SANS Information Security Reading Roomhttp://www.sans.org/reading-room/Last 25 Computer Security Papers added to the Reading RoomKohanaPHPEnhancing incident response through forensic, memory analysis and malware sandboxing techniqueshttps://www.sans.org/reading-room/whitepapers/incident/enhancing-incident-response-forensic-memory-analysis-malware-sandboxing-techniques-34540Almost daily, there are reports of successful data breaches and new threat vectors including compromised systems or vulnerable software.Thu, 17 Apr 2014 00:00:00 +0000Windows ShellBags Forensics in Depthhttps://www.sans.org/reading-room/whitepapers/forensics/windows-shellbags-forensics-in-depth-34545Microsoft Windows records the view preferences of folders and Desktop.Thu, 17 Apr 2014 00:00:00 +0000Rootkit Detection with OSSEChttps://www.sans.org/reading-room/whitepapers/detection/rootkit-detection-ossec-34555Most malware consists of a malicious application that gets installed on a victimís computer. Thu, 17 Apr 2014 00:00:00 +0000The Hacker Always Gets Throughhttps://www.sans.org/reading-room/whitepapers/hackers/hacker-34550In early 2010, security analysts started noticing something really interesting. Tue, 15 Apr 2014 00:00:00 +0000Exploiting Embedded Deviceshttps://www.sans.org/reading-room/whitepapers/testing/exploiting-embedded-devices-34022The majority of routers operate using a form of embedded Linux OS. This is an advantage to the majority of penetration testers as Linux is likely to be a familiar platform to work with; however the distributions that routers tend to run are very optimised, and as such the entire firmware for a router is generally only a few Megabytes in size.Thu, 03 Apr 2014 00:00:00 +0000Implementation and use of DNS RPZ in malware and phishing defencehttps://www.sans.org/reading-room/whitepapers/dns/implementation-dns-rpz-malware-phishing-defence-34535Many organisations, large and small, have a need for outbound content filtering.Thu, 03 Apr 2014 00:00:00 +0000Bridging the Gantthttps://www.sans.org/reading-room/whitepapers/leadership/bridging-gantt-34440To Project Management (PM) novices, the Gantt chart is often seen as the central tool of the project management process.Thu, 27 Mar 2014 00:00:00 +0000An Architecture for Implementing Enterprise Multifactor Authentication with Open Source Toolshttps://www.sans.org/reading-room/whitepapers/authentication/architecture-implementing-enterprise-multifactor-authentication-open-source-tools-34455We are all familiar with how password authentication works as we log into dozens of systems each day to check email or view bank account balance.Thu, 27 Mar 2014 00:00:00 +0000Framework for building a Comprehensive Enterprise Security Patch Management Programhttps://www.sans.org/reading-room/whitepapers/threats/framework-building-comprehensive-enterprise-security-patch-management-program-34450The concept of a patch is pretty straight forward and broadly understood. In business terms, patching is a form of quality control and defect repair. Thu, 27 Mar 2014 00:00:00 +0000Understanding what Service Organizations are trying to SSAEhttps://www.sans.org/reading-room/whitepapers/auditing/understanding-service-organizations-ssae-34475Today, many companies are choosing to perform common business functions like Finance, Human Resources, Legal, Sales, and Procurement with the use of information systems that reside remotely at a vendor.Thu, 27 Mar 2014 00:00:00 +0000Free and Open Source Project Management Toolshttps://www.sans.org/reading-room/whitepapers/projectmanagement/free-open-source-project-management-tools-34495Project management has been around for millennia. In the book of Genesis, Noah is given the Ark project (Genesis 6:11-21, New International Version).Thu, 27 Mar 2014 00:00:00 +0000Rapid Triage: Automated System Intrusion Discovery with Pythonhttps://www.sans.org/reading-room/whitepapers/tools/rapid-triage-automated-system-intrusion-discovery-python-34512There are six major incident handling phases typically used to manage information security incidents: preparation, identification, containment, eradication, recovery, and lessons learned.Thu, 27 Mar 2014 00:00:00 +0000How to Win Friends and Remediate Vulnerabilitieshttps://www.sans.org/reading-room/whitepapers/application/win-friends-remediate-vulnerabilities-34530In today's era of rapid release development projects, finding vulnerabilities is not