Some well thought out security guides from the Universty of Texas:

• Hardening Checklist for Windows 2003
• Hardening Checklist for RedHat Linux
• Hardening Checklist for Solaris 10

Also if you're looking for guidelines or templates to formulate your own IT Policy they have some excellent documents:

• ITS Policies
• Data Classification Guidelines
• Change Management

Nifty browser tool (IE & Firefox) - McAfee SiteAdvisor - installs and tells you wether a site is 'good' or 'bad' based on the amount of mail you'll get if you sign up for its services along with the sites affiliates, downloaded cookies and reviews. It also parses search engine results and provides a summary for each hit relating to wether its a good or badly behaved site.

Pretty cool. Possibly a must-have for all home and corporate browsers.

You do wonder if it reports back on your browsing habits to McAfee ? Also how long will it remain free ?

The people over at TinyApps always point to good stuff.

Two recent security related posts from them -

* SecureRDP is a free tool to add an extra layer of security to RDP. You can accept/deny incoming RDP connections by IP, Mac address or Host name. Handy for locking down server administration only to admin PC's.

* TinyApps points to SSLExplorer which is an open-source SSL VPN solution. A two part setup guide is available form Toms Hardware - part 1 and part 2. Looks like a really really handy way of offering secure access to a small internal LAN without having to roll out a full IPSec based VPN solution.

Endpoint Security checking is going to be huge as more and more people start connecting into their corporate LAN's remotely (actually even in a wired LAN its pretty important given the proliferation of trojans, spyware and malicious hackers).

Essentially EP lets the network administrator define certain conditions that must be met before being able to participate on the corporate LAN. In some case the tools will even allow direct you towards a quarantined location which will explain why the connection was refused and assist you to rectify the problem. For example an EP tool can direct an authorised client that fails post-connection criteria to a web page with links to security patches, antivirus software and firewall tools - it can even offer up different LAN access profiles (eg webmail or terminal services but not a direct connection).

* Wikipedia on Endpoint Security

* Wikipedia on Checkpoint Integrity a centralised EP system

* Nice flowchart tool to design EP access control for Firepass

* Flash Demo of CheckPoints Interspect appliance - actually more of an IDS/IDP (Intrudion detection sensor / Intrusion detection and prevention) system which works hand in hand with end-point solutions

* McAfee have their Host Intrusion Protection (PDF) system which integrates into their ePO framework

* Juniper have a cool Flash Demo of their IDP product (unfortunately you need to register to see it)

* ISS (who've been bought out by IBM) have Proventia - it looks like they also bought Black Ice Defender (fyi - Checkpoint bought Zone Alarm)

Security seems to be a serious growth industry given the trail of acquisitions and mergers in the small group of companies listed above.

Endpoint solutions seem to rely heavily on application and system profiling - if the app hasn't been approved or doesn't comply with a known checksum it won't run. This means someone needs to keep a constant eye on what applications and patches are likely to be installed and approve them before the endpoint solution takes remedial action. Ideal for a restricted environment but trickier for a more open environment.

Simple options that can be implemented immediately (without spending on new tools) include:

* ensuring appropriate desktop access

* centrally managed anti-virus / patching / desktop policy restrictions

* mac address restrictions on dhcp / switch ports (depends on the mobility of the client)

Came across Stratagaurd and OSSIM - Open Source Security Information Management which both offer VMWare images for their tools.

I'll have to try them out and see what they offer.

A pair of brief articles on tools you can use to monitor your network for strange behaviour and/or attacks:

• Detecting suspicous network activity using psad
• Build an IDS with Snort, Shadow and ACID

It'd be nice if they walked through the actual setup of these tools but I guess its a case of RTFM.

The Sleuthkit lets you carry out an 'exam' on a comprimised or suspect system.

Dana Epp has written about performing a forensic exam on a comprimised Linux system.