law.

Hoax Squad Good source of information on Internet hoaxes, spam, etc. Includes a search engine and a humor section.

HTCIA High Technology Crime Investigation Association. Good resource for computer crime investigation and forensics.

IANA Home Page Internet Assigned Numbers Authority.

ICSA International Computer Security Association. Security product ratings & evaluations, Information Security Magazine, technical links, etc. See, especially, the product certification page.

InfoSysSec Information systems security portal. Extremely comprehensive collection of security-related links. (Takes a while to load but worth the wait.)

InfoWar.Com Winn Schwartua's information warfare site. Good information on espionage and terrorism.

InfoWorld Security Corner Security-related books, conferences, hacker site links & much more.

Insecure.Org Fyodor's entertaining repository of hacker tools and documentation. Contains "Exploit World," a compendium of detailed information on exploiting vulnerabilities on various platforms.

Internet Storm Center Sponsored by the SANS Institute. Like the weather service where sensors (more than 2,000 in 45 countries) feed data to analysis centers. Individuals with Zone Alarm and McAfee and PIX and IPChains and Snort and several other systems all send log data that provides a real-time map of attacks onthe Internet.

ISACA The Information Systems Audit and Control Association is a recognized global leader in IT governance, control and assurance. ISACA sponsors international conferences, administers the globally respected CISA (Certified Information Systems Auditor) designation and develops globally-applicable Information Systems Auditing and Control Standards.

ISC² International Information Systems Security Certification Consortium. Administers the CISSP certification program.

ISSA The Information Systems Security Association (ISSA) is a not-for-profit international organization of information security professionals and practitioners. It provides education forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.

IT Audit Forum Directed primarily toward IT auditors. Has sections on risk management, e-commerce, security, technology, news, etc. See especially the article and reference search facility.

IT Security Cookbook Lots of practical security tips. Sponsored by Boran consulting.

IT Toolbox Security ITtoolbox Security offers forums for technical discussion, an integrated directory, white papers and daily news geared towards Security professionals and users of Security products. The portal also provides content, community, job postings and much more.

Lance's Security Papers The security writings of Lance Spitzner including the famous "Know Your Enemy" series.

Legal Information Institute Searchable databases of federal and state laws and court decisions. (Not security-specific but very useful for legal research.)

LinuxSecurity Lots of resources for protecting Linux systems and networks.

Packet Storm Information on vulnerabilities, defenses and security tools.

Java Security Web site hosted by Gary McGraw and Ed Felton, authors of Securing Java.

Microsoft Security Advisor Security bulletins, technical resources, information on securing Microsoft environments.

National Security Institute Industry and product news, computer alerts, travel advisories, a calendar of events, a directory of products and services, and access to an extensive virtual security library.

Neohapsis Archives Back issues of security newsletters, full disclosure security lists, vendor announcements, etc. Sponsored by Neohapsis Consulting. See also the archive search engine.

NCSC National Computer Security Center. Everything you ever wanted to know about "Orange Book" security, trusted product evaluations, common criteria, etc.

OSS.net Interesting site dedicated to open source intelligence.

PKI Page Astounding collection of links to Certification Authorities. Lots of useful links to cryptography-related information including digital signatures, SSL/TLS, MIME, SET and RFCs.

Pulhas Hacker lore - news, tools, mailing list, discussion forum -- lots of opinions.

*** Note: Some people may find the language posted on this site to be objectionable. Reader discretion is advised. ***

Redbooks Online Documentation on IBM products. Not just security topics but lots of security information included.

RFC-editor RFC database search tool.

RSA Security Conference The largest crypto and data security conference in the world. Sponsored by RSA Security Inc., this security conference and exposition features keynote presentations from industry leaders and national policy makers. Attendees at the RSA Conference include decision-makers and influencers from a range of sectors, including consumer, education, financial, government, computer networking, telecommunications and the media.

SANS Institute A cooperative education and research organization. Includes security resources, events and digests.

searchSecurity.com A security-specific search engine.

Secureroot Very nice security portal. Has a search engine and links to 15,000 urls.

