====== [Hemmerling] Security ======
Related page:
  *[[cryptography.html|Cryptography]].
  *[[dataprivacy.html|Data Privacy - Encryption, Passwords, Trust]].
  *[[goodcoding.html|Good Coding ! - Software Coding, Coding Rules, Static Code Analysis, Code Reviews]].
  *[[legalmatters.html|Legal Matters]].

===== Free Trainings =====
  *[[http://www.difü.de/digitalfuehrerschein/|DsiN-Digitalführerschein ( DiFü )]] - According to experts, it needs about 1 week of full work, to pass all levels of education.
===== Events, Fairss & Conferences =====
  *[[http://hgi.rub.de/|Ruhr-Universität Bochum, Horst-Görtz-Institut für IT-Sicherheit]].
    *[[http://www.ruhrsec.de/|RuhrSec – IT Security Conference]] in Bochum, 2019-05-27 - 2019-05-29.
    *[[http://www.sechuman.rub.de/veranstaltungen/index.html.de|Ruhr-Universität Bochum, Horst-Görtz-Institut für IT-Sicherheit, NRW-Forschungskolleg SecHuman "Veranstaltungen"]].
      *"3rd SecHuman Summer School – Brave New World: Security for Humans in Cyberspace at Ruhr-Universität Bochum", 2019-06-03 - 2019-06-06.
  *Conference [[http://sec-it.heise.de/|secIT by heise - meet. learn. protect]], Hannover.
    *Dates:
      *2018-03-06 - 2018-03-07 secIT @ HCC.
      *2019-03-13 - 2019-03-14 secIT @ HCC.
      *<del>2020</del>.
      *2021-02-23 - 2021-02-25 secIT digital.
        *<del>[[http://www.vimeo.com/search/people?q=talque|Vimeo - Search for "talque"]]</del>.
      *[[http://www.secit-heise.de/hannover-2022/|secIT 2022]] @ HCC, 2022-03-30 - 2022-03-31.
      *[[http://www.secit-heise.de/digital-2023/|secIT digital 2022]], 2022-09-13 - 2022-09-14.
      *[[http://www.secit-heise.de/hannover-2023/|secIT 2023]] @ HCC, 2023-03-13 - 2023-09-14.
      *[[http://www.secit-heise.de/digital-2023/|secIT digital 2023]], 2023-09-13 - 2023-09-14.
      *[[http://www.secit-heise.de/|secIT 2024 & secIT 2024 digital]] @ HCC, 2024-03-06 - 2024-03-07.
        *The free online event [[http://secit-heise.de/digital-2024/|secIT digital – die Online-Konferenz für Security-Experten]].
        *[[http://tickets.heise-events.de/secitdigital24/|heise-events Tickets "secIT digital"]] :-).
    *Online conference tool for Smartphone app & web interface is [[http://web.talque.com/|Talque]].
  *Barcamp [[http://barcamptools.eu/seccamp/|SecCamp Cologne 2019 - das Barcamp rund um IT Security]] in Köln ( 2019-06-15 - 2019-06-16 ).
  *Free online event "[[http://www.symphony.paloaltonetworks.com/|Symphony]] 2021" by [[http://www.paloaltonetworks.com/|Palo Alto Networks]], "The Global Cybersecurity Leader" ( 2021-04-21 - 2021-04-22 ).
  *The commercial conference [[http://www.pco-online.de/kongress2022|Deutscher IT-Security Kongress 2022]], 2022-09-29 with free online streaming :-).
    *[[http://app.vystem.io/en/event/deutscher-itsecurity-kongress/live/der-kongress|vystem "Deutscher IT-Security Kongress 2022"]] - Login.
  *[[http://www.itsa365.de/|it-sa Expo&Congress - Europas führende Fachmesse für IT-Sicherheit]] by [[http://www.nuernbergmesse.de/|NürnbergMesse GmbH]]. 
    *Free online events [[http://www.itsa365.de/de-de/actions-events/programm|it-sa 365 "IT Security Talks]].
      *2023-03-07 - 2023-03-08. 
      *2024-04-16 - 2024-04-17, 2024-06-11 - 2024-06-12.
    *[[http://www.itsa365.de/de-de/actions-events/2023/it-security-talks-maerz/stream-i/supply-chain-attacks-sicherheitsrisiken-aus-der-lieferkette-heise|it-sa 365 "IT Security Talks März 2023", Stefan Strobel, CEO cirosec GmbH "Supply Chain Attacks – Sicherheitsrisiken aus der Lieferkette. Im Rahmen der Event-Partnerschaft zeigen wir Ihnen eine Aufzeichnung von der secIT Digital 2022"]].
  *The commercial event [[http://www.sicherheitstag-nrw.de/|NRW Sicherheitstag]] by [[http://www.aswwest.de/|ASW West - Allianz für Sicherheit in der Wirtschaft West e.V. ]].
    *The [[http://www.sicherheitstag-nrw.de/nrw-sicherheitstag/|NRW Sicherheitstag 2024]], 2024-06-25 @ Deloitte GmbH, Erna-Scheffler-Straße 2, D-40467 Düsseldorf - "Die Teilnahme am NRW Sicherheitstag 2024 ist kostenpflichtig".
    *[[http://www.sicherheitstag-nrw.de/nrw-sicherheitstag-2023/|NRW Sicherheitstag 2023]], 2023-08-07 @ Post Tower, Platz der deutschen Post, D-53113 Bonn.
    *[[http://www.sicherheitstag-nrw.de/programm-2022/|NRW Sicherheitstag 2022]], 2022-08-24 @ BayArena Leverkusen.
    *[[http://www.sicherheitstag-nrw.de/programm-2021/|NRW Sicherheitstag 2021]], 2021-10-27 @ Zeche Zollverein in Essen.
    *<del>[[http://www.sicherheitstag-nrw.de/programm-2020/|NRW Sicherheitstag 2020]]</del>.
    *[[http://www.sicherheitstag-nrw.de/programm-2019/|NRW Sicherheitstag 2019]], 2019-09-05 @ G DATA Software AG in Bochum.
    *[[http://www.sicherheitstag-nrw.de/nrw-sicherheitstag-2018/|NRW Sicherheitstag 2018]], 2018-07-04 @ Umspannwerk Recklinghausen.
    *[[http://www.sicherheitstag-nrw.de/nrw-sicherheitstag-2017/|NRW Sicherheitstag 2017]].
  *The free event [[http://www.it-sicherheitstag-nrw.de/|IT-Sicherheitstag NRW]].
    *2024-12-11 @ World Conference Center, Bonn.
    *2023-11-30 @  HALLE TOR 2, Köln.
    *2022 ( hybrid event ).
    *2021 ( online event ).
    *2020 ( online event ).
    *2019 @ Stadthalle Hagen.
    *2018 @ Historische Stadthalle Wuppertal.
    *2017 @ Colosseum Theater Essen.
    *2016 @ World Conference Center Bonn (WCCB).
    *2015 @ Hugo Junkers Hangar Mönchengladbach.
