SANS Information Security Reading Room 25 Computer Security Papers added to the Reading RoomKohanaPHPSecuring Personal and Mobile Device Use with Next-Gen Network Access Controls updated SANS Analyst Program whitepaper. It covers the essentials of applying NAC to secure guest networking, as well as leveraging NAC for BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device) situations and ensuring endpoint compliance with network policy.Mon, 24 Nov 2014 00:00:00 +0000Cyberspace: America's New Battleground 2010, Nick Percoco, head of the cyber security team at IT security service provider TrustWave Holdings Inc., was called out to the headquarters of a leading U.S. defense contractor to investigate some anomalies (Taylor, 2011). The anomalies seemed innocent at first. A few employees had reported peculiar behavior by their PCs when they clicked on an innocuous-looking email attachment they had received. Thu, 20 Nov 2014 00:00:00 +0000Agile defensive perimiters: forming the security test regression pack common approach is that software delivery is realized through a set of sequential deliverables in a phased and systematic manner. The software process model of the IEEE attempts to bring order to the delivery process by identifying a set of universal artefacts and activities in software construction (Gustafson, Melton, Chen, Baker, & Bieman, 1988). Thu, 20 Nov 2014 00:00:00 +0000Point of Sale Systems and Security: Executive Summary last year has seen scores of point of sale (POS) systems compromised by bad actors. In many cases, these environments were PCI-DSS compliant at the time of compromise. Executives seeking to protect their organizations and POS systems from compromise need to look beyond PCI-DSS and adopt a proactive “offense must inform defense” approach to POS security.Thu, 20 Nov 2014 00:00:00 +0000Implementing a Shibboleth SSO Infrastructure authentication and authorization across organizational boundaries is a hard problem. Consider an academic publisher that wishes to make scientific journals available to currently enrolled students, but not staff, faculty, or alumni, at universities that have paid a site license fee. Students could register with a site-specific username and password - though such credentials are likely to be shared or forgotten, diminishing security and increasing user frustration and support burden. Mon, 17 Nov 2014 00:00:00 +0000Rate my nuke: Bringing the nuclear power plant control room to iPad Control Systems monitor and control industrial processes that exist in the physical world and by design, are isolated from public networks. However, the prevailing use case, connectivity, and integration of mobile devices in the workplace has impacted the industrial environment. These isolated control system networks are now under pressure due to market demand to become Internet-accessible. Therefore, a security architecture for mobile device usage in th industrial environment must be designed with security controls and proper certificate-based authentication. Fri, 14 Nov 2014 00:00:00 +0000Password Security-- Thirty-Five Years Later historians trace the first use of a computer password back to Massachusetts Institute of Technology in the 1960s (McMillan, 2012). MIT's time-sharing computer, called Compatible Time-Sharing System (CTSS), was designed to accommodate multiple users on many terminals. Wed, 12 Nov 2014 00:00:00 +0000Securing DNS to Thwart Advanced Targeted Attacks and Reduce Data Breaches traffic is severely affected when critical DNS services are not reliable or are compromised by cyber attacks. However, DNS services can be secured with the right configuration and deployment of appropriate solutions. Wed, 12 Nov 2014 00:00:00 +0000Secure Design with Exploit Infusion the age of a highly digitally connected world, the ever-increasing security threat has prompted many initiatives to address it. One important area is to build security into software development. Tue, 11 Nov 2014 00:00:00 +0000Be Ready for a Breach with Intelligent Response preparing a careful plan and resilient response infrastructure before an attack, organizations can limit both data loss and the reactive, post-incident expenses. The result: greatly reduced impact and costs associated with events. Wed, 05 Nov 2014 00:00:00 +0000That's where the Data is! Why Break into the Office of Personnel Management Systems - Because That Is Where the Sensitive Information for Important People Is Maintained! obtain the most complete information about American personnel who have security clearance, an adversary would clearly be interested in compromising the information being collected by the Office of Personnel Management (OPM). The aggregation of information about an individual and their life history is collected and maintained by this organization and available in one place. Tue, 04 Nov 2014 00:00:00 +0000Data Center Server Security Survey 2014 how organizations are tackling the difficult problem of data center security, explore their best practices