Reading Room

Case Studies

Featuring 128 Papers as of November 17, 2010

• • Overview
  • Download
  Creating Robust IT Security and Efficiency by Reducing Infrastructure Complexity in Higher Education Keith Lard - November 17, 2010

  Recent economic conditions have created a business problem unique to higher education and its IT infrastructure. In the past ten years, IT systems and infrastructure have experienced a rapid change in complexity as a result of moving from mainframes to web services (Weinschenk, 2003). The technical landscape continues to become more complex as technology advances and application sophistication increases more rapidly, creating a greater dependency on IT services. To stay competitive and efficient, private and for-profit businesses have spent the last ten years keeping up with technology and training their staff. However, the university has been insulated in its own microcosm, having the luxury of ignoring business cycles, as the product offered has not changed drastically. Now, recent economic conditions and rapid advancement in technology have created the perfect storm within the university setting.

• • Overview
  • Download
  Smart IDS - Hybrid LaBrea Tarpit Cristian Ruvalcaba - December 28, 2009

  The importance of IDS in corporate defense is seen as an ever growing necessity. Major strides have been made for numerous IDS tools, but some have seen a stalemate. The next evolutionary step in IDS would involve the concept of a 'Smart Intrusion Detection System (IDS)', one that generates signatures. The question of how to generate these signatures becomes instrumental, and can involve a number of different components. In this case, it could involve a tool that uses a hybrid LaBrea concept.

• • Overview
  • Download
  Mitigating Insider Sabotage Joseph Garcia - September 28, 2009

  How failing to create an effective termination policy and deploy correct user access controls to deter insider threats can be costly.

• • Overview
  • Download
  Inside a Phish John Brozycki - June 25, 2009

  This paper will document both sides of a phishing campaign, the phisher and the phished, providing a unique view as best as Im able to recreate it from the phishers own emails and information from the phished financial institution.

• • Overview
  • Download
  Capture the flag for education and mentoring Jerome Radcliffe - January 30, 2009

  A case study on the use of competitive games in computer security training.

• • Download
  Google Desktop Search as an Analysis Tool Chris Poldervaart - September 11, 2008
• • Overview
  • Download
  Effectiveness of Antivirus in Detecting Metasploit Payloads Mark Baggett - March 28, 2008

  Your neighbor stops you at your curb. He knows you‟re a computer security guru and wants to know the secret to protecting his computer from hackers. You need to get back to mowing the lawn and don‟t really have time to explain log monitoring, patch management, vulnerability assessments, penetration testing, least required access, the CIA triad, and the finer points of risk management. Besides, you know youre the only guy on the block with syslog servers, hardware firewalls, IDS and HIPS watching the one computer in your house that you only use for online banking. So what do you tell him? Keep your patches and antivirus software up to date and don‟t run untrusted programs. You know its not enough, but any more advice would commit you to hours of free consulting or get you uninvited to the neighborhood Christmas party. Don‟t run untrusted programsgood advice! The problem is most people trust everyone when it comes to free software.

• • Overview
  • Download
  Catching Phishers with Honey-Mail Dennis Dragos - February 7, 2008

  On the technical side, the tools and tactics employed to track and document the incident will be examined. In the broader scope, the high level of cooperation needed between law enforcement, corporate IT departments, and the various ISPs, email providers, and web hosting companies will be explained. Additionally, it will be shown that by taking a proactive approach, one can get a better insight to the incident, and actions of the phisher than by traditional reactionary investigation techniques.

• • Overview
  • Download
  Case Study in Information Security: Securing The Enterprise Roger Benton - May 17, 2005

  This practical is a case study of an Insurance Company's migration to an enterprise-wide security system. It is the intent of this practical to provide a path to follow when creating or migrating to a security system. Initially, a primitive online security system was the only mechanism to control access to corporate data.

• • Overview
  • Download
  Centralized Tracking and Risk Analysis of 3rd Party Firewall Connections Neeta Maniar - May 17, 2005

  The goal of this case study was to simplify the firewall ruleset validation process by creating a central database of rulesets that enables reporting on existing vendor connections. The overall impact included compliance with auditing requirements, a more robust risk assessment of firewall rulesets, and centralized visibility bringing about management response.

• • Overview
  • Download
  Simple Traffic Analysis With Ethereal Neil Orlando - May 17, 2005

  This paper describes how to use the Ethereal Display Filter to examine a capture log file. The data analyzed was recorded by port and the amount of packet traffic received.

• • Overview
  • Download
  GCFW Practical Assignment Critique Bart Hubbs - May 5, 2005

  Many companies are adopting a preference toward buying vendor software versus building software in-house to meet business needs. Some of the drivers for this preference are integration, scalability, outsourcing, support, speed-to market, process savings, and reducing the cost of information technology (IT).

