Almost anything you need to know about security can be found on the Internet. There are sites of every size, shape, and color – many with loads of useful information, others that are not nearly as useful. Many of these sites are very commercial while others are completely open.
Because of the wide range of sites that are available, researching particular topics can be a daunting task. It is for this reason that I decided to put together a list of my favorite (and what I consider to be most useful) sites. Please be careful at some of these sites. I cannot vouch for the integrity of any of these sites. If you are using Windows to browse these sites, please make sure that all security patches have been installed on your system. You will probably want to make sure that your virus definitions are up to date as well. I don’t want to cause a panic; I have never had any problems resulting from visiting any of these sites. However, many of these sites link to sites that are run by some less than savory characters.
If you are looking for the latest tools (tewlz?), tutorials, and exploits that are available, I would like to recommend AstaLaVista. This site provides many categories of security-related topics, some of which are platform-specific and application-specific while others may be more general. All in all this site is a very good place to begin researching a topic, as long as the “blackhat” feel of the site does not offend you.
Keep in mind that many crackers and script kiddies use this site and will link to their own sites. The only reason that I mention this is that some sites will have pornographic pop-ups and such. (I have never seen any pornography on AstaLaVista, just on sites linked to from there – you have been warned.) You will quickly learn which sites to avoid. In the meanwhile, let me suggest pop-up stopper if you plan to surf this site from a Windows box. The main reason that I mention this site is that it has become a central repository for everything security-related (trust me, you will see mention of exploits that you never even knew existed!). Anyway, if you want to see what your competitors (crackers, script kiddies, exploiters, etc…) are up to, be sure to check out AstaLaVista.
Another place to go for *tons* of links is Underground Security Systems Research. This site contains huge amounts of information, tools, and links. If you go to the ‘library’ link in the menu, you may want to scroll to the bottom where links to the “typical” security sites can be found. When I say typical, I mean places like CERT (Computer Emergency Response Team) and CSI (Computer Security Institute). These are nice sites if you are looking for information on recent discoveries and commercial tools, but they rarely give you the same tools that the crackers and script kiddies are using. USSR (Underground Security System Research) also has a huge list of these types of tools if you select the ‘Exploits’ link and then follow the link to ‘Misc. and Tools’.
As far as port scanners go, there are only two that I use regularly and I would like to recommend both of them. The first is nmap. (You may recall the articles that I wrote about nmap, which can be found here in the murdok archives…see links below.) This is truly the most configureable port scanner that I know of. Even most of the commercial scanners that I have seen can’t hold a candle to nmap. And, while I am speaking of nmap, one of the nicest lists of tools that I have seen is hosted by the people that bring you nmap. Be sure to check out insecure.org’s tools page.
The second port scanner that I would like to recommend is for use by Windows machines on Windows networks. LANGuard Network Scanner provides an excellent way to scan an entire subnet of Windows machines and will even list problem areas. You can save reports of your scans in HTML format. There are now two versions of LANGuard Network Scanner, a freeware version and a commercial version which boasts more functionality. I have not used the commercial version and thus cannot comment on it. Either way, at 99$ it is very inexpensive when compared to other commercial tools of this sort.
Packet sniffers, you love to hate them, or at least I do. However, there is so much diagnosis that can be done with a run-of-the-mill packet sniffer. You can see why connections are being dropped. You can try and reverse-engineer proprietary protocols so that you can interconnect various platforms without having to spend thousands on connectivity software. Anyway, if you like the command line, TCPDump is for you. I prefer GUI-based applications for the most part. That is why I love Ethereal. This is probably the most intuitive packet sniffer (a.k.a. network analyzer) available. There are ports available for almost any platform you can think of. For more information on Ethereal, check out their site. You will also be able to find the infamous ‘Analyzer’ packet sniffer for Windows here.
If you really want to know what the latest vulnerabilities are, along with patches to fix them, be sure to check out SecureITeam, which also has a page with many useful tools.
Well, that is my list of personal favorites. If I missed a site that you feel should have been listed, drop me a line. If enough of you send me links, we may even make another issue similar to this one. Thank you all for reading SecurityProNews.
Jay Fougere is the IT manager for the murdok network. He also writes occasional articles. If you have any IT questions, please direct them to Jay@https://murdok.org.
