ISS Advisor Update

From: marky (markynospam_at_issadvisor.com)
Date: 02/15/04

  • Next message: erik: "Re: Gates takes swipe at Apple, Linux security"
    Date: Sun, 15 Feb 2004 11:09:31 -0500
    
    

    Here are some good security information links on an open ISS community web
    site. This information is geared towards the Internet Security Systemsí
    Dynamic Protection platform, but can be applied generically to all
    security platforms.

    ** New Walk-thru on Evolution of IDS. Gives great detail on how IDS engines
    work, including Snort and most IDS/IPS technologies. It demystifies many of
    the SECURITY ALGORITHMS that are being used.
       http://www.issadvisor.com/viewtopic.php?t=207

    Whitepapers:

    Dynamic Protection: Transitioning from reactive to proactive security
    http://www.issadvisor.com/viewtopic.php?t=60

    Modern GSM Insecurities . Using a GSM enabled phone? Good background on the
    security capability of GSM networks.
    http://www.issadvisor.com/viewtopic.php?t=119

    All Patched Up? The Dangers of Dynamic Content (SQL Injection)
    http://www.issadvisor.com/viewtopic.php?t=125

    Powerpoint Presentations:
    Hackers and Hybrid Threats
    http://www.issadvisor.com/viewtopic.php?t=116

    Dynamic Protection Deployment Strategy
    http://www.issadvisor.com/viewtopic.php?t=115

    SQL Injection. 3 parts. The first part discusses the basics of how to test
    web applications for SQL injection vulnerabilities. The second part goes into
    the specifics of how to manually identify and test for SQL injection
    vulnerabilities. And the third part describes how to exploit SQL injection to
    retrieve data from the database.
    http://www.issadvisor.com/viewtopic.php?t=123

    Selecting an Managed Security Service (MSS) Partner
    An overview on the MSS business and what services to look for.
    http://www.issadvisor.com/viewtopic.php?t=67

    Security Fusion Module
    Combining security events to optimize what gets escalated.
    http://www.issadvisor.com/viewtopic.php?t=83

    Security Tutorials:

    ISS SiteProtector 2.0 - Security Information Management (SIM). While these
    tutorials focus on ISS Site Protector, this could be applied to other
    SIM technologies.

     Tutorials include Installation Tutorial, Asset Configuration Tutorial, Report
     Generation Tutorial, Peer-2-Peer (P2P) Policy Creation Tutorial *VERY GOOD*,
     Gambling and Adult Site Policy Creation, and Automated Email Reporting and
     distribution.
         http://www.issadvisor.com/viewforum.php?f=35

    Opinion pieces:

    Vulnerability Disclosure Guidelines. Vendors need to be held accountable.
    http://www.issadvisor.com/viewtopic.php?t=41

    Anti-Virus Fails against SQL Slammer Worm. Antivirus companies are not open
     about this fact.
    http://www.issadvisor.com/viewtopic.php?t=118

    ForeScoutís honeypot. What are some of the downsides of a honeypot technology.
     http://www.issadvisor.com/viewtopic.php?t=108


  • Next message: erik: "Re: Gates takes swipe at Apple, Linux security"