SANS Information Security Reading Roomhttp://www.sans.org/reading-room/Last 25 Computer Security Papers added to the Reading RoomKohanaPHPImproving Detection, Prevention and Response with Security Maturity Modelinghttps://www.sans.org/reading-room/whitepapers/analyst/improving-detection-prevention-response-security-maturity-modeling-35985An Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.Fri, 29 May 2015 00:00:00 +0000Integration of Network Conversation Metadata with Asset and Configuration Management Databaseshttps://www.sans.org/reading-room/whitepapers/bestprac/integration-network-conversation-metadata-asset-configuration-management-databases-35980As an alternative the loss of access to plaintext IP payloads in an increasingly encrypted and privacy conscious world, network layer security analysis requires a shift of attention to examination and characterization of the packet and network conversation meta- information derived from packet header information. These characteristics can be incorporated into and treated as an integral part of asset and configuration management baselines. Changes detected in the expected endpoints, frequency, duration, and packet sizes can be flagged for review and subsequent response or adjustment to the baseline.Tue, 26 May 2015 00:00:00 +0000Knitting SOCshttps://www.sans.org/reading-room/whitepapers/incident/knitting-socs-35975Over time, the list of "must-have" security appliances and services has become ever larger. Tue, 26 May 2015 00:00:00 +0000Automated Security Testing of Oracle Forms Applicationshttps://www.sans.org/reading-room/whitepapers/testing/automated-security-testing-oracle-forms-applications-35970To keep up with the increasing rate of web application attacks (Imperva, 2014) a wide variety of automated security testing tools have been developed (OWASP, 2014). Tue, 26 May 2015 00:00:00 +0000Lenovo and the Terrible, Horrible, No Good, Very Bad Weekhttps://www.sans.org/reading-room/whitepapers/casestudies/lenovo-terrible-horrible-good-bad-week-35965For one week in February of 2015, the largest personal computer manufacturer in the world had a “Terrible, Horrible, No Good, Very Bad Week.” Lenovo’s customers discovered that the company had been selling computers with pre-installed adware based software from a company called Superfish. Security researchers discovered that Superfish was not just annoying, but opened up the customers to significant vulnerabilities.Thu, 21 May 2015 00:00:00 +0000Honeytokens and honeypots for web ID and IHhttps://www.sans.org/reading-room/whitepapers/casestudies/honeytokens-honeypots-web-id-ih-35962Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks. Thu, 14 May 2015 00:00:00 +0000IPv6 and Open Source IDShttps://www.sans.org/reading-room/whitepapers/protocols/ipv6-open-source-ids-35957This paper will examine the current support of IPv6 amongst three of the most popular open source intrusion detection systems: Snort, Suricata, and Bro. It will also examine support of the IPv6 protocol within the publicly available signatures and rules for each system, where applicable. Thu, 14 May 2015 00:00:00 +0000IDS File Forensicshttps://www.sans.org/reading-room/whitepapers/forensics/ids-file-forensics-35952Attackers usually follow an attack framework in order to breach an organization's computer network infrastructure. In response, forensic analysts are tasked with identifying files, data and tools accessed during a breach.Wed, 13 May 2015 00:00:00 +0000Securing Portable Data and Applications for a Mobile Workforcehttps://www.sans.org/reading-room/whitepapers/analyst/securing-portable-data-applications-mobile-workforce-35947Explore the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.Wed, 13 May 2015 00:00:00 +00002015 State of Application Security: Closing the Gaphttps://www.sans.org/reading-room/whitepapers/analyst/2015-state-application-security-closing-gap-35942Explore the current state of application security through the lens of both builders and defenders and find out how much progress has been made in securing applications over the last 12 months.Tue, 12 May 2015 00:00:00 +0000Nftables as a Second Languagehttps://www.sans.org/reading-room/whitepapers/firewalls/nftables-second-language-35937The iptables Linux kernel firewall has been around for a long time and many Linux users are well versed in it, but now a new player in town, nftables, is now merged into the Linux kernel source and is