eWeek Labs Recommends: Key Security Resources

The following sites are tried-and-true security destinations. Every IT pro should bookmark and visit these sites—often.

www.securityfocus.com Home of the Bugtraq mailing list archive, plus a good source of security white papers

www.sans.org Includes the SANS Institutes vulnerability list, white papers and port scan statistics from monitors spread around the Internet

www.cert.org The CERT Coordination Center at Carnegie Mellon provides one of the best resources for security advisories and best-practices information

cve.mitre.org Common Vulnerabilities and Exposures, the authoritative list of vulnerability definitions

icat.nist.gov The National Institute of Standards and Technologys search engine for the CVE database

www.securityportal.com Security news and commentary

www.ntbugtraq.com A Windows-specific vulnerability Web site and mailing list

www.linuxsecurity.com All things Linux security

www.microsoft.com/technet/ security Microsoft Product Security Notification Service, Microsofts security vulnerability mailing list

project.honeynet.org The Honeynet Project: Learn how to do detailed forensics after a compromise

www.wiretrip.net/rfp/ The “skinnable” home of Rain Forest Puppy provides detailed information on exploits and has been first to list several prominent vulnerabilities

www.insecure.org Home of the definitive port scanner nmap, plus a great list of security tools

www.atstake.com/research/advisories/index.html Formerly Lopht advisories, this is an excellent list of advisories that often covers applications skipped by other lists

www.2600.com Home of the venerable hacker magazine