• • Overview
  • Download
  GCFW Practical Assignment Critique Bart Hubbs - March 9, 2005

  The purpose of this practical is to critique a GIAC Certified Firewall Analyst (GCFW) practical to enable implementation in a public healthcare company.

• • Overview
  • Download
  Adding and securing a Public Wireless Access Point within a home network Steven Christall - February 19, 2005

  This project details the migration of a simple home wireless network to include a public wireless access point. This is done using open source products and utilising older, retired hardware.

• • Overview
  • Download
  Case Study: The Get Connected CD David Greenberg - February 19, 2005

  To protect the Indiana University network and student computers in the residence halls, we prevent new computers from connecting to the network before running our "Get Connected" CD-ROM.

• • Overview
  • Download
  Case Study: A Path towards a Secure, Multi-role Wireless LAN in a Higher Education Environment Sean Malone - January 28, 2005

  Network security is an issue for all businesses. The challenges faced by small-to-medium size businesses (SMBs) are unique and significant.

• • Overview
  • Download
  Seldom cry wolf: Tuning out false positives on Network Intrusion Detection Systems Paul Leitao - January 28, 2005

  The following document describes the tuning methodology design and implementation steps. It provides a step-by-step process of deployment within a medium size organization (all IP ranges have been changed to protect the innocent of course). The paper will focus on providing a methodology that may be used as a starting point to identify and minimize false positives.

• • Overview
  • Download
  Implementation of a Comprehensive Enterprise Virus Defense Infrastructure in a Global Company Robert Doeden - January 26, 2005

  This paper will follow a global corporation's move from traditional, client based and controlled virus defense to a centrally controlled and monitored system.

• • Overview
  • Download
  Away from home. Securing Internet Cafes whie maximizing customer freedom Alex Tilley - January 18, 2005

  This essay is a real world example of steps taken by the author when hired to redesign and manage the IT aspects of 2 medium sized (100 user PCs in total) Internet cafes in Europe in 2001.

• • Overview
  • Download
  Improving Firewall Security post Acquisition Leona Conolly - January 18, 2005

  This paper aims to discuss the challenges in putting together a secure Check Point Firewall-1 solution to protect our existing information and assets and that of our new acquisition. It is assumed that the reader will have a generic knowledge of firewalls, related terms and their use. In the paper the word 'policy' refers to the security document and the word 'rulebase' refers to the Check Point rules.

• • Overview
  • Download
  Endpoint Security Justification and Establishment Samuel Ho - January 18, 2005

  As the information security officer at a prominent utilities organization, I witnessed first hand the pitfalls of providing network security only at the network perimeter, the false sense of security, and the potential monetary, regulatory and credibility consequences this traditional solution provides.

• • Overview
  • Download
  Case Study: Providing malware outbreak protection for controlled and uncontrolled zones within a university Christopher Jackson - September 16, 2004

  Many environments find it difficult at best to ensure the security posture of the devices under their direct control. Universities and like organizations have to tackle this problem without the ability to administratively control many of the computers attached to the network.

• • Overview
  • Download
  Setting Up a Honeypot Using a Bait and Switch Router Lorie Carter - September 16, 2004

  While conducting research for this practical I found that there were many different arenas that warrant a closer look. I chose honeypots for this practical because they allow an administrator to track and learn from black-hats first hand without the attacker ever being aware that somebody is watching.

• • Overview
  • Download
  Case Study In Secure File Transfer: Implementing Secure FTP with SSL In a Healthcare Organization Steve Tobias - August 28, 2004

  Secure electronic file transfer between organizations has become essential for business transactions and communication. Healthcare organizations are no exception to this requirement.

• • Overview
  • Download
  Enhancing ABC Inc Security Strategy with IDS and Centralized Syslog George Plytas - August 25, 2004

  I am a Security Analyst/Administrator for a medium sized company, ABC Inc I, along with a team of System Administrators, am tasked with the responsibility of protecting our customer's confidential information, maintaining the integrity of our applications and keeping our systems available.

• • Overview
  • Download
  Sit, Fetch, Drop: Training the Clearswift anti-spam filter Emma Sutcliffe - August 15, 2004

  I wasn't quite drowning but was certainly tiring from treading water. Managing spam had become a daily task and I wanted a dynamic filter that could be customised to suit my environment.

