Hi im very new at a security analyst job
i need to learn real quick about attack types
hacking patterns, viruses and stuff

Im posting a list of web pages i ve found so far
please fill in some more. Some are in spanish other
in english.

www.securityfocus.com
secunia.com
www.hispasec.com
escert.upc.es
alerta-antivirus.red.es
www.packetstormsecurity.org

Thanks

http://www.scmagazine.com/home/index.cfm

Blue

If I wasn't Blue, I would just be a Dragon...

http://www.spywareinfo.com/

and

http://www.ntbugtraq.com/default.asp?pid=38&sid=1

Smile anyway,
Perry.

You should make yourself familiar with the different port numbers, so if a worm attacks a certain port, you know what it does and how to block it.  Check out
Ports
This is a partial list.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.

 TTinChicago
Johnson Computers

You forgot the most important one of them all.

www.cert.org

-Al

Oxygen 3  Forgot about this one.  Daily free newsletter.  I've found out about many viruses and such long before others have.  Great place to subscribe.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.

 TTinChicago
Johnson Computers

For general news:
http://antivirus.about.com/

and don't forget the basics . . .
http://nai.com
  and
http://symantec.com

Can I suggest that this information is put into a FAQ.

Chris R Anthony

Go for it Chris.  Good idea.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.

 TTinChicago
Johnson Computers

Glen, It looks like you cannot have a FAQ section in a user moderated forum. I will try and find out how we can set one up.

Chris A

I have created a FAQ containing the information above. If anyone wants to add more web sites, please let me know.

Chris R Anthony

Where is the FAQ located?

SF18C
CCNP, MCSE, A+, N+ & HPCC
Tis better to die on your feet than live on your knees!

At the bottom right hand sifde of your message, there is a link "Check out the FAQ area for this forum". Click on that and you will be taken to the FAQ area. A bit obscure!! I had trouble finding it myself!!

Chris R Anthony

I have a few links here:

http://www.securelyspeaking.com/modules.php?op=modload&name=Web_Links&file=index

Craig

http://www.SecurelySpeaking.com

The FAQ has been updated wit this information

don't know if this site is relative...
www.astalavista.com

glen oxygen3. dont always get time to read them, but nice newsletter.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

How about

http://csrc.nist.gov/

Pat

PTrudeau, Thankyou for the link. It has been added to the FAQ.

Chris A

Has anybody mentioned
http://www.us-cert.gov/
It's a good one.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.
 TTinChicago
Johnson Computers

Thanks for that. I have added it to the FAQ

Good info for anyone concerned with security issues.

http://forums.techguy.org/t208517.html    ;

Link added to FAQ.

Thankyou

Chris A

Microsoft security centre: http://www.microsoft.com/security/default.mspx

John

A few personal Favorits,

http://www.cotse.com - church of the swimming elephant, Nice news links

http://www.insecure.org - home of the NMap network scanner, and all sorts of valuable information.

As I think of more, I'll add them....

"I'm just here to regulate funkyness"
http://www.kerbside.net

Thankyou. These have been added to the FAQ

Chris A

Not sure if this qualifies as it is software rather than information, but http://www.ethereal.com/ is the homepage of the open source Ethereal network analysis product.

John

Whilst not strictly a site relating to security, it is useful to perform protcol analysis as part of the forensic investigation if a web site has been comprimised

The URL has been added to the FAQ

The Oxygen newsletter mentioned above is a must have for anyone involved with security, virii and all those things.  It's put out by Panda but anyone can get it if you don't mind a few advertisements.

I would recommend:

www.cesg.gov.uk - UK Government security authority
www.4-secure.com - Specialist security consulting organisation
www.wardrivingworld.com - Wireless war driving site

Hope this helps!

HoinviP
www.global-net.co.uk

These sites have been added to the FAQ. thakyou for the information.

Chris R Anthony

Just thought of another one.  I know, but I think slow!

http://www.wildlist.org/

List of viruses seen in the wild, as reported by many of the top anti-virus vendors.  Updated monthly, usually in the middle of the month.

---

"I'm just here to regulate funkyness"
http://www.kerbside.net

Thankyou. This has been added to the FAQ

Thanks a Lot for all the feed back,in the last few months i've secured my job :)
This a great acomplishment that im very happy to share.