    *2014 @ Stadthalle Hagen.
    *2013 @ KOMED, Köln.
  *The commercial conference [[http://www.cybersecuritysumm.it/|Cybersecurity Summit]], 2024-06-19 in Hamburg.
    *"The leading annual expo, trade show and conference for procurement innovation in the German market".
===== EU General Data Protection Regulation ( GDPR ) =====
==== Tools ====
  *The commercial service [[http://www.iubenda.com/en/|iubenda s.r.l "Compliance Solutions for Websites, Apps and Organizations"]].
    *For websites/apps - Privacy and Cookie Policy Generator.
    *For websites/apps - Cookie Solution. Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and US Privacy Framework.
    *For websites/apps - Terms and Conditions Generator. Create your terms and conditions in minutes.
==== Resources ====
  *[[http://www.lda.bayern.de/|Bayerisches Landesamt für Datenschutzaufsicht]].
    *[[http://www.lda.bayern.de/de/datenschutz_eu.html|Bayerisches Landesamt für Datenschutzaufsicht "EU-Datenschutz-Grundverordnung"]].
  *[[http://ec.europa.eu/justice/data-protection/reform/index_en.htm|European Commission "Justice / Data protection" - "Reform of EU data protection rules"]] - "While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018".
  *[[http://europa.eu/rapid/press-release_IP-12-46_en.htm|European Commission - Press release database "Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses"]].
  *[[http://www.gdd.de/|Gesellschaft für Datenschutz und Datensicherheit e.V.]].
    *[[http://www.gdd.de/gdd-arbeitshilfen/praxishilfen-ds-gvo/praxishilfen-ds-gvo|Gesellschaft für Datenschutz und Datensicherheit e.V.  "Praxishilfen DS-GVO"]].
  *[[http://www.s-con.de/|S-CON DATENSCHUTZ]].
    *[[http://www.s-con.de/unternehmen/mandantenbereich/|S-CON DATENSCHUTZ - Mandantenbereich]] - Password-protected download offers.
    *[[http://www.s-con.de/gdd06|S-CON DATENSCHUTZ "GDD-Praxishilfe DS-GVO VI. Textausgabe DS-GVO mit Zuordnung des BDSG"]], [[http://www.gdd.de/downloads/praxishilfen/GDD-Praxishilfe_DS-GVO_6.pdf| "GDD-Praxishilfe DS-GVO VI. Textausgabe DS-GVO mit Zuordnung des BDSG"]] ( PDF ).
  *[[http://en.wikipedia.org/wiki/General_Data_Protection_Regulation|EN.Wikipedia "General Data Protection Regulation"]], [[http://de.wikipedia.org/wiki/Datenschutz-Grundverordnung|DE.Wikipedia "Datenschutz-Grundverordnung"]].
===== Security Iniatives and Societies, Official State Offices ====
  *[[http://www.allianz-fuer-cybersicherheit.de/ACS/DE/Home/startseite.html|Allianz für Cyber-Sicherheit]] ( ACS ).
  *[[http://www.cisecurity.org/|CIS Center for Internet Security]].
    *[[http://en.wikipedia.org/wiki/Center_for_Internet_Security|EN.Wikipedia "Center for Internet Security"]], [[http://de.wikipedia.org/wiki/Center_for_Internet_Security|DE.Wikipedia "Center for Internet Security"]]. 
  *[[http://www.vswn.de/|Verband für Sicherheit in der Wirtschaft Norddeutschland e.V.]] ( VSWN e.V. ).
  *[[http://www.verfassungsschutz.niedersachsen.de/wirtschafts_geheimschutz/wirtschaftsschutz/wirtschaftsschutz---aufgaben-und-ansprechpartner-54330.html|Verfassungsschutz Niedersachsen "Wirtschaftsschutz - Aufgaben und Ansprechpartner"]].
  *[[http://www.zac-niedersachsen.de/|Zentrale Ansprechstelle Cybercrime für die niedersächsische Wirtschaft]] ( ZAC, Police ).
===== Security News =====
  *[[http://www.symantec.com/business/theme.jsp?themeid=threatreport|Symantec Internet Security Threat Report]].
  *[[http://www.us-cert.gov/|US-CERT - United States Computer Emergency Readiness Team]].
  *[[http://secunia.com/vulnerability-review/|Secunia Vulnerability Review]].
===== Information Security Management System ( ISMF )=====
  *[[http://www.vds.de/cyber/|VDE "Cyber-Security. Der Brandschutz des 21. Jahrhunderts"]].
  *[[http://en.wikipedia.org/wiki/Information_security_management_system|EN.Wikipedia "Information security management system"]], [[http://de.wikipedia.org/wiki/Information_Security_Management_System|DE.Wikipedia "Information Security Management System"]] ( ISMF ).
  *[[http://de.wikipedia.org/wiki/IT-Grundschutz-Kataloge|DE.Wikipedia "IT-Grundschutz-Kataloge"]].
===== Security Tools =====
==== Security Online Services ====
=== Free Security Online Services ===
  *[[http://www.exploit-db.com/|Exploits Database by Offensive Security]].
  *IBM.
    *[[http://exchange.xforce.ibmcloud.com/|IBM "IBM X-Force Exchange"]] - "Research, Collaborate and Act on threat intelligence".
    *[[http://www-03.ibm.com/security/de/de/xforce/|IBM Security "IBM X-Force"]] - "Forschung in der IT-Sicherheit, Erfassung globaler aktueller Bedrohungsdaten und Erstellung von Bedrohungsanalysen für intelligente Sicherheitslösungen".
  *[[http://www.shodanhq.com/|SHODAN - Computer Search Engine]].
    *[[http://docs.shodanhq.com/|SHODAN - Computer Search Engine "Shodan API’s documentation"]].
    *[[http://en.wikipedia.org/wiki/Shodan_%28website%29|EN.Wikipedia "Shodan (website)"]].
  *[[http://www.stopforumspam.com/|Stop Forum Spam]] - "We provide lists of spammers that persist in abusing forums and blogs with their scams, ripoffs, exploits and other annoyances".
=== E-Mail & Password Leaks Database ===
  *[[http://sec.hpi.de/ilc/search|Hasso-Plattner-Institut "Identity Leak Checker"]].
=== Just-Commercial Security Online Services ===
  *[[http://www.exploithub.com/|ExploitHub]] - "The First Legitimate Marketplace For Validated, Non-Zero-Day Exploits For Security Professionals".
==== Free Security Tools ====
  *Free "Active Directory" security tools & Windows security baselines:
    *[[http://www.semperis.com/purple-knight/|Semperis "Purple Knight"]].
    *[[http://www.pingcastle.com/|Ping Castle]].
    *"Microsoft Security Baselines".
      *[[http://learn.microsoft.com/en-us/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines|Microsoft Ignite "Security baselines"]].
  *The free [[http://www.openvas.org/|Greenbone OpenVAS]] - "Open Vulnerability Assessment Scanner".
