Security Training
Security Certification
Internet Storm Center
Cyber Security Graduate School
Security Awareness Training
Penetration Testing
Industrial Control Systems
Cyber Defense Foundations
IT Audit
Computer Forensics
Software SecurityEncryption & VPNs
Featuring 92 Papers as of June 8, 2011
-
Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data
nuBridges, inc - September 29, 2009
Exploring the use of tokenization as a best practice in improving PCi dss compliance, while at the same time minimizing the cost and complexity of PCi dss compliance by reducing audit scope.
-
The challenge of securely storing and transporting large files across a corporate Wide Area Network
Jeremy Gibb - October 26, 2007
The majority of organizations that use Wide Area Networks (WANs) to connect Local Area Networks (LANs) together have a requirement to transfer large amounts of data across the wire, between different locations. A number of widely available desktop applications such as Microsoft Outlook and Windows Explorer provide built-in functionality that support the basic data transfer needs of most users (e.g. attaching a file to an email, creating a share on a remote machine and mapping a local drive to that share), but such solutions have limitations when there is a requirement from backend applications or system administrators to reliably transfer large files that are often numerous Gigabytes (Gig), or more, in size. This challenge is further complicated when the data is of a sensitive nature and needs to be transported securely, on a repetitive (i.e. automated) basis, and must be held in a secure format before and after transmission.
-
OpenVPN and the SSL VPN Revolution
Charlie Hosner - August 25, 2004
True SSL VPNs are beginning to appear in the market. One of the best, and definitely the least expensive, is the open source SSL VPN, OpenVPN.
-
Securing Key Distribution with Quantum Cryptography
Bradford Bartlett - August 15, 2004
Quantum cryptography recently made headlines this year when European Union members announced their intention to invest $13 million in the research and development of a secure communications system based on this technology.
-
Elliptic Curve Cryptography and Smart Cards
Ahmad Kayali - April 8, 2004
Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (for example, a 160 bit ECC has roughly the same security strength as 1024 bit RSA).
-
Understanding and Configuring IPSec between Cisco Routers
Ryan Ettl - March 25, 2004
This paper will provide insight for a secure solution to address this business need using Virtual Private Networking.
-
SSL Remote Access VPNs: Is this the end of IPSec?
Steven Ferrigni - December 13, 2003
This paper looks at the two VPN technologies with respect to remote access, discusses the advantages and disadvantages of each and whether they can co-exist.
-
S-Box Modifications and Their Effect in DES-like Encryption Systems
Joe Gargiulo - October 31, 2003
This paper presents the substitution boxes (s-boxes) found in many block ciphers, and more specifically in DES-like encryption systems.
-
Configuring Secure Shell with TCP Wrappers on Solaris 2.8
Jane Micheller - October 31, 2003
This paper shows how to setup the OpenSSH version 3.4 on Solaris 2.8 platform, beginning with the development of the product and illustrates packet captures.
-
Issues When Using IPsec Over Geosynchronous Satellite Links
Greg Totsline - October 31, 2003
This paper describes the salient points of TCP over satellite links, performance enhancing proxies, IPsec, and the issues with the combined use of these technologies.
-
Appropriate Use of Network Encryption Technologies
Kenneth Forward - October 31, 2003
This paper will describe virtual private networks and other network encryption technologies such as secure sockets layer - what they are, and what protections they provide.
-
Network Based VPNs
Olivier Strahler - October 31, 2003
This paper focuses on this particular type of VPN. First, it provides a short history on the evolution of VPNs, then it explains what is meant by Network based VPNs.
-
Using GPL Software For Email and File Encryption
David Tucker - October 31, 2003
Privacy is important, the security of information is sometimes legally required, and internet communication often does not provide this necessary security inherently.
-
Attacks on PGP: A Users Perspective
Ryan Thomas - October 31, 2003
The focus of this paper is to inform users of the practical and theoretical strategies that may be used in an attempt to compromise PGP (Pretty Good Privacy), potentially exposing the contents of a PGP encrypted message to an attacker.
-
IPSec Tunnel Creation
Chris Gutridge - October 31, 2003
The purpose of this paper is to detail, explain, and illustrate the specific processes that occur in creating an IPSec VPN tunnel.