touted to replace iptables. Mon, 11 May 2015 00:00:00 +0000Building a Vulnerability Management Program - A project management approachhttps://www.sans.org/reading-room/whitepapers/projectmanagement/building-vulnerability-management-program-project-management-approach-35932This paper examines the critical role of project management in building a successful vulnerability management program.Mon, 11 May 2015 00:00:00 +0000The Case for Visibility: SANS 2nd Annual Survey on the State of Endpoint Risk and Securityhttps://www.sans.org/reading-room/whitepapers/analyst/case-visibility-2nd-annual-survey-state-endpoint-risk-security-35927Read the results of the 2015 Endpoint Security Survey to find out whether organizations assume risk, whether their perimeter defenses protect their endpoints, how much progress we are making on automation, how long it takes to remediate each compromised endpoint, and much more.Tue, 05 May 2015 00:00:00 +0000Using Software Defined Radio to Attack "Smart Home" Systemshttps://www.sans.org/reading-room/whitepapers/threats/software-defined-radio-attack-smart-home-systems-35922The objective of this paper is to describe several plausible attacks that target "Smart-Home" systems using SDR platforms. Fri, 01 May 2015 00:00:00 +0000Protection from the Inside: Application Security Methodologies Comparedhttps://www.sans.org/reading-room/whitepapers/analyst/protection-inside-application-security-methodologies-compared-35917A SANS Analyst Program review by Jacob Williams. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.Mon, 27 Apr 2015 00:00:00 +0000Is It Patched Or Is It Not?https://www.sans.org/reading-room/whitepapers/auditing/patched-not-35912Patch management tools may produce conflicting results.Thu, 23 Apr 2015 00:00:00 +0000Building a World-Class Security Operations Center: A Roadmaphttps://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations-center-roadmap-35907Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Wed, 15 Apr 2015 00:00:00 +0000Analyzing a Backdoor/Bot for the MIPS Platformhttps://www.sans.org/reading-room/whitepapers/malicious/analyzing-backdoor-bot-mips-platform-35902Malware functionalities have been evolving and so are their target platforms and architectures. Mon, 13 Apr 2015 00:00:00 +0000XtremeRAT - When Unicode Breakshttps://www.sans.org/reading-room/whitepapers/malicious/xtremerat-unicode-breaks-35897XtremeRAT is a commonly abused remote administration tool that is prevalent in the Middle East; prevalent to the degree that it is not uncommon to find at least one active RAT in a network on any given incident response engagement.Thu, 09 Apr 2015 00:00:00 +0000Insider Threats and the Need for Fast and Directed Responsehttps://www.sans.org/reading-room/whitepapers/threats/insider-threats-fast-directed-response-35892This paper discusses the results of the 2015 SANS Insider Threat Survey. Written by Dr. Eric Cole, it examines the operational challenges of defending against malicious or negligent insiders and reviews the financial impact of insider attacks.Thu, 09 Apr 2015 00:00:00 +0000The What, Where and How of Protecting Healthcare Datahttps://www.sans.org/reading-room/whitepapers/hipaa/what-protecting-healthcare-data-35887Mitigating healthcare data-loss risk by understanding the What, Where, and How of Protecting Healthcare Data.Mon, 06 Apr 2015 00:00:00 +0000Defense-in-Policy begets Defense-in-Depthhttps://www.sans.org/reading-room/whitepapers/leadership/defense-in-policy-begets-defense-in-depth-35882Defense-in-depth is a commonly cited "best practices" strategy for achieving "Information Assurance". Fri, 03 Apr 2015 00:00:00 +0000Denial of Service Deterrencehttps://www.sans.org/reading-room/whitepapers/basics/denial-service-deterrence-35877Denial of service attacks have been around since 1989 and may have been incorporated even before that time.Wed, 01 Apr 2015 00:00:00 +0000Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloudhttps://www.sans.org/reading-room/whitepapers/cloud/proposal-standard-cloud-computing-security-slas-key-metrics-safeguarding-confidential-dat-35872Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.Wed, 01 Apr 2015 00:00:00 +0000Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6https://www.sans.org/reading-room/whitepapers/analyst/improving-effectiveness-log-analysis-hp-arcsight-logger-6-35867A review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.Wed, 01 Apr 2015 00:00:00 +0000