    *[[http://www.greenbone.net/|Greenbone]].
      *[[http://www.greenbone.net/en/testnow/|Greenbone "Testnow"]] - "Greenbone Free".
    *[[http://www.github.com/greenbone/|GitHub "Greenbone"]].
    *[[http://www.sadsloth.net/post/install-gvm11-src_part1/|Evrytng is BROEKN "Install Greenbone Vulnerability Manager 11 on Ubuntu 19.04 from source... Part 1"]].
  *Microsoft.
    *[[http://technet.microsoft.com/en-gb/security/cc184924.aspx|Microsoft Security TechCenter "Microsoft Baseline Security Analyzer"]] for W2k, WinXP.
    *[[http://www.microsoft.com/downloads/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e|Microsoft Security Compliance Manager]] for Win7, Vista.
      *[[http://technet.microsoft.com/en-us/library/cc677002.aspx|Microsoft TechNet "Microsoft Security Compliance Manager"]].
    *[[http://microsoft.com/emet/|Microsoft Security TechCenter "Enhanced Mitigation Experience Toolkit"]].
      *[[http://www.microsoft.com/en-us/download/details.aspx?id=50766|Microsoft Download Center "Enhanced Mitigation Experience Toolkit (EMET) 5.5"]], .NET 3.5 application for Windows 10 , Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Vista.
      *[[http://en.wikipedia.org/wiki/Enhanced_Mitigation_Experience_Toolkit|EN.Wikipedia "Enhanced Mitigation Experience Toolkit"]].
    *The free [[http://www.shavlik.com/products/netchk-limited.aspx|Shavlik NetChk Limited]] for legacy Windows systems :-).
  *[[http://www.bsi.de/|Bundesamt für Sicherheit in der Informationstechnik]] ( BSI ).
    *[[http://www.bsi.bund.de/cln_183/ContentBSI/Themen/ProdukteTools/BOSS/BSIOSS.html|BSI "BOSS (BSI OSS Security Suite)"]].
      *[[http://www.heise.de/security/artikel/BOSS-BSI-OSS-Security-Suite-270704.html|heise-online "BOSS (BSI OSS Security Suite)"]] ( 2005-06-16 ).
      *[[http://www.heise.de/newsticker/meldung/81916|heise online "BSI veröffentlicht Prüfsoftware für Netzwerksicherheit"]] ( 2006-12-02 ).
  *[[http://www.lavasoft.de/software/adaware/|Lavasoft "Ad-Aware Free"]], a free privacy software - "Echtzeitschutz vor Spyware, Trojanern, Rootkits, Hijackern, Keyloggern und mehr!".
    *[[http://www.grc.com/optout.htm|Steve Gibson, Gibson Research Corporation "OptOut"]] - discontinued.
  *[[http://www.safer-networking.org/|Spybot - Search & Destroy]], a free privacy software.
  *[[http://www.xp-antispy.org/|xp-AntiSpy]], free privacy protection against Microsoft for Windows.
==== Commercial Security Tools ====
  *[[http://www.neuber.com/|Neuber Software]] - the commercial "Network Security Taskmanager" / "Security Task Manager" - "Shows detailed information about all running processes: file path, description, security risk rating, start time, icon".
  *[[http://www.lostpassword.com/|Passware - Password Recovery]].
==== Resources ====
  *[[http://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools|Cybersecurity & Infrastructure Security Agency ( CISA ) "Free Cybersecurity Services and Tools"]].
===== AntiVirus and Firewall Software =====
==== Free and comercial AntiVirus software ====
  *[[http://www.free-av.de/|Avira AntiVir]] - free antivirus software for Windows. The free edition does not work with Windows server editions like W2k-Server #.
    *[[http://www.avira.com/en/support-download-free-antivirus|Download Avira AntiVir Personal - Free Antivirus]].
    *The commercial "Avira AntiVir Professional" is for W2k-Server, but not for Win2003, Win2008.
    *The commercial "Avira AntiVir Server" is for W2k-Server, Win2003, Win2008.
    *The free "AntiVir Free 10.2.0.703" is the latest release for W2k -> Download [[http://www.avira.com/en/support-download-free-antivirus|Download Avira AntiVir Personal - Free Antivirus]].
    *The legacy "classical" [[http://www.oldversion.com/download-Avira-AntiVir-9.0.0.418.html|Avira AntiVir 9.0.0.418]] of 2009-12-08.
    *On Win7, "Avira AntiVir" asks to deinstall "Microsoft Security Essentials" :-(.
    *"Avira Free 14.07.306" of 2014-10-14 was still installable and runnable on Windows7 computers PIII CPUs.
    *"Avira Free 15.10.434" of 2015-05--26 just work on Windows computers with PentiumIV CPU. It crashes on my Windows7 computer with Athlon2400 CPU ( PentiumIII alike ) .
  *[[http://www.avast.com/free-antivirus-download|avast! free]] - free antivirus software for Windows. The free edition does not work with Windows server editions like W2k-Server.
  *[[http://www.avg.com/de-de/product-avg-anti-virus-free-edition|AVG Anti-Virus Free Edition]] - free antivirus software for Windows. The free edition does not work with Windows server editions like W2k-Server.
  *[[http://www.bitdefender.de/PRODUCT-14-de--bitdefender-10-free-edition.html|BitDefender Free Edition]] - free antivirus software for Windows. No resident monitoring sentinel. The free edition does not work with Windows 7 (?) and Windows server editions like W2k-Server.
  *ClamAV / Immunet.
    *The free [[http://www.clamav.net/|ClamAV]] for Linux and [[http://www.sosdg.org/clamav-win32|ClamAV/SOSDG]] for Windows. It does not provide a real-time guard :-(.
      *Blog [[http://blog.clamav.net/|ClamAV Blog]].
        *Blog article [[http://blog.clamav.net/2011/02/immunet-30-powered-by-clamav.htm|ClamAV Blog "Immunet 3.0 - Powered by ClamAV "]], 2011-02-08.
    *The free [[http://www.immunet.com/|Immunet by Sourcefire]] for Windows.
      *[[http://support.immunet.com/|Immunet by Sourcefire - Support]].
      *Blog [[http://blog.immunet.com/|Immunet Blog]].
  *Microsoft.
    *[[http://www.microsoft.com/Security_Essentials/|Microsoft Security Essentials]].
      *[[http://en.wikipedia.org/wiki/Morro_%28software%29|EN.Wikipedia "Microsoft Security Essentials"]].
    *[[http://www.microsoft.com/windows/products/winfamily/defender|Microsoft Windows Defender]].
      *[[http://en.wikipedia.org/wiki/Windows_Defender|EN.Wikipedia "Windows Defender"]].
      *[[http://support.microsoft.com/Default.aspx?kbid=915052|Microsoft Help and Support "Error message when you try to install Windows Defender on a Windows 2000-based computer: 'This software requires GDI+ Please load the Windows 2000 Security Software Prerequisite Pack'"]].
