Access - Defends and extends the digital rights of users at risk around the world. By combining innovative policy, user engagement, and direct technical support, it fights for open and secure communications for all.
Alien Vault - Provides unified security products, intelligence and community to address complex compliance and threat management needs.
Anti-Spam SMTP Proxy (ASSP) -
Excellent program for fighting spam. Creates an open source platform-independent SMTP Proxy server which implements auto-whitelists, Bayesian, Greylisting and
multiple filter methods. Also see Wiki on Getting Started.
ARIS Analyzer - A free service designed by SecurityFocus to allow participating network administrators to submit suspicious network traffic and
intrusion attempts anonymously, for detailed analysis and reporting.
Attrition - Computer security Web site dedicated to the collection, disemination and distribution
of information about the industry. They maintain a large catalog of security advisories, cryptography, text files, and denial of service attack information.
They are also known for their crusade to expose industry frauds and inform the public about incorrect information in computer security articles.
AuditMyPC - Firewall test, port scan, spy ware and security audit choices.
Below Gotham Labs - Performs basic research and development in areas related to information security. Primary investigator: Bill Blunden.
Black Hat - Provides event attendees with the latest in information security research, development, and trends in a strictly vendor-neutral environment. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a venue for elite security researchers and trainers to find their audience.
Center for Education and Research in Information Assurance and Security (CERIAS) - Perdue
University center for research and education in areas of information security. Provides a multidisciplinary approach to problems ranging from
purely technical issues (e.g., intrusion detection, network security, etc) to ethical, legal, educational, communicational, linguistic, and economic
issues, and the subtle interactions and dependencies among them.
CERT Coordination Center - Starts incident response teams, coordinates teams responding to large-scale
incidents, trains incident response professionals, researches security vulnerabilities, system security, and survivability of large-scale networks.
Check Point Software Technologies - A leader in network security software, firewall solutions, VPN solutions,
endpoint security, network protection, security management, data protection and Pointsec data encryption technologies.
CISSP and SSCP Open Study Guides - Dedicated to helping people in achieving their goal of becoming a CISSP
(Certified Information Systems Security Professional) or SSCP (Systems Security Certified Practitioner).
Citizen Lab - Advanced research that monitors, analyses, and impacts the exercise of political power in cyberspace
at the intersection of digital media, global security, and human rights.
Common Vulnerabilities and Exposures (CVE) - A list of standardized names for vulnerabilities
and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
Computers, Networking and Security - Unix and Linux, TCP/IP, Cryptography, INTOSEC History,
Computer and Network Security, Textual Analysis, 3-D Data and Image Analysis, Privacy Tools, Network Security Auditing/Monitoring Tools,
Core Security - Committed to delivering breakthrough software and services that address
the information security needs of corporations and government organizations worldwide. CORE IMPACT is the first automated, comprehensive
penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your
network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security
CSO (Chief Security Officers): Security and Risk - A site for chief security officers and other
security executives. Provides information security executives with in-depth analysis, articles, best practices and strategic insight to help make
smart decisions and wise investments. An IDG publication.
Cybercrime - The Computer Crime and Intellectual Property Section (CCIPS) of
the Criminal Division of the U.S. Department of Justice.
CyberGuard - Offers digital recording, remote camera viewing access, 24 hours monitoring, video archiving
and multi-camera display with wireless or wired connectivity. Other features include optional linkage to security alarm, password protection, schedule
recording and motion detection.
Diceware - Wikipedia backgrounder: Diceware is a method for creating passphrases, passwords, and other cryptographic variables using an ordinary die from a pair of dice as a hardware random number generator.
Disconnect - Disconnect detects trackers based on the number of requests they've made for your information, and displays them in one of four categories: advertising, analytics, social and content. Users can re-enable a tracker or whitelist a website from the dashboard in the upper right hand corner of the Web browser. The extension also features a nifty visualization of all of the requests surrounding the page you're on, with a graph of each third-party request connected to the current page, and a rundown of web resources saved by disabling trackers, like bandwidth and browsing speed. Disconnect maintains its database of trackers by crawling popular websites for third-party requests, then categorizing those requests by type, according to co-founder Casey Oppenheim. The Disconnect database is open source. Disconnect also provides a separate browser extension that allows you to search anonymously on engines including Google, Bing, Blecko and DuckDuckGo. Disconnect routes your search queries through their own servers, so Google, for example, would effectively see and store your search as a request from Disconnect instead of you.