difficult.Thu, 27 Mar 2014 00:00:00 +0000Building and Managing a PKI Solution for Small and Medium Size Businesshttps://www.sans.org/reading-room/whitepapers/certificates/building-managing-pki-solution-small-medium-size-business-34445The use of Public Key Infrastructure (PKI) can be an effective way to meet business, regulatory, and compliance requirements.Thu, 27 Mar 2014 00:00:00 +0000SOHO Remote Access VPN. Easy as Pie, Raspberry Pi...https://www.sans.org/reading-room/whitepapers/hsoffice/soho-remote-access-vpn-easy-pie-raspberry-pi-34427Free, unencrypted Wireless Access Points (WAPs) have proliferated and are now found in various locations including restaurants, libraries, schools, hotels, airports, etc. Tue, 25 Mar 2014 00:00:00 +0000Inside Mac Securityhttps://www.sans.org/reading-room/whitepapers/sysadmin/mac-security-34525Apple, Inc.'s OS X family is both the result of decades of operating system development and a collection of systems and features from many other systems combined with many unique ideas and implementations.Wed, 19 Mar 2014 00:00:00 +0000Implementing IEEE 802.1x for Wired Networkshttps://www.sans.org/reading-room/whitepapers/authentication/implementing-ieee-8021x-wired-networks-34520Most companies do not have an extra of security layer in place when client computers are connecting to a wired network.Fri, 14 Mar 2014 00:00:00 +0000Simulating Cyber Operations: A Cyber Security Training Frameworkhttps://www.sans.org/reading-room/whitepapers/bestprac/simulating-cyber-operations-cyber-security-training-framework-34510The current shortage (Finkle & Randewich, 2012) of trained and experienced Cyber Operations Specialist coupled with the increasing threat (Sophos, 2013) posed by targeted attacks (Verizon, 2013) suggest more effective training methods must be considered.Mon, 10 Mar 2014 00:00:00 +0000Repurposing Network Tools to Inspect File Systemshttps://www.sans.org/reading-room/whitepapers/forensics/repurposing-network-tools-inspect-file-systems-34517Digital forensics can be a laborious and multi-step process. Some of the initial steps in digital forensics include: Data Reduction, Anti-Virus checks, and an Indicator of Compromise (IOC) search.Thu, 27 Feb 2014 00:00:00 +0000Integrating Wired and Wireless IDS Datahttps://www.sans.org/reading-room/whitepapers/detection/integrating-wired-wireless-ids-data-34505According to Gartner, smart phones and other mobile computing devices are rapidly replacing personal computers.Tue, 11 Feb 2014 00:00:00 +0000Using the Department of Defense Architecture Framework to Develop Security Requirementshttps://www.sans.org/reading-room/whitepapers/bestprac/department-defense-architecture-framework-develop-security-requirements-34500Integrated architectures embody the discernable parts of a system and their relationships with each other in a single, normalized data repository.Mon, 10 Feb 2014 00:00:00 +0000Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessmenthttps://www.sans.org/reading-room/whitepapers/bestprac/open-source-reconnaissance-tools-business-partner-vulnerability-assessment-34490All businesses, no matter what their goals, depend on a network of contacts to survive and grow.Fri, 31 Jan 2014 00:00:00 +0000An Early Malware Detection, Correlation, and Incident Response System with Case Studieshttps://www.sans.org/reading-room/whitepapers/detection/early-malware-detection-correlation-incident-response-system-case-studies-34485"The complexity of software is an essential property, not an accidental one" (Brooks, 1987).Mon, 20 Jan 2014 00:00:00 +0000An Approach to Detect Malware Call-Home Activitieshttps://www.sans.org/reading-room/whitepapers/detection/approach-detect-malware-call-home-activities-34480In the internal network of a large organization, there may be a number of security measures or products in place, such as anti-virus, security patch management, Intrusion Prevention Systems (IPS), Firewalls, etc., and there is still some malware that goes undetected.Fri, 17 Jan 2014 00:00:00 +0000Active Security Or: How I learned to stop worrying and use IPS with Incident handlinghttps://www.sans.org/reading-room/whitepapers/incident/active-security-or-learned-stop-worrying-ips-incident-handling-34465Beyond the obvious nomenclature for viruses and worms, several lessons can also be gleaned from the world of epidemiology and applied to information security.Tue, 14 Jan 2014 00:00:00 +0000