==== Free Firewall Software ====
  *[[http://www.ashampoo.com/en/eur/pin/0050/Security_Software/Ashampoo-FireWall-FREE|Ashampoo FireWall FREE]] for Windows.
  *[[http://www.privacyware.com/personal_firewall.html|PWI, Inc. / Privacyware "Privatefirewall"]] for Windows.
==== Just-Commercial, Affordable AntiVirus software ====
  *The commercial "F-PROT Antivirus" by [[http://www.f-prot.com/|F-PROTF]] works with W2k-Server, Win2003, Win2008, too.
  *[[http://www.rising-global.com/|Rising Antivirus]] - commercial antivirus software.
  *"longneckoftheoffer".
    *[[http://www.loaris.com/|Loaris]].
      *[[http://www.loaris.com/de/remove-longneckoftheoffer-stream/|Loaris "Remove longneckoftheoffer.stream pop-ups — Loaris Trojan Remover"]].
        *Example virus-loaded URL [[https://longneckoftheoffer.stream/?isp=Vodafone Germany&td=track.caretakerbard.com|https://longneckoftheoffer.stream/?isp=Vodafone Germany&td=track.caretakerbard.com]].
  *"Trenced".
    *[[http://malwaretips.com/|Malwaretips]].
      *[[http://malwaretips.com/blogs/remove-trenced-com/|Malwaretips "How to remove Trenced.com pop-up ads (Virus Removal Guide)"]].
        *[[http://www.revouninstaller.com/revo_uninstaller_free_download.html|VSRevo Group "Revo Uninstaller Freeware"]].
    *[[http://www.myantispyware.com/2018/07/23/how-to-remove-trenced-com-pop-up-ads-chrome-firefox-ie-edge/|My Anti Spyware "How to remove Trenced.com pop-up ads [Chrome, Firefox, IE, Edge]"]].
      *"Get rid of Trenced.com from Firefox by resetting web browser settings" (helpful?).

==== Resources ====
  *[[http://www.av-comparatives.org/|AV-Comparatives - Independent Tests of Anti-Virus Software]].
  *[[http://www.virustotal.com/|VirusTotal]] - "Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community".
===== Microsoft Security Technologies =====
==== General Security ====
  *[[http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/|Microsoft "Windows Server 2003 Active Directory"]] ( ADS ).
    *[[http://en.wikipedia.org/wiki/Active_Directory|EN.Wikipedia "Active Directory"]], [[http://de.wikipedia.org/wiki/Active_Directory|DE.Wikipedia "Active Directory"]].
  *[[http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/|Microsoft "Internet Security and Acceleration Server"]] ( ISA ), [[http://www.microsoft.com/forefront/threat-management-gateway/en/us/|Microsoft "Forefront Threat Management Gateway"]] ( TMG ).
    *[[http://en.wikipedia.org/wiki/Microsoft_Forefront_Threat_Management_Gateway|EN.Wikipedia "Microsoft Forefront Threat Management Gateway"]], [[http://de.wikipedia.org/wiki/Microsoft_Internet_Security_and_Acceleration_Server|DE.Wikipedia "Microsoft Internet Security and Acceleration Server"]].
  *[[http://www.microsoft.com/germany/technet/sicherheit/newsletter/nap.mspx|Microsoft TechNet "Network Access Protection (NAP)"]].
    *[[http://en.wikipedia.org/wiki/Network_Access_Protection|EN.Wikipedia "Network Access Protection"]], [[http://de.wikipedia.org/wiki/Microsoft_Windows_Server_2008|DE.Wikipedia "Microsoft Windows Server 2008"]] ( "Sicherheit / Network Access Protection" ).
==== Telemetry, Privacy ====
  *Windows 10, version 1703.
    *[[http://docs.microsoft.com/en-us/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services|Microsoft Docs "Manage connections from Windows operating system components to Microsoft services"]], 2017-07-28.
    *[[http://docs.microsoft.com/en-us/windows/configuration/configure-windows-telemetry-in-your-organization|Microsoft Docs "Configure Windows telemetry in your organization"]].
    *[[http://docs.microsoft.com/en-us/windows/configuration/windows-diagnostic-data|Microsoft Docs "Windows 10, version 1703 Diagnostic Dat"]], 2017-04-05.
  *Solutions & suggestions:
    *Implement a proxy server or a firewall in your enterprise network, with mandatory user authorisation.
    *Set these telemetry sites in the "hosts" file to 127.0.0.1, e.g. localhost :-).
      *[[http://v10.vortex-win.data.microsoft.com/|v10.vortex-win.data.microsoft.com]].
      *[[http://settings-win.data.microsoft.com/|settings-win.data.microsoft.com]].
      *[[http://watson.telemetry.microsoft.com/|watson.telemetry.microsoft.com]].
      *[[http://oca.telemetry.microsoft.com/|oca.telemetry.microsoft.com]].
      *[[http://vortex.data.microsoft.com/collect/v1/|vortex.data.microsoft.com/collect/v1]].
==== Telemetry, Privacy Resources ====
  *[[http://www.gruppenrichtlinien.de/|Gruppenrichtlinien, Mark Heitbrink]].
    *[[http://www.gruppenrichtlinien.de/artikel/gp-pack-pat-privacy-and-telemetry|Gruppenrichtlinien, Mark Heitbrink "Datenschutz: gp-pack PaT - Privacy and Telemetry"]], 2017-08-11.
===== Internet and Software Application Security =====
==== Password Recovery Tools ====
=== Free Password Recovery Tools ===
  *[[http://www.oxid.it/cain.html|oxid.it "Cain & Abel"]] for Win98, W2k, WinXP - "A password recovery tool for Microsoft Operating Systems".
  *[[http://blog.gentilkiwi.com/mimikatz|Benjamin Delpy, Blog de Gentil Kiwi "mimikatz"]], [[http://www.github.com/gentilkiwi/mimikatz|GitHub "gentilkiwi/mimikatz"]] - Reading passwords of Windows users.
    *[[http://fr.slideshare.net/gentilkiwi/|SlideShare "Benjamin Delpy"]].
    *[[http://www.offensive-security.com/metasploit-unleashed/mimikatz/|Offensive Security "Mimikatz"]].
    *[[http://pentestmonkey.net/blog/mimikatz-tool-to-recover-cleartext-passwords-from-lsass|pentestmonkey. Taking the monkey work out of pentesting "mimikatz: Tool To Recover Cleartext Passwords From Lsass"]].
  *[[http://www.crackstation.net/|CrackStation]] - "Free Password Hash Cracker".
  *[[http://www.securityxploded.com/|SecurityXploded]] - "An Infosec Research Organization offering more than 200 FREE Security/Password Recovery Tools...".

==== Free General Tools ====
  *[[http://www.metasploit.com/|Metasploit]] - "World's most used penetration testing software".
    *[[http://www.fastandeasyhacking.com/|Armitage]] for Windows and Linux -  "A scriptable red team collaboration tool for Metasploit".