About Security, I check  these sites every day:

We have Checkpoint firewall, so:
http://www.checkpoint.com/techsupport/alerts/index.html
http://www.checkpoint.com/defense/advisories/public/summary.html

New Viruses
http://www.pandasoftware.es/virus_info/ultamenazas.aspx
www.sophos.com
http://www.kaspersky.com

Small antivirus companies, give very early warnings, panda rates virus/worms from 1 to 4, experience tells me, rate 4 requires atention, meaning checking network traffic, IDS patterns, etc.

http://www.nod32.com/home/home.htm

Sources of security knowledge
www.sans.org  Check the top twenty list, is a must!
http://csrc.nist.gov/  Checklist and guidelines

Things worth reading are BS7799, CISSP, Common Criteria, Orange Book (ITSEC). Though i cannot tell how to get them.


Thanks again for all the feed Back.

Kio91

"Bitter winter, not a leaf left to fall"

check this one out

Here's another

http://www.spywarewarrior.com/

Pat

I have updated the FAQ with the above information. Thankyou for all your posts.

Try www.packetstormsecurity.org

Oops- sorry about that! Just saw it there at the top- it's already been listed.

TheRaidersRock,

You should find most of the above mentioned references in the FAQ. If you find any more please post them to the thread and I will addd them to the FAQ.

Chris A

Some more good ones for your Faq;;

http://project.honeynet.org

http://www.junkbusters.com

http://www.whitehats.com


Steve

CobolKid, Thankyou for the URL's they have been added to the FAQ.

Chris Anthony

http://csrc.nist.gov/secpubs/rainbow/

This has all the rainbow series books in text files.

John Woodraska

I just browsed the faq and didn't see
http://www.grc.com
Steve has a great free tool to see if you are being seen on the internet.  For those of us who run wireless, this is a great tool.  Called Sheilds Up.  Tells you what ports are open, what files are being shared, all kinds of stuff for FREE!  Check it out.  (My machines are completely safe, thank you very much.)

Click here to learn How to help with tsunami relief... http://www.google.com/tsunami_relief.html
Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin feel free to join the Tek-Tips in Chicago, Illinois Forum.
"A child of five would understand this. Send someone to fetch a child of five."
Groucho Marx
 

Good catch, GlenJohnson, grc.com is a must add to any faq of this nature.

Maybe, maybe not.
http://www.internettrafficreport.com/main.htm

Click here to learn How to help with tsunami relief... http://www.google.com/tsunami_relief.html
Glen A. Johnson
"Age is not a particularly interesting subject. Anyone can get old. All you have to do is live long enough."
Groucho Marx

Thankyou to Woodrsaj and Glen for their contributions. They have been added to the FAQ.  Chris R Anthony

Glen,  

Know them too, Did I miss something negative there 'bout GRC? I sit behind real time stuff that monitors multi-level (and layer) filtering and packet content, GRC's pretty sound, even though he does not hit 20 or 21 hard.     

Steve

Steve,

Thankyou for those URL's, they have been added to the FAQ.

Nothing negative about grc.  Really would like to know what's going on now.  Main machine getting hit with icmp attacks.  Slowing it down.  Gonna do some research.  Good luck all.

Click here to learn How to help with tsunami relief... http://www.google.com/tsunami_relief.html
Glen A. Johnson
"Age is not a particularly interesting subject. Anyone can get old. All you have to do is live long enough."
Groucho Marx

I always find the following to be useful when I'm in a hurry:
http://www.yourwindow.to/security-policies/

This is basically a set of security policies for reference. It goes with a glossary here:
http://www.yourwindow.to/information-security/

If you are into the information security standard (ISO 17799), I guess the most useful site for me is the user group:
http://www.17799.com

Although there's recently been launched an open source wiki on this which might prove to be good once it fills out:
http://iso-17799.safemode.org

Hope this helps.

Tekor,

Thankyou for your contribution, they have been added to the FAQ

Glen,
I'm seeing a lot of icmp stuff lately too; expecially pings and tracerts.  Also a lot of of dynamic syn's and dynamic ack rst's against my known ip, a lot more than usual.

Hmm.

Steve

Haven't been able to find out anything yet, but it seems quieter.

Click here to learn How to help with tsunami relief... http://www.google.com/tsunami_relief.html
Glen A. Johnson
"Age is not a particularly interesting subject. Anyone can get old. All you have to do is live long enough."
Groucho Marx

I've been using http://infosyssec.com/
its a quick look at all the main articles on a whole bunch of different websites.. great for a quick glance