Domestic Security Alliance Council (DSAC) - A strategic partnership between the FBI, the Department
of Homeland Security and the private sector, enhances communications and promotes the timely and bidirectional effective exchange of information
keeping the nation's critical infrastructure safe, secure and resilient. DSAC advances elements of the FBI and DHS missions'
in preventing, deterring, and investigating criminal and terrorism acts, particularly those effecting interstate commerce, while advancing the
ability of the U.S. private sector to protect its employees, assets and proprietary information.
grsecurity - An extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 14 years. Commercial support for grsecurity is available through Open Source Security, Inc.
HTTPS Everywhere - A Firefox, Chrome, and Opera extension from EFF that encrypts your communications with many major websites, making your browsing more secure.
KeePassX - KeePassX is a cross platform port of the windows application "Keepass Password Safe". It is an OpenSource password safe which helps you to manage your passwords in an easy and secure way. It uses a highly encrypted database locked with one master key.
Open Whisper Systems - Working to advance the state of the art for secure communication. Private calling for iPhone and Android.
Tor - Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Also see Configuring a Tor Relay.
eSecurity Planet - Software and Internet security product information, news, articles,
analysis, and advice. Insight into the latest tools and techniques to help guard against the ever-changing threat landscape. Learn about web security,
cloud security, endpoint security, email security, gateway security, LAN/WAN security, firewalls, VPN, IPv6, encryption,
cybersecurity, privacy, and more. Explore best practices, products, and tools that safeguard your organization's network. Also see eSecurity
Planet: Network Security.
F-Secure - A leading strategic provider of powerful data security solutions.
FireEye - A leader in providing cyber security solutions. The FireEye Global Defense Community includes more than 2,500 customers across 65 countries, including over 150 of the Fortune 500. Also see FireEye Blogs.
Foundstone - Business-focused security consulting and education solutions.
Fred Cohen and Associates - Fred Cohen is best known as the inventor of computer virus
defense techniques, the principal investigator whos team defined the information assurance problem as it relates to critical infrastructure protection
today, and a seminal researcher in the use of deception for information protection. But his work on information protection extends far beyond these
areas. In the 1970s he designed network protocols for secure digital networks carrying voice, video, and data; and he helped develop and prototype
the electronic cashwatch for implementing personal digital money systems. In the 1980s, he developed integrity mechanisms for secure operating systems,
consulted for many major corporations, taught short courses in information protection to over 10,000 students worldwide, and in 1989, he won the
prestigious international Information Technology Award for his work on integrity protection. In the 1990s, he developed protection testing
and audit techniques and systems, secure Internet servers and systems, defensive information warfare techniques and systems, and early systems using
deception for information protection. All told, the protection techniques he pioneered now help to defend more than three quarters of all the computers
in the world.
GetNetWise - Kids' safety on Internet, spam, spyware, viruses, privacy.
Gibson Research Corporation - Hard drive data recovery, internet security, SpinRite. Exclusive
home of ShieldsUp, a GRC Internet Security Detection System scans on request
the user's computer, especially the Windows file sharing and reports vulnerabilities.
HackingTeam - Provides effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities.
Hacktivismo - An international group of hackers, human rights
workers, lawyers and artists that evolved out of The Cult of the Dead Cow (cDc), a publishing and computer security group. Believes that
privacy and access to information are basic human rights. On 09/19/06, Hacktivismo released Torpark, an anonymous, fully portable Web browser based on Mozilla Firefox. Torpark comes
pre-configured, requires no installation, can run off a USB memory stick, and leaves no tracks behind in the browser or computer. Torpark is
a highly modified variant of Portable Firefox, that uses the TOR (The Onion Router) network to anonymize the connection between
the user and the website that is being visited.
HBGary - A leading provider of technologies and solutions for mission-critical national security programs
for the intelligence community; the Departments of Defense, State, Homeland Security, Energy and Justice, including the Federal
Bureau of Investigation (FBI); the health and space communities; and other U.S. federal government customers and for Fortune 500 corporations
in the finance, energy, entertainment, and healthcare.
Herdict - A user-driven platform for identifying web blockages as they happen, including denial of service
attacks, censorship, and other filtering.
Holistic Security Manual - A strategy manual to help human rights defenders. Integrates self-care, digital security, and information security into traditional security management practices.