    *[[http://en.wikipedia.org/wiki/Metasploit_Project|EN.Wikipedia "Metasploit Project"]], [[http://de.wikipedia.org/wiki/Metasploit|DE.Wikipedia "Metasploit"]].
  *[[http://www.github.com/PowerShellMafia/PowerSploit|GitHub "PowerShellMafia/PowerSploit"]] - "PowerSploit - A PowerShell Post-Exploitation Framework".
    *[[http://www.pentestgeek.com/penetration-testing/invoke-shellcode/|Penetest Geek "PowerSploit: The Easiest Shell You’ll Ever Get"]] - "PowerSploit  is a collection of security-related modules and functions written in PowerShell. PowerSploit is already in both BackTrack and Kali".
==== Secure Connections ====
=== Internet Protocol Security (  IPsec ) ===
  *[[http://en.wikipedia.org/wiki/IPsec|EN.Wikipedia "IPsec"]], [[http://de.wikipedia.org/wiki/IPsec|DE.Wikipedia "IPsec"]].
=== Certificates & Certificate Generation ===
  *[[http://xca.sourceforge.net/|SourceForge "XCA - X Certificate and key management"]], [[http://www.sourceforge.net/projects/xca|SourceForge "xca"]].
=== Transport Layer Security ( TLS ) / Secure Sockets Layer ( SSL ) ===
  *I was told by experts, that the [[http://www.phoenixcontact.com/online/portal/pc?urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/e7863ba5-449d-4f45-98b3-c9f5cc700145/e7863ba5-449d-4f45-98b3-c9f5cc700145|PHOENIX CONTACT "PROFICLOUD Technology"]] uses TLS  for securing the data transfer to the cloud.
  *[[http://en.wikipedia.org/wiki/Transport_Layer_Security|EN.Wikipedia "Transport Layer Security"]], [[http://de.wikipedia.org/wiki/Transport_Layer_Security|DE.Wikipedia "Transport Layer Security"]] ( TLS ) - "Seit Version 3.0 wird das SSL-Protokoll unter dem neuen Namen TLS weiterentwickelt und standardisiert, wobei Version 1.0 von TLS der Version 3.1 von SSL entspricht. Bekannte Implementierungen des Protokolls sind OpenSSL und GnuTLS".
=== VPN ===
== OpenVPN ==
  *[[http://www.openvpn.net/|OpenVPN Technologies, Inc. "OpenVPN"]].
  *[[http://en.wikipedia.org/wiki/OpenVPN|EN.Wikipedia "OpenVPN"]], [[http://de.wikipedia.org/wiki/OpenVPN|DE.Wikipedia "OpenVPN"]].
  *The OpenSource software [[http://www.openvpn.se/|OpenVPN GUI for Windows]],
== Resources ==
  *[[http://en.wikipedia.org/wiki/Virtual_Private_Network|EN.Wikipedia "Virtual Private Network"]], [[http://de.wikipedia.org/wiki/Virtual_Private_Network|DE.Wikipedia "Virtual Private Network"]]
=== Zero Trust Security ( the Successor of VPN ) ===
  *[[http://en.wikipedia.org/wiki/Zero_trust_security_model|EN.Wikipedia "Zero trust security model"]], [[http://de.wikipedia.org/wiki/Zero_Trust_Security|DE.Wikipedia "Zero Trust Security"]].

==== Top Critical Errors / Vulnerabilities ====
=== CWE - Common Weakness Enumeration ===
  *[[http://cwe.mitre.org/|CWE - Common Weakness Enumeration]] - "A Community-Developed Dictionary of Software Weakness Types".
    *[[http://cwe.mitre.org/top25/|CWE - Common Weakness Enumeration "2011 CWE/SANS Top 25 Most Dangerous Software Errors"]].
    *"Common Weakness Scoring System (CWSS)".
    *"Common Weakness Risk Analysis Framework (CWRAF)".
=== CVE - Common Vulnerabilities and Exposures ===
  *[[http://www.mitre.org/|MITRE Corporation]].
    *[[http://cve.mitre.org/|Common Vulnerabilities and Exposures ( CVE )]].
=== OWASP ===
  *[[http://www.owasp.org/|OWASP - The free and open software security community]].
    *[[http://www.owasp.org/index.php/Category:OWASP_Top_Ten_2013_Project|OWASP "Category:OWASP Top Ten 2013 Project"]].
    *[[http://www.owasp.org/index.php/Germany/Projekte/Top_10_fuer_Entwickler-2013/Inhaltsverzeichnis|OWASP "Germany/Projekte/Top 10 fuer Entwickler-2013/Inhaltsverzeichnis"]]
    *[[http://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Top_Ten_Mobile_Risks|OWASP Mobile Security Project "Top 10 Mobile Risks"]].
    *[[http://www.owasp.org/www-project-api-security/|OWASP "OWASP API Security Project"]] - "API Security Top 10 2023".
    *[[http://www.owasp.org/images/8/89/OWASP_Top_10_2007_for_JEE.pdf|OWASP "OWASP TOP 10 FOR JAVA EE. THE TEN MOST CRITICAL WEB APPLICATION SECURITY VULNERABILITIES FOR JAVA ENTERPRISE APPLICATIONS. OWASP SPRING OF CODE PROJECT 2007"]] ( PDF ).
=== SANS Institute ===
  *[[http://www.sans.org/|SANS Institute]].
    *[[http://www.sans.org/critical-security-controls/|SANS Institute "Critical Security Controls"]] - "Top 20 Critical Controls".
    *[[http://www.sans.org/top25-software-errors/|SANS Institute "CWE/SANS TOP 25 Most Dangerous Software Errors"]].
  *Troy Hunt.
    *[[http://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html|Troy Hunt "Free eBook: OWASP Top 10 for .NET developers"]] ( 2011-12 ) - Free PDF book.
    *[[http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html|Troy Hunt "OWASP Top 10 for .NET developers part 1: Injection"]] ( 2010-05 ) -> Part 1 - part 10.
    *[[http://www.slideshare.net/johnkary/scared-straight-mitigating-owasp-top-10-with-php|SlideShare "John Kary: Scared Straight: Mitigating OWASP Top 10 with PHP"]].
==== Resources ====
  *I was told by experts, that "OpenVPN" and "IPsec" are alternatives :-).
  *[[http://en.wikipedia.org/wiki/OWASP|EN.Wikipedia "OWASP"]], [[http://de.wikipedia.org/wiki/OWASP|DE.Wikipedia "OWASP"]].
===== Security For Automation =====
  *[[http://www.bsi.bund.de/|Bundesamt für Sicherheit in der Informationstechnik]].
    *[[http://www.bsi.bund.de/ContentBSI/Themen/Cyber-Sicherheit/Analysen/Statistiken/BSIa004.html|Bundesamt für Sicherheit in der Informationstechnik "Industrial Control System Security - Top 10 Bedrohungen"]].
    *[[http://www.bsi.bund.de/ICS-Security-Kompendium|Bundesamt für Sicherheit in der Informationstechnik "Industrial Control System (ICS) Security"]].
