SANS Information Security Reading Room 25 Computer Security Papers added to the Reading RoomKohanaPHPNext Generation Firewalls and Employee Privacy in the Global Enterprise obligation to protect company resources is something nearly every organization tries to instill in their staff.Tue, 30 Sep 2014 00:00:00 +0000Validating Security Configurations and Detecting Backdoors in New Network Devices the discovery of admin (root level) backdoors in network devices of Barracuda in January last year, it once again has become apparent that internet-facing network devices are vulnerable to unauthorized remote access (Goodin, Secret backdoors found in firewall, VPN gear from Barracuda Networks, 2013). Tue, 30 Sep 2014 00:00:00 +0000A Guide on How to Find Cardholder Data without Automated Tools for PCI Assessors PCI Data Security Standard requires organizations to determine the scope of their compliance obligation accurately. A critical aspect of PCI DSS scope definition is identifying all the locations where cardholder data is stored. During the course of an assessment, PCI Assessors must validate that the perceived compliance scope is in fact accurately defined and documented. Automated discovery tools, while effective to find cardholder data, sometimes are not an option due to the negative impact they may have in a production environment. In this paper, the author discusses audit techniques and tips on how to find cardholder data without using automated tools.Tue, 30 Sep 2014 00:00:00 +0000Home Field Advantage - Using Indicators of Compromise to Hunt down the Advanced Persistent Threat cyber defense strategies focus on building a wall around the network and "digging in". Behind this cyber version of the Maginot Line, network defenders attempt to block adversary intrusions in any way possible. Thu, 25 Sep 2014 00:00:00 +0000Modeling Security Investments With Monte Carlo Simulations leaders and architects are frequently the interface from sponsors and management into projects. Wed, 24 Sep 2014 00:00:00 +0000A Qradar Log Source Extension Walkthrough acronym SIEM refers to "Security Information and Event Management". Due to the many and varied functions provided, a concise definition is illusive. Mon, 22 Sep 2014 00:00:00 +0000Security Visibility in the Enterprise large (Fortune 100) company decided to improve its corporate "security visibility." Through this effort they intended to move from simply meeting regulatory and compliance requirements toward a more mature model capable of focusing on specific areas of risk. Fri, 19 Sep 2014 00:00:00 +0000Forensic Images: For Your Viewing Pleasure forensic investigations often involve creating and examining disk images. A disk image is a bit-for-bit copy of a full disk or a single partition from a disk. Because the contents of a disk are constantly changing on a running system, disk images are often created following an intrusion or incident to preserve the state of a disk at a particular point in time. Fri, 19 Sep 2014 00:00:00 +0000Critical Security Controls: From Adoption to Implementation SANS survey report explores how widely the CSCs are being adopted, as well as what challenges adopters are facing in terms of implementation of the controls and what they are looking for to improve their implementation practices.Thu, 18 Sep 2014 00:00:00 +0000MalwareD: A study on network and host based defenses that prevent malware from accomplishing its goals. is an ever-growing problem on the Internet. Organizations struggle to prevent, detect, and responds to malware threats. Wed, 17 Sep 2014 00:00:00 +0000Implementing Public Key Infrastructure (PKI) Using Microsoft Windows Server 2012 Certificate Services Key Infrastructure (PKI) can be distilled into two critical parts: a public and a private key. Tue, 16 Sep 2014 00:00:00 +0000A Project Management Approach to Writing a GIAC Gold Paper SANS reading room has published thousands of papers on a wide range of computer security related topics at Mon, 15 Sep 2014 00:00:00 +0000Data Encryption and Redaction: A Review of Oracle Advanced Security review of Oracle Advanced Security for Oracle Database 12c by SANS Analyst and Senior Instructor Dave Shackleford. It explores a number of the product's capabilities, including transparent data encryption (TDE) and effortless redaction of sensitive data, that seamlessly protect data without any developer effort from unauthorized access.Mon, 15 Sep 2014 00:00:00 +0000Case Study: Critical Controls that Could Have Prevented Target Breach shoppers got an unwelcome holiday surprise in December 2013 when the news came out 40 million Target credit cards had been stolen (Krebs, 2013f) by accessing data on point of sale (POS) systems (Krebs, 2014b). Fri, 12 Sep 2014 00:00:00 +0000How the SANS Critical Controls Prevent the Red Team from P0wning your Database* are pervasive in the technologically savvy world we live in. If electronic information is currency, then the database is the equivalent of the Federal Reserve Bank for many companies (Litchfield, 2005).Thu, 04 Sep 2014 00:00:00 +0000Insider Threats in Law Enforcement on the valuable information they have at their disposal, law enforcement agencies are among those that are prime targets for advanced attacks. While network protection can be extensive and sophisticated, the exploitation of insiders poses a serious threat for illegal access to these agencies.Thu, 04 Sep 2014 00:00:00 +0000Straddling the Next Frontier Part 1: Quantum Computing Primer designs of Quantum Computing are progressively transmuting into practical applications.Wed, 03 Sep 2014 00:00:00 +0000Straddling the Next Frontier Part 2: How Quantum Computing has already begun impacting the Cyber Security landscape designs of quantum computing are progressively transmuting into practical applications. Wed, 03 Sep 2014 00:00:00 +0000Differences between HTML5 or AJAX web applications's web application content is loaded to the web browser by means of the HyperText Transfer Protocol (HTTP). Wed, 27 Aug 2014 00:00:00 +0000Creating a Baseline of Process Activity for Memory Forensics's Advanced Forensic Analysis and Incident Response course (Lee & Tilbury, 2013) defines a process for the examination of memory to identify indicators of compromise. Wed, 27 Aug 2014 00:00:00 +0000Airwatch MDM and Android: a policy and technical review surprisingly, mobile devices are an increasingly important part of the topology of how people access business data. Thu, 21 Aug 2014 00:00:00 +0000H.O.T. | Security information security industry will continue to grow in size, density and specialization (Tipton, 2010). The demand for qualified security professionals who possess relevant knowledge and required skills is growing and will increase substantially (Miller, 2012) (Suby, 2013).Thu, 21 Aug 2014 00:00:00 +0000Under Threat or Compromise - Every Detail Counts paper outlines five major components of a life-cycle approach to defense and how companies can adopt this model to maximize security in the current threat landscape. Wed, 20 Aug 2014 00:00:00 +0000Beyond the cookie: Using network traffic characteristics to enhance confidence in user identity history, authenticating to a computer system was simple: the user provided credentials, the system checked the credentials against a trusted source, and the system permitted or denied access to a protected resource.Tue, 19 Aug 2014 00:00:00 +0000Small devices needs a large Firewall Alto Networks (PAN) next-generation firewall encapsulates a full line of products. Mon, 18 Aug 2014 00:00:00 +0000