• • Overview
  • Download
  A Model for Handling Security Issues within a Network Operations Center Tonya Heath - August 15, 2004

  The Network Operations Center uses numerous tools ranging from Intrusion Detection (Snort) and Intrusion Protection (Tipping Point) to simple SNMP monitors (Netsight Element Manager). I will discuss how they use these tools to maintain a secure IT environment and assist Network Administrators as well as protect the campus community.

• • Overview
  • Download
  Implementing Secure HTTP-to-HTTPS Redirection Robert Hercey - July 25, 2004

  I have found myself in the fortunate position of working for a company full of bright, hard working people. While standout individual performances are encouraged and recognized, what makes our company successful is the ability for everyone to come together as a team when a crisis happens.

• • Overview
  • Download
  Fighting Spam Proxies in a University Environment Kevin Shivers - July 25, 2004

  Spam is a huge annoyance for everyone. Fighting spam is difficult enough, but when spammers team up with hackers to produce ultra-sneaky Trojan horses that turn end-user computers into one stop proxies that allow spammers and hackers to hide their digital tracks, they've gone too far.

• • Overview
  • Download
  Removing Server Based Trust Relationships Keith Gaughan - July 25, 2004

  The goal of this project was to develop, implement and deploy solutions as well as supporting processes and standards to remediate and mitigate the risks that are inherent to utilizing UNIX server based trust relationships in a enterprise networked environment within 30 days.

• • Overview
  • Download
  Securing an Existing IIS 5.0 DMZ Infrastructure Julius Fitzgerald - July 25, 2004

  The task of designing a secure infrastructure for IIS 5.0 web servers within a DMZ is difficult enough. Securing an existing DMZ becomes exponentially more difficult due to the added requirement of retrofitting those currently working servers with more appropriate security settings, policies and operational procedures while not adversely affecting website or application availability and keep costs to a minimum throughout the process.

• • Overview
  • Download
  Acceptable Security on Public Access Computer Workstations in Public University Libraries Cheryl Lytle - July 25, 2004

  Providing highly secure workstations in public university libraries requires defining what is acceptable for the working environment and determining what types of security can be implemented to compensate for lesser security at lower layers at the workstation level.

• • Overview
  • Download
  CIRT, Through Conception Labor and Delivery Peter Ridgley - June 9, 2004

  The purpose of this case study is to show the efforts, successes and failures that a company, new to adopting a security posture, recently experienced.

• • Overview
  • Download
  Design and Deployment of a Rapid Response Security Vulnerability Scanning Infrastructure Eliot Lim - June 9, 2004

  A large research university presents a formidable challenge to computer security professionals. Among the hazards are a completely porous, non firewalled border and decentralized administration of computers.

• • Overview
  • Download
  System Certifications: An Administrative Makeover John Modransky - May 2, 2004

  Described in this paper are the administrative controls that were implemented to certify and accredit UNIX (herein referred to as UN*X) and Microsoft Windows (herein referred to as Windows) based computer systems for a financial institution (herein referred to as The Firm).

• • Overview
  • Download
  Corporate Governance and Information Security Steve Loyd - May 2, 2004

  Corporate governance has a long history of ups and downs within US corporations. With the recent streak of scandals affecting public companies, governance and related legislation has again been brought into focus.

• • Overview
  • Download
  Assessing the Impact of Unsolicited Commercial E-mail in a Large Corporation Joseph McComb - April 8, 2004

  Unsolicited commercial e-mail has become an increasing issue in corporate environments. This case study examines the impact of unsolicited commercial email (also known as spam) on the productivity of employees in the research division of a large global corporation.

• • Overview
  • Download
  A Secure By Numbers Approach To An All Darrell Rodgers - April 8, 2004

  These multi-functional devices are very simple to setup and use, but may not provide us with the layered Defense In Depth functionality that we desire nor will they provide the additional features of higher end components such as those made by Cisco.

• • Overview
  • Download
  Implementing Defense In-Depth at the Department Level Sean Fahey - April 8, 2004

  This case study describes the procedures used to improve computer security within my department by following the principles of defense in-depth. It presents a step-by-step approach for improving security by defining risks, assessing vulnerabilities, and implementing measures to reduce the likelihood that those vulnerabilities may be exploited.

• • Overview
  • Download
  A Policy to Prevent Outsider Attacks on the Local Network Clarissa Brown - April 8, 2004

  We used to be able to say, "If the laptop or computer is not owned by us, then it is not allowed to touch our network." However, over the last few years, business need has exceeded the desire to keep our network "pure" and many non-agency owned computers now have access to our local area network (LAN).

• • Overview
  • Download
  Introducing Information Security to a Cyber Cafe Barry Basselgia - April 8, 2004

  Due to growing concern over Information Security, I was approached by the director responsible for a company sponsored Cyber Cafe to evaluate the Cafe for Information Assurance and Network Security concerns. The director was concerned that a virus or other forms of cyber attack could cause extended downtime, which would have a negative impact on morale and productivity.