      *[[http://www.bsi.bund.de/DE/Themen/weitereThemen/ICS-Security/Empfehlungen/Empfehlungen_node.html|Bundesamt für Sicherheit in der Informationstechnik "In­dus­tri­al Con­trol Sys­tem Se­cu­ri­ty / Emp­feh­lun­gen / Allgemeine Empfehlungen"]].
        *"ICS Security Kompendium" ( PDF ) #.
        *"Umgang mit dem Ende des Supports für Windows XP" ( PDF ).
      *[[http://www.bsi.bund.de/DE/Themen/weitereThemen/ICS-Security/Empfehlungen/Hersteller/Hersteller_node.html|Bundesamt für Sicherheit in der Informationstechnik "In­dus­tri­al Con­trol Sys­tem Se­cu­ri­ty / Emp­feh­lun­gen /  Her­stel­ler und In­te­gra­to­ren / Empfehlungen für Betreiber"]].
      *"Handhabung von Schwachstellen" ( PDF ).
      *"Vulnerability Handling" ( PDF ).
      *"Anforderungen an netzwerkfähige Industriekomponenten" ( PDF ) #.
    *Event "Industrial Security" by [[http://www.siemens.de/|Siemens AG]] with speech of Holger Junker, [[http://www.bsi.bund.de/|Bundesamt für Sicherheit in der Informationstechnik]] in Bispingen, Germany ( 2014-01-16 ).
      *[[http://www.xing.com/profile/Holger_Junker|XING "Holger Junker"]].
      *[[http://de.linkedin.com/pub/holger-junker/4b/b56/5b8|LinkedIn "Holger Junker"]].
      *[[http://www.twitter.com/HolgerJunker|Twitter "Holger Junker"]].
      *[[http://www.hpi.uni-potsdam.de/meinel/lehrstuhl/symposia/2nd_soa_security_2010/vortragende/holger_junker.html|Hasso Plattner Institut "Holger Junker. SOA Security heute und morgen]].
  *ISA-99.
    *[[http://www.isa.org/MSTemplate.cfm?MicrositeID=988&CommitteeID=6821|ISA - The International Society of Automation "ISA99, Industrial Automation and Control Systems Security"]].
    *Wiki [[http://isa99.isa.org/|ISA99 Committee on Industrial Automation and Control Systems Security "ISA99 Wiki"]].
    *[[http://en.wikipedia.org/wiki/Cyber_security_standards|EN.Wikipedia "Cyber security standards"]] -> "ISA-99".
  *Siemens.
    *[[http://support.industry.siemens.com/cs/document/109475014/recommended-security-settings-for-ipcs-in-the-industrial-environment|SIEMENS AG "Recommended Security Settings for IPCs in the Industrial Environment"]],[[http://support.industry.siemens.com/cs/document/109475014/empfohlene-sicherheitseinstellungen-f%C3%BCr-ipcs-im-industrieumfeld|SIEMENS AG "Empfohlene Sicherheitseinstellungen für IPCs im Industrieumfeld"]], 2015.
    *[[http://support.industry.siemens.com/cs/document/55390879/security-guideline-for-pc-based-automation-systems-with-windows-embedded-operating-systems.|SIEMENS AG "Security guideline for PC-based automation systems with Windows embedded operating systems"]], [[http://support.industry.siemens.com/cs/document/55390879/security-leitfaden-f%C3%BCr-pc-basierte-automatisierungssysteme-mit-windows-embedded-betriebssystemen?dti=0&lc=de-DE|SIEMENS AG "Security Leitfaden für PC-basierte Automatisierungssysteme mit Windows Embedded Betriebssystemen"]], 2014.
    *[[http://support.automation.siemens.com/WW/view/de/26462131|Whitepaper "Sicherheitskonzept PCS 7 und WinCC - Basisdokument"]].
    *[[http://support.automation.siemens.com/WW/view/de/43876783|SIEMENS "SIMATIC WinCC / SIMATIC PCS 7: Information bezüglich Malware / Virus / Trojaner"]].
      *[[http://en.wikipedia.org/wiki/Stuxnet|EN.Wikipedia "Stuxnet"]], [[http://de.wikipedia.org/wiki/Stuxnet|DE.Wikipedia "Stuxnet"]].
    *[[http://www.siemens.com/industrialsecurity|SEIMENS AG "Industrial Security"]].
  *[[http://www.scadasl.org/|SCADA Strange Love]], [[http://scadastrangelove.org/|SCADA Strange Love]].
    *Blog [[http://scadastrangelove.blogspot.de/|Blogspot "SCADA Strange Love"]].
    *[[http://www.slideshare.net/qqlan/internet-connected-icsscadaplc|SlideShare "Internet connected ICS/SCADA/PLC Cheat Sheet 2013"]].
    *[[http://www.youtube.com/watch?v=2-kFllWpCGg|YouTube "repdet, sgordey: SCADA Strangelove 2. We already know"]].
    *[[http://events.ccc.de/congress/2013/Fahrplan/events/5582.html|Schedule 30C3 "lecture: SCADA StrangeLove 2. We already know"]].
    *[[http://events.ccc.de/congress/2013/wiki/Session:Hacking_SCADA:_ICS_Penetration_testing_workshop|30C3 - Self-organized Sessions "Hacking SCADA: ICS Penetration testing workshop"]].
    *Tools:
      *[[http://www.tcpdump.org/|TCPDUMP & LIBPCAP]].
      *[[http://www.wireshark.org/|Wireshark]] and  "tshark", a terminal oriented version of Wireshark.
      *[[http://en.wikipedia.org/wiki/Kali_Linux|EN.Wikipedia "Kali Linux"]], [[http://de.wikipedia.org/wiki/Kali_Linux|DE.Wikipedia "Kali Linux"]].
      *Scapy - "powerful interactive packet manipulation program".
        *[[http://www.secdev.org/|Ne dites rien, les mots sont superflus... ( SecDev.org by Phil )]].
          *[[http://www.secdev.org/projects/scapy/|SecDev.org "Scapy"]].
          *[[http://www.secdev.org/projects/scapy/doc/installation.html|SecDev.org "Scapy v2.1.1-dev documentation. Download and Installation"]].
    *[[http://www.ptsecurity.com/|Positive Technologies]] - Provider of some other tools.
===== Security Protocols and Security Frameworks ( for Software Development ) =====
  *Pascal Alich.
    *[[http://www.github.com/pascalalich/eclipse-oauth-demo|GitHub "pascalalich/eclipse-oauth-demo"]].
    *Speech " Oh Oh OAuth - Eclipse OAuth Integration" at [[http://wiki.eclipse.org/Eclipse_DemoCamps_December_2014/Hannover|Eclipse DemoCamps December 2014/Hannover]].
  *[[http://en.wikipedia.org/wiki/OAuth|EN.Wikipedia "OAuth"]], [[http://de.wikipedia.org/wiki/OAuth|DE.Wikipedia "OAuth"]].