How to Disable SSLv3 - As happened for SSLv2, Google engineers point out that SSLv3 is broken (with an exploitation technique known as POODLE) and should not be used any longer. This web page shows how to effectively disable SSLv3 in major web browsers as well as in web, mail and other servers that may still be using it.
Identity Theft Resource Center - Dedicated exclusively to the understanding
and prevention of identity theft. The ITRC provides consumer and victim support as well as public education. The ITRC also advises
governmental agencies, legislators, law enforcement, and businesses about the evolving and growing problem of identity theft.
IEEE Security & Privacy - Provides a unique combination of research
articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy
concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues
in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design
and test strategies for secure and survivable systems, and cryptology.
Immunity - Immunity's CANVAS makes available hundreds of exploits, an automated
exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
Information Systems Security Association (ISSA) - International organization of information security
professionals and practitioners. Promotes management practices that will ensure the confidentiality, integrity and availability of information resources.
Information Warfare Site (IWS) - Aims to stimulate debate about a range of subjects from information
security to information operations to e-commerce. Emphasis on offensive and defensive information operations. For the latest cyber-threat news visit
the INFOCON Threat Centre.
InformationWeek: Security - Analytical source of news, analysis and case studies on the
major security issues impacting enterprise IT organizations.
InfoSec News - A privately run, medium traffic mailing list that distributes information
security news articles from newspapers, magazines, online and other resources.
InfoSECURITYnetBASE - Established experts meet the challenges
of information security, with a wealth of material exploring system analysis, server set-up, cryptography, cyber-crime, and other modern risks. The
collection also includes the complete CISSP Exam Prep Book and other top certification aids.
Infosyssec - Comprehensive computer and network security resource on the Internet for information
system security professionals.
Internet Engineering Task Force (IETF) - A large open international community of network designers,
operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.
Internet Explorer Downloads - Official Microsoft site
providing critical updates, recommended releases, and other beneficial system updates for its browser, Internet Explorer.
Is My Cell Phone Bugged? Everything You Need to Know to
Keep Your Mobile Conversations Private - In Is My Cell Phone Bugged?, eavesdropping detection specialist Kevin D. Murray draws
from over 30 years experience and detailed research to show readers how to retake control of their privacy. Murray conveys critical safeguarding
information for all cell phone users in an engaging and straightforward manner. An expert in the fields of counterespionage and eavesdropping detection, Murray educates
the reader, shows red flags, and provides real solutions to safeguard this technology.
Lookout - Smartphone security company provideing security to protect you from viruses, malware and spyware,
the ability to backup and restore your data, and tools to help locate lost or stolen phones. Android and iOS apps to protect their
smartphones and tablets from security risks, data loss, and device loss.
Managing the Security and Privacy of Electronic Data in a
Law Office - Clients, lawyers, and law office staff routinely work with electronic documents and data. Protecting the security and confidentiality
of that information is important. A failure to take appropriate steps to protect the electronic data in your office could result in a release of
sensitive information, a malpractice claim, a complaint to the Law Society, or the theft of your personal identity. To minimize the risk
of any disclosure or loss of confidential client or practice data, you should understand where the risks are, and implement office management practices
and appropriate technology to ensure all of your data remains confidential and secure. This booklet highlights the risks and provides a comprehensive
review of various steps you should take to ensure that the electronic information in your office remains confidential and secure.
MVPS Hosts - The Hosts file contains
the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before
it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any
connection attempts back to the local (your) machine. Another feature of the HOSTS file is its ability to block other applications from connecting
to the Internet, providing the entry exists. You can use a Hosts file to block ads, banners, 3rd party Cookies, 3rd party page counters,
web bugs, and even most hijackers. And this page shows you how.
Naked Security - Computer security news, opinion, advice and
research from anti-virus experts Sophos.
National Security Agency (NSC) - Cryptologic organization that coordinates, directs, and performs
highly specialized activities to protect U.S. information systems and produce foreign intelligence information. A high technology organization, NSA is
on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within
the U.S. Government.
Neohapsis - Helps organizations assess their critical business processes and build a consistent
and sustainable Governance, Risk and Compliance (GRC) discipline.
Netcraft - Internet research, anti-phishing and PCI security services.
NetScanTools - A leader in Internet security technology, provides a broad range of internet
utility solutions to individuals and companies. NetScanTools is one of the most widely used network information utilities and a pioneer
in the grouped network utilities arena.
