There is much interest in improving Internet security. One of the most widely known efforts is that of Computer Emergency Response Team [CERT 98] Coordination Center which is part of the Network Systems Survivability program in the Software Engineering Institute, a federally funded research and development center at Carnegie Mellon University.
Among the materials available are a collection of documents called Security Improvement Modules. These include:
These papers provide information on software risk evaluation and practical guidance for organizations interested in improving security of Internet based systems.
Security consulting firms provide a variety of useful services for improving the security of Internet based computing systems. For example, Ernst & Young provides an educational program which teaches in-house systems staff some the art of cracking into their local site. The class teaches techniques on how to break into Internet, intranet, extranet and dial-in systems as well as exploitation, reconnaissance and host vulnerability evaluation. In an evaluation of the Ernst & Young course, Inforworld [INFO 98] found that not only did the course cover the standard well known methods to break into systems, but it also covered some novel hacks such as breaking into an Windows NT machine with Virtual Network Computer remotely by using a 3Com PalmPilot. The course provides three days of intensive training on network and net host security.