SecureZone Computer security information center. Thousands of links to sites containing all kinds of security-related information. Sponsored by EnGarde Systems.

Securiteam Security portal. Contains links to security news, product reviews, vulnerabilities, etc.

SecurityFocus Large database of security knowledge. Provides access to security links and resources including news, books, mailing lists, tools and products, and security services.

Security on the Web A collection of useful Internet security links provided by Data Recovery Labs. (Thanks to Evelyn Lynch for making us aware of this super resource.)

SecurityParadigm Security news, research, articles. See especially the lists of default passwords.

Security space.com Web security portal sponsored by E-Soft. Online security tools, news, surveys and more.

Task International Ltd. A security training and operations team specialising in close protection, bodyguards, defensive driving, hostage rescue, military and police training, corporate crisis management and kidnap insurance.

TechWeb TechWeb tool for finding definitions of technical terms.

Trend Virus Encyclopedia Profiles and technical details of all known viruses. Database is searchable by name, payload, trigger date or type. Sponsored by Trend Micro.

UC Davis Computer Security Lab Great site for security research information. Mammoth repository of academic research papers.

USENIX USENIX is the Advanced Computing Systems Association. Since 1975 the USENIX Association has brought together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of the computing world.

Vanguard Enterprise Security Expo Sponsored by Vanguard Integrity Professionals. Annual conference focuses on enterprise security (mainframe + open systems).

Virus Bulletin Technical journal on developments in the field of computer viruses and anti-virus products.

Vmyths.com Learn about computer virus myths, hoaxes, urban legends, and the implications if you believe in them. You can also search a list of computer virus hoaxes from A to Z.

WindowsITPro John Savill's great compendium of Windows security questions and answers.

WindowSecurity Independent information on Microsoft Windows security.

WWW.CYBERCRIME.GOV Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice site. Reporting procedures for Internet-related crime. Press releases, speeches, testimonies, letters and reports related to computers and cyberspace. Government initiatives to combat cybercrime.

WWW Security FAQ Lincoln Stein's excellent discussion of WWW security concerns.

Zone-H Security news, advisories, legal information and discussion forum. Interesting web site defacement archive.

HOME	SECURITY PRODUCT LINKS	SECURITY RESOURCES
SECURITY WORKSHOPS	SECURITY ADVISORY LINKS	CONTACT INFORMATION
CONSULTING SERVICES	SECURITY NEWS LINKS	SITE MAP

