More than 75,000 unique visitors read papers in the Reading Room every month and it has become the starting point for exploration of topics ranging from SCADA to wireless security, from firewalls to intrusion detection. The SANS Reading Room features over 2,310 original computer security white papers in 86 different categories.
What technologies are being used today to secure the Data Center? Take Survey - Enter to Win a $400 Amazon Gift Card! https://www.surveymonkey.com/s/2015SANSDynamicDataCenter
Latest 25 Papers Added to the Reading Room
Integration of Network Conversation Metadata with Asset and Configuration Management Databases
by William Yeatman - May 26, 2015 in Best Practices
As an alternative the loss of access to plaintext IP payloads in an increasingly encrypted and privacy conscious world, network layer security analysis requires a shift of attention to examination and characterization of the packet and network conversation meta- information derived from packet header information. These characteristics can be incorporated into and treated as an integral part of asset and configuration management baselines. Changes detected in the expected endpoints, frequency, duration, and packet sizes can be flagged for review and subsequent response or adjustment to the baseline.
by Courtney Imbert - May 26, 2015 in Incident Handling
Over time, the list of "must-have" security appliances and services has become ever larger.
Automated Security Testing of Oracle Forms Applications
by Balint Varga-Perke - May 26, 2015 in Penetration Testing
To keep up with the increasing rate of web application attacks (Imperva, 2014) a wide variety of automated security testing tools have been developed (OWASP, 2014).
Lenovo and the Terrible, Horrible, No Good, Very Bad Week
by Shaun McCullough - May 21, 2015 in Case Studies
For one week in February of 2015, the largest personal computer manufacturer in the world had a Terrible, Horrible, No Good, Very Bad Week. Lenovos customers discovered that the company had been selling computers with pre-installed adware based software from a company called Superfish. Security researchers discovered that Superfish was not just annoying, but opened up the customers to significant vulnerabilities.
Honeytokens and honeypots for web ID and IH
by Rich Graves - May 14, 2015 in Attacking Attackers, Case Studies, Email Issues, Incident Handling
Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks.
IPv6 and Open Source IDS
by Jon Mark Allen - May 14, 2015 in Intrusion Detection, Logging Technology and Techniques, Protocols
This paper will examine the current support of IPv6 amongst three of the most popular open source intrusion detection systems: Snort, Suricata, and Bro. It will also examine support of the IPv6 protocol within the publicly available signatures and rules for each system, where applicable.
IDS File Forensics
by George Khalil - May 13, 2015 in Forensics
Attackers usually follow an attack framework in order to breach an organization's computer network infrastructure. In response, forensic analysts are tasked with identifying files, data and tools accessed during a breach.
Securing Portable Data and Applications for a Mobile Workforce
by Jaikumar Vijayan - May 13, 2015
- Associated Webcasts: Securing Portable Data and Applications on Enterprise Mobile Workspaces: A SANS Survey
- Sponsored By: Ironkey by Imation
Explore the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.
2015 State of Application Security: Closing the Gap
by Jim Bird, Eric Johnson, Frank Kim - May 12, 2015
- Associated Webcasts: 2015 Application Security Survey, Part 2: Builder Issues 2015 Application Security Survey, Part 1: Defender Issues
- Sponsored By: Qualys WhiteHat Security Hewlett Packard Veracode Waratek
Explore the current state of application security through the lens of both builders and defenders and find out how much progress has been made in securing applications over the last 12 months.
Nftables as a Second Language
by Kenton Groombridge - May 11, 2015 in Firewalls & Perimeter Protection
The iptables Linux kernel firewall has been around for a long time and many Linux users are well versed in it, but now a new player in town, nftables, is now merged into the Linux kernel source and is touted to replace iptables.
Building a Vulnerability Management Program - A project management approach
by Wylie Shanks - May 11, 2015 in Project Management
This paper examines the critical role of project management in building a successful vulnerability management program.
The Case for Visibility: SANS 2nd Annual Survey on the State of Endpoint Risk and Security
by Jacob Williams - May 5, 2015
- Associated Webcasts: Assume Compromise and Protect Your Endpoints: SANS 2nd Survey on Endpoint Security
- Sponsored By: Guidance Software
Read the results of the 2015 Endpoint Security Survey to find out whether organizations assume risk, whether their perimeter defenses protect their endpoints, how much progress we are making on automation, how long it takes to remediate each compromised endpoint, and much more.
Using Software Defined Radio to Attack "Smart Home" Systems
by Florian Eichelberger - May 1, 2015 in Threats/Vulnerabilities
The objective of this paper is to describe several plausible attacks that target "Smart-Home" systems using SDR platforms.
Protection from the Inside: Application Security Methodologies Compared
by Jacob Williams - April 27, 2015 in Application and Database Security
- Associated Webcasts: Analyst Webcast: RASP vs. WAF: Comparing Capabilities and Efficiencies
- Sponsored By: HP
A SANS Analyst Program review by Jacob Williams. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.
Is It Patched Or Is It Not?
by Jason Simsay - April 23, 2015 in Auditing & Assessment, Security Basics, Compliance, Risk Management
Patch management tools may produce conflicting results.
Building a World-Class Security Operations Center: A Roadmap
by Alissa Torres - April 15, 2015
- Sponsored By: RSA
Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.
Analyzing a Backdoor/Bot for the MIPS Platform
by Muhammad Junaid Bohio - April 13, 2015 in Malicious Code
Malware functionalities have been evolving and so are their target platforms and architectures.
XtremeRAT - When Unicode Breaks
by Harri Sylvander - April 9, 2015 in Malicious Code
XtremeRAT is a commonly abused remote administration tool that is prevalent in the Middle East; prevalent to the degree that it is not uncommon to find at least one active RAT in a network on any given incident response engagement.
Insider Threats and the Need for Fast and Directed Response
by Dr. Eric Cole - April 9, 2015 in Threats/Vulnerabilities
- Associated Webcasts: Insider Threats and the Real Financial Impact to Organizations - A SANS Survey
- Sponsored By: SpectorSoft
This paper discusses the results of the 2015 SANS Insider Threat Survey. Written by Dr. Eric Cole, it examines the operational challenges of defending against malicious or negligent insiders and reviews the financial impact of insider attacks.
The What, Where and How of Protecting Healthcare Data
by Kelli Tarala and James Tarala - April 6, 2015 in Data Loss Prevention, HIPAA
Mitigating healthcare data-loss risk by understanding the What, Where, and How of Protecting Healthcare Data.
Defense-in-Policy begets Defense-in-Depth
by Matthew Greenwell - April 3, 2015 in Management & Leadership
Defense-in-depth is a commonly cited "best practices" strategy for achieving "Information Assurance".
Denial of Service Deterrence
by Ryan Sepe - April 1, 2015 in Security Basics
Denial of service attacks have been around since 1989 and may have been incorporated even before that time.
Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud
by Michael Hoehl - April 1, 2015 in Cloud Computing
Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.
Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6
by Dave Shackleford - April 1, 2015 in Logging Technology and Techniques
- Associated Webcasts: Analyst Webcast: Simplifying Compliance and Forensic Requirements with HP ArcSight Logger
- Sponsored By: Hewlett Packard
A review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.
Practical El Jefe
by Charles Vedaa - March 31, 2015 in Best Practices
"El Jefe is a free situational awareness tool that can drastically reduce the costs for securing your enterprise by making locating and responding to advanced threats incredibly easy." (Immunity Inc., n.d.).
All papers are copyrighted. No re-posting or distribution of papers is permitted.