• • Overview
  • Download
  Securing Sensitive Data in a Research Environment Tim VanAcker - March 9, 2004

  Several years ago, staff on one of the research projects in my organization developed guidelines for disseminating sensitive data to researchers around the country.

• • Overview
  • Download
  The Impact of the Sarbanes Oxley Act on IT Security Scott Byrum - March 9, 2004

  This paper goes on to define the Sarbanes-Oxley Act and its requirements, a framework for compliance, and specific IT security areas that must be considered during compliance efforts.

• • Overview
  • Download
  Internet Service Providers:The Little Mans Firewall Luke Dudney - March 8, 2004

  There has recently been call for Internet Service Providers to begin filtering traffic related to the spread of malicious data traffic such as viruses, worms and open proxy abuse to and from their end-users. This case study outlines the planning, implementation, and results phase of such an endeavour by a medium sized national Australian ISP.

• • Overview
  • Download
  Implementing Vulnerability Assessment with eEyes EVA Suite Kevin Austin - March 4, 2004

  Vulnerability assessment is an important part of any Defense in Depth implementation. I discovered that in my company vulnerability assessment was not being used to its full advantage inside the perimeter. My team was continually fighting the same battles against unpatched and vulnerable systems as they would acquire various viruses from the network.

• • Overview
  • Download
  Personal Media Devices: The Cool Threat Vector Keith Daly - March 2, 2004

  This paper discusses the use of personal media devices as a potential threat vector towards corporations.

• • Overview
  • Download
  Information Security Eric Rupprecht - February 26, 2004

  This paper describes how a packet will flow through these tools to provide a better understanding of these technologies and enabling the administrator to write firewall rules with fewer errors.

• • Overview
  • Download
  Study: Improving Security in Corporate (SMTP) E-Mail Delivery Brian Sommers - February 26, 2004

  For this case study, I will examine one of these Internet services, e-mail over SMTP (Simple Mail Transfer Protocol), and what was done to improve the security of that system.

• • Overview
  • Download
  Circumventing Access Control Lists by Transparent Proxy - A Case Study Robert Gannon - January 11, 2004

  This paper describes a method used in an actual case to circumvent seemingly adequate access controls by using the transparent caching mechanism of the WCCP protocol to abuse an otherwise protected network for the purposes of sending spam and connecting anonymously to unsavory sites.

• • Overview
  • Download
  The Unintentional Criminal: DDoS from the inside! Miguel Dilaj - January 11, 2004

  This paper will highlight the IT Security problems resulting from the economic constraints on an ISP in a developing country and of their impact everywhere.

• • Overview
  • Download
  Government Financial Architecture: A Focus on Centralized Security and Continuity of Operations Matthew Mickelson - January 11, 2004

  The primary focus of this paper addresses security issues laid out by the CFO; specifically the following key areas for improvement which include: De-Centralized Architecture, Disaster Recovery, Continuity of Operations, Network and Server Availability.

• • Overview
  • Download
  An intrusion, in an outsourcing data center, that works in spite of security Rick Kryger - December 21, 2003

  No matter how secure the architecture, how complete the procedures, or how diligent and skilled the network support team is, nothing short of knowing and analyzing all changes inside and outside of the solution can protect an environment completely.

• • Overview
  • Download
  Introducing Defense-in-Depth to a Small ISP Rodney Anderson - December 21, 2003

  This paper presents a case study about a rural Internet Service Provider (ISP) who requested some assistance in assessing the security of their production server and network environment.

• • Overview
  • Download
  Using LDAP to solve one companys problem of uncontrolled user data and passwords Andres Andreu - December 21, 2003

  This case study will analyze a massive undertaking of centrally consolidating user data, and in particular passwords, from numerous sources

• • Overview
  • Download
  Case Study: Implementing a Secure Wireless Network using WPA Randy Hensel - December 13, 2003

  Wireless network cards are becoming quite common at my company especially in notebook computers. With this proliferation of wireless network cards have come requests from the users of these computers to access the corporate network using a wireless connection.

• • Overview
  • Download
  Implementing Identity Management with BMC Control-SA Adrian Grigore - December 13, 2003

  This paper is a case study describing how the organization I work for implemented Identity Management using BMC Control-SA product.

• • Overview
  • Download
  Reducing the Risk associated with Authentication and Authorization through the deployment of SUDO and Powerbroker: A Case Study in Information Securit Steve Mancini - December 13, 2003

  This case study explores sudo and Powerbroker, discussing their strengths and weaknesses as they apply to a large scale work environments and their implications in considering your authentication - authorization process, and offer one possible solution which uses both applications in a manner to minimize some of the risks known to exist with shared accounts, both traditional and super-user.

