The NCSA Guide to PC & LAN Security
Stephen Cobb, CISSP
Chapter 2: Security Solutions
This chapter is about: Basic Concepts & Techniques...the chapter aims to raise awareness in two areas, technical and social. I don't think you can feel confident defending data unless you understand the basic workings of the hardware you are using. This doesn't mean you have to go out and get a degree in electronics. But you do need to know what happens when you turn on a PC, in terms of BIOS and boot sectors, if you are going to defend against something like a boot sector virus. The more serious consequences of a lack of knowledge in this area include both over-confidence and blind panic. However, because information is stolen by people, not computers, this chapter also begins to develop the security "mindset" that you will need if you are to make realistic assessments of the threats posed to your personal computer resources.
This chapter also makes some suggestions as to how you can use security resources which you may already have, or which you can acquire at little or no cost, to give you a head start in securing your personal computer facilities. Some of the suggestions are less than elegant, but then again they won't break your budget. The point is, you can get a lot of security from knowing how personal computers work and applying a good dose of common sense when working with them. Security is as much a question of outlook as it is of outlay. There is no point spending money on security measures if you do not use them, and there is no better place to start than by using the resources that you already have.
Personally, I am finding that Altavista is the best search engine for finding security related information on the Internet. You may want to spend some time with the Help section, particularly the section on limiting searches to specific URLs, and so on. But with the entire Web indexed and ready to search, Altavista is the first place I turn when I want to research something, and NO, they don't pay me to say this.
A site you might not think of visiting for security information is MasterCard which offers some excellent explanations of public key cryptography in the PDF document called SETBUS.PDF. Why? Because this is "key" to the Secure Electronic Transaction or SET standard for secure transactions. Here are some general lists of security links:
The Book Itself?