-
Instant Message Security - Analysis Of Cerulean Studios Trillian Application
Michael Murphy - October 31, 2003
This paper outlines the underlying security risks of Instant Messaging (IM) focusing on an analysis of Cerulean Studios' Trillian application.
-
MPLS - VPN Services and Security
Ravi Sinha - October 31, 2003
The information will provide the foundation for the discussion on providing scalable VPN services in a MPLS environment.
-
Randomness and Entropy - An Introduction
Chris Thorn - October 31, 2003
This paper will attempt to bring together information pertaining to concepts and definitions of randomness and entropy.
-
No Single Killer App for PKI
Cliff Schiller - October 31, 2003
This paper presents the author's perspective on the real benefits of PKI as a technology.
-
A Review of Chaffing and Winnowing
David Spence - October 31, 2003
This paper presents an overview of Chaffing and Winnowing as described by Ronald Rivest and a review of a secure Chaffing and Winnowing scheme called Chaffinch.
-
Remote Access IPSec VPNs: Pros and Cons of 2 Common Clients
Jason Everard - October 31, 2003
This paper discusses two client options for creating this encrypted and authenticated connection, as well as options for working around the deficiencies of the current IPSec standard by combining IPSec with L2TP or by using proprietary functions to accomplish the same.
-
Applied Encryption: Ensuring Integrity of Tactical Data
Jennifer Skalski-Pay - October 31, 2003
This paper will provide the reader with a low-level understanding of the Global Command and Control System-Maritime (GCCS-M), CST, Track Database Manager (Tdbm) and SIPRNet.
-
An Overview of Cryptographic Hash Functions and Their Uses
John Silva - October 31, 2003
This paper provides a discussion of how the two related fields of encryption and hash functions are complementary, not replacement technologies for one another.
-
BUSINESS PARTNER VPN: NEEDED NOW
Karen Duncanson - October 31, 2003
This paper takes a look at Business Partner VPN and focus on challenges now being dealt with in the face of requirements for a VPN that promises end to end security between two separate business entities and even between the users within those entities.
-
Remote Access VPN - Security Concerns and Policy Enforcement
Mike Stines - October 31, 2003
The recommendations contained within this paper can assist in a secure and successful implementation of a remote-access VPN.
-
The Risks Involved With Open and Closed Public Key Infrastructure
Philip Hlavaty - October 31, 2003
This paper will present some of the risks and liability issues involved with PKI, such as the enormous risks behind the open PKI model and why it never flourished in the marketplace.
-
The mathematics behind the security features that the computing industry takes for granted
Ricky Wald - October 31, 2003
This paper aims to explain mathematical/encryption concepts that are fundamental to security as it was in the past, as it is today and my vision for the future.
-
A Consumer Guide for Personal File and Disk Encryption Programs
Scott Baldwin - October 31, 2003
This paper will give you the knowledge to select an encryption product that matches your needs.
-
Is the future of cryptography in qubits
Wayne Redmond - October 31, 2003
In a beautiful irony, quantum computers may break current cryptography but quantum mechanics also offer hope to cryptography in quantum key distribution.
-
Cryptography: What is secure?
Willy Jiang - October 31, 2003
This paper looks at how security is achieved by discussing basic substitution and transposition operations, to get an appreciation of security in cryptography and recommend basic approach to implement cryptography.
-
PGP for Everyday Use
Jeremy Hoel - October 31, 2003
This paper has shown how to get PGP, protect files on your drive, protect your e-mail messages and manipulate your key ring.
-
IPSec Interoperability between OpenBSD, Linux and Sonicwall
Daniel Young - October 31, 2003
This paper discusses OpenBSD project, Linux FreeS/WAN project and Sonicwall Inc., each providing cost effective IPSec implementations with excellent reliability and some of the issues surrounding their interoperability.
-
Demystifying DSS: The Digital Signature Standard
Richard Brehove - October 31, 2003
This paper examines the requirements of signatures, outlines the technologies involved in creating digital signatures, and describes the components of the Digital Signature Standard (DSS).
-
Security Implications of SSH
Bill Pfeifer - October 31, 2