More than 75,000 unique visitors read papers in the Reading Room every month and it has become the starting point for exploration of topics ranging from SCADA to wireless security, from firewalls to intrusion detection. The SANS Reading Room features over 2,020 original computer security white papers in 78 different categories.
Latest 25 Papers Added to the Reading Room
Repurposing Network Tools to Inspect File Systems
Andre Thibault - February 27, 2014 in Forensics
Digital forensics can be a laborious and multi-step process. Some of the initial steps in digital forensics include: Data Reduction, Anti-Virus checks, and an Indicator of Compromise (IOC) search.
Rapid Triage: Automated System Intrusion Discovery with Python
Trenton Bond - February 21, 2014 in Tools
There are six major incident handling phases typically used to manage information security incidents: preparation, identification, containment, eradication, recovery, and lessons learned.
Simulating Cyber Operations: A Cyber Security Training Framework
Bryan K. Fite - February 21, 2014 in Best Practices
The current shortage (Finkle & Randewich, 2012) of trained and experienced Cyber Operations Specialist coupled with the increasing threat (Sophos, 2013) posed by targeted attacks (Verizon, 2013) suggest more effective training methods must be considered.
Integrating Wired and Wireless IDS Data
Michael D. Stanton - February 11, 2014 in Intrusion Detection
According to Gartner, smart phones and other mobile computing devices are rapidly replacing personal computers.
Using the Department of Defense Architecture Framework to Develop Security Requirements
James E. A. Richards - February 10, 2014 in Best Practices
Integrated architectures embody the discernable parts of a system and their relationships with each other in a single, normalized data repository.
Free and Open Source Project Management Tools
Robert Comella - February 4, 2014 in Project Management
Project management has been around for millennia. In the book of Genesis, Noah is given the Ark project (Genesis 6:11-21, New International Version).
Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessment
Susanne Young - January 31, 2014 in Best Practices
All businesses, no matter what their goals, depend on a network of contacts to survive and grow.
An Early Malware Detection, Correlation, and Incident Response System with Case Studies
Yaser Mansour - January 20, 2014 in Intrusion Detection
"The complexity of software is an essential property, not an accidental one" (Brooks, 1987).
An Approach to Detect Malware Call-Home Activities
Tyler (Tianqiang) Cui - January 17, 2014 in Intrusion Detection
In the internal network of a large organization, there may be a number of security measures or products in place, such as anti-virus, security patch management, Intrusion Prevention Systems (IPS), Firewalls, etc., and there is still some malware that goes undetected.
Understanding what Service Organizations are trying to SSAE
Michael Hoehl - January 14, 2014 in Auditing & Assessment
Today, many companies are choosing to perform common business functions like Finance, Human Resources, Legal, Sales, and Procurement with the use of information systems that reside remotely at a vendor.
Active Security Or: How I learned to stop worrying and use IPS with Incident handling
Doug Brown - January 14, 2014 in Incident Handling
Beyond the obvious nomenclature for viruses and worms, several lessons can also be gleaned from the world of epidemiology and applied to information security.
Review of Windows 7 as a Malware Analysis Environment
Adam Kramer - January 14, 2014 in Forensics
The SANS course "FOR610: Reverse Engineering of Malware" is designed using Windows XP as the malware analysis environment (SANS Institute, 2013).
Framework for building a Comprehensive Enterprise Security Patch Management Program
Michael Hoehl - January 2, 2014 in Threats/Vulnerabilities
The concept of a patch is pretty straight forward and broadly understood. In business terms, patching is a form of quality control and defect repair.
HTTP header heuristics for malware detection
Tobias Lewis - January 2, 2014 in Intrusion Detection
Signature based detection is one of the most fundamental techniques for identifying malicious activity on your network.
An Architecture for Implementing Enterprise Multifactor Authentication with Open Source Tools
Tom Webb - January 2, 2014 in Authentication
We are all familiar with how password authentication works as we log into dozens of systems each day to check email or view bank account balance.
Bridging the Gantt
Erik Couture - December 23, 2013 in Management & Leadership
To Project Management (PM) novices, the Gantt chart is often seen as the central tool of the project management process.
Building and Managing a PKI Solution for Small and Medium Size Business
Wylie Shanks - December 23, 2013 in Digital Certificates
The use of Public Key Infrastructure (PKI) can be an effective way to meet business, regulatory, and compliance requirements.
Scott Christie - December 16, 2013 in Incident Handling
Wardriving requires a computer system with the proper tools installed and a Wi-Fi receiver. Locating Wi-Fi access points has evolved from lugging large computers around in cars, to wardriving apps on smartphones such as WiGLE Wi-Fi Service for Android devices (WiGLE, 2013).
Getting Started with the Internet Storm Center Webhoneypot Masters
Mason Pokladnik - December 13, 2013 in Getting Started/InfoSec
The DShield/Internet Storm Center (ISC) Webhoneypot is a new project from DShield--a distributed intrusion detection system--that extends its logging capabilities from layer 3 and 4 network traffic further up the OSI layers to help study application layer attacks.
SOHO Remote Access VPN. Easy as Pie, Raspberry Pi... Masters
Eric Jodoin - December 5, 2013 in Home & Small Office
Free, unencrypted Wireless Access Points (WAPs) have proliferated and are now found in various locations including restaurants, libraries, schools, hotels, airports, etc.
Predicting Control Attributes With Bayesian Networks Masters
Dan Lyon - December 4, 2013 in Security Modeling
Attack trees have been used as a mechanism to formalize security analysis of a system for over a decade (Amoroso, 1994; Schneier, 1999), and have gone through various adaptations including Defense Trees, Attack Response Trees and Attack Countermeasure Trees.
Building and Maintaining a "Certifiable" Workforce Masters
Robert J. Mavretich - December 4, 2013 in Management & Leadership
When picking up a newspaper or reading an online journal, (CNN, Fox, WSJ, New York Times, etc.) it is hard to escape the unemployment statistics both domestically and internationally.
Introduction to the OWASP Mutillidae II Web Pen-Test Training Environment
Jeremy Druin - December 4, 2013 in Application and Database Security
Web application security has become increasingly important to organizations.
Tools and Standards for Cyber Threat Intelligence Projects Masters
Greg Farnham - December 4, 2013 in Information Warfare
Effective use of cyber threat intelligence (CTI) is an important tool for defending against malicious actors on the Internet.
Home Field Advantage: Employing Active Detection Techniques
Benjamin Jackson - December 4, 2013 in Attacking Attackers
In sports, the term "home field advantage" is often discussed; the home team often knows all the quirks oddities of their "home field" due to constant practice on the same field day after day.
All papers are copyrighted. No re-posting or distribution of papers is permitted.