FIRST Security Reference Index

Also maintained by FIRST: the FIRST Best Practice Guide Library

The below list features common reference points for security best practices. This is not meant to be a definitive list but rather a way to present best practice web sites that have been helpful to the FIRST community.

Note: The Security Reference Index is based on references submitted by FIRST members.

FIRST members are strongly encouraged to click here if they know of possible additions to this page.

Caida Presentations

CERT Coordination Center

Center for Internet Security Benchmarking tools

Cisco's Safe Documentation

Team Cymru Document List

Federal Agency Security Practices



A Suggested Charter for System and Network Administrators

NSA Guides

OWASP Guide to Building Secure Web Applications

Internet Security Alliance Common Sense Guides

Microsoft Security Guidance Center

Same site in Brazilian/Portuguese, French, German, Italian, Japanese, Korean, Simplified Chinese, Spanish and Traditional Chinese

Microsoft TechNet Security Guidance

RFC 2350 - Expectations for Computer Security Incident Response

RFC 2196 - Site Security Handbook

RFC 2827 - Network Ingress Filtering

RFC 2504 - Users' Security Handbook

SANS Reading Room

Sun blueprints

Sun System Administration Best practice


This is a collaborative effort from the FIRST community - moderated by Gavin Reid. Thanks for all the great suggestion and feedback.