Site Name	Description
advICE	Database of information security and anti-hacker information. Hosted by Network ICE.
All-Internet-Security	Impressive list of freeware and shareware security tools. Also, reviews of commercial tools, security news, best practices advice.
ASIS	American Society for Industrial Security. ASIS International, with more than 32,000 members, is the largest international organization for professionals responsible for security, including managers and directors of security.
Attrition	Good view of the modern hacker scene. A real content site -- not just links to other sites. * Note: Some people may find the language and imagery posted on this site to be objectionable. Reader discretion is advised. *
c:cure	BSI-DISC website for the BS 7799 standard.
Center for Internet Security	A global, cooperative initiative through which industry, government, and research leaders are establishing basic operational security standards and keeping them up-to-date.
CERIAS	Center for Education and Research in Information Assurance and Security. Formerly known as the COAST Lab. Eugene Spafford's center of information security research at Purdue University. Good download source for security tools. Comprehensive library of security documentation. See especially the hotlist page.
Common Criteria Home Page	Home page for the international security standards effort.
Computer Immune Systems	Interesting computer security research effort at the University of New Mexico.
Computer Security Resource Center	NIST site containing information on various security topics, security organizations, publications and training.
ContingencyPlanning.com	Provides search engines to find articles, products and vendors for disaster recovery and contingency planning.
COTSE	"Church of the Swimming Elephant" security portal. Links to news sources, downloadable tools, opinion columns and games.
Counterpane Systems	Bruce Schneier's excellent site contains everything you could ever want to know about cryptography and cryptographic appplications. See, in particular, the Crypto-Gram newsletter archives.
Cryptography Research	Good source for academic papers and cutting-edge cryptography research. See especially the resource library.
Cryptome	Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on cryptology, dual-use technologies, national security and intelligence -- open, secret and classified documents -- but not limited to those.
CSI	Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional. Since 1974, CSI has been providing education and aggressively advocating the critical importance of protecting information assets. CSI sponsors two conference and exhibitions each year, NetSec in June and the CSI Annual in November, and seminars on encryption, intrusion management, Internet, firewalls, awareness, Windows and more.
CSIS	Center for Secure Information Systems at George Mason University. Great site for academic papers and information on state-of-the-art information security research.
CyberAngels	A cyber-neighborhood watch organization which operates worldwide in cyberspace, through the efforts of over 8,000 volunteers from more than 72 countries. Specially trained volunteers patrol the internet looking for child pornography, child molesters and cyberstalkers. Also offers a wide variety of educational and help services to the internet community at large.
Cybercrimes	Hosted by Professor Susan Brenner of the University of Dayton Law School. This web site is devoted to the legal issues that are involved in defining and sanctioning the perpetrators of cybercrimes, e.g., crimes committed against a computer or by means of a computer.
D.O.E SysWorks	Great security resources page hosted by Joe Peschel. Lots of free tools for password cracking and key recovery.
Electronic Frontier Foundation	Electronic privacy and anti-censorship advocacy group.
FerretSoft	Shareware tools for open source research.
FIRST	Forum of Incident Response and Security Teams. Coalition of incident response teams from government, industry and academia.
FISSEA	The Federal Information Systems Security Educators' Association (FISSEA), founded in 1987, is an organization run by and for federal information systems security professionals. FISSEA assists federal agencies in meeting their computer security training responsibilities.
Hacking Exposed	Companion web site to the famous white-hat hacker book by Scambray, McClure and Kurtz. See, especially, the excellent tools section.
Happy Hacker	Carolyn Meinel's white-hat hacking site. Lots of information for beginners. Kudos for encouraging young people to participate in hacking contests rather than breaking the law.
Hoax Squad	Good source of information on Internet hoaxes, spam, etc. Includes a search engine and a humor section.
HTCIA	High Technology Crime Investigation Association. Good resource for computer crime investigation and forensics.
IANA Home Page	Internet Assigned Numbers Authority.
ICSA	International Computer Security Association. Security product ratings & evaluations, Information Security Magazine, technical links, etc. See, especially, the product certification page.
InfoSysSec	Information systems security portal. Extremely comprehensive collection of security-related links. (Takes a while to load but worth the wait.)
InfoWar.Com	Winn Schwartua's information warfare site. Good information on espionage and terrorism.
InfoWorld Security Corner	Security-related books, conferences, hacker site links & much more.
Insecure.Org	Fyodor's entertaining repository of hacker tools and documentation. Contains "Exploit World," a compendium of detailed information on exploiting vulnerabilities on various platforms.
Internet Storm Center	Sponsored by the SANS Institute. Like the weather service where sensors (more than 2,000 in 45 countries) feed data to analysis centers. Individuals with Zone Alarm and McAfee and PIX and IPChains and Snort and several other systems all send log data that provides a real-time map of attacks onthe Internet.
ISACA	The Information Systems Audit and Control Association is a recognized global leader in IT governance, control and assurance. ISACA sponsors international conferences, administers the globally respected CISA (Certified Information Systems Auditor) designation and develops globally-applicable Information Systems Auditing and Control Standards.
