One of the challenges I face on a daily basis is trying to stay current on all the latest information technology security issues.To secure ourselves against defeat lies in our
own hands, but the opportunity of defeating the enemy
is provided by the enemy himself.Security against defeat implies defensive tactics;
ability to defeat the enemy means taking the offensive.--From Sun Tzu on the Art of War
There is a never-ending barrage of virus, malware, and phishing attacks confronting users and their systems. Add to that, a need to understand current software vulnerabilities and how to patch them (if available).
Finally, an effective security-minded system administrator will want to keep abreast of current and future industry trends, analyzing them to determine if they can enhance present safeguards and if any best-practices can be identified for future improvements.
Whew! All in a day's work.
To that end, I run RSS feeds and do weekly checks of the following security websites and blogs. There is quite a bit of overlap, but hopefully by casting a wide net and sorting efficiently...the good-guys can stay a few steps ahead of the bad-guys.
I've tried to divide them up into some categories for ease of review and provide a brief note on why I find the site useful.
Early-Warning Radar
- SANS-Internet Storm Center - Handler's Diary - My best source of breaking security news.
- Welcome to CERT! - Carnegie Mellon University's Internet research center
- eEye Digital Security - Zero-Day exploit tracker. If it's important..it's listed here.
- Vulnerability and Virus Information - Secunia - Virus and application advisory clearinghouse.
- FrSIRT - Security Research and Cyber Threats Monitoring 24/7 - Security advisories galore.
Study and Review
- (IN)SECURE Magazine - High Quality monthly web-magazine covering wide range of security.
- GRC Security Now! - Steve Gibson and Leo LaPorte's podcast on current security issues.
- Mark's Blog - Sysinternal's Guru Mark Russinovich's blog.
- Protocol Analysis Institute - Tons of tutorials and guides for desktop and network security.
- Microsoft Security Newsletter - What Microsoft feels it's important for us to know.
PC and Network/Internet Security
- TaoSecurity - Mostly network security issues, with great readability.
- heise Security - Providers of the Offline Update utility, light smattering of current topics.
- Donna's SecurityFlash - Donna is a MS-MVP and spins security from a Microsoft viewpoint.
- Dozleng.com Internet Security & Others - Vista and Internet topic coverage.
- Internet Security Alerts on Phishing, Malicious Websites and more - What Phish are jumping?
- Microsoft Security Advisories - What Microsoft will admit is broke--good info to know.
Security Forums
- AntiOnline - Current questions and responses from security users...pulse of the underground.
- Broadband Help Forums » Security - Another forum devoted to security discussions.
- Welcome to the IT Pro Security Community - Microsoft's portal for IT professionals.
- Wilders Security - Discussion forums on security applications and issues.
Malware
- SunbeltBLOG - Alex Eckelberry's Sunbelt Software blog. Anti-malware industry issues and tips.
- Vitalsecurity.org - A Revolution is the Solution - PaperGhost--taking no prisoners in battle!
- Spyware Confidential: A look at the latest security threats - General spam and malware blog.
- Nellie2 - Malware related issues blogged in the common-man's language.
- The Bill P. Blog - Blogging about virus's, malware, browser security and tech in general.
News and Trends
- SecurityFocus - News, columns and whitepapers--all related to current security issues.
- GovernmentSecurity.org - I work in government -- it's good to have a news slant from that angle.
- CSO Magazine - Issues, discussions, tips and columns for and by Chief Security Officers.
- Schneier on Security - Bruce wrote the Book on security and technology--rich in current events.
- Whitedust - The Leading Independent Security News Portal - Security news without spin.
- SecuriTeam.com ™ - Security news portal with tools, articles, blogs, reviews. Lots to see here!
- SecuriTeam Blogs - Toned down commentary on security issues.
- Help Net Security - Another IT security news and features portal.
- Internet Security News - Articles pulled a wide variety of sources--Internet user focused.
--Claus
1 comment:
Add the ACM Risks Digest to your list. It is not focused solely on security, but does frequently include many security-related items; it frequently highlights insecure practices or those that offer only a false sense of security.
Post a Comment