External Information Awareness Links
From ITS Wiki - Information Technology Services - University of Rhode Island
Government Websites
U.S Department of Homeland Security
The new Department of Homeland Security (DHS) has three primary missions: Prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage from potential attacks and natural disasters.
U.S Department of Justice: CCIPS Division
The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide. The Computer Crime Initiative is a comprehensive program designed to combat electronic penetrations, data thefts, and cyberattacks on critical information systems.
F.B.I. InfraGard
InfraGard's goal is to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures.
NIST Computer Security Resource Center
The Computer Security Division (CSD) - (893) is one of eight divisions within NIST's Information Technology Laboratory whose mission is to improve information systems security by raising awareness of IT risks, vulnerabilities and protection requirements, particularly for new and emerging technologies.
CSRC Mirror
The Systems Administration Guidance for Windows 2000 Professional publication is intended to assist the users and system administrators of Windows 2000 Professional systems in configuring their hosts by providing configuration templates and security checklists.
Government Computer News
GCN reports on U.S. government IT defense, communications & networking, homeland security, policy & regulation, and more.
NIH Free Security Training
The National Institutes of Health have created a public information security awareness training course for employees, contractors, students, and others.
FBI / Internet Crime Complaint Center
The Federal Bureau of Investigation assists the IC3 in following internet criminal activity as reported by citizens. "Complaints filed via this website are processed and may be referred to federal, state, local or international law enforcement or regulatory agencies for possible investigation."
Security Links
DeepFreeze
Deep Freeze instantly protects and preserves baseline computer configurations. No matter what changes a user makes to a workstation, simply restart to eradicate all changes and reset the computer to its original state - right down to the last byte.
WinSelect
WINSelect provides the ability for administrators to turn a computer into a Kiosk-style workstation by locking down browser functions and Windows application settings. Administrators can selectively control third-party programs and Windows operating system features.
WinSnort
Winsnort.com is for anybody who wants to learn how to install a complete Windows Intrusion Detection System (WinIDS), using the most popular and known Intrusion Detection Engine known as Snort!
AirSnort
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
Vulnerability Scanning Tools
Insecure.org contains network security tools and free software, including Nmap open source network security scanner. The site revolves around Redhat Linux, Microsoft Windows, FreeBSD, and UNIX hacking.
Honeypot & IDS
LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time.
Security Incident Response Team Guide
This document provides guidance on forming and operating a computer security incident response team (CSIRT). In particular, it helps an organization to define and document the nature and scope of a computer security incident handling service, which is the core service of a CSIRT.
FBI Internet Fraud Complaint Center - IFCC
The IFCC allows users to report terrorist activity, file a complaint, and view statistics and fraud warnings for preventing fraud.
Federal Trade Commision
The FTC is the home of the Do Not Call Registry, advocacy, federal litigation, and more.
Google Remove
Need to remove your personal information from Google's search results and/or cache? Do it here.
StaySafeOnline
You wouldnÂ’t leave your home unprotected at night, so why make it easy for hackers and thieves to steal your financial information, or take over your computer to hurt others? Protect yourself.
McAfee Site Advisor
McAfee tests the web to help keep you safe from spyware, spam, viruses and online scams. Use their software to stay safe online.
WiGLE
Wireless Geographic Logging Engine: Making maps of wireless networks since 2001.
Wireless Vulnerabilities & Exploits
WVE is the source for in-depth information on wireless vulnerabilities.
Professional Security Web Sites
Microsoft Secure Programming Techniques and Practices
This site regularly publishes information and links related to IT security for developers. Topics range from code compliance to secure access management.
Windows Security
TechGenix manages the leading family of network administration websites that includes WindowsNetworking.com, MSExchange.org, ISAserver.org, WindowSecurity.com and MSTerminalServices.org
DDoS Security News
DDoS World provides up-to-date information on the latest Denial of Service attacks and Amplifier attacks. Registered users can receive incident alerts, article announcements, search archived articles, and view past survey results.
Forum Style Security Help
A powerful security resource, users can access instant solutions for most demanding security problems. A vast IT library puts more IT information at your finger tips.
