It's important for a security professional to have good security resources in his or her virtual toolbox. Here's a simple list of some of the resources I keep handy these days. This list covers a wide range, including an encryption resource, a way to quickly search for exploits, a recent privacy data breach history, a list of default passwords, and an online firewall test.
- Full Disk Encryption Wiki: A new wiki for a collection of data on encryption systems went live recently. The content on it is pretty sparse so far, but it could very well become a convenient, central clearinghouse of information on the subject. While the site's name suggests its only subject focus is full disk encryption, it seems obvious that it will also address systems for file encryption, rights management software, and other encryption-related solutions.
- Exploit Search: Another new resource on the Web, this is a Web search engine for security exploits. It's essentially a filter for Google searches designed to eliminate results that don't specifically relate to security vulnerabilities and exploits.
- A Chronology of Data Breaches: Keeping up with compromises of private data is the primary purpose of this resource. It gives you a pretty good idea of how trends in private data breaches evolve over time, and it can serve as a wake-up call to those who think their business niches on the Internet are immune to the attentions of data thieves. The history of privacy data breaches on this Web page starts in early 2005.
- Red Oracle Default Password List: The Red Oracle site is a general security resource, but probably the most interesting part of the site is the list of default passwords for many networking products, applications, and other systems, organized by vendor.
- Shields Up!: This is a simple, convenient Web interface to a number of scans for assessing some of the security configuration of your computer. The most useful scan on the site is the All Service Ports scan, which provides the result of a scan to determine the status of network port numbers from 0 to 1055. In other words, it tells you how big a target you are to malicious security crackers.
If you have some online resources of your own that you think serve the same purposes as these or better, or that might complement the five resources here, share them in the discussion area!