===== Software Development =====
  *[[http://en.wikipedia.org/wiki/Return-oriented_programming|EN.Wikipedia "Return-oriented programming"]], [[http://de.wikipedia.org/wiki/Return-oriented_programming|DE.Wikipedia "Return Oriented Programming"]] ( ROP ).

===== Trusted Computing =====
  *[[http://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa|ZEIT Online "Bundesbehörden sehen Risiken beim Einsatz von Windows 8"]], 2013-08-29.
  *[[http://en.wikipedia.org/wiki/Trusted_Computing|EN.Wikipedia "Trusted Computing"]], [[http://de.wikipedia.org/wiki/Trusted_Computing|DE.Wikipedia "Trusted Computing"]].
  *[[http://en.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base|EN.Wikipedia "Next-Generation Secure Computing Base"]], [[http://de.wikipedia.org/wiki/Next-Generation_Secure_Computing_Base|DE.Wikipedia "Next-Generation Secure Computing Base"]] ( formerly: "Palladium" :-( ).
  *[[http://en.wikipedia.org/wiki/Trusted_computing_base|EN.Wikipedia "Trusted computing base"]].
  *[[http://en.wikipedia.org/wiki/Trustworthy_Computing|EN.Wikipedia "Trustworthy computing"]].
  *[[http://en.wikipedia.org/wiki/Trusted_execution_environment|EN.Wikipedia "Trusted execution environment"]], [[http://de.wikipedia.org/wiki/Trusted_Execution_Environment|DE.Wikipedia "Trusted Execution Environment"]] ( TEE ) for ARM, x86,...

===== Online Magazines =====
  *[[http://www.compliancemagazin.de/markt/|Compliance-Magazin.de - Governance, Risk & Compliance. Das GRC Portal]].
    *[[http://www.compliancemagazin.de/markt/unternehmen/tuev-rheinland301009.html|Complianc-Magazin.de - Governance, Risk & Compliance. Das GRC Portal "Zentrale Aspekte des Datenschutzes"]] - up to 50.000 EUR or 300.000 EUR monetary fine in case of accountability.
===== Literature =====
==== Books & Publications ====
=== General ===
  *Saltzer and Schroeder.
    *[[http://web.mit.edu/Saltzer/www/publications/pubs.html|MIT "Publications of Jerome H. Saltzer"]].
      *[[http://web.mit.edu/Saltzer/www/publications/protection/index.html|MIT, Jerome H. Saltzer and Michael D. Schroeder "The Protection of Information in Computer Systems"]], 1975 - "8 examples of design principles that apply particularly to protection mechanisms":
      *[[http://www.cs.virginia.edu/~evans/cs551/saltzer/|University of Virginia, Department of Computer Science CS551: Security and Privacy on the Internet, Fall 2000 - Jerome H. Saltzer and Michael D. Schroeder "The Protection of Information in Computer Systems"]].
      *Design rules:
        -Economy of mechanism: Keep the design as simple and small as possible.
        -Fail-safe defaults: Base access decisions on permission rather than exclusion.
        -Complete mediation: Every access to every object must be checked for authority.
        -Open design: The design should not be secret.
        -Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.
        -Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job.
        -Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users.
        -Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly-
        -Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker. The cost of circumventing, commonly known as the "work factor," in some cases can be easily calculated.
        -Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.
  *John Viega, Gary McGraw.
    *Book [[http://www.amazon.de/exec/obidos/ASIN/0321425235/hemmerling-21|John Viega, Gary McGraw "Building Secure Software: How to Avoid Security Problems the Right Way"]], 2006.
    *[[http://searchsecurity.techtarget.com/opinion/Thirteen-principles-to-ensure-enterprise-system-security|Gary McGraw "Thirteen principles to ensure enterprise system security"]].
      -Secure the weakest link.
      -Defend in depth.
      -Fail securely.
      -Grant least privilege.
      -Separate privileges.
      -Economize mechanism.
      -Do not share mechanisms.
      -Be reluctant to trust.
      -Assume your secrets are not safe.
      -Mediate completely.
      -Make security usable.
      -Promote privacy.
      -Use your resources.
=== Automation & Process Industry ===
  *[[http://www.hima.com/Solutions/Security/|HIMA Paul Hildebrandt GmbH "Safety and Security"]] - Download of the free PDF document "HIMA Cyber Security Manual".
==== Paper Magazines ====
  *[[http://www.automation-security.de/|a+s - zeitschrift für automation und security]].
  *[[http://www.kes.info/|<kes> - Die Zeitschrift für Informations-Sicherheit]].
===== Experts =====
  *[[http://www.datenschutzberater.de/|VON ZUR MÜHLEN'SCHE GmbH, BdSI (VZM) - datenschutzberater.de]] -> Externe Datenschutzbeauftragter ( IHK ).
===== Services =====
  *[[http://www.stopbadware.org/|StopBadware - This isn't an attack site... or is it?]].
  *[[http://www.bynamite.com/|Bynamite, Inc]] for Firefox 3.
    *[[http://www.facebook.com/bynamiteinc|Facebook "Bynamite, Inc"]] - "Find out what advertisers know about you, and change it, with Bynamite".
    *[[http://www.facebook.com/note.php?note_id=10150111336797049|Facebook "Bynamite, Inc", Note "bynamite is in hobby mode"]], 2010-12-05.
  *[[http://www.stopforumspam.com/|Stop Forum Spam]].
    *[[http://www.stopforumspam.com/add|Stop Forum Spam - Add a Spammer]].
    *[[http://www.stopforumspam.com/removal|Stop Forum Spam - Removal]].
===== Accountability in IT Business =====
  * "Cloud Computing" = "Auftragsdatenverarbeitung", according to $11 of "Bundesdatenschutzgesetz" ( BDSG ).
===== Scam =====
  *[[http://www.anti-scam.de/|Anti-Scam-Forum]], Germany - "TEILE KEINEM SCAMMER MIT, DASS SIE HIER GELISTET SIND. Die, die es tun erhalten sofort Verbannung" :-).
  *[[http://www.anti-scam-forum.net/|Anti-Scam-Forum-NL]], Germany.
  *[[http://www.dragonladies.org/|DragonLadies.org BBS]] - "A forum for the collection, and publication of information on female internet romance scammers from Asia".
  *Blog [[http://scumalert.blogspot.de/|ScumAlert]].

===== Resources =====
  *[[https://www.botfrei.de/|eco - Verband der deutschen Internetwirtschaft e.V. "Anti-Botnet-Beratungszentrum"]].
  *[[http://www.a-i3.org/|Arbeitsgruppe Identitätsschutz im Internet (a-i3)]].
  *[[http://www.bsi.de/|Bundesamt für Sicherheit in der Informationstechnik]] ( BSI ).
    *[[http://www.bsi.de/gshb/|Bundesamt für Sicherheit in der Informationstechnik "IT-Grundschutzhandbuch"]] ( IT-Baseline Protection Manual ).
    *[[http://www.bsi-fuer-buerger.de/|BSI für Bürger]].