• • Overview
  • Download
  Architecting, Designing and Building a Secure Information Technology Infrastructure, a case study John Johnston - December 13, 2003

  This case study follows the building of an Information Technology Infrastructure with an integrated Security Architecture.

• • Overview
  • Download
  Defense in Depth For Private Wireless Communications Networks: A Case Study Walt Andserson - November 6, 2003

  This paper examines the threats and vulnerabilities of private wireless communications infrastructures, discusses the selection and prioritization of security countermeasures, and describes the security enforcing equipment and security management services that are now being introduced.

• • Overview
  • Download
  Retain control of Security (even in the wake of an IT Outsource) Leslie Martinez - November 5, 2003

  This paper provides a case study and serves as a methodology for dealing with any outsource where security is of concern; sighting actual problems encountered and the solutions that were deployed, along with the tools used, and the policies implemented.

• • Overview
  • Download
  Case Study: A Risk Audit of a Very Small Business Douglas Browne - November 5, 2003

  This paper describes a security audit of a small business, focusing on the discovery and risk analysis process and provide technical details in appendices.

• • Overview
  • Download
  Programmatic Management of Active Directory Groups Don Quigley - November 5, 2003

  This paper provides detail on an automated group provisioning/deprovisioning process developed for the management of security group membership requests and includes the Perl code designed to work with Critical Path's MetaConnect product as a constructed attribute.

• • Overview
  • Download
  RBAC In The Real World Christine Occhipinti - October 31, 2003

  This paper discusses Role-Based Access Control (RBAC), a type of non-discretionary access control, was chosen as the best solution to mitigate the risk from vulnerabilities on a system I worked on.

• • Overview
  • Download
  Lessons Learned in Securing Blackboard Peter Benedict - October 31, 2003

  This paper details the efforts taken to secure Blackboard, a Course Management System (CMS), at an educational institution.

• • Overview
  • Download
  Securing an IIS 4.0 Web Server, Machine and All Marshall Heilman - October 31, 2003

  The objective of this paper is to show how I secured my organization's web server, which fatally crashed earlier this year.

• • Overview
  • Download
  A Secure Implementation of HP OpenView Web Transaction Observer Matthew Patterson - October 31, 2003

  This paper discusses an actual implementation of the product HP OpenView Web Transaction Observer 3.0 (WTO) as a repeatable service offering within an Outsourcing environment.

• • Overview
  • Download
  Forced Evolution of Security on Redhat Linux Server due to System Compromise Alec Wood - October 31, 2003

  This paper describes my experiences in setting up the office computer network system for a small engineering company in Hong Kong and handling the system when it was compromised.

• • Overview
  • Download
  Help We Just Fired Our Only IT Person! Doug Cox - October 31, 2003

  This study covers about 18 months of activity at the pace that could be absorbed by the organization. It is not meant to be universal solution, but lessons taken from a real event.

• • Overview
  • Download
  Securing the Perimeter: A Case Study George Kelschenbach - October 31, 2003

  The Linux, Help Desk, Mail server and the two Active Directory servers had direct network links to both the internal network and the Internet making them prime targets for intruders.

• • Overview
  • Download
  The Value of Risk Assessment - A Case Study Elton Pierce - October 31, 2003

  This paper will examine the application of the security risk assessment process to a rather complex project from the initial phases of its design prior to security risk assessment to its production state. It will discuss how risks were assessed and identified and show how the risk assessment process changed the final outcome of the project.

• • Overview
  • Download
  The Logbook of The World Ted Demopoulos - October 31, 2003

  This paper describes the Logbook of The World (LoTW) project to create electronic confirmations of contact (eQSLs) for amateur radio operators worldwide.

• • Overview
  • Download
  SSL Web Proxy - A Secure and Inexpensive Remote Access Implementation David Culp - October 31, 2003

  The objective of this system is to allow external clients without any configuration changes to securely access our internal web applications via the Internet.

• • Overview
  • Download
  Case Study for Understanding the 30,000 Foot View Before Diving In Bill Baker - October 31, 2003

  The goal of this paper will be to provide some insight to help the reader become a bit more business-savvy, where gearing solutions to the needs of the organization will help raise acceptance rates.

• • Overview
  • Download
  Recovering From a Failed Security Audit - A Case Study Wayne Fielder - October 31, 2003

  This case study opens with recognition of the security and privacy issues within the Agency and walks through the process of remediation, securing the use of sensitive data, development and implementation of strong policies, and initiating a solid monitoring system at very low cost due to a deteriorating budget scenario.