AntiOnline.com
AO is a worldwide community of security, network and computer professionals, students and keen amateurs who come here to learn the principles and details of computer/network security.
c4i.org: Security Links
C4I lists computer security and intelligence links including U.S. government information, colocation services, and national defense links.
Zone-h.org
The geopolitics section covers a range of news which are considered strategic to understand the world. The Digital Warfare section covers the whole sphere of news related to the use of the Internet as a mean of asymmetric weapon: governmental programs, cyber-dissidence, cyber-terrorism, cyber-control as well as digital espionage. The ITsec section contains security news and advisories both public and of zone-h exclusivity.
Security News
Computerworld, the 'Voice of IT Management,' is the most trusted source for the critical information needs of senior IT management at medium-size to large companies.
Majorgeeks.com
At the root of MajorGeeks are files for your computer that tweak, repair, back-up, enhance, protect and more. They call think of themselves as a very large toolbox for your PC. "Having the right tool for the job is all you need to make your PC behave the way you want it."
Searchsecurity.com
Headquartered in Needham, MA, SearchSecurity.com is part of the TechTarget network. TechTarget publishes integrated media that enable information-technology (IT) marketers to reach targeted communities of IT professionals and executives in all phases of the technology decision-making and purchase process.
Center for Education and Research in Information Assurance and Security
The Center for Education and Research in Information Assurance and Security (CERIAS) is currently viewed as one of the world's leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure.
Open Source Vulnerability Database
OSVDB is an independent and open source database created by and for the community. Their goal is to provide accurate, detailed, current, and unbiased technical information.
Internet Health Report
Keynote publicly hosts the latency and network availability of the top eleven Tier-1 ISP peering points. There are 121 points displayed.
Security Information Toolbox
ITtoolbox is an online community of professionals who share practical information on IT topics. This community enables anyone to access the collective knowledge of a worldwide audience of experienced professionals.
Common Vulnerabilities and Exposures
CVE is a list of standardized names for vulnerabilities and other information security exposures. The group aims to standardize the names for all publicly known vulnerabilities and security exposures.
InternetTraffic
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100. Higher values indicate faster and more reliable connections.
NTSecurity
This site offers advanced freeware Windows security tools and information.
NetworkIntrusion
The Talisker Security Wizardry Portal was designed and built to cater for the demands of Government and Military networks requiring near real time information on new and emerging cyber threats.
Click Fraud
Clickrisk is engaged by leading online marketers worldwide to assist them in the discovery of fraudulent web activity, determining the best course of action in recouping their financial losses, helping prevent future security breaches, and optimizing their marketing efforts.
Tools/Applications
ITS Toolkit
This page is a comprehensive listing of tools. Manage internal and external network resources.
ITS Applications
This page is a comprehensive listing of open-source secure applications for both your environment and the outside world. Take a look at browsers, document management, email, file transfer, networking, and graphics programs.
IT Cheat Sheets
You never know when a good cheat sheet will come in handy - bookmark this page to keep a treasure trove of useful information at your fingertips.
Penetration Testing
Gibson Research Corp.
This site provides SpinRite, a hard drive data recovery software that is now compatible with NTFS, FAT, Linux, and most other file systems.
Microsoft Baseline Analyzer
In response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA). Version 2.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems.
AuditMyPC.com
AuditMyPC.com is a vulnerability assessment, privacy test, research and security information site. This site was designed to promote security awareness, free of charge.
Sygate Port Probe
This scanner will try and determine information about your computer. The scan will only probe commonly used services and protocols, and will help you identify basic holes in your infrastructure.
Security Webcasts
Microsoft TechNet Webcasts
TechNet webcasts are 60 to 90 minute live broadcasts featuring interactive technical presentations, product demonstrations, and question-and-answer sessions. Up to 30 new webcasts are broadcast every month, each presented by an expert on Microsoft technology, the industry, or both. All content is recorded and made available on demand.
SearchSecurity Webcasts
The SearchSecurity Webcast Directory is your guide to informative Security technology webcasts provided by a wide range of IT vendors. Browse and search through the Webcast Directory to access the complete webcast collection and hear informative presentations.