ISC²	International Information Systems Security Certification Consortium. Administers the CISSP certification program.
ISSA	The Information Systems Security Association (ISSA) is a not-for-profit international organization of information security professionals and practitioners. It provides education forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members.
IT Audit Forum	Directed primarily toward IT auditors. Has sections on risk management, e-commerce, security, technology, news, etc. See especially the article and reference search facility.
IT Security Cookbook	Lots of practical security tips. Sponsored by Boran consulting.
IT Toolbox Security	ITtoolbox Security offers forums for technical discussion, an integrated directory, white papers and daily news geared towards Security professionals and users of Security products. The portal also provides content, community, job postings and much more.
Lance's Security Papers	The security writings of Lance Spitzner including the famous "Know Your Enemy" series.
Legal Information Institute	Searchable databases of federal and state laws and court decisions. (Not security-specific but very useful for legal research.)
LinuxSecurity	Lots of resources for protecting Linux systems and networks.
Packet Storm	Information on vulnerabilities, defenses and security tools.
Java Security	Web site hosted by Gary McGraw and Ed Felton, authors of Securing Java.
Microsoft Security Advisor	Security bulletins, technical resources, information on securing Microsoft environments.
National Security Institute	Industry and product news, computer alerts, travel advisories, a calendar of events, a directory of products and services, and access to an extensive virtual security library.
Neohapsis Archives	Back issues of security newsletters, full disclosure security lists, vendor announcements, etc. Sponsored by Neohapsis Consulting. See also the archive search engine.
NCSC	National Computer Security Center. Everything you ever wanted to know about "Orange Book" security, trusted product evaluations, common criteria, etc.
OSS.net	Interesting site dedicated to open source intelligence.
PKI Page	Astounding collection of links to Certification Authorities. Lots of useful links to cryptography-related information including digital signatures, SSL/TLS, MIME, SET and RFCs.
Pulhas	Hacker lore - news, tools, mailing list, discussion forum -- lots of opinions. * Note: Some people may find the language posted on this site to be objectionable. Reader discretion is advised. *
Redbooks Online	Documentation on IBM products. Not just security topics but lots of security information included.
RFC-editor	RFC database search tool.
RSA Security Conference	The largest crypto and data security conference in the world. Sponsored by RSA Security Inc., this security conference and exposition features keynote presentations from industry leaders and national policy makers. Attendees at the RSA Conference include decision-makers and influencers from a range of sectors, including consumer, education, financial, government, computer networking, telecommunications and the media.
SANS Institute	A cooperative education and research organization. Includes security resources, events and digests.
searchSecurity.com	A security-specific search engine.
Secureroot	Very nice security portal. Has a search engine and links to 15,000 urls.
SecureZone	Computer security information center. Thousands of links to sites containing all kinds of security-related information. Sponsored by EnGarde Systems.
Securiteam	Security portal. Contains links to security news, product reviews, vulnerabilities, etc.
SecurityFocus	Large database of security knowledge. Provides access to security links and resources including news, books, mailing lists, tools and products, and security services.
Security on the Web	A collection of useful Internet security links provided by Data Recovery Labs. (Thanks to Evelyn Lynch for making us aware of this super resource.)
SecurityParadigm	Security news, research, articles. See especially the lists of default passwords.
Security space.com	Web security portal sponsored by E-Soft. Online security tools, news, surveys and more.
Task International Ltd.	A security training and operations team specialising in close protection, bodyguards, defensive driving, hostage rescue, military and police training, corporate crisis management and kidnap insurance.
TechWeb	TechWeb tool for finding definitions of technical terms.
Trend Virus Encyclopedia	Profiles and technical details of all known viruses. Database is searchable by name, payload, trigger date or type. Sponsored by Trend Micro.
UC Davis Computer Security Lab	Great site for security research information. Mammoth repository of academic research papers.
USENIX	USENIX is the Advanced Computing Systems Association. Since 1975 the USENIX Association has brought together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of the computing world.
Vanguard Enterprise Security Expo	Sponsored by Vanguard Integrity Professionals. Annual conference focuses on enterprise security (mainframe + open systems).
Virus Bulletin	Technical journal on developments in the field of computer viruses and anti-virus products.
Vmyths.com	Learn about computer virus myths, hoaxes, urban legends, and the implications if you believe in them. You can also search a list of computer virus hoaxes from A to Z.
WindowsITPro	John Savill's great compendium of Windows security questions and answers.
WindowSecurity	Independent information on Microsoft Windows security.
WWW.CYBERCRIME.GOV	Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice site. Reporting procedures for Internet-related crime. Press releases, speeches, testimonies, letters and reports related to computers and cyberspace. Government initiatives to combat cybercrime.
WWW Security FAQ	Lincoln Stein's excellent discussion of WWW security concerns.
Zone-H	Security news, advisories, legal information and discussion forum. Interesting web site defacement archive.