SANS Information Security Reading Room 25 Computer Security Papers added to the Reading RoomKohanaPHPBuilding a World-Class Security Operations Center: A Roadmap how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Wed, 15 Apr 2015 00:00:00 +0000Analyzing a Backdoor/Bot for the MIPS Platform functionalities have been evolving and so are their target platforms and architectures. Mon, 13 Apr 2015 00:00:00 +0000XtremeRAT - When Unicode Breaks is a commonly abused remote administration tool that is prevalent in the Middle East; prevalent to the degree that it is not uncommon to find at least one active RAT in a network on any given incident response engagement.Thu, 09 Apr 2015 00:00:00 +0000Insider Threats and the Need for Fast and Directed Response paper discusses the results of the 2015 SANS Insider Threat Survey. Written by Dr. Eric Cole, it examines the operational challenges of defending against malicious or negligent insiders and reviews the financial impact of insider attacks.Thu, 09 Apr 2015 00:00:00 +0000The What, Where and How of Protecting Healthcare Data healthcare data-loss risk by understanding the What, Where, and How of Protecting Healthcare Data.Mon, 06 Apr 2015 00:00:00 +0000Defense-in-Policy begets Defense-in-Depth is a commonly cited "best practices" strategy for achieving "Information Assurance". Fri, 03 Apr 2015 00:00:00 +0000Denial of Service Deterrence of service attacks have been around since 1989 and may have been incorporated even before that time.Wed, 01 Apr 2015 00:00:00 +0000Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.Wed, 01 Apr 2015 00:00:00 +0000Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6 review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.Wed, 01 Apr 2015 00:00:00 +0000Practical El Jefe"El Jefe is a free situational awareness tool that can drastically reduce the costs for securing your enterprise by making locating and responding to advanced threats incredibly easy." (Immunity Inc., n.d.).Tue, 31 Mar 2015 00:00:00 +0000Creating an SOC explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Tue, 31 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Up SANS Analyst Program infographic based on the whitepaper, Enabling Large-Scale Mobility with Security from the Ground Up. It offers a graphical interpretation of the paper's keytakeaways and supplemental data.Mon, 30 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Up SANS Analyst Program whitepaper written by Jaikumar Vijayan and advised by SANS Analyst G. Mark Hardy. It discusses the state of enterprise mobility and the challenges posed to information technology groups by the massive influx of personal and corporate-owned mobile devices in the workplace in recent years.Mon, 30 Mar 2015 00:00:00 +0000Correctly Implementing Forward Secrecy the heart of Forward Secrecy is the use of the Diffie-Hellman key exchange.Mon, 30 Mar 2015 00:00:00 +0000Using Sysmon to Enrich Security Onion's Host-Level Capabilities 2003, Gartner declared Intrusion Detection Systems as a “market failure” primarily because of the high false positives and negatives, and the significant amount of time and resources needed to monitor and validate alerts.Fri, 27 Mar 2015 00:00:00 +0000Finding Evil in the Whitelist security controls, such as antivirus and intrusion detection systems, can be generally classified as blacklisting technologies.Tue, 24 Mar 2015 00:00:00 +0000Minimizing Damage From J.P. Morgan's Data Breach did a mega bank like J.P. Morgan get hacked? It all started in June 2014 when one of their employee's personal computer was infected with malware which resulted in stolen login credential (Sjouwerman, 2014).Tue, 17 Mar 2015 00:00:00 +0000Web Application Firewalls years, attackers have assailed networks and exploited system level vulnerabilities, fueling demand for products like firewalls and intrusion detection systems.Mon, 16 Mar 2015 00:00:00 +0000Data Breach Preparation Depot experienced the second largest data breach on record. ("Home Depot data breach affected 56M debit, credit cards", 2014) It started in April 2014, but Home Depot did not become aware of the problem until September 2 when law enforcement and some banks contacted them about signs of the compromise.Mon, 16 Mar 2015 00:00:00 +0000Powercat started as a proof-of-concept tool that I initially developed.Wed, 04 Mar 2015 00:00:00 +0000Automation in the Incident Response Process: Creating an Effective Long-Term Plan the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools.Wed, 04 Mar 2015 00:00:00 +0000Sleeping Your Way out of the Sandbox term Advanced Persistence Threat is widely cited as originating in 2006 from the US Air force in reference to advanced cyber-attacks against specific targets (Fortinet, 2013, p2).Tue, 03 Mar 2015 00:00:00 +0000What Every Tech Startup Should Know About Security, Privacy, and Compliance everyone has what it takes to launch a successful tech startup. A compelling vision must propel the founder, fueled by unstoppable passion.Wed, 25 Feb 2015 00:00:00 +0000Windows Phone 8 Forensic Artifacts of the fast pace of change of mobile device technologies and operating systems, there are times when a newer mobile device which is unsupported or only partially supported by commercial mobile forensic tools for data extraction and parsing must be examined in the course of a criminal investigation, with the end goal being the extraction of digital evidence for use in court.Fri, 20 Feb 2015 00:00:00 +0000Exercise - Not Just for Your Body Anymore programs have been publicized and encouraged for a long time as a way to keep your physical and mental abilities in shape. Fri, 20 Feb 2015 00:00:00 +0000