SANS Webcasts
SANS Webcasts are live web broadcasts that allow you to hear a knowledgeable speaker while viewing presentation slides that you download in advance. You need either Real Audio Player or Windows Media Player (free downloads are available on the webcast access page), and a SANS Portal account.
ITWorld Webcasts
Accela Communications provides services that accelerate sales and business growth for companies and partners through the use ofon-demand rich media, web response management tools, and a network of information technology web sites.
Vendor Security Bulletins
Top 20 Critical Vulnerabilities
This SANS Top-20 is a marked deviation from the previous Top-20 lists. In addition to Windows and UNIX categories, they have also included Cross-Platform Applications and Networking Products.
Microsoft Security
The security home page has numerous links to system update and anti-malware solutions.
Sun Microsystems
Sun takes a whole-system approach to security and compliance. Sun Systemic Security integrates layered protections directly into essential IT infrastructure. Sun and its partners also provide services to help you manage risk, comply with regulations, and achieve business growth.
Hewlett Packard (HP)
HP provides a comprehensive set of solutions, management tools and services to meet customers' security requirements.
Silicon Graphics
SGI tracks security issues, alerts, advisories and updates, and rapidly addresses software breaches with immediate patches and longer-term solutions as soon as possible.
RedHat Linux
Solutions include Red Hat Enterprise Linux operating platforms, sold through a subscription model, and a broad range of services: consulting, 24x7 support, Red Hat Network. Red Hat's global training program operates in more than 60 locations worldwide and features RHCE, the global standard Linux certification.
Netscape
This site lists security alerts for the browser as they are discovered and patched.
IBM
IBM provides industry-relevant security products, services and solutions to address safety and security concerns. IBM will help you assess, detect, protect, correct and recover from security exposures in your IT and physical security environments in today's on demand e-business world.
Oracle
Enterprises are now relying on Oracle security products to meet their information protection and security needs for both Oracle and non-Oracle systems. Oracle ensures security inside the data center and beyond, spanning the database, middleware, and business applications.
Best Practices
This link to webmail uses SSL to connect and interact with the web-based service.
PrettyGoodPrivacy
For enterprises, businesses, and departments requiring flexible encryption solutions managed from a central unified console to help comply with regulations and protect customer and other confidential data.
Secure FTP Client (SFTP)
WinSCP is an open source freeware SFTP client for Windows using SSH. Legacy SCP protocol is also supported. Its main function is safe copying of files between a local and a remote computer.
SSH Secure Shell Telnet
PuTTY is a client program for the SSH, Telnet and Rlogin network protocols. These protocols are all used to run a remote session on a computer, over a network. PuTTY implements the client end of that session: the end at which the session is displayed, rather than the end at which it runs.
Anonymous Surfing
Anonymous surfing allows you to surf the web without leaving a trail of particulars about your browser, your computer system, your country, IP address, etc.
Password Guidance
Your passwords are the keys you use to access personal information that you've stored on your computer and in your online accounts.
Safe Surfing for Kids
It is not the purpose of this page to moralise on the pros and cons of censorship versus protecting children from content that parents do not deem fit for their childrens' viewing. Here are two free, fast and easy solutions to controlling web content.
Security Checklists & Implementation Guides
The Cyber Security Research and Development Act requires NIST to develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks associated with each computer hardware or software system.
Copyright Information
The Washington State University Copyright Office hosts this web site to educate the campus community about copyright law in higher education. The Copyright Office was established to assist students, faculty and staff in copyright issues that arise in the pursuit and delivery of education.
Scams
ScamBusters.org
This site is dedicated to helping you protect yourself from clever scams, online and offline. You'll find resources on how to avoid the most popular scams, viruses and urban legends making the rounds.
Securities & Exch. Commission
This alert tells you how to spot different types of Internet fraud, what the SEC is doing to fight Internet investment scams, and how to use the Internet to invest wisely.
Sophos Report on Phishing Toolkits
Sophos experts have discovered that do-it-yourself phishing kits are being made available for download free of charge from the internet.
