Last updated:
Appendices
DocumentsSupporting documents referenced in the book are available for download here.
Glossary in format required for loading into Blackboard's Glossary manager. This file was developed by Prof. Stanley Wine of Baruch College.
Useful Forums
Security and Cryptography Forum: Sponsered by DevShed. Discusses issues related to coding, server applications, network protection, data protection, firewalls, ciphers and the like. Cryptography Forum: On Topix. Fairly good focus on technical issues. Security Forums: On WindowsSecurity.com. Broad range of forums, including cryptographic theory, cryptographic software, firewalls, and malware.
Useful Links Computer Science Student Resource Site: Help and advice for the long-suffering, overworked student. Errata sheet: Latest list of errors, updated at most monthly. File name is Errata-CompSec1e-mmyy. If you spot any errors, please report them to 
. IETF Security Area: Provides up-to-date information on Internet security standardization efforts.
Computer and Network Security Reference Index: A good index to vendor and commercial products, FAQs, newsgroup archives, papers, and other Web sites.
IEEE Technical Committee on Security and Privacy: Home of the electronic newsletter Cipher, which provides book reviews, new crypto and security links, and links to reports and papers available online.
Computer Security Resource Center: Maintained by NIST; contains a broad range of information on security threats, technology, and standards.
European Network and Information Security Agency A source of expertise on security issues for the EU. Includes an excellent set of technical reports, plus numerous other documents and links.
Security Focus: A wide variety of security information, with an emphasis on vendor products and end-user concerns. Maintains the Bugtraq, a mailing list for the detailed discussion and announcement of computer security vulnerabilities.
SANS Institute: Similar to Security Focus. Extensive collection of white papers. Maintains Internet Storm Center, which provides a warning service to Internet users and organizations concerning security threats.
Risks Digest: Forum on risks to the public in computers and related systems.
CERT Coordination Center: The organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency. Site provides good information on Internet security threats, vulnerabilities, and attack statistics.
Packet Storm: Resource of up-to-date and historical security tools, exploits, and advisories.
Institute for Security and Open Methodologies: An open, collaborative security research community. Lots of interesting information.
Security Cartoon: A cartoon-based approach aimed at improving the understanding of security risk among typical Internet users.
Center for Internet Security: Provides freeware benchmark and scoring tools for evaluating security of operating systems, network devices, and applications. Includes case studies and technical papers.
The Cryptography FAQ: Lengthy and worthwhile FAQ covering all aspects of cryptography.
Bouncy Castle Crypto Package: Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment. The package is distributed at no charge for commercial or non-commercial use.
Cryptography Code: Another useful collection of software.
American Cryptogram Association: An association of amateur cryptographers. The Web site includes information and links to sites concerned with classical cryptography.
Crypto Corner: Simon Singh's Website. Lots of good information, plus interactive tools for learning about cryptography.
Password Usage and Generation: NIST documents on this topic
Biometrics Consortium: Government-sponsored site for the research, testing, and evaluation of biometric technology
NIST RBAC site: Includes numerous documents, standards, and software on RBAC
STAT Project: A research and open-source project at the U. of California, Santa Barbara that focuses on signature-based intrusion detection tools for hosts, applications, and networks
Honeynet Project: A research project studying the techniques of predatory hackers and developing honeypot products
Honeypots: A good collection of research papers and technical articles.
Snort: Web site for Snort, an open source network intrusion prevention and detection system.
Anti-Virus Online: IBM's site on virus information; one of the best.
Vmyths: Dedicated to exposing virus hoaxes and dispelling misconceptions about real viruses.
SecureList: Information about viruses, hackers, and spam.
David Dittrich’s Distributed Denial Of Service Site: Contains lists of books, papers, and other information on DDoS attacks and tools.
Denial of Service (DoS) Attack Resources: Provides a useful set of links to relevant law enforcement agencies, technical information on, and mailing lists about denial of service.
Firewall.com: Numerous links to firewall references and software resources.
Trusted Computing Group: Vendor group involved in developing and promoting trusted computer standards. Site includes white papers, specifications, and vendor links.
Common Criteria Portal: Official Web site of the common criteria project.
CWE/SANS Top 25 Most Dangerous Software Errors: A list of the most common types of programming errors that were exploited in many major cyber attacks, with details on how they occur and how to avoid them.
Metasploit: The Metasploit Project provides useful information on shellcode exploits to people who perform penetration testing, IDS signature development, and exploit research
OpenBSD Security: The OpenBSD project produces a free, multiplatform 4.4BSD-based UNIX-like operating system.
CERT Secure Coding: Resource on CERT site of links to information on common coding vulnerabilities and secure programming practices
David Wheeler - Secure Programming: Provides links to his book and other articles on secure programming
Fuzz Testing of Application Reliability: Provides details of the security analysis of applications using random input performed by the University of Wisconsin Madison
Open Web Application Security Project (OWASP): Dedicated to finding and fighting the causes of insecure software and providing open source tools to assist this process
InfraGuard: An FBI program to support infrastructure security efforts. Contains a number of useful documents and links
The Infrastructure Security Partnership: A public-private partnership dealing with infrastructure security issues. Contains a number of useful documents and links.
Federal Emergency Management Administration (FEMA): Contains a number of useful documents related to physical security for businesses and individuals.
NIST PIV program: Contains working documents, specifications, and links related to PIV.