SANS Information Security Reading Room 25 Computer Security Papers added to the Reading RoomKohanaPHPImproving Detection, Prevention and Response with Security Maturity Modeling Analyst Program whitepaper written by Byron Acohido. It discusses various security maturity models and how organizations can use them to improve their defense posture while reducing the time needed to respond to incidents and contain the damage.Fri, 29 May 2015 00:00:00 +0000Integration of Network Conversation Metadata with Asset and Configuration Management Databases an alternative the loss of access to plaintext IP payloads in an increasingly encrypted and privacy conscious world, network layer security analysis requires a shift of attention to examination and characterization of the packet and network conversation meta- information derived from packet header information. These characteristics can be incorporated into and treated as an integral part of asset and configuration management baselines. Changes detected in the expected endpoints, frequency, duration, and packet sizes can be flagged for review and subsequent response or adjustment to the baseline.Tue, 26 May 2015 00:00:00 +0000Knitting SOCs time, the list of "must-have" security appliances and services has become ever larger. Tue, 26 May 2015 00:00:00 +0000Automated Security Testing of Oracle Forms Applications keep up with the increasing rate of web application attacks (Imperva, 2014) a wide variety of automated security testing tools have been developed (OWASP, 2014). Tue, 26 May 2015 00:00:00 +0000Lenovo and the Terrible, Horrible, No Good, Very Bad Week one week in February of 2015, the largest personal computer manufacturer in the world had a “Terrible, Horrible, No Good, Very Bad Week.” Lenovo’s customers discovered that the company had been selling computers with pre-installed adware based software from a company called Superfish. Security researchers discovered that Superfish was not just annoying, but opened up the customers to significant vulnerabilities.Thu, 21 May 2015 00:00:00 +0000Honeytokens and honeypots for web ID and IH and honey tokens can be useful tools for examining follow-up to phishing attacks. Thu, 14 May 2015 00:00:00 +0000IPv6 and Open Source IDS paper will examine the current support of IPv6 amongst three of the most popular open source intrusion detection systems: Snort, Suricata, and Bro. It will also examine support of the IPv6 protocol within the publicly available signatures and rules for each system, where applicable. Thu, 14 May 2015 00:00:00 +0000IDS File Forensics usually follow an attack framework in order to breach an organization's computer network infrastructure. In response, forensic analysts are tasked with identifying files, data and tools accessed during a breach.Wed, 13 May 2015 00:00:00 +0000Securing Portable Data and Applications for a Mobile Workforce the challenges of securing a mobile workforce while enabling a desktop environment for mobile workers.Wed, 13 May 2015 00:00:00 +00002015 State of Application Security: Closing the Gap the current state of application security through the lens of both builders and defenders and find out how much progress has been made in securing applications over the last 12 months.Tue, 12 May 2015 00:00:00 +0000Nftables as a Second Language iptables Linux kernel firewall has been around for a long time and many Linux users are well versed in it, but now a new player in town, nftables, is now merged into the Linux kernel source and is touted to replace iptables. Mon, 11 May 2015 00:00:00 +0000Building a Vulnerability Management Program - A project management approach paper examines the critical role of project management in building a successful vulnerability management program.Mon, 11 May 2015 00:00:00 +0000The Case for Visibility: SANS 2nd Annual Survey on the State of Endpoint Risk and Security the results of the 2015 Endpoint Security Survey to find out whether organizations assume risk, whether their perimeter defenses protect their endpoints, how much progress we are making on automation, how long it takes to remediate each compromised endpoint, and much more.Tue, 05 May 2015 00:00:00 +0000Using Software Defined Radio to Attack "Smart Home" Systems objective of this paper is to describe several plausible attacks that target "Smart-Home" systems using SDR platforms. Fri, 01 May 2015 00:00:00 +0000Protection from the Inside: Application Security Methodologies Compared SANS Analyst Program review by Jacob Williams. This webcast will explore the relative capabilities and efficiencies of RASP and WAF technologies, and discuss a blind, vendor-anonymous review of a representative product in each category.Mon, 27 Apr 2015 00:00:00 +0000Is It Patched Or Is It Not? management tools may produce conflicting results.Thu, 23 Apr 2015 00:00:00 +0000Building a World-Class Security Operations Center: A Roadmap how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology. Wed, 15 Apr 2015 00:00:00 +0000Analyzing a Backdoor/Bot for the MIPS Platform functionalities have been evolving and so are their target platforms and architectures. Mon, 13 Apr 2015 00:00:00 +0000XtremeRAT - When Unicode Breaks is a commonly abused remote administration tool that is prevalent in the Middle East; prevalent to the degree that it is not uncommon to find at least one active RAT in a network on any given incident response engagement.Thu, 09 Apr 2015 00:00:00 +0000Insider Threats and the Need for Fast and Directed Response paper discusses the results of the 2015 SANS Insider Threat Survey. Written by Dr. Eric Cole, it examines the operational challenges of defending against malicious or negligent insiders and reviews the financial impact of insider attacks.Thu, 09 Apr 2015 00:00:00 +0000The What, Where and How of Protecting Healthcare Data healthcare data-loss risk by understanding the What, Where, and How of Protecting Healthcare Data.Mon, 06 Apr 2015 00:00:00 +0000Defense-in-Policy begets Defense-in-Depth is a commonly cited "best practices" strategy for achieving "Information Assurance". Fri, 03 Apr 2015 00:00:00 +0000Denial of Service Deterrence of service attacks have been around since 1989 and may have been incorporated even before that time.Wed, 01 Apr 2015 00:00:00 +0000Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.Wed, 01 Apr 2015 00:00:00 +0000Improving the Effectiveness of Log Analysis with HP ArcSight Logger 6 review of HP ArcSight Logger 6 by SANS analyst and instructor Dave Shackleford. It discusses the latest release of ArcSight Logger and its usefulness to security analysts who need to collect and monitor logs.Wed, 01 Apr 2015 00:00:00 +0000