• • Overview
  • Download
  I-VPN - Porting a corporate network to Internet Thorstein Oeverby - October 31, 2003

  This paper describes the process of implementing a corporate business network over Internet that replaces a variety of communication solutions developed over the years.

• • Overview
  • Download
  Implementing Vulnerability Scanning in a Large Organisation Richard Grime - October 31, 2003

  This paper describes how our security group now uses vulnerability scanning to demonstrably improve the security posture of our organization.

• • Overview
  • Download
  Label Controlled File Transfer Server - Case Study Don Weber - October 31, 2003

  The following discussion provides the process that I used to configure my portion of the label controlled file transfer system, touching on Trusted Solaris (TSOL), the secure operating system, Washington University File Transfer Protocol Daemon (wuftpd), file transfer program, and a chroot jail, along with the suggested direction of implementation.

• • Overview
  • Download
  Securing a University Environment; An Evolutionary Case Study James Mayne - October 31, 2003

  This case study outlines the steps that my university took to transition from an open network to one that balances the needs of faculty doing teaching and research, students needing to learn as well as be entertained and staff that require a secure and stable network environment to perform their business functions.

• • Overview
  • Download
  Remote Access using Telstra Dial IP Jamie Rossato - October 31, 2003

  This paper will demonstrate how the real-world security problem of remote access to an Enterprise network was addressed and validated (post-implementation) through the Internet Security Alliance's (ISA) Common Sense Guide for Senior Mangers.

• • Overview
  • Download
  VPN Project: Remote Access to a Novell Network John Porter - October 31, 2003

  As a senior network administrator, I became project leader and was responsible for directing our security initiative to replace our existing remote access facilities with encrypted Virtual Private Networking (VPN) technology.

• • Overview
  • Download
  Case Study - Windows 2000 ISA Proxy Server Authentication Inside a DMZ Michael Kerr - October 31, 2003

  This paper describes the investigation process and implementation of IPSec policies to manage a wide range of communication traffic between two Windows 2000 servers.

• • Overview
  • Download
  Small-site Information Security on a (very loose) shoestring - a case study Michael Millow - October 31, 2003

  This paper will describe the lack of information security within a small company and the corrective actions (and their limitations) that significantly enhanced the overall security posture.

• • Overview
  • Download
  IMPLEMENTING sudo TO REPLACE su Robert Agnolo - October 31, 2003

  This paper discusses the implementation of sudo to replace su access on two key Sun/Solaris servers used by a small group of scientists who do research and development for a major US manufacturer

• • Overview
  • Download
  Benefits Of Implementing Secure Computing'S Sidewinder Firewall Appliance At A U.S. Army Mil Andrew Rafla - October 31, 2003

  This paper addresses the added protection mechanisms supplied by the implementation of a Sidewinder firewall appliance, along with strict "least privilege" access control policies would assist the Designated Approval Authority in accepting the new minimized level of risk and, therefore, approve the site's new DITSCAP accreditation.

• • Overview
  • Download
  Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network Clay Risenhoover - October 31, 2003

  This paper examine how automating information security audit procedures at a university had the effect of increasing security through increased policy compliance.

• • Overview
  • Download
  Case Study: Transforming a Traditional Windows Client/Server Application David Strubbe - October 31, 2003

  Our software firm's financial application was developed on a traditional clientserver model and this paper explores some of security issues and the process that we (the software vendor) and our client (the ASP provider) used to securely implement a solution.

• • Overview
  • Download
  Wireless Security Protection In a Logistic Environment Case Study Ferran Gallego - October 31, 2003

  This case study is based on a Logistic Company where they have implemented wireless LANs (WLANs) to all their Warehouse sites.

• • Overview
  • Download
  Adventures in implementing a strong password policy Marsha Williams - October 31, 2003

  This paper explores the issues we had to negotiate in strengthening our passwords, some of the of the special situations which had to be handled as exceptions to the policy, and our planned future directions.

• • Overview
  • Download
  Wireless Security Protection In a Logistic Environment Case Study Ferran Gallego - October 31, 2003

  This project is proposing a way to secure the wireless LANs, allowing authorized and authenticated wireless users to gain access to their host application.

• • Overview
  • Download
  Detailed Forensic Procedure for Laptop computers Matt Pierce - October 31, 2003

  This document will discuss what forensic analysis is, why it is important and how laptop computers affect forensic analysis.

• • Overview
  • Download
  Achieving Executive Buy-in: The Case For Security Chad Boeckmann - October 31, 2003

  This paper conveys a real world approach to selling security to upper management and creating a foundation to build security upon.