Network Security Library - Hundreds of articles, FAQs, white papers
and books on network security, gathered from various sources throughout the industry.
NextLabs - Provides data-centric security software to protect business-critical data and applications.
nmap - An open source utility for network exploration or security auditing, designed to rapidly scan
large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of
packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers, and both console and graphical
versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL.
Nomad Mobile Research Center - Projects and papers written from the perspective of the unwanted
intruder. Research into bugs and holes in commercial networking software. Hacks and cracks.
Orange Book - First published in 1983, the Department of Defense
Trusted Computer System Evaluation Criteria, (DOD-5200.28-STD) known as the Orange Book is the de facto standard for computer
Passcode - A field guide to security and privacy from The Christian Science Monitor.
Pwnie Express - Provides scalable asset discovery, vulnerability scanning and pentesting solutions for remote sites and all wireless spectrums.
PCI Security Standards Council - An open global forum for
the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI
Security Standards Council's mission is to enhance payment account data security by fostering broad adoption of the PCI
Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard
Worldwide, and Visa Inc.
Pivot Point Security - Information security audits, network/app pen tests, incident response,
ISO 27001 consulting, SIEM.
Privacy International - Committed to fighting for the right to privacy across the world. Investigates the secret world of government surveillance and expose the companies enabling it.
Recurity Labs - Analyzes complex systems and software for actual
or potential security vulnerabilities. Specializes in the high end areas of system and code analysis, leveraging many years of field practice in
system design and implementation analysis, reverse engineering, source code auditing and improvement of existing solutions.
Renesys - Internet intelligence. Its global sensor grid collects and enables the analysis of all routing changes, worldwide, via live feeds from more than 400 sites around the globe. This real-time data is correlated with other data, including traceroutes, domain records, and geographic, business and other intelligence.
Rift Recon - Experts in physical tampering; evidence, methods of attack, and detection.
Ronald L. Rivest - Professor Rivest, the Webster Professor of Electrical Engineering
and Computer Science at MIT, has interests in cryptography, computer and network security, and algorithms. This page houses many of his
shorter papers, information on programs at MIT, and various links to other sources of information.
Rootkit - A rootkit is a set of software tools frequently used by a third party
(usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which
helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems
such as Linux, Solaris and versions of Microsoft Windows.
RSA Conference - Conducts information security events around the globe. Also delivers, on a regular basis, insights via blogs, webcasts, newsletters and more so you can stay ahead of cyber threats
RSA Security - Trusted name in e-security, helping organizations build secure, trusted foundations
for e-business through its two-factor authentication, encryption and public key management systems.
SANS Institute - Provides computer security training for system administrators,
computer security professionals, and network administrators.
SANS Internet Storm Center - Working closely with individuals, organizations, and sometimes law enforcement,
the SANS Institute designed this site to promote "threat-driven" information and intelligence. The primary
goal is to provide users with a current security intelligence early-warning system.
SC Magazine - IT security publication published in the UK.
Sectera Edge - The Sectera Edge smartphone converges secure
wireless voice and data by combining the functionality of a wireless phone and PDA - all in one easy-to-use handheld device. Developed for
the National Security Agency's Secure Mobile Environment Portable Electronic Device (SME
PED)program, the Sectera Edge is certified to protect wireless
voice communications classified Top Secret and below as well as access e-mail and websites classified secret and below. The Sectera Edge is
the only SME PED that switches between an integrated classified and unclassified PDA with a single key press.
Secunia - A leading provider of IT-security services. Also provides security advisories
and vulnerability tracking service.
Secure Mobile Environment Portable Electronic Device (SME PED) - The National
Security Agency has developed a hand-held communication device that will revolutionize secure, portable access to classified information.
Its technical name is Secure Mobile Environment Portable Electronic Device (SME-PED) and it enables its users to send and receive
both classified and unclassified telephone calls and to exchange classified and unclassified email. In addition, the SME-PED (pronounced "SMEE-PED")
enables users to web browse on secure networks that are classified secret.
SecureList - A computer security portal run by Kaspersky Lab that is devoted to educating the general public about different aspects of internet security.
It hosts a Virus Encyclopedia which provides information about various types of computer malware.
Security Fix - Washington Post column on computer and Internet
security by Brian Krebs.
