PDF of this tutorialBooks
Chapman, D. Brent and Elizabeth D. Zwicky. Building Internet Firewalls. O'Reilly and Associates, Inc., 1995. Garfinkel, Simson. PGP—Pretty Good Privacy. O'Reilly and Associates, Inc., 1995. Garfinkel, Simson and Gene Spafford. Practical UNIX Security. O'Reilly and Associates, Inc., 1991. Siyan, Karanjit and Chris Hare. Internet Firewalls and Network Security. New Riders Publishing, 1995. Vacca, John. Internet Security Secrets. IDG Books, 1996.
Security Newsgroups and Mailing Lists
The following newsgroups are available on the USENET news system:
comp.security.announce
comp.security.misc
comp.security.unix
alt.security
misc.security
The UNIX security mailing list is only open to people who are the principal administrators of a site. The address for a subscription request is security-request@cpd.com.
The Bugtraq list discusses security holes and software bugs and how to fix them. To subscribe, send e-mail to bugtraq-request@crimelab.com. In the body of the message include the following line: subscribe bugtraq-list firstname lastname.
Computer Emergency Response Team (CERT) is an organization that helps Internet users identify and rectify damage done to their system by hackers and crackers. To subscribe to the CERT advisory mailing list, send e-mail to cert-request@cert.sei.cmu.edu and put the following in the body of the message: subscribe cert firstname lastname. CERT also maintains a CERT–TOOLS list for the purpose of exchanging information on tools and techniques that increase the secure operation of Internet systems. To subscribe, send e-mail to cert-tools-request@cert.sei.cmu.edu and put the following in the body of the message: subscribe cert-tools firstname lastname.
Other Documents
The basis for this tutorial is "The Site Security Handbook" by J.P. Holbrook and J.K. Reynolds, RFC 1244 Jul-01-1991. NIST has published a document entitled Establishing a Computer Security Incident Response Capability. It is NIST Special Publication 800-3.
