WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
White Hat Web Sites<br />
beginners. Cons: Advisories are posted in dense jargon difficult for beginners to comprehend.<br />
Poorly organized site can make finding a specific item tricky. Net: Authoritative,<br />
comprehensive, definitely a useful arrow in any sys admin's quiver.<br />
NewsNow<br />
NewsNow's UK-based spiders and bots automatically search over 15,000 news sources and<br />
return live links with the results, updated every five minutes. They offer dozens of newsfeeds<br />
(but do we really need to hear the latest on Michael Jackson every five minutes?). The feed you<br />
want is called "Security" (listed under "Internet" in the left column. Don't choose "Hacking;"<br />
you'll get countless articles about various hackers in legal trouble.) Pro: Comprehensive, up-tothe-minute<br />
survey of worldwide Internet security. Con: The same information repeats countless<br />
times as various online sources report it. Net: A great glimpse of security issues worldwide.<br />
The Register<br />
This is not the first place you'll learn of emerging threats, but when you hear of one, depend on<br />
The Reg for the most honest, no-hype summary of the issue. Pro: Plain-English writing style is<br />
great for IT beginners. Check out their "BOFH" series for hilariously bleak parodies of a network<br />
administrator's life. Con: Their scathing anti-Microsoft bias can get heavy-handed. Net: If you<br />
have to explain a new vulnerability to non-technical superiors, you'll appreciate The Register's<br />
style.<br />
White Hat Web Sites<br />
American cinema of the 1930s, 40s, and early 50s, with their endless stream of big-city gangsters and<br />
singing cowboys, popularized the metaphorical idea that "good guys" wear white hats and "bad guys"<br />
reliably identify themselves by wearing black hats. Extending the tradition today, "white hat" computer<br />
security researchers find security holes in commercial software, but instead of telling everyone, they first<br />
inform the manufacturer of the flaw. Then they cooperate with the manufacturer in getting the flaw<br />
fixed before announcing their discovery to the public. We appreciate the efforts of these good guys.<br />
NTBugTraq<br />
Don't let the "NT" fool you: Russ Cooper's site tracks security vulnerabilities in every kind of<br />
Microsoft software that businesses typically use, from server software to Office. Russ's<br />
extraordinarily objective assessments neither bash Microsoft, nor cover their sometimes<br />
egregious security lapses. He has developed good relationships with key Microsoft personnel,<br />
and can often provide a straighter scoop on MS flaws than you can get through official MS<br />
channels.<br />
HackerIntel.com<br />
We like this site as a source of information about hacking and network security-related events.<br />
Administrators from educational institutions should consider bookmarking this site, because its<br />
multi-faceted coverage includes news accounts hard to find elsewhere about university<br />
networks being hacked.<br />
Crypto-Gram<br />
Bruce Schneier has two gifts you rarely see in one person: he is a bona fide cryptographic<br />
expert, and he can write in clear, everyday English. This free e-newsletter is not an alert service;<br />
rather, Schneier's insights on security issues will, over time, teach you how to think about<br />
security in general -- for example, how to assess whether a "cure" costs more than the risk it<br />
addresses, and how to resist falling for a great-sounding plan that doesn't actually provide<br />
added security.<br />
<strong>Reference</strong> <strong>Guide</strong> 85