SANS Information Security Reading Room 25 Computer Security Papers added to the Reading RoomKohanaPHPLenovo and the Terrible, Horrible, No Good, Very Bad Week one week in February of 2015, the largest personal computer manufacturer in the world had a “Terrible, Horrible, No Good, Very Bad Week.” Lenovo’s customers discovered that the company had been selling computers with pre-installed adware based software from a company called Superfish. Security researchers discovered that Superfish was not just annoying, but opened up the customers to significant vulnerabilities.Thu, 21 May 2015 00:00:00 +0000Honeytokens and honeypots for web ID and IH and honey tokens can be useful tools for examining follow-up to phishing attacks. Thu, 14 May 2015 00:00:00 +0000IPv6 and Open Source IDS paper will examine the current support of IPv6 amongst three of the most popular open source intrusion detection systems: Snort, Suricata, and Bro. It will also examine support of the IPv6 protocol within the publicly available signatures and rules for each system, where applicable. Thu, 14 May 2015 00:00:00 +0000IDS File Forensics usually follow an attack framework in order to breach an organization's computer network infrastructure. In response, forensic analysts are tasked with identifying files, data and tools accessed during a breach.Wed, 13 May 2015 00:00:00 +0000Securing Portable Data and Applications for a Mobile Workforce the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.Wed, 13 May 2015 00:00:00 +00002015 State of Application Security: Closing the Gap the current state of application security through the lens of both builders and defenders and find out how much progress has been made in securing applications over the last 12 months.Tue, 12 May 2015 00:00:00 +0000Nftables as a Second Language iptables Linux kernel firewall has been around for a long time and many Linux users are well versed in it, but now a new player in town, nftables, is now merged into the Linux kernel source and is touted to replace iptables. Mon, 11 May 2015 00:00:00 +0000Building a Vulnerability Management Program - A project management approach paper examines the critical role of project management in building a successful vulnerability management program.Mon, 11 May 2015 00:00:00 +0000The Case for Visibility: SANS 2nd Annual Survey on the State of Endpoint Risk and Security the results of the 2015 Endpoint Security Survey to find out whether organizations assume risk, whether their perimeter defenses protect their endpoints, how much progress we are making on automation, how long it takes to remediate each compromised endpoint, and much more.Tue, 05 May 2015 00:00:00 +0000Using Software Defined Radio to Attack "Smart Home" Systems objective of this paper is to describe several plausible attacks that target "Smart-Home" systems using SDR platforms. Fri, 01 May 2015 00:00:00 +0000Protection from the Inside: Application Security Methodologies Compared SANS Analyst Program review by Jacob Williams. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.Mon, 27 Apr 2015 00:00:00 +0000Is It Patched Or Is It Not? management tools may produce conflicting results.Thu, 23 Apr 2015 00:00:00 +0000Building a World-Class Security Operations Center: A Roadmap how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Wed, 15 Apr 2015 00:00:00 +0000Analyzing a Backdoor/Bot for the MIPS Platform functionalities have been evolving and so are their target platforms and architectures. Mon, 13 Apr 2015 00:00:00 +0000XtremeRAT - When Unicode Breaks is a commonly abused remote administration tool that is prevalent in the Middle East; prevalent to the degree that it is not uncommon to find at least one active RAT in a network on any given incident response engagement.Thu, 09 Apr 2015 00:00:00 +0000Insider Threats and the Need for Fast and Directed Response paper discusses the results of the 2015 SANS Insider Threat Survey. Written by Dr. Eric Cole, it examines the operational challenges of defending against malicious or negligent insiders and reviews the financial impact of insider attacks.Thu, 09 Apr 2015 00:00:00 +0000The What, Where and How of Protecting Healthcare Data healthcare data-loss risk by understanding the What, Where, and How of Protecting Healthcare Data.Mon, 06 Apr 2015 00:00:00 +0000Defense-in-Policy begets Defense-in-Depth is a commonly cited "best practices" strategy for achieving "Information Assurance". Fri, 03 Apr 2015 00:00:00 +0000Denial of Service Deterrence of service attacks have been around since 1989 and may have been incorporated even before that time.Wed, 01 Apr 2015 00:00:00 +0000Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.Wed, 01 Apr 2015 00:00:00 +0000Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6 review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.Wed, 01 Apr 2015 00:00:00 +0000Practical El Jefe"El Jefe is a free situational awareness tool that can drastically reduce the costs for securing your enterprise by making locating and responding to advanced threats incredibly easy." (Immunity Inc., n.d.).Tue, 31 Mar 2015 00:00:00 +0000Creating an SOC explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Tue, 31 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Up SANS Analyst Program infographic based on the whitepaper, Enabling Large-Scale Mobility with Security from the Ground Up. It offers a graphical interpretation of the paper's keytakeaways and supplemental data.Mon, 30 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Up SANS Analyst Program whitepaper written by Jaikumar Vijayan and advised by SANS Analyst G. Mark Hardy. It discusses the state of enterprise mobility and the challenges posed to information technology groups by the massive influx of personal and corporate-owned mobile devices in the workplace in recent years.Mon, 30 Mar 2015 00:00:00 +0000