SANS Information Security Reading Roomhttp://www.sans.org/reading-room/Last 25 Computer Security Papers added to the Reading RoomKohanaPHPPractical El Jefehttps://www.sans.org/reading-room/whitepapers/bestprac/practical-el-jefe-35862"El Jefe is a free situational awareness tool that can drastically reduce the costs for securing your enterprise by making locating and responding to advanced threats incredibly easy." (Immunity Inc., n.d.).Tue, 31 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Uphttps://www.sans.org/reading-room/whitepapers/analyst/enabling-large-scale-mobility-security-ground-35852A SANS Analyst Program infographic based on the whitepaper, Enabling Large-Scale Mobility with Security from the Ground Up. It offers a graphical interpretation of the paper's keytakeaways and supplemental data.Mon, 30 Mar 2015 00:00:00 +0000Enabling Large-Scale Mobility with Security from the Ground Uphttps://www.sans.org/reading-room/whitepapers/analyst/enabling-large-scale-mobility-security-ground-35847A SANS Analyst Program whitepaper written by Jaikumar Vijayan and advised by SANS Analyst G. Mark Hardy. It discusses the state of enterprise mobility and the challenges posed to information technology groups by the massive influx of personal and corporate-owned mobile devices in the workplace in recent years.Mon, 30 Mar 2015 00:00:00 +0000Correctly Implementing Forward Secrecyhttps://www.sans.org/reading-room/whitepapers/bestprac/correctly-implementing-secrecy-35842At the heart of Forward Secrecy is the use of the Diffie-Hellman key exchange.Mon, 30 Mar 2015 00:00:00 +0000Using Sysmon to Enrich Security Onion's Host-Level Capabilitieshttps://www.sans.org/reading-room/whitepapers/forensics/sysmon-enrich-security-onion-039-s-host-level-capabilities-35837In 2003, Gartner declared Intrusion Detection Systems as a “market failure” primarily because of the high false positives and negatives, and the significant amount of time and resources needed to monitor and validate alerts.Fri, 27 Mar 2015 00:00:00 +0000Finding Evil in the Whitelisthttps://www.sans.org/reading-room/whitepapers/Whitelists/finding-evil-whitelist-35832Traditional security controls, such as antivirus and intrusion detection systems, can be generally classified as blacklisting technologies.Tue, 24 Mar 2015 00:00:00 +0000Minimizing Damage From J.P. Morgan's Data Breachhttps://www.sans.org/reading-room/whitepapers/casestudies/minimizing-damage-jp-morgan-039-s-data-breach-35822How did a mega bank like J.P. Morgan get hacked? It all started in June 2014 when one of their employee's personal computer was infected with malware which resulted in stolen login credential (Sjouwerman, 2014).Tue, 17 Mar 2015 00:00:00 +0000Web Application Firewallshttps://www.sans.org/reading-room/whitepapers/application/web-application-firewalls-35817For years, attackers have assailed networks and exploited system level vulnerabilities, fueling demand for products like firewalls and intrusion detection systems.Mon, 16 Mar 2015 00:00:00 +0000Data Breach Preparationhttps://www.sans.org/reading-room/whitepapers/dlp/data-breach-preparation-35812Home Depot experienced the second largest data breach on record. ("Home Depot data breach affected 56M debit, credit cards", 2014) It started in April 2014, but Home Depot did not become aware of the problem until September 2 when law enforcement and some banks contacted them about signs of the compromise.Mon, 16 Mar 2015 00:00:00 +0000Powercathttps://www.sans.org/reading-room/whitepapers/testing/powercat-35807Powercat started as a proof-of-concept tool that I initially developed.Wed, 04 Mar 2015 00:00:00 +0000Automation in the Incident Response Process: Creating an Effective Long-Term Planhttps://www.sans.org/reading-room/whitepapers/analyst/automation-incident-response-process-creating-effective-long-term-plan-35802With the right resources in place, attackers can be detected more accurately and efficiently, mitigating damage and data loss from inevitable network attacks. This paper presents a proper process and procedure for incident response that includes the use of automation tools.Wed, 04 Mar 2015 00:00:00 +0000Sleeping Your Way out of the Sandboxhttps://www.sans.org/reading-room/whitepapers/malicious/sleeping-sandbox-35797The term Advanced Persistence Threat is widely cited as originating in 2006 from the US Air force in reference to advanced cyber-attacks against specific targets (Fortinet, 2013, p2).Tue, 03 Mar 2015 00:00:00 +0000What Every Tech Startup Should Know About Security, Privacy, and Compliancehttps://www.sans.org/reading-room/whitepapers/compliance/tech-startup-about-security-privacy-compliance-35792Not everyone has what