and consider improvements needed for data centers to meet compliance demands while reducing overall risk and management complexity. Wed, 29 Oct 2014 00:00:00 +0000Application White-listing with Bit9 Parity is a requirement for a host of compliance standards and is championed to be a critical component for any security baseline (PCI-DSS 3.0-5.1). A recent google search for "Cyber Security Breaches" in Google News shows 16,700 results in Google News. Wed, 29 Oct 2014 00:00:00 +0000The Best Defenses Against Zero-day Exploits for Various-sized Organizations exploits are vulnerabilities that have yet to be publicly disclosed. These exploits are usually the most difficult to defend against because data is generally only available for analysis after the attack has completed its course. These vulnerabilities are highly sought after by cyber criminals, governments, and software vendors who will pay high prices for access to the exploit (Bilge & Dumitras, 2012).Mon, 27 Oct 2014 00:00:00 +0000The Spy with a License to Kill opening scene of GoldenEye underscores the skills and precision of James Bond, 007. Years of experience and training make impossible missions look routine. These skills alone would not allow 007 to succeed; rather, a calculated plan that targeted the vulnerabilities in the Archangel Chemical Weapons Facility coupled with 007's skills provided for a successful mission. Fri, 24 Oct 2014 00:00:00 +0000Detect, Investigate, Scrutinize and Contain with Rapid7 UserInsight review of Rapid7 UserInsight by SANS senior analyst Jerry Shenk. It discusses a tool that highlights user credential misuse while tracking endpoint system details that would be valuable to an incident response team.Thu, 23 Oct 2014 00:00:00 +0000Intelligence-Driven Incident Response with YARA concept of threat intelligence is gaining momentum in the cyber-security arena. As targeted attacks increase in number and sophistication, organizations are beginning to develop and integrate the concept of threat intelligence into their cyber-defensive strategies. By doing so, organizations are taking the next step forward to respond to cyber-attacks. Recent threat reports reveal promising results. Mon, 20 Oct 2014 00:00:00 +0000Reducing the Catch: Fighting Spear-Phishing in a Large Organization phishing problem isn't new. Over 150 years ago, Charles Dickens wrote a passionate and witty letter about fraudsters of his day who, like Nigerian 419 scammers today, preyed upon the generosity and gullibility of well-meaning folk. The differences in our time are that of scale and scope, as the perpetrators have taken on seven league boots and covered continents with their shameless appeals. Mon, 20 Oct 2014 00:00:00 +0000Breaches Happen: Be Prepared whitepaper by SANS Analyst and Senior Instructor Stephen Northcutt. It describes how improved malware reporting and gateway monitoring, combined with security intelligence from both internal and external resources, helps organizations meet the requirements of frameworks such as the Critical Security Controls. Tue, 14 Oct 2014 00:00:00 +0000An Analysis of Meterpreter during Post-Exploitation has been written about using the Metasploit Framework to gain access to systems, utilizing exploits, and the post-exploitation modules. What has received less attention is how they work, what they actually do on the system and how it can be detected. That is the focus of this research paper. Tue, 14 Oct 2014 00:00:00 +0000Forensicator FATE - From Artisan To Engineer SANS Investigative Forensic Toolkit (SIFT) is an awesome set of (free!) tools for the forensics professional. Using these tools effectively however can be overwhelming, especially in the case of a large complex case such as an APT intrusion. Mon, 13 Oct 2014 00:00:00 +0000Finding the Advanced Persistent Adversary Advanced Persistent Threat was born long before the days of computers. However, the security industry has brought more emphasis to this “scare-word”. Its first real use as the term APT came from the US Air force in 2006 due to the sole fact that nation state and government backed espionage turned to significantly more advanced attacks.Fri, 10 Oct 2014 00:00:00 +0000Hardening Retail Security this article and learn what IT security staff in the retail industry say about their security budgets, behavioral baselining, and endpoint forensics practices.Fri, 10 Oct 2014 00:00:00 +0000Analytics and Intelligence Survey 2014 paper explores the use of analytics and intelligence today and exposes the impediments to successful implementation.Wed, 08 Oct 2014 00:00:00 +0000Security Operations Centre (SOC) in a Utility Organization security threats are an increasing manifold, irrespective of the size of an organization. This is evident after reviewing many industry reports such as Verizon 2014 Data Breach Investigation Report (Verizon, 2014), Trustwave 2014 Global Security Report ((Trustwave, 2014) and Symantec Internet Security Threat Report 2014 (Symantec, 2014). Tue, 07 Oct 2014 00:00:00 +0000