Library Computer and Network Security: Webliography

Basics

Under the hood of the Internet: An overview of the TCP/IP Suite: Excellent, readable discussion of the TCP/IP protocol suite.

Why Security?

Computer and Network Security in Small Libraries: A Guide for Planning: Excellent beginner's introduction to library security issues. Also available as an online tutorial.
Security of the Internet: Excellent overview of the issues at stake in securing internetworks.
Information Technology-Essential but Vulnerable: How Prepared are we for Attacks?: Congressional Testimony, September 26, 2001

Risk Management

The New Zealand Society for Risk Management: Good website that clearly covers risk management
Homeland Security: A Risk Management Approach Can Guide Preparedness Efforts: Testimony before the Senate Committe on Govermental Affairs, Oct. 31 2001. Interesting not only for its clear definitions, but also for its historical value.
"OCTAVE" Information Security Risk Evaluation: Excellent pages from CERT designed to help an organization assess its risk.

Vulnerabilities

SANS/FBI Top 20 Most Critical Internet Security Vulnerabilities
Overview of Attack Trends: April 8, 2002 paper from CERT giving an overview of recent trends in attacks and vulnerabilities.
Inside Win32 Services, Part I: A good technical introduction to Windows services.

Firewalls

Stateful vs. Stateless IP Filtering: From Security ProNews, a series of firewall types with good discussions.
Internet Firewalls - Resources: From CERIAS - Purdue University, a comprehensive collection of information about Internet firewalls including excerpts from books, papers and articles. It also provides a list of firewall products and firewall tools.

Security Policies

Users' Security Handbook: RFC 2504 from the Networking Group is "intended to provide users with the information they need to help keep their networks and systems secure."
Site Security Handbook: RFC 2196 from the Networking Group is "a guide to developing computer security policies and procedures for sites that have systems on the Internet."
The SANS Security Policy Project: Site devoted to information about developing a security policy; includes templates that can be used to quickly develop a different types of policies.
Guide for Developing Security Plans for Information Technology Systems (NIST): Overview of the security planning process.

For information about training, or using materials found on this website, please contact the Infopeople Project Assistant by email at assist@infopeople.org or by phone at 650-578-9685.

© 2008 Infopeople Project. Material on this website is licensed under a Creative Commons License. The Infopeople Project is supported by the U.S. Institute of Museum and Library Services under the provisions of the Library Services and Technology Act, administered in California by the State Librarian.