More than 75,000 unique visitors read papers in the Reading Room every month and it has become the starting point for exploration of topics ranging from SCADA to wireless security, from firewalls to intrusion detection. The SANS Reading Room features over 2,330 original computer security white papers in 88 different categories.
Do You Trust the CLOUD for Your Sensitive Info? Take Survey and Enter to Win a $400 Amazon Gift Card! https://www.surveymonkey.com/s/2015SANSCloudSurvey
Latest 25 Papers Added to the Reading Room
Securing Single Points of Compromise (SPoC)
by David Belangia - June 30, 2015 in Best Practices
Securing the Single Points of Compromise that provide central services to the institutions environment is paramount to success when trying to protect the business. (Fisk, 2014) Time Based Security mandates protection (erecting and ensuring effective controls) that last longer than the time to detect and react to a compromise. When enterprise protections fail, providing additional layered controls for these central services provides more time to detect and react. While guidance is readily available for securing the individual critical asset, protecting these assets as a group is not often discussed. Using best business practices to protect these resources as individual assets while leveraging holistic defenses for the group increases the opportunity to maximize protection time, allowing detection and reaction time for the SPoCs that is commensurate with the inherent risk of these centralized services
Tactical Data Diodes in Industrial Automation and Control Systems
by Austin Scott - June 30, 2015 in Firewalls & Perimeter Protection
In recent years, there has been an increased interest in the use of Data Diodes (also known as unidirectional gateways) within Industrial Automation and Control System (IACS) networks. As a result, there has been a substantial amount of confusion around where and how best to use this effective barrier technology. Although not a direct replacement for Firewalls, Data Diodes are well suited for specific tasks within IACS networks such as data replication, system state monitoring, remote backup management and patch management. This paper demystifies the use of Data Diodes within the IACS domain by detailing the process and challenges of building a simple Data Diode and applying it an IACS network.
BYOD: Do You Know Where Your Backups Are Stored?
by Marsha Miller - June 30, 2015 in Mobile Security
Ever striving to reduce costs, companies in increasing numbers are testing Bring Your Own Device (BYOD) as a mobile solution. Although security has become a hot topic, ensuring the protection of confidential information during synchronization of a mobile device to a personal storage location may be overlooked. This paper will touch on elements of how and where data is stored on a mobile Apple and Android device, the default backup solutions, a few legal aspects to consider, and some security solutions offered by AirWatch and Good.
Accessing the inaccessible: Incident investigation in a world of embedded devices
by Eric Jodoin - June 24, 2015 in Internet of Things
There are currently an estimated 4.9 billion embedded systems distributed worldwide. By 2020, that number is expected to have grown to 25 billion. Embedded systems can be found virtually everywhere, ranging from consumer products such as Smart TVs, Blu-ray players, fridges, thermostats, smart phones, and many more household devices. They are also ubiquitous in businesses where they are found in alarm systems, climate control systems, and most networking equipment such as routers, managed switches, IP cameras, multi-function printers, etc. Unfortunately, recent events have taught us these devices can also be vulnerable to malware and hackers. Therefore, it is highly likely that one of these devices may become a key source of evidence in an incident investigation. This paper introduces the reader to embedded systems technology. Using a Blu-ray player embedded system as an example; it demonstrates the process to connect to and then access data through the serial console to collect evidence from an embedded system non-volatile memory.
The State of Security in Control Systems Today
by Derek Harp and Bengt Gregory-Brown - June 24, 2015
- Associated Webcasts: The State of Security in Control Systems Today: A SANS Survey Webcast
- Sponsored By: Tenable Network Security SurfWatch Labs
By reading this report, ICS professionals will gain insight into the challenges facing peers, as well the approaches being employed to reduce the risk of cyberattack.
Six Steps to Stronger Security for SMBs
by Eric Cole, PhD - June 23, 2015 in Security Awareness
An Analyst Program whitepaper by Dr. Eric Cole. It describes a six-step approach that small and medium-size businesses can use as a template for enhancing their overall security posture.
Security Spending and Preparedness in the Financial Sector: A SANS Survey
by Jaikumar Vijayan - June 23, 2015
- Associated Webcasts: SANS 2nd Financial Sector Security Survey
- Sponsored By: Arbor Networks LogRhythm VSS Monitoring, Inc. AlienVault
Financial services organizations are being breached too often. Find out how the threat landscape and the tools to secure data are changing in the 2015 SANS Financial Services Survey.
eAUDIT: Designing a generic tool to review entitlements
by Francois Begin - June 22, 2015 in Information Assurance, Auditing & Assessment, Best Practices, Case Studies, Compliance, HIPAA, Legal Issues, Security Policy Issues, Risk Management, Standards, System Administration, Tools
In a perfect world, identity and access management would be handled in a fully automated way.
Case Study: Critical Controls that Sony Should Have Implemented
by Gabriel Sanchez - June 22, 2015 in Case Studies
What would soon characterize one of the worst hacks in recent history began when screenwriter Evan Goldberg and actor Seth Rogen joked about making a comedy about assassinating the leader of North Korea, Kim Jong-un.