it takes to launch a successful tech startup. A compelling vision must propel the founder, fueled by unstoppable passion.Wed, 25 Feb 2015 00:00:00 +0000Windows Phone 8 Forensic Artifactshttps://www.sans.org/reading-room/whitepapers/forensics/windows-phone-8-forensic-artifacts-35787Because of the fast pace of change of mobile device technologies and operating systems, there are times when a newer mobile device which is unsupported or only partially supported by commercial mobile forensic tools for data extraction and parsing must be examined in the course of a criminal investigation, with the end goal being the extraction of digital evidence for use in court.Fri, 20 Feb 2015 00:00:00 +0000Exercise - Not Just for Your Body Anymorehttps://www.sans.org/reading-room/whitepapers/training/exercise-body-anymore-35782Exercise programs have been publicized and encouraged for a long time as a way to keep your physical and mental abilities in shape. Fri, 20 Feb 2015 00:00:00 +0000Palo Alto Firewall Security Configuration Benchmarkhttps://www.sans.org/reading-room/whitepapers/auditing/palo-alto-firewall-security-configuration-benchmark-35777This security configuration benchmark was created and tested against Palo Alto Networks' PAN-OS 6.1 software.Fri, 20 Feb 2015 00:00:00 +0000Open Source IDS High Performance Shootouthttps://www.sans.org/reading-room/whitepapers/intrusion/open-source-ids-high-performance-shootout-35772As early as 1972, the U.S. Air Force was becoming increasingly aware of computer security problems (Bruneau, 2001).Tue, 17 Feb 2015 00:00:00 +0000Who's Using Cyberthreat Intelligence and How?https://www.sans.org/reading-room/whitepapers/analyst/cyberthreat-intelligence-how-35767In the last several years, we've seen a disturbing trend-attackers are innovating much faster than defenders are. We've seen the "commercialization" of malware, with attack kits available on underground forums for anyone who wants to perpetrate a variety of attacks.Mon, 16 Feb 2015 00:00:00 +0000Monitoring Baselines with Nagioshttps://www.sans.org/reading-room/whitepapers/compliance/monitoring-baselines-nagios-35762It is 4:00 on a Friday afternoon and you, a system administrator for a large, multinational entertainment company, are putting your things away to head out for a long holiday weekend.Thu, 12 Feb 2015 00:00:00 +0000Enhancing Intrusion Analysis through Data Visualizationhttps://www.sans.org/reading-room/whitepapers/detection/enhancing-intrusion-analysis-data-visualization-35757Increasingly, companies are required to sift through large volumes of relevant data in order to meet their governance, risk, compliance and security needs.Thu, 12 Feb 2015 00:00:00 +0000The Role of Static Analysis in Heartbleedhttps://www.sans.org/reading-room/whitepapers/threats/role-static-analysis-heartbleed-35752Numbered security vulnerabilities known as Common Vulnerabilities and Exposures (CVEs), have been on the rise since the United States Computer Emergency Readiness Team (US-CERT) began tracking them in 1999.Thu, 12 Feb 2015 00:00:00 +0000NetFlow Collection and Analysis Using NFCAPD, Python, and Splunkhttps://www.sans.org/reading-room/whitepapers/incident/netflow-collection-analysis-nfcapd-python-splunk-35747NetFlow is a traffic summary technology developed by Cisco systems. While intended as a management and auditing tool for networking professionals, NetFlow data can be a valuable resource for security analysts.Tue, 10 Feb 2015 00:00:00 +0000An Analysis of Gameover Zeus Network Traffichttps://www.sans.org/reading-room/whitepapers/detection/analysis-gameover-zeus-network-traffic-35742In September of 2011, a peer-to-peer variant of Zeus emerged on the internet (Symantec, 2014). Mon, 09 Feb 2015 00:00:00 +0000Using the PMBoK Framework on Small Business IT Projectshttps://www.sans.org/reading-room/whitepapers/projectmanagement/pmbok-framework-small-business-projects-35737Successfully managing information technology (IT) projects is a complex endeavor. Project management frameworks might seem overreaching or incompatible with some of the characteristics common to small organizations, like multi-function employees and smaller budgets.Mon, 09 Feb 2015 00:00:00 +0000The Integration of Information Security to FDA and GAMP 5 Validation Processeshttps://www.sans.org/reading-room/whitepapers/policyissues/integration-information-security-fda-gamp-5-validation-processes-35732In reviewing the failures of information security (InfoSec) through the lifecycle management of information systems within the pharmaceutical industry, analysis starts with the governing validation process for the qualification of information systems.Thu, 05 Feb 2015 00:00:00 +0000