It's hard to stay up to date, because technologies and approaches for firewalls and other Internet security mechanisms change so rapidly. You'll find these mailing lists helpful in keeping informed.
The Firewalls mailing list, which is hosted by Great Circle Associates, is the primary forum for folks on the Internet who want to discuss the design, construction, operation, maintenance, and philosophy of Internet firewall security systems. Send a message to [email protected] with "subscribe firewalls" in the body of the message to subscribe to the list.
The Firewalls mailing list is fairly high-volume (sometimes as many as 100 messages per day, though usually more like 10 to 20 per day). To accommodate subscribers who don't want their mailboxes flooded with lots of separate messages from Firewalls, there is also a Firewalls-Digest mailing list available. Subscribers to Firewalls-Digest receive daily (more frequent on busy days) digests of messages sent to Firewalls, rather than each message individually. Firewalls-Digest subscribers get all the same messages as Firewalls subscribers; that is, Firewalls-Digest is not moderated, just distributed in digest form.
Mail to ftp.greatcircle.com for archives of the Firewalls mailing list.
There is also a WWW-browsable archive for Firewalls currently under construction; it should be available by the time this book hits the shelves:
Finally, there is also a WAIS server available for searching past messages. The server is on host wais.greatcircle.com; the database name is "firewalls-digest".
The FWALL-Users mailing list is for discussions of problems, solutions, and so on among users of the TIS Internet Firewall Toolkit (FWTK). Send email to [email protected] to subscribe to this list.
The Academic-Firewalls mailing list is for people interested in discussing firewalls in the academic environment. This mailing list is sponsored by Texas A&M University. To subscribe, send "subscribe academic-firewalls" in the body of a message to [email protected]. Mail to net.tamu.edu for archives.
This list is for detailed discussion of UNIX security holes: what they are, how to exploit them, and what to do to fix them. This list is not intended to be about cracking systems or exploiting their vunerabilities. It is about defining, recognizing, and preventing use of security holes and risks.
Send "subscribe bugtraq" in the body of a message to [email protected] to subscribe to this list.
New CERT-CC advisories of security fixes for Internet systems are posted to this list. Send to [email protected] for subscription requests.
Archived past advisories are available from info.cert.org via anonymous FTP.
RISKS is officially known as the ACM Forum on Risks to the Public in the Use of Computers and Related Systems. It's a moderated forum for discussion of risks to society from computers and computerization. Send email subscription requests to RISKS[email protected]. Back issues are available from crvax.sri.com via anonymous FTP.
RISKS is also distributed as the comp.risks Usenet newsgroup.
The WWW-Security mailing list is for the discussion of the security aspects of WWW servers and clients. Send "subscribe www-security" in the body of a message to [email protected] to subscribe to this list.