Security Resource Net - Industry and product news, computer alerts, travel advisories,
a calendar of events, a directory of products and services, and access to an extensive virtual security library. Maintained by the National Security
Security Wizardry Portal - Portal where information security professionals can share and comment
on old or new security products, ensuring that the best security solutions are in use the world over.
Security-in-a-Box - A guide to digital security for activists and human rights defenders throughout the world. Community Guides focus on specific groups of people - sometimes in specific regions - who face severe digital threats. Tool Guides offer step-by-step instructions to help you install and use the most essential digital security software and services. Also see Protect Your Device from Malware and Hackers.
security.tao.ca - Information on computer and Internet security, privacy, anonymity, and more.
Attempts to answer the many questions that get asked about computer security, particularly as it relates to activists and activism.
Shields Up - Without your knowledge or permission, the Windows networking
technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world. Gibson Research
Corporation provides this page to check the security of your computer's connection to the Internet.
Snort - An open source network intrusion detection system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety
of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
and much more.
Sophos - Protects whatever needs protecting in your environment: computers, laptops, virtual desktops
and servers, mobile devices, and your web and email gateway.
SPECTER - SPECTER is a smart honeypot or deception system. It simulates a complete machine,
providing an interesting target for hackers to lure them away from the real machines. SPECTER offers common Internet services such as SMTP and FTP which
appear perfectly normal to the attackers but in fact are traps for them to mess around and leave traces without even knowing that they are connected
to a fake system which does none of the things it appears to do but instead logs everything and notifies the appropriate people. SPECTER can
even investigate the originators while they are still trying to break in.
Spider.io - Identifies human website visitors who are interacting legitimately with web content. spider.io
distinguishes these legitimate human interactions in real time from other types of interaction with web content-often by automated or systematic
visitors and also often, in the case of online advertising, as a result of deviant publisher activity.
Stay Safe Online - This site is designed to give information needed to secure your home
or small business computer. You'll find tips on how to safeguard your system, a self-guided cyber security test, educational materials, and other
Surveillance Self-Defense - An Electronic Frontier Foundation guide to protecting yourself from electronic surveillance for people all over the world. Some aspects of this guide will be useful to people with very little technical knowledge, while others are aimed at an audience with considerable technical expertise and privacy/security trainers.
Symantec - Norton AntiVirus, Internet security, and anti-spyware products for the home. Solutions
to manage IT risk and maximize IT performance for business. Download free product trials. Symantec Enterprise Firewall; VelociRaptor.
Symantec.cloud - Automatic, off-site data protection that can be set up in minutes, with no additional
Tor - An anonymous Internet communication system. Tor is a toolset for a wide range of organizations
and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing,
instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software
developers can build new applications with built-in anonymity, safety, and privacy features. Tor is free software and an open network that helps
you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships,
and state security known as traffic analysis. Tor protects you by bouncing your communications
around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning
what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications,
including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.
Tor Project Blog - Tor is a network of virtual tunnels that allows people and groups to improve
their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides
the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising
their privacy. Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory.
It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every
day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.
UltraSurf - Popular anti-censorship, pro-privacy software. Enables internet users to
protect their security and anonymity online while bypassing internet censorship, and is free to users. The tool was originally designed for internet
users in Mainland China, where the internet is heavily censored and internet users' activities monitored.
US-CERT - Part of DHS' National Cybersecurity and Communications Integration Center (NCCIC). The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) leads efforts to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the U.S. Also see US-CERTTips page for advice about common security issues for non-technical computer users.
VeriSign iDefense Security Intelligence
Services - A comprehensive provider of security intelligence to governments and Fortune 500 organizations. The company's goal is to
assist customers in avoiding or mitigating threats to their information assets, computers, networks, Internet functions and proprietary information
before a crisis occurs, minimizing any potential disruption to network and business operations.
Vupen - Provides vulnerability research and intelligence for defensive and offensive security.
WatchGuard - Provider of dynamic, comprehensive Internet security solutions
designed to protect enterprises that use the Internet for e-business and secure communications. Firebox series.
KWSnet is an Internet subject directory providing special attention to U.S. national and international news, the arts, computing, culture, environment, law, literature, media, politics, science
and technology. Based in San Francisco, California, KWSnet contains over 150,000 annotated links to resources worldwide. Use Search KWSnet, located at the top of each page, to search within this site. Use Ctrl-F (Windows) or ⌘-F (Mac) to search
within individual pages.