More than 75,000 unique visitors read papers in the Reading Room every month and it has become the starting point for exploration of topics ranging from SCADA to wireless security, from firewalls to intrusion detection. The SANS Reading Room features over 2,010 original computer security white papers in 77 different categories.
App Developers and Managers! Take the SANS 2nd AppSec Survey and Enter to Win an iPad!
Take the SANS 2014 Endpoint Protection Survey and Enter to Win an iPad!
SANS is conducting this survey to investigate the use of endpoint protections and improvements in managing/securing them and to identify additional areas that must be addressed to reduce risk and improve protection and compliance practices. Have your voice heard. Complete the survey:
Latest 25 Papers Added to the Reading Room
SOHO Remote Access VPN. Easy as Pie, Raspberry Pi... Masters
Eric Jodoin - December 5, 2013 in Home & Small Office
Free, unencrypted Wireless Access Points (WAPs) have proliferated and are now found in various locations including restaurants, libraries, schools, hotels, airports, etc.
Predicting Control Attributes With Bayesian Networks Masters
Dan Lyon - December 4, 2013 in Security Modeling
Attack trees have been used as a mechanism to formalize security analysis of a system for over a decade (Amoroso, 1994; Schneier, 1999), and have gone through various adaptations including Defense Trees, Attack Response Trees and Attack Countermeasure Trees.
Building and Maintaining a "Certifiable" Workforce Masters
Robert J. Mavretich - December 4, 2013 in Management & Leadership
When picking up a newspaper or reading an online journal, (CNN, Fox, WSJ, New York Times, etc.) it is hard to escape the unemployment statistics both domestically and internationally.
Introduction to the OWASP Mutillidae II Web Pen-Test Training Environment
Jeremy Druin - December 4, 2013 in Application and Database Security
Web application security has become increasingly important to organizations.
Tools and Standards for Cyber Threat Intelligence Projects Masters
Greg Farnham - December 4, 2013 in Information Warfare
Effective use of cyber threat intelligence (CTI) is an important tool for defending against malicious actors on the Internet.
Home Field Advantage: Employing Active Detection Techniques
Benjamin Jackson - December 4, 2013 in Attacking Attackers
In sports, the term "home field advantage" is often discussed; the home team often knows all the quirks oddities of their "home field" due to constant practice on the same field day after day.
Testing Application Identification Features of Firewalls
William McGlasson - December 4, 2013 in Firewalls & Perimeter Protection
Firewalls have evolved over the last couple decades from simple packet filters as add-ons to an operating system to the latest application-layer firewalls running their own, sometimes purpose-built operating systems.
Implementing a PC Hardware Configuration (BIOS) Baseline Masters
David Fletcher - December 4, 2013 in Security Basics
This paper provides a road map for implementation of the recommended phases identified in NIST SP 800-147, BIOS Protection Guidelines.
The Dangers of Weak Hashes
Kelly Brown - December 4, 2013 in Authentication
In June of 2012 a hacker posted more than 8 million passwords to the internet belonging to LinkedIn and eHarmony (Goodin, 2012).
Protecting applications against Clickjacking with F5 LTM
Michael Nepomnyashy - December 4, 2013 in Application and Database Security
Clickjacking is a web framing attack that uses iframes to hijack a user's web session. It is a powerful hacking technique that poses a threat to many types of web applications. The Information Security Organization of ACC Corporation decided to deploy centralized protection against clickjacking for hosted applications. The implementation of an anti-clickjacking solution can be quite challenging in a large scale hosting organization with over 70 applications that often frame each other. This paper describes a dynamic HTTP headers approach that protects hosted applications without breaking existing web framing relationship between webpages.
Setting up Splunk for Event Correlation in Your Home Lab Masters
Aron Warren - December 4, 2013 in Logging Technology and Techniques
Splunk is an ideal event correlation instrument for use in large enterprise environments down to small home laboratory networks such as those used by students. Splunk's appeal has grown over the past few years due to a number of factors: speed and amount of collectable data, a growing user base as well as new ways of exploiting its capabilities are discovered. This paper will overview a student research home network Splunk installation including Internet taps, creation and automation of queries and finally pulling multiple data sources together to track security events.
A Hands-on XML External Entity Vulnerability Training Module Masters
Carrie Roberts - December 4, 2013 in Application and Database Security
Web based attacks are on the rise, and the most exploited vulnerabilities are often not the newest (Symantec Corporation, 2013).
Comparative Risk Analysis Between GPON Optical LAN and Traditional LAN Technologies
Jason Young - November 11, 2013 in Network Devices
Gigabit Passive Optical Networks or "GPON" as promoted by vendors like Tellabs and Zhone Technologies operates quite differently from traditional Ethernet when providing LAN communications in a fiber to the desktop (FTTD) architecture (Tellabs, n.d.b).
Using Influence Strategies to Improve Security Awareness Programs
Alyssa Robinson - October 25, 2013 in Security Awareness
Many of the problems faced by information security professionals could be solved, or at least ameliorated, if people acted differently.
Talking Out Both Sides of Your Mouth: Streamlining Communication via Metaphor
Josh More - October 4, 2013 in Security Basics
Though we often agree as to what individual words mean, it is often true that complex ideas cannot be adequately described in a reasonable amount of time.
How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk? Masters
Tim Proffitt - September 19, 2013 in Intrusion Detection
Metrics are used in many facets of a person's life and can be quite beneficial to the decision making process.
Daisy Chain Authentication Masters
Courtney Imbert - September 18, 2013 in Authentication
"Daisy chain authentication", a term originally coined by Wired writer Mat Honan, is defined as an attacker using normal but alternative authentication methods to break into an account, building upon public or previously compromised data to gain access to other accounts.
Controlling Vendor Access for Small Businesses Masters
Chris Cain - September 17, 2013 in Security Policy Issues
A vendor access policy is a great way to supplement any security policy.
Securing Static Vulnerable Devices Masters
Chris Farrell - September 17, 2013 in Compliance
Static vulnerable devices (SVD) can be the bane of any security team regardless of the business size, budget or expertise.
The Security Onion Cloud Client Network Security Monitoring for the Cloud Masters
Joshua Brower - September 17, 2013 in Intrusion Detection
Network Security Monitoring (NSM) is the "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
SMS, iMessage and FaceTime security Masters
George Khalil - September 9, 2013 in PDAs and Other Mobile Devices
With the increasing mass adoption of mobile smart devices, attackers are increasingly focusing on gaining access and visibility into the data stored and transmitted via mobile devices.
Case Study: 2012 DC3 Digital Forensic Challenge Basic Malware Analysis Exercise
Kenneth Zahn - September 9, 2013 in Malicious Code
The Department of Defense (DoD) Cyber Crime Center (DC3) provides digital forensic process standardization, analysis, and investigation support to the various agencies and military commands within the US DoD (DC3, 2013).
Open Source Host Based Intrusion Detections System (OHIDS) Masters
Tom Webb - September 6, 2013 in Intrusion Prevention
Detecting and analyzing intrusion based solely on network traffic gives you an incomplete picture, especially if you are lacking full packet captures or if you have a large number of mobile users who do not always use your Internet connection.
Using DomainKeys Identified Mail (DKIM) to Protect your Email Reputation
Chris Murphy - August 22, 2013 in Intrusion Prevention
Domain Keys Identified Mail (DKIM) was developed as a successor to the DomainKeys framework originally created by Yahoo!
SSL/TLS: What's Under the Hood Masters
Sally Vandeven - August 22, 2013 in Authentication
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are both protocols used for the encryption of network data.
All papers are copyrighted. No re-posting or distribution of papers is permitted.