Blogging Rock Star

IT Security 101 Resources

August 4th, 2007 by Blogging Rock Star

Below are many books, websites and other resources that will help you get started in Information Technology security:

Recommended Reading

• CISSP All-in-One Exam Guide by Shon Harris
• TCP/IP Illustrated by Richard Stevens
• Building Internet Firewalls by Elizabeth Zwicky
• Securing Windows NT/2000 Servers for the Internet by Stefan Norberg
• Hardening Windows Systems by Roberta Bragg

Recommended Tools

• WireShark – Examine packets (use with “TCP/IP Illustrated”, above)
• Superscan - Powerful TCP port scanner, pinger, resolver.
• Nessus and/or Nmap – Vulnerability scanners

Additional Tools

• Sysinternals – Variety of utilities
• PGP – Encryption, documentation is highly recommended, basically a primer on encryption.

Regulations and Standards

• FFIEC
• COBIT
• NIST
• ISO 17799 (ISO/IEC 27002:2005)

Vulnerability Lists

• SANS Top 20
• SANS @Risk Newsletter
• BugTraq
• CVE
• Vulnwatch

Local Chapter Organizations

• ISSA
• ISACA
• OWASP

Training Organizations

• SANS Institute
• (ISC)2
• ISACA

While the above list is by no means comprehensive, it should serve to give you some idea of the sorts of things involved with Information Technology Security.

Constructive comments, suggestions and additions are always welcome.

Posted in Internet Security + Reference + Tips & Tricks | No Comments »

Safeguard Your Passwords

August 4th, 2006 by Sean

Today’s hack post… how to create hack-proof passwords so you can feel safe about your computer.

Tips to create hack-proof passwords:

1. Never, ever use whole words. If the word exists in the dictionary, it can be easily hacked.

2. Combine special symbols with numbers and upper and lowercase characters. Examples: n$iK@07 or 8*neB#kc.

3. Make sure your passwords are at least six to eight characters.

You’ve followed my tips, and now you have a hack-proof password. The problem is that your cryptic passwords are hard to remember. Seriously, are you really going to remember “n$iK@07″? I’m not. You need somewhere to store your passwords.

Password management:

If you’re like me, you have a dozen or so passwords for various websites, applications, networks, and so on. Now that you’ve changed each password using my tips, you need someplace to store them. Safely.

I recommend and use the following: Password Safe. This is an open-source project, a database that encrypts each individual password.

The Pros: Since it’s an open-source project, anyone can look at the source code of the application (there are no hidden backdoors), based on strong Blowfish encryption, auto-generates strong passwords, free.

The Cons: Interface needs work

Posted in Internet Security + Reference | No Comments »