Easy management - our secret sauce. Watch the video tour.
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
Products  

Tips & Best Practices

IT Managers

Business Managers

Dustin Barnes

Video Tutorials

Radio Free Security

White Papers

Case Studies

Network Security Glossary

 LiveSecurity Service - Network Security Basics

Foundations: Where Can I Check Internet Security Trends?

By Scott Pinzon LiveSecurity® Lead Editor

The Fox Television Network, famous for producing kitschy shows that break ratings records, once aired an hour-long special revealing how magicians perform their most famous tricks. The host of the show, himself a magician, wore a mask to hide his identity so that his fellow conjurers couldn't excommunicate him for showing us how to saw a lady in half. Hype from Fox emphasized what danger this magician was in for violating the secret code. (Yeah, right. None of us guessed they don't really saw her in half.)

In this article, I too recklessly reveal valuable "secrets." I'll tell you some of the main sources the LiveSecurity Service monitors in order to uncover new security threats. Though we're proud of our early-warning alert service, it's a broadcast, not a personal e-mail. Sometimes you'll need extra details in order to defend your particular network environment. So I want to make sure you have some alternate sources you can check. Will I get in trouble for revealing our sources? Nah, because as I type this, I'm wearing a mask.

It's not hard to find sites about network security. That's the problem: if you're new to IT and network security, it's tough to discern which sites offer accurate, reliable information that is vendor-neutral. The sources mentioned here get our stamp of approval for accuracy, relative neutrality, and practicality. Stick some of these in your browser's "Favorites" list, and you'll be a step toward becoming your company's in-house security expert.

General IT and Security Sites

NewsNow. NewsNow's UK-based spiders and bots automatically search over 15,000 news sources and return live links with the results, updated every five minutes. They offer dozens of newsfeeds (but do we really need to hear the latest on Michael Jackson every five minutes?). The feed you want is called "Security" (listed under "Internet" in the left column. Don't choose "Hacking;" you'll get countless articles about various hackers in legal trouble.) Pro: Comprehensive, up-to-the-minute survey of worldwide Internet security. Con: The same information repeats countless times as various online sources report it. Net: A great glimpse of security issues worldwide.

The Register. This is not the first place you'll learn of emerging threats, but when you hear of one, depend on The Reg for the most honest, no-hype summary of the issue. Pro: Plain-English writing style is great for IT beginners. Check out their "BOFH" series for hilariously bleak parodies of a network administrator's life. Con: Their scathing anti-Microsoft bias can get heavy-handed. Net: If you have to explain a new vulnerability to non-technical superiors, you'll appreciate The Register's style.

Security Focus. Formerly THE clearing house for security vulnerability announcements, Security Focus lost prestige after Symantec bought them (many readers assumed Symantec would bias the reporting). We haven't noticed any dramatic decline in quality, and we routinely use the site — especially its acclaimed Bugtraq list — for information about new vulnerabilities. Pro: Often the first place security researchers post their advisories. Has a great "Basics" reading room for IT beginners. Cons: Advisories are posted in dense jargon difficult for beginners to comprehend. Poorly organized site can make finding a specific item tricky. Net: Authoritative, comprehensive, definitely a useful arrow in any sys admin's quiver.

AntiVirus Sites

The top anti-virus vendors have reached approximate parity in their coverage. In fact, which one best covers each virus seems to depend on geography. Call us crazy, but we think we've detected a pattern. The vendor whose headquarters is physically nearest the part of the world where the virus originated often provides the best coverage. When we hear a rumor of a new virus, which vendor site we check first depends on where the virus originates, as follows:

America McAfee and Symantec
UK, Europe Sophos
Scandinavia, former USSR countries F-Secure
Asia Trend Micro
China Panda Software

Some viruses you hear about are not real. Though each of the vendors above has a "virus hoax" page, when we have to prove to a hysterical user that a problem doesn't really exist, we like the write-ups at V-Myths.

Each anti-virus vendor ranks the severity of each virus. These rankings are notoriously unreliable. Some vendors write shrill, alarmist advisories; some write calm, conservative advisories that say a worm is not a risk even as twenty copies of it hit your e-mail server. Cross-reference several sites and stick with the consensus in order to judge how rapidly a worm is spreading. If the virus originated in your country, take it more seriously.

Email Lists

Full Disclosure. As mentioned above, when Symantec bought Security Focus and its lists, suspicious security experts and net admins fled. Where did they go? Largely to FullDisclosure. Pros: Cannot be biased by any vendor because it's completely unmoderated. First choice for posting latest discoveries by some big-name researchers. Black-hat hackers like to harass this list, inadvertently providing useful perspective on the "script kiddie" mindset. Con: Because it's unmoderated, this high-volume list will drown you in 20 irrelevant flame-war e-mails for every on-topic comment. Net: You get what you pay for, and this list is free. Try it briefly to familiarize yourself with it, but use Outlook rules to divert Full Disclosure e-mails to a folder you can read at leisure.

VulnWatch and VulnDiscuss. These lists are, respectively, moderated and unmoderated. Pro: You can not only get security advisories from vendors, you can also see what the rest of the IT community thinks and feels about them. Con: Fairly large volume of highly technical alerts difficult for newcomers to understand. Net: While you wouldn't want this as your only source of security news, it provides a solid source for confirmation and alternate opinions on security trends.

Secunia. Pro: This list notifies on every vulnerability under the sun. Con: Secunia mostly reproduces vendor releases, without analysis or suggested remediation for IT beginners. And did I mention they report on everything under the sun? If you don't know Linux/Unix, you won't understand a lot of the bulletins. Net: High volume, but all on topic (unlike FullDisclosure). Try it to see if it's for you. Again, best if your e-mail client can divert these alerts into a designated folder.

Two Authoritative Resources

There are many more great resources we could describe, but we want this to be an article, not a book. So we'll limit ourselves to two final Web sites every net admin should bookmark.

Microsoft TechNet. IT professionals running a Windows network look here for the latest Microsoft security bulletins. Pro: Authoritative source for Microsoft security fixes. Con: Microsoft's alerts minimize the truly bad implications of some vulnerabilities, sometimes unfairly. Bring a suspicious mind to the part of each alert that talks about "mitigating factors" that supposedly reduce risk. Net: If you use Windows, you've gotta visit here at least monthly.

CERT.org. This government-funded source of security advisories describes itself as "a center to coordinate communication among experts during security emergencies and to help prevent future incidents." Pro: CERT does an excellent job of coordinating information when vulnerabilities are found in the most commonly-used Internet resources. Con: Because their work is "official" and because so many vendors can have a say in CERT's advisories, this is often the last entity to issue a security advisory. Net: Pretty much the final word on anything Internet-related and not owned by a private vendor. A must for your arsenal of resources.

"Pay no attention to the man behind the curtain"

This famous quote from The Wizard of Ozreminds us that with magic tricks and most computer security issues, once you peek behind the curtain, what's back there isn't all that mysterious. Spend a few minutes a day glancing through the resources listed above and see how you like 'em. And if you'd like to learn of more recommended sites, or share your favorites, feel free to write us. If there's enough interest, we'll publish a follow-up article. But for now, I've got to sign off — it's stifling under this mask!