Web-based information has two important attributes: timeliness and worldwide accessibility. These attributes make the Web the premier medium for disseminating information about security. To make their networks as secure as possible, network administrators around the world need to keep up-to-date about security vulnerabilities and fixes. Here are the 10 most impressive Web sites I've found for security information about Windows 2000, Windows NT, and the Internet.
10. Microsoft TechNet—For information about Win2K and NT corporate security, Microsoft's security site (http://www.microsoft.com/technet/security) is the place to start. You'll find links to the latest service packs and security articles, as well as a link to subscribe to the company's E-Mail Notification service.
9. Vmyths.com—As the recent sulfnbk.exe virus hoax aptly demonstrated, knowing which viruses are fake is often as important as knowing which viruses are real. The folks at Vmyths.com (http://www.vmyths.com) list known virus hoaxes and offer tips for spotting hoaxes.
8. Gibson Research Corporation (GRC)—At GRC (http://www.grc.com), you'll find more information about personal security than about corporate security. However, one of the site's recent additions is a fascinating account of a Win2K Denial of Service (DoS) attack and the author's efforts to trace the attack's origin. This site offers an online scanner that lets you test the security of your Internet connection.
7. Common Vulnerabilities and Exposures (CVE)—Although the CVE site (http://cve.mitre.org) isn't specific to Win2K or NT, it provides a standardized list of names for known security vulnerabilities and exposures. The CVE list is available for free download.
6. Computer Emergency Re-sponse Team (CERT)—The CERT site (http://www.cert.org), which Carnegie Mellon University operates, publishes Internet security bulletins. The site also offers a collection of best security practices and technical attack-survivability reports.
5. The Systems Administration, Networking, and Security (SANS) Institute—The SANS site (http://www.sans.org) offers Internet security news, common Internet vulnerability lists, and a SANS Windows Security Digest that you can subscribe to. To check out an early warning system for Internet attacks, try the Internet Storm Center link.
4. Security Administrator—The Security Administrator site (http://www.secadministrator.com, formerly WindowsITsecurity.com) is part of the Windows 2000 Magazine Network. The site offers Win2K and NT security news, weekly security columns, and discussion forums that let you find quick answers to specific security questions.
3. SecurityPortal—SecurityPortal (http://www.securityportal.com) provides up-to-date news about hot topics such as DSL security and the latest viruses and hoaxes and offers links to Microsoft's security hotfixes. This site also includes a security discussion forum.
2. SecurityFocus.com—The SecurityFocus site (http://www.securityfocus.com) contains security information about most of the popular network platforms. With its extensive list of security white papers, downloadable tools, and links to other security-related sites, SecurityFocus.com includes content for all levels of security-conscious administrators.
1. NTBugtraq—The NTBugtraq site (http://www.ntbugtraq.com) and its sister Web site, NTSecurity (http://ntsecurity.ntadvice.com), provide the best way to obtain up-to-date notifications about Win2K and NT security bugs and exploits. To put yourself on the NTBugtraq mailing list, send an email message to [email protected] In the body of the message, type the text "subscribe ntbugtraq firstname lastname" or "subscribe ntbugtraq anonymous."