Disaster Recovery Planning for Websites: Resources

Current Technical Vulnerabilities

• Zone H Defacements Archive
  Website defacements don't make news any more unless a major site is inolved. This site offers a league table of defaced sites. If you've been hacked, you're definitely not alone...
• Phishing Attacks
  If you hold sensitive information on your site users, this is a risk you should be concerned about.
• Recent Alert Page
  A sampling of recent security alerts from SecurityTracker etc...
• Internet Storm Center
  Live information on current attacks, including trends and pretty graphics.
• SecurityTracker
  Information on the latest vulnerability alerts.
• SANS Top 20 Vulnerability List
  20 major vulnerabilities.
• Viruses and Worms
  Even if they aren't a direct threat to your website, they are to your developers ...

Email Identity Theft

Just had your email address "borrowed" by someone else? Our Email Identity Theft article may console you as well as offer you some practical advice. Also check out our Email Address Obfuscator if you need to include email addresses on a website.

Image Leeching?

Sometimes other web sites decide to use images from your website as inline content. You can block them, or you can use them as a source of innocent fun. See Sex Sells: A Note on Image Leeching.

Glossary of Terms

Not sure what a term means? Try the Risk and DRP Glossary.

Business Continuity Books

It's nowhere near complete yet, but here's the start of a listing of business continuity books from Amazon here.

Legal Risks

• Meta Tag Lawsuits
  Think using your competitor's trademarks in your website META tags is a great idea? Read the legal precedents. (Most search engines ignore the META keywords tag anyway).

Crime Prevention & Reporting

• Internet Fraud Complaint Center
  An FBI-run center where you can complain about internet fraud. Looked like the site was down last time I checked &mdash- perhaps the victim of a denial of service attack?
• National White Collar Crime Center
  Training for law-enforcement on "white collar" crime, including forensic computer analysis. Apparently you can't commit some crimes unless you are wearing the right type of shirt:-).
  

Securing Websites

• WWW Security FAQ
  The basics of securing a website.
• NSA Security Coniguration Guides
  This is good advice given by the National Security Agency to other US Government agencies. Covers configuration of a wide variety of operating systems and network hardware.
• Hardening Windows 2000 (PDF)
  A step-by-step guide to what should be switched on or off in a new Windows 2000 installation.
• IIS Lockdown Tool
  Microsoft's tool to help get IIS's security settings right. (Look for IIS Lockdown tool on this page - the exact URL changes occasionally.)
• Microsoft Security Toolkit
  Microsoft's guides and tools for securing Windows 2000 and Windows NT4.

Newsletters

• SANS NewsBites
  Weekly summary of key security stories from newspapers and trade press.
• Critical Vulnerability Analysis Newletter
  Weekly list of top vulnerabilities, along with descriptions of how major companies are dealing with them.
• Security Alert Consensus (SAC)
  Weekly summary of new alerts and countermeasures customized to only include alerts relevant to systems you own.

Books

See our Suggested Books area.

Albion Research Ltd. is based in Ottawa, Canada. Please contact us for more information about our services.