Hoaxes, Rumors and Urban Legends
CIAC Hoax Page
In addition to describing hoaxes and chain letters found on the Internet, this site discusses how to recognize hoaxes, what to do about them, and some of the history of hoaxes on the Internet.
Symantec Hoax Page
Symantec Security Response uncovers hoaxes on a regular basis. These hoaxes usually arrive in the form of an email. Please refer to this page whenever you receive what appears to be a bogus message regarding a new virus, or promotion that sounds too good to be true.
Urban Legends Reference Page
Simply enter your query in the space provided and click the "Search" button.
Mailing Lists
Microsoft Security List
Better protect your computing environment by keeping up to date on Microsoft technical security notifications. Notifications are available in RSS, instant message, mobile device, or e-mail format, and are always available online at TechNet on the Security Bulletin Search Web page.
NTBugtraq.com
NTBugtraq is a mailing list for the discussion of security exploits and security bugs in Windows NT, Windows 2000, and Windows XP plus related applications.
Mcafee Virus Alert
To subscribe to McAfee Dispatch or update your subscription, enter your e-mail address in the space provided, select your preferred email format, then press "subscribe".
Web Sites
CERT.org
CERT is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
SANS.org
SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center.
SlashDot.org
Slashdot is a Web 2.0 site devoted to user-submitted IT/Geek stories and provides for user feedback per story.
DSheild.org
DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.
CISecurity.org
The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. Click Here to learn more about CIS's mission.
US-CERT.gov
Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.
ISC2.org
The International Information Systems Security Certification Consortium, or (ISC), is the internationally recognized Gold Standard for educating and certifying information security professionals throughout their careers.
Internet Storm Center
The ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
IANA.org
The Internet Assigned Numbers Authority contains databases of top level domain information.
URI Tech Network
The University Tech Network (UTN) is an organization of technical staff from URI's campuses and colleges. The UTN meets on the fourth Thursday of every month, normally at 10:30 in one of the Library conference rooms.
Security News
SecurityFocus.com
Security Focus is an IT news network, covering issues ranging from malware to intrusion detection.
Secuirtynewsportal.com
The SecurityNewsPortal is a non-profit educational resource dedicated to providing the most comprehensive gathering of the latest news on security, viruses, trojans, hackers, hackings and other things of interest to security professionals.
Netcraft.com
Netcraft is an Internet services company based in Bath, England. Netcraft is funded through retained profit and derives its revenue by providing network security services including application testing, code reviews, and automated penetration testing.
Security Consulting
Eeye.com
eEye's integrated suite of vulnerability management solutions enable organizations to manage the entire lifecycle of security threats before, during, and after attacks.
Stenography
The Basics of Stenography
Steganography is the art of covered or hidden writing. The purpose of steganography is covert communication-to hide the existence of a message from a third party. This paper is intended as a high-level technical introduction to steganography for those unfamiliar with the field.
2Mosaic
.ZIP
Gif-It-Up
.EXE
JPHS for Windows
Description
Stegdetect
.ZIP
S-Tools
.ZIP
University of Rhode Island
Bluetooth
The basics on Bluetooth. Bluetooth is a technology that allows for the seamless integration of resources in a wireless environment.
Cisco Router Security Configuration Guide
Provides information regarding the configuration of routers to maximize security. Introduces the concepts of DMZ and port blocks in a firewall.
Ports Database
Common program ports listed for easy searching and reference.
Cisco PIX
The benchmarks define configuration settings for Cisco IOS and PIX devices. Both Level-1 and Level-2 configurations are identified in one benchmark document. These settings are designed primarily to enhance the security of the device itself. The Level-1 benchmark is intended to be a minimum-security requirement for prudent due care, and is based on the NSA Router Security Configuration Guide. All IOS and PIX devices should implement these settings. Level-2 benchmark settings are optional. They may not apply in all situations. There are also many relevant settings for which no benchmark standards are yet defined (e.g. ssh, IPSEC, BGP, OSPF, radius...).
Online Shopping Security
This list provides basic security for users shopping online; explains how to safeguard personal information.
Media
Paul Dotcom Dotcom
Network security podcasts.
Campus Downloading
CampusDownloading.org provides media and other resources to explain how students can legally download music on campus.
