FIRST Security Reference Index

Also maintained by FIRST: the FIRST Best Practice Guide Library

The below list features common reference points for security best practices. This is not meant to be a definitive list but rather a way to present best practice web sites that have been helpful to the FIRST community.

Note: The Security Reference Index is based on references submitted by FIRST members.

FIRST members are strongly encouraged to click here if they know of possible additions to this page.

Caida Presentations

http://www.caida.org/outreach/presentations/

CERT Coordination Center

http://www.cert.org/nav/index_green.html
http://www.cert.org/octave/
http://www.cert.org/csirts/

Center for Internet Security Benchmarking tools

http://www.cisecurity.org/

Cisco's Safe Documentation

http://www.cisco.com/en/US/netsol/.../networking_solutions_package.html

Team Cymru Document List

http://www.cymru.com/Documents/index.html

Federal Agency Security Practices

http://csrc.nist.gov/fasp/

First

http://www.first.org/resources/guides

JANET

A Suggested Charter for System and Network Administrators

NSA Guides

http://www.nsa.gov/snac/

OWASP Guide to Building Secure Web Applications

http://www.owasp.org/documentation/guide/guide_downloads.html

Oreilly's Onlamp

http://www.onlamp.com/security/

Internet Security Alliance Common Sense Guides

http://www.isalliance.org

Microsoft Security Guidance Center

http://www.microsoft.com/security/guidance

Same site in Brazilian/Portuguese, French, German, Italian, Japanese, Korean, Simplified Chinese, Spanish and Traditional Chinese

http://www.microsoft.com/security/guidance/worldwide

Microsoft TechNet Security Guidance

http://www.microsoft.com/technet/security/guidance/default.mspx

Nanog's Security Curriculum

http://www.nanog.org/ispsecurity.html

RFC 2350 - Expectations for Computer Security Incident Response

http://www.faqs.org/rfcs/rfc2350.html

RFC 2196 - Site Security Handbook

http://www.faqs.org/rfcs/rfc2196.html

RFC 2827 - Network Ingress Filtering

http://www.faqs.org/rfcs/rfc2827.html

RFC 2504 - Users' Security Handbook

http://www.faqs.org/rfcs/rfc2504.html

SANS Reading Room

http://www.sans.org/rr/

Sun blueprints

http://www.sun.com/blueprints/browsesubject.html

Sun System Administration Best practice

http://www.sun.com/bigadmin/features/articles/bestpractices.html

Acknowledgement

This is a collaborative effort from the FIRST community - moderated by Gavin Reid. Thanks for all the great suggestion and feedback.