Enabling Big Data by Removing Security and Compliance Barriers
by Barbara Filkins - June 17, 2015
- Associated Webcasts: Big Data: Identifying Major Threats and Removing Security and Compliance Barriers
- Sponsored By: Cloudera
The rewards that big data can bring are widely recognized: scientific insight, competitive intelligence and improved fraud detection, as well as the benefits derived from sophisticated analyses of vast sets of transactional and behavioral data.
Using windows crash dumps for remote incident identification
by Zong Fu Chua - June 16, 2015 in Forensics
With the proliferation of defense mechanisms built into Windows Operating System,, such as ASLR, DEP, and SEHOP, it is getting more difficult for malware to successfully exploit it.
Conquering Network Security Challenges in Distributed Enterprises
by John Pescatore - June 11, 2015
- Associated Webcasts: Conquering Network Security Challenges in Distributed Enterprises
- Sponsored By: Palo Alto Networks
Enterprises continue to have difficulties detecting, blocking and responding to threats.
The Perfect ICS Storm
by Glenn Aydell - June 8, 2015 in Industrial Control Systems, Internet of Things
As manufacturing Industrial Control System (ICS) architectural designs have evolved from isolated and proprietary systems with physical separation to a layered architecture using more standard IT components to the latest trend of Industrial Internet of Things (IIoT); so too have the challenges associated with securing these environments.
Applying Lessons Learned for the Next Generation Vulnerability Management System
by John Dittmer - June 8, 2015 in Threats/Vulnerabilities
The objective of this paper is to recommendations for improving a vulnerability management system in development.
New Critical Security Controls Guidelines for SSL/TLS Management
by Barbara Filkins - June 4, 2015
- Associated Webcasts: Meeting New CSC Guidelines for SSL Certificate Management
- Sponsored By: Venafi, Inc
Security flaws like Heartbleed, POODLE, BEAST and a series of high-profile certificate thefts and misappropriations have shaken public confidence in "secure" SSL/TLS certificates. It is possible for organizations to safeguard themselves and retain most of the benefits of using the web's most common authentication system, however, as long as they're rigorous about setting and enforcing the right policies on who do trust among many questionable nodes in the global network of trust.
Practical Attack Detection, Analysis, and Response using Big Data, Semantics, and Kill Chains within the OODA Loop
by Brian Nafziger - June 3, 2015 in Information Warfare
The traditional approach to using toolsets is to treat them as independent entities detect an event on a device with one tool, analyze the event and device with a second tool, and finally respond against the device with a third tool. The independent detection, analysis, and response processes are traditionally static, slow, and disjointed.
Improving Detection, Prevention and Response with Security Maturity Modeling
by Byron Acohido - May 29, 2015 in Security Modeling
- Associated Webcasts: The Value of Adopting and Improving Security Maturity Models
- Sponsored By: HP
An Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.
Integration of Network Conversation Metadata with Asset and Configuration Management Databases
by William Yeatman - May 26, 2015 in Best Practices
As an alternative the loss of access to plaintext IP payloads in an increasingly encrypted and privacy conscious world, network layer security analysis requires a shift of attention to examination and characterization of the packet and network conversation meta- information derived from packet header information. These characteristics can be incorporated into and treated as an integral part of asset and configuration management baselines. Changes detected in the expected endpoints, frequency, duration, and packet sizes can be flagged for review and subsequent response or adjustment to the baseline.
by Courtney Imbert - May 26, 2015 in Incident Handling
Over time, the list of "must-have" security appliances and services has become ever larger.
Automated Security Testing of Oracle Forms Applications
by Balint Varga-Perke - May 26, 2015 in Penetration Testing
To keep up with the increasing rate of web application attacks (Imperva, 2014) a wide variety of automated security testing tools have been developed (OWASP, 2014).
Lenovo and the Terrible, Horrible, No Good, Very Bad Week
by Shaun McCullough - May 21, 2015 in Case Studies
For one week in February of 2015, the largest personal computer manufacturer in the world had a Terrible, Horrible, No Good, Very Bad Week. Lenovos customers discovered that the company had been selling computers with pre-installed adware based software from a company called Superfish. Security researchers discovered that Superfish was not just annoying, but opened up the customers to significant vulnerabilities.
Honeytokens and honeypots for web ID and IH
by Rich Graves - May 14, 2015 in Attacking Attackers, Case Studies, Email Issues, Incident Handling
Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks.
IPv6 and Open Source IDS
by Jon Mark Allen - May 14, 2015 in Intrusion Detection, Logging Technology and Techniques, Protocols
This paper will examine the current support of IPv6 amongst three of the most popular open source intrusion detection systems: Snort, Suricata, and Bro. It will also examine support of the IPv6 protocol within the publicly available signatures and rules for each system, where applicable.
IDS File Forensics
by George Khalil - May 13, 2015 in Forensics
Attackers usually follow an attack framework in order to breach an organization's computer network infrastructure. In response, forensic analysts are tasked with identifying files, data and tools accessed during a breach.
Securing Portable Data and Applications for a Mobile Workforce
by Jaikumar Vijayan - May 13, 2015
- Associated Webcasts: Securing Portable Data and Applications on Enterprise Mobile Workspaces: A SANS Survey
- Sponsored By: Ironkey by Imation
Explore the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.
All papers are copyrighted. No re-posting or distribution of papers is permitted.