FIRST Security Reference Index

---

Also maintained by FIRST: the FIRST Best Practice Guide Library

---

The below list features common reference points for security best practices. This is not meant to be a definitive list but rather a way to present best practice web sites that have been helpful to the FIRST community.

Note: The Security Reference Index is based on references submitted by FIRST members.

FIRST members are strongly encouraged to click here if they know of possible additions to this page.

Caida Presentations
http://www.caida.org/outreach/presentations/

CERT Coordination Center
http://www.cert.org/nav/index_green.html
http://www.cert.org/octave/
http://www.cert.org/csirts/

Center for Internet Security Benchmarking tools
http://www.cisecurity.org/

Cisco's Safe Documentation
http://www.cisco.com/en/US/netsol/.../networking_solutions_package.html

Team Cymru Document List
http://www.cymru.com/Documents/index.html

Federal Agency Security Practices
http://csrc.nist.gov/fasp/

First
http://www.first.org/resources/guides

JANET
A Suggested Charter for System and Network Administrators

NSA Guides
http://www.nsa.gov/snac/

OWASP Guide to Building Secure Web Applications
http://www.owasp.org/documentation/guide/guide_downloads.html

Oreilly's Onlamp
http://www.onlamp.com/security/

Internet Security Alliance Common Sense Guides
http://www.isalliance.org

Microsoft Security Guidance Center
http://www.microsoft.com/security/guidance
Same site in Brazilian/Portuguese, French, German, Italian, Japanese, Korean,
Simplified Chinese, Spanish and Traditional Chinese
http://www.microsoft.com/security/guidance/worldwide
Microsoft TechNet Security Guidance
http://www.microsoft.com/technet/security/guidance/default.mspx

Nanog's Security Curriculum
http://www.nanog.org/ispsecurity.html

RFC 2350 - Expectations for Computer Security Incident Response
http://www.faqs.org/rfcs/rfc2350.html
RFC 2196 - Site Security Handbook
http://www.faqs.org/rfcs/rfc2196.html
RFC 2827 - Network Ingress Filtering
http://www.faqs.org/rfcs/rfc2827.html 
RFC 2504 - Users' Security Handbook
http://www.faqs.org/rfcs/rfc2504.html

SANS Reading Room
http://www.sans.org/rr/ 

Sun blueprints
http://www.sun.com/blueprints/browsesubject.html

Sun System Administration Best practice
http://www.sun.com/bigadmin/features/articles/bestpractices.html

Acknowledgement

This is a collaborative effort from the FIRST community - moderated by Gavin Reid. Thanks for all the great suggestion and feedback.