More than 75,000 unique visitors read papers in the Reading Room every month and it has become the starting point for exploration of topics ranging from SCADA to wireless security, from firewalls to intrusion detection. The SANS Reading Room features over 2,030 original computer security white papers in 78 different categories.
Latest 25 Papers Added to the Reading Room
Enhancing incident response through forensic, memory analysis and malware sandboxing techniques Masters
Wylie Shanks - April 17, 2014 in Incident Handling
Almost daily, there are reports of successful data breaches and new threat vectors including compromised systems or vulnerable software.
Windows ShellBags Forensics in Depth
Vincent Lo - April 17, 2014 in Forensics
Microsoft Windows records the view preferences of folders and Desktop.
Rootkit Detection with OSSEC
Sally Vandeven - April 17, 2014 in Intrusion Detection
Most malware consists of a malicious application that gets installed on a victims computer.
The Hacker Always Gets Through
TJ O'Connor - April 15, 2014 in Hackers
In early 2010, security analysts started noticing something really interesting.
Exploiting Embedded Devices
Neil Jones - April 3, 2014 in Penetration Testing
The majority of routers operate using a form of embedded Linux OS. This is an advantage to the majority of penetration testers as Linux is likely to be a familiar platform to work with; however the distributions that routers tend to run are very optimised, and as such the entire firmware for a router is generally only a few Megabytes in size.
Implementation and use of DNS RPZ in malware and phishing defence
Alex Lomas - April 3, 2014 in DNS Issues
Many organisations, large and small, have a need for outbound content filtering.
Bridging the Gantt Masters
Erik Couture - March 27, 2014 in Management & Leadership
To Project Management (PM) novices, the Gantt chart is often seen as the central tool of the project management process.
An Architecture for Implementing Enterprise Multifactor Authentication with Open Source Tools Masters
Tom Webb - March 27, 2014 in Authentication
We are all familiar with how password authentication works as we log into dozens of systems each day to check email or view bank account balance.
Framework for building a Comprehensive Enterprise Security Patch Management Program Masters
Michael Hoehl - March 27, 2014 in Threats/Vulnerabilities
The concept of a patch is pretty straight forward and broadly understood. In business terms, patching is a form of quality control and defect repair.
Understanding what Service Organizations are trying to SSAE Masters
Michael Hoehl - March 27, 2014 in Auditing & Assessment
Today, many companies are choosing to perform common business functions like Finance, Human Resources, Legal, Sales, and Procurement with the use of information systems that reside remotely at a vendor.
Free and Open Source Project Management Tools Masters
Robert Comella - March 27, 2014 in Project Management
Project management has been around for millennia. In the book of Genesis, Noah is given the Ark project (Genesis 6:11-21, New International Version).
Rapid Triage: Automated System Intrusion Discovery with Python Masters
Trenton Bond - March 27, 2014 in Tools
There are six major incident handling phases typically used to manage information security incidents: preparation, identification, containment, eradication, recovery, and lessons learned.
How to Win Friends and Remediate Vulnerabilities Masters
Chad Butler - March 27, 2014 in Application and Database Security
In today's era of rapid release development projects, finding vulnerabilities is not difficult.
Building and Managing a PKI Solution for Small and Medium Size Business Masters
Wylie Shanks - March 27, 2014 in Digital Certificates
The use of Public Key Infrastructure (PKI) can be an effective way to meet business, regulatory, and compliance requirements.
SOHO Remote Access VPN. Easy as Pie, Raspberry Pi... Masters
Eric Jodoin - March 25, 2014 in Home & Small Office
Free, unencrypted Wireless Access Points (WAPs) have proliferated and are now found in various locations including restaurants, libraries, schools, hotels, airports, etc.
Inside Mac Security
Ben Knowles - March 19, 2014 in System Administration
Apple, Inc.'s OS X family is both the result of decades of operating system development and a collection of systems and features from many other systems combined with many unique ideas and implementations.
Implementing IEEE 802.1x for Wired Networks
Johan Loos - March 14, 2014 in Authentication
Most companies do not have an extra of security layer in place when client computers are connecting to a wired network.
Simulating Cyber Operations: A Cyber Security Training Framework
Bryan K. Fite - March 10, 2014 in Best Practices
The current shortage (Finkle & Randewich, 2012) of trained and experienced Cyber Operations Specialist coupled with the increasing threat (Sophos, 2013) posed by targeted attacks (Verizon, 2013) suggest more effective training methods must be considered.
Repurposing Network Tools to Inspect File Systems
Andre Thibault - February 27, 2014 in Forensics
Digital forensics can be a laborious and multi-step process. Some of the initial steps in digital forensics include: Data Reduction, Anti-Virus checks, and an Indicator of Compromise (IOC) search.
Integrating Wired and Wireless IDS Data
Michael D. Stanton - February 11, 2014 in Intrusion Detection
According to Gartner, smart phones and other mobile computing devices are rapidly replacing personal computers.
Using the Department of Defense Architecture Framework to Develop Security Requirements
James E. A. Richards - February 10, 2014 in Best Practices
Integrated architectures embody the discernable parts of a system and their relationships with each other in a single, normalized data repository.
Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessment
Susanne Young - January 31, 2014 in Best Practices
All businesses, no matter what their goals, depend on a network of contacts to survive and grow.
An Early Malware Detection, Correlation, and Incident Response System with Case Studies
Yaser Mansour - January 20, 2014 in Intrusion Detection
"The complexity of software is an essential property, not an accidental one" (Brooks, 1987).
An Approach to Detect Malware Call-Home Activities
Tyler (Tianqiang) Cui - January 17, 2014 in Intrusion Detection
In the internal network of a large organization, there may be a number of security measures or products in place, such as anti-virus, security patch management, Intrusion Prevention Systems (IPS), Firewalls, etc., and there is still some malware that goes undetected.
Active Security Or: How I learned to stop worrying and use IPS with Incident handling
Doug Brown - January 14, 2014 in Incident Handling
Beyond the obvious nomenclature for viruses and worms, several lessons can also be gleaned from the world of epidemiology and applied to information security.
All papers are copyrighted. No re-posting or distribution of papers is permitted.