• • Overview
  • Download
  Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection Kevin Knox - October 31, 2003

  This paper will discuss the processes and actions taken to provide 24X7 fault tolerant and highly available systems with physical as well as cyber security in the forefront.

• • Overview
  • Download
  Deploying a website built using Oracle9iAS Portal Stephen Coates - October 31, 2003

  This paper is a case study of the deployment of a website built using the Portal component of Oracle9i Application Server (Oracle9iAS) in 2001.

• • Overview
  • Download
  Discovery, Eradication and Analysis of an attack on an open system: Welcome to the Jungle Steve Terrell - October 31, 2003

  This paper relates the procedures and policies that were put into effect to increase the security of the system, post attack, and how those procedures might affect the way the system will be used in the future to conduct the business of the school.

• • Overview
  • Download
  University Security Douglas Brown - October 31, 2003

  By using a combination of security tools and procedures, universities can provide a more secure computing environment than has generally been available.

• • Overview
  • Download
  How to Identify and "Contain" Some of the Information Security Problems Created by Unique John Cupps - October 31, 2003

  Several aspects of the university's business environment are unique only to universities and this paper explores the effect of the student user group within the environment and the problems they can create for information security initiatives.

• • Overview
  • Download
  Security Considerations in the Merger/Acquisition Process Anita Hartman - October 31, 2003

  This document will focus on the high-level security issues that if included in the due diligence process, can help facilitate integration of the companies involved.

• • Overview
  • Download
  Securing the Gold through Better Network Design: A Case Study Todd Sheppard - October 31, 2003

  The purpose of this research was to introduce new technologies to the sales force in order to enhance the solutions-based selling approach for a marketing and office equipment servicing company.

• • Overview
  • Download
  Information and Network Resource Administration and Security in an Education Network Environment Ryan Davis - October 31, 2003

  The goal of this document is to discuss and apply knowledge of Information Security to common security problems and concerns in an educational environment.

• • Overview
  • Download
  Secure Password Storage Shelby Reeves - October 31, 2003

  This paper addresses secure methods to archive and retrieve passwords.

• • Overview
  • Download
  Case Study: Implementing a Centralized Logging Facility Richard DuClos - October 31, 2003

  This paper provides a discussion on implementing a centralized logging server.

• • Overview
  • Download
  Connecting a Classified Network to the Internet. A case study. Henrik Kram - October 31, 2003

  The purpose of this document is to point out some common elements from the guidelines published to regulate computer security and suggest administrative action and technical solutions to build a network that may be connected to the Internet, and still obtain/retain a classification up to and including NATO RESTRICTED.

• • Overview
  • Download
  Case Study: Security Assessment at a Small Technology Corporation Ryan Reiber - October 31, 2003

  The following independent security assessment included the areas of its ASP, internal network infrastructure, and firewalls.

• • Overview
  • Download
  Establishing and Verifying the Stunnel SSL Encryption of Pine IMAP Email Sessions Christopher Ursich - October 31, 2003

  This paper documents one method for establishing and verifying the operation of SSL encryption using Stunnel for Pine IMAP email sessions.

• • Overview
  • Download
  Unique Security Challenges in Higher Education - Securely Integrating Student-owned Computers into Y Kerry Vosswinkel - October 31, 2003

  This paper addresses basic areas of information security such as policy, security awareness training, restricting access, monitoring and intrusion detection, and incident response that can keep your networks as secure as possible.

• • Overview
  • Download
  Securing Information within SAP v4.6b Lori Kirk - October 31, 2003

  The following thoughts and best practices are the end result of an upgrade, experience with the necessary clean up after the cutover and review of best practices offered by third parties.

• • Overview
  • Download
  Comprehensive Anomaly Detection (CAD) Niles Mills - October 31, 2003

  This paper provides a discussion on Comprehensive Anomaly Detection (CAD).

• • Overview
  • Download
  Network Security Concepts and Essentials: A University Overview Matthew Leng - October 31, 2003

  Using my experience from working at an Australian university, this paper addresses how the number of internal and external threats is increasing and providing intruders with a vast array of "ways to compromise university machines.

• • Overview
  • Download
  Twists in Security for Law Enforcement Conrad Larkin - October 31, 2003

  This paper is an attempt to not only briefly cover the basics of computer security that should be in use by everyone, but also an attempt to introduce to those unfamiliar with the extra challenges of supporting law enforcement what additional computer security precautions need to be addressed.

• • Overview
  • Download
  eVoting - A Perspective on Security Damon Small - October 31, 2003

  This paper will discuss how technology can be used to improve the voting process in the United States, and what should be done to get from current state to "eVoting."