    *[[http://bsi.bund.de/kmu/|Bundesamt für Sicherheit in der Informationstechnik "Kleine- und Mittlere Unternehmen"]].
      *[[http://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/KMU/CyberRisikoCheck/CyberRisikoCheck_node.html|Bundesamt für Sicherheit in der Informationstechnik "CyberRisikoCheck. Wirkungsvoller Schutz für kleine und Kleinstunternehmen nach DIN SPEC 27076"]].
        *[[http://www.beuth.de/de/technische-regel/din-spec-27076/365252629|Beuth Verlag "DIN SPEC 27076:2023-05"]] - Free PDF download :-).
        *I was told in 2023-11 by experts: There will be "soon" ( i.e. in 2024 ) a free web-based software service for registered companies and registered consultants, which interactively asks the questions of the norm.
  *[[http://www.computerbetrug.de/|computerbetrug.de und dialerschutz.de]].
  *Datenschutz.
    *[[http://www.datenschutz.de/|Datenschutz.de - Virtuelles Datenschutzbüro]].
    *[[http://www.baden-wuerttemberg.datenschutz.de/|Landesbeauftragte für den Datenschutz Baden-Württemberg]].
    *[[http://www.datenschutz-bayern.de/|Bayerische Landesbeauftragte für den Datenschutz]].
    *[[http://www.datenschutz-berlin.de/|Berliner Beauftragter für Datenschutz und Informationsfreiheit]].
    *[[http://www.www.lda.brandenburg.de/‎|Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg]].
    *[[http://www.datenschutz-hamburg.de/|Hamburgischer Beauftragten für Datenschutz und Informationsfreiheit (HmbBfDI)]].
    *[[http://www.datenschutz.hessen.de/|Hessischen Datenschutzbeauftragter]].
    *[[http://www.lfd.m-v.de/|Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern]].
    *[[http://www.lfd.niedersachsen.de|Landesbeauftragter für den Datenschutz Niedersachsen]].
      *[[http://www.hannover.de/Leben-in-der-Region-Hannover/Verwaltungen-Kommunen/Die-Verwaltung-der-Landeshauptstadt-Hannover/Datenschutzbeauftragter-der-Landeshauptstadt-Hannover|Datenschutzbeauftragter der Landeshauptstadt Hannover]].
    *[[http://www.ldi.nrw.de/|Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen]].
    *[[http://www.datenschutz.rlp.de/|Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz]].
    *[[http://www.lfdi.saarland.de/|Unabhängiges Datenschutzzentrum Saarland]].
    *[[http://www.saechsdsb.de/|Sächsischen Datenschutzbeauftragter]].
    *[[http://www.datenschutzzentrum.de/|Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)]].
    *[[http://www.tlfdi.de|Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit]].
  *[[http://www.sicher-im-netz.de/|Deutschland sicher im Netz e.V.]].
  *[[http://www.foebud.org/|FoeBuD e.V.]].
  *[[http://www.gnupt.de/|GnuPT - Gnu Privacy Tools]] - "Ihr Portal zur Verschluesselung mit GnuPG".
  *heise.
    *[[http://www.heise.de/newsticker/meldung/Microsoft-Schreibt-eure-Passwoerter-auf-163534.html|heise online "Microsoft: Schreibt eure Passwörter auf"]].
    *[[http://www.heise.de/ct/antivirus/|heise Security - AntiVirus]].
  *Lower Saxony.
    *[[http://www.verfassungsschutz.niedersachsen.de/|Niedersächsisches Ministerium für Inneres und Sport - Verfassungsschutz -]], "Wirtschafts- und Geheimschutz / Wirtschaftschutz" -> "MI-Abt-6-Wirtschaftsschutz".
    *[[http://www.mi.niedersachsen.de/|Niedersächsisches Ministerium für Inneres und Sport]], "Themen > Innere Sicherheit > Verfassungs- & Geheimschutz > Geheim- & Wirtschaftsschutz > Wirtschaftsschutz".
  *[[http://www.rfc-ignorant.org/|rfc-ignorant.org]] - "The clearinghouse for sites who think that the rules of the internet don't apply to them".
  *[[http://www.secupedia.info/|SecuPedia]] #.
  *[[http://www.trojaner.info/|Trojaner.Info - Die Informationsseite über Trojanische Pferde]].
  *[[http://www.trojan-horse.info/|trojan-horse.info]]  - "Trojan Horses (Trojans), Viruses, Worms, Spyware, Malware – a guide for the perplexed".
  *[[http://hoax-info.tubit.tu-berlin.de/hoax/|TU-Berlin Hoax-Info Service]].
  *[[http://www.mintywhite.com/|Windows Guides]].
      *Free "PC Security Handbook".
      *Free "PC Maintenance Handbook".
  *Wikipedia.
    *[[http://en.wikipedia.org/wiki/Common_Criteria|EN.Wikipedia "Common Criteria"]], [[http://de.wikipedia.org/wiki/Common_Criteria_for_Information_Technology_Security_Evaluation|DE.Wikipedia "Common Criteria for Information Technology Security Evaluation"]].
    *[[http://en.wikipedia.org/wiki/Cyber_security_standards|EN.Wikipedia "Cyber security standards"]].
    *[[http://en.wikipedia.org/wiki/Control_system_security|EN.Wikipedia "Control system security"]].
  *[[http://www.youtube.com/watch?v=xNskW4RVbQY|YouTube, GData "Abzocker sagen 'Bitten rufen Sie uns an' - Da sagen wir nicht nein"]] - "Microsoft Sicherheitsalarm Fehler Nummer DW 6VD36", Telephone number "032-221-098-119" browser message :-(.
  *[[http://www.zone-h.org/|Zone-H - Unrestricted information]].
===== Forums, Newsgroups, Communities =====
  *[[http://forum.avira.com/|Avira Support Forum]].
    *[[http://forum.avira.com/wbb/index.php?page=Thread&threadID=157458|Avira Support Forum "How can I stop "Luke Skywalker. Scanning the registry" prevent or schedule operation ?"]].
  *[[http://forum.emsisoft.com/|Emsi Software - e-squared Support]] ( read-only ) forum, [[http://support.emsisoft.com/|Emsi Software Support]] forum.
  *[[http://secunia.com/community/forum/|Secunia Forum]].
  *[[http://www.stopforumspam.com/|Stop Forum Spam - Forum]].
===== Appropriate OpenDirectory Directory Pages =====
  *[[http://www.dmoz.org/Computers/Security/|OpenDirectory "Top: Computers: Security"]].
  *[[http://www.dmoz.org/World/Deutsch/Computer/Sicherheit/|OpenDirectory "Top: World: Deutsch: Computer: Sicherheit"]].
  *[[http://www.dmoz.org/World/Deutsch/Computer/Internet/Missbrauch/|OpenDirectory "Top: World: Deutsch: Computer: Internet: Missbrauch"]].
{{tag>security anti-virus "anti virus" virus}}
<footnote_navi_en>