WSM Reference Guide - WatchGuard Technologies

Grey Hat SitesInsecure.orgCheck out the online home of the well-known security researcher Fyodor, who authored nmap,the best port scanning tool available. From this site you can download nmap and 74 othersecurity tools from others, many of them excellent. Insecure.org serves as a repository fornumerous other security lists which may not have an archive of their own (such asFullDisclosure). If you don't want to junk up your Favorites with every security list (BugTraq,FullDisclosure, Pen Test, etc.) bookmark this one site and you can find them all from here.Governmentsecurity.orgDespite its name, this site is not sponsored by a government. Like many of the other sites we'verecommended, it archives daily security news. But our favorite feature is the moderated securityforums, where you can discuss relevant topics (ranging from general network security, to howto compile and run specific exploits) with other network administrators.Microsoft TechNetIT professionals running a Windows network look here for the latest Microsoft security bulletins.Pro: Authoritative source for Microsoft security fixes. Con: Microsoft's alerts minimize the trulybad implications of some vulnerabilities, sometimes unfairly. Bring a suspicious mind to thepart of each alert that talks about "mitigating factors" that supposedly reduce risk. Net: If youuse Windows, you've got to visit here at least monthly.CERT.orgThis government-funded source of security advisories describes itself as "a center to coordinatecommunication among experts during security emergencies and to help prevent futureincidents." Pro: CERT does an excellent job of coordinating information when vulnerabilities arefound in the most commonly-used Internet resources. Con: Because their work is "official" andbecause so many vendors can have a say in CERT's advisories, this is often the last entity to issuea security advisory. Net: Pretty much the final word on anything Internet-related and notowned by a private vendor. A must for your arsenal of resources.Grey Hat SitesWe characterize these security researchers as "grey hats" because, unlike white hats, they might notinform the appropriate manufacturer before publicly revealing their findings and posting exploit code(often passed off euphemistically as "proof of concept" code). Technically they're not breaking laws oracting maliciously, like "black hats." But announcing security holes before vendors can fix them is likegiving an army a map of the castle they're attacking, with a big red arrow marking the secret entrance.Grey hats commonly claim their behavior contributes to overall security by making vendors watchthemselves more diligently. Whether that is true is a battle we'll leave to someone else.Nonetheless, "grey hat" sites are worth inspecting when you want to understand more about how a particularvulnerability works. These sites are often the first to reveal new vulnerabilities, much sooner thanyou'll get the info from the appropriate vendor. When trying to prioritize how urgently you need topatch flawed software on your network, flaws where the exploit code is publicly posted should go to thetop of your list. To learn whether exploit code is publicly available, monitor our LiveSecurity alerts, andcheck some of the following sites.Unpatched Internet Explorer BugsResearchers have found numerous security flaws in Internet Explorer that Microsoft has notpatched yet. Some holes are serious (for example, one enables a hacker who has lured you tohis malicious Web site to silently install and execute code on your computer). Liu Die Yu's site80 WatchGuard System Manager