• • Overview
  • Download
  Tackling Malicious Code in a University Environment: A Case Study Sandy Goldston - October 31, 2003

  This paper is a case study of malicious code incidents in a large public university as seen through the eyes of the security liaison over a one-and-a-half year period.

• • Overview
  • Download
  Application of the Survivable Network Analysis Method to Secure My Office System Dale Wutz - October 31, 2003

  This paper addresses the results of applying the Survivable Network Analysis method to my office system.

• • Overview
  • Download
  Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities William Geimer - October 31, 2003

  This paper examines password encryption and authentication techniques applied to the file-level protection of personal documents and databases.

• • Overview
  • Download
  Can Microsoft .NET Deliver "Trustworthy Computing"? Nikhil Viswanathan - October 31, 2003

  The aim of this paper was to analyze the security framework of Microsoft .NET, and examine whether its components and features will deliver Microsoft chairman Bill Gates, his ambition of transforming Microsoft into the leading software provider of web services and "trustworthy computing".

• • Overview
  • Download
  Steps to Secure a Law Enforcement Network David Brown - October 31, 2003

  This paper addresses several common issues such as training for system administrators, risk assessment, physical security, security policies, and proper system administration.

• • Overview
  • Download
  Protecting Your Internal Systems from a Compromised Host Michael Nancarrow - October 31, 2003

  The concept for this paper came from a recent incident when one of our customer machines was compromised.

• • Overview
  • Download
  Designing Secure IT Environments for Pharmaceutical Clinical Trial Data Systems Paul Drapeau - October 31, 2003

  Pharmaceutical companies are subject to regulations imposed by the FDA (Food and Drug Administration), and this paper details the relevant regulations for security professionals and the special concerns they pose.

• • Overview
  • Download
  Is IEEE 802.1X Ready for General Deployment? Scott Baily - October 31, 2003

  This paper examines the suitability of deploying IEEE 802.1X as the principal authentication mechanism for Colorado State University's wireless network.

• • Overview
  • Download
  Defense In Depth: A Small University Takes Up the Challenge David Robinson - October 31, 2003

  This paper briefly explores the vital network security design concept of Defense in Depth (DiD).

• • Overview
  • Download
  CASE STUDY ON IMPROVING THE SECURITY OF A FIRM IN A LEGACY APPLICATION SETTING Susan Bradley - October 31, 2003

  This paper documents the steps that were taken by me to increase the security within my firm's computer network system, a system that includes Windows XP workstations and Windows 2000 Server systems.

• • Overview
  • Download
  Securing a Small Community College - A Case Study Bobby Hoyle - October 31, 2003

  This paper identifies critical computing resources used in a small community college, develops a method of defining risk, presents a network design, as well as, implements security policies to address risks, and formulates a long term strategy for securing vital campus resources.

• • Overview
  • Download
  Implementation of a Secure Web Environment for a Government Agency Chad Steel - October 31, 2003

  This paper details the decision making process and implementation of a secure, multi-site redundant web hosting environment for a large government agency.

• • Overview
  • Download
  Practical Implementation of Syslog in Mixed Windows Environments for Secure Centralized Audit Loggin Frederick Garbrecht - October 31, 2003

  This paper presents some of the options available to access the Windows Event log and demonstrate how to implement a versatile centralized remote logging solution using a commercially available Win32 implementation of the Syslog protocol.

• • Overview
  • Download
  Full Lifecycle Security Assessment - A Case Study Gregory Golightly - October 31, 2003

  This paper presents a 'before and after' look at helping a non-profit organization with assets of over a billion dollars secure their infrastructure using a best practice approach, expert knowledge, along with vulnerability assessment tools by ISS.

• • Overview
  • Download
  Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts A Case Study Kenneth Underwood - October 31, 2003

  Knowing" what traffic is leaving your network, is like turning on the light, where there was once darkness. This paper will give examples of what I found in our corporate network, and what I did about it.

• • Overview
  • Download
  Case Study in Automating Branches of a Bank Tim Rhome - October 31, 2003

  This case study will highlight points that were addressed while automating 85 locations for a bank.

• • Overview
  • Download
  Wireless and Moneyless Ryan Blake - October 31, 2003

  This is a study of how one organization met the challenge of deploying a reasonably secure WLAN with virtually no capitol.

• • Overview
  • Download
  Integrating Real-Time Services on the Web Pete Kobak - October 31, 2003

  This paper describes the development of technical processes and analysis models that enable the institution to quickly and safely integrate new business services into the institution's web site.

Masters This paper was created by a SANS Technology Institute student as part of their Master's curriculum.