Sponsor of FKL

Site Hosted By:

• TSWG - This is the sponsor of the FKL program.
• Bastille website - This is the main website for Bastille Linux, which is a hardening script for various types of unix. The FortKnox for Linux hardening and audit tool is a subset of the Bastille program.
• Linux Security - Linux Security.com has a lot of nice resources pertaining to Linux Security. Its a good place to do a search for material about security.
• RedHat Security - A part of RedHat's website that pertains to their distro and how to secure it.
• SUSE security site - Novell's SUSE security site for specifics of the SUSE distro.
• Top 75 security tools - This site has a great list of the top security tools.

• US Computer Emergency Readiness Team - A joint venture by the National Cyber Security Division of the Department of Homeland Security and private organizations.
• Computer Incident Advisory Capability (CIAC) - An activity sponsored by the DOE and NNSA which provides these and other government agencies solutions to computer security threats.
• Systems and Network Attack Center (SNAC) - Part of the NSA, this group has published a number of Security Configuration Guides for various operating systems and applications.
• Computer Security Resource Center (CSRC) - A project of the Computer Security Division of the NIST's Information Technology Laboratory (ITL). Its publications library offers many documents, including federal standards, ITL research reports, and some early papers on computer security.
• Common Criteria for Information Technology Security Evaluation (CCITSE) - Also known as just Common Criteria (CC), this is a jointly developed evaluation standard established by the governments of the United States, United Kingdom, Germany, France, Canada, and the Netherlands.
• Common Criteria Evaluation and Validation Scheme (CCEVS) Validation Body - This joint activity of the NIST and the NSA is establishing a national program to evaluate IT products with regard to the international CC.
• Rainbow Series - Published by the NSA in the '80s and '90s, these books describe the evaluation crtieria for trusted computer systems. Each book has a cover of a different color, hence the collective name "Rainbow Series." Some of these books have been superceded by the Common Criteria.

• Immunix is a hardened version of the Linux v2.4 kernel, with access controls, buffer overflow checking and format string protection.
• Internet Security Alliance (ISA) - This cooperative effort between Carnegie Mellon University and the Electronic Industries Alliance (EIA) aims to improve its member's management of computer security threats.
• LinuxSecurity.com - A site dedicated to serving the open source community with information related to security. It is owned and maintained by Guardian Digital, Inc., who also distribute EnGarde Secure Linux.
• Linux Security Modules - Sponsored by the DARPA, IBM, WireX, and others, this project establishes a framework for access control in the form of loadable kernel modules.
• The SANS Institute - Established in 1989 as a research and education organization, the Institute provides a large library of research documents pertaining to computer security. It also offers training and hosts conferences on this subject. SANS is an acronym for SysAdmin, Audit, Network, Security.
• TruSecure Corp. - This company provides security products and services. An interesting feature is the Hype or Hot section, which lists many threats and classifies them in different ways, including as hype or hoax.
• TrustedBSD - A project which targets the Common Criteria for FreeBSD.
• UC Davis Computer Security Laboratory - This lab is working on several security projects.

• Forum of Incident Response Security Teams (FIRST) - A coalition of international government and private organizations dedicated to share information and coordinate responses to computer security threats.
• FreeBSD Security - Provides information related to securing this operating system.
• International Information Systems Security Certification Consortium - Also known as (ISC)², this organization has developed international certifications for individuals working in the computer security field.
• InterSect Alliance - A team of Australian IT security specialists providing support in the form of software and services to a variety of customers. They also offer a few open source tools.
• Linux From Scratch - Another open source community. Although the primary focus is on providing instructions to assemble a working Linux system from source code, it has recently added a section on hardening such a system.
• The Linux Documentation Project - Among all types of documents related to Linux, this site has a number of HOWTOs dealing with security related to the Linux operating system.
• RFC 2196: Site Security Handbook - A memorandum by the Network Working Group of the IETF.
• OpenBSD Security - Provides information related to securing this operating system.
• ProPolice - An extension for the GNU C compiler to protect applications from stack-smashing or buffer overflow attacks. It was developed by IBM's labs in Japan.