Setting Sites on the Web

Article excerpt

Just about everyone today seems to be establishing a virtual presence in the Internet's hypertext wonderland known as the World Wide Web - including security professionals. Three such sites include one run by the National Computer Security Association (NCSA) (http://www.ncsa.com); Info-Sec Heaven - a resource center for information security developed and maintained by Fred Cohen (http://all.net); and a home page of S&S Software International Inc. devoted to computer virus detection and education (http://www.sands.com).

NCSA's site is an extension of an information board the association runs on the commercial on-line service Compuserve (to get there once on CompuServe, type NCSAFORUM). The association's Web site was just being set up in early August. It will include computer security information and links to other related sites on the Web, including those dealing with UNIX security and Internet spoofing attacks.

Info-Sec Heaven provides access to various computer security programs, hacker magazines, the text of state computer crime laws, archived messages from Internet privacy and risk forums, Computer Emergency Response Team advisories, and Supreme Court decisions. It also includes a list of over 450 computer security consultants and vendors. A search function on Info-Sec Heaven allows the users to retrieve many of these resources.

One of the more interesting features in Info-Sec Heaven is a service where users can test their sites to determine whether they are vulnerable to some of the more common hacker attacks. Of the more than 1,500 sites that have been probed, Cohen reports, the testing service has penetrated perimeter defenses 40 percent of the time. On retry - after victimized administrators have patched up exposures - the service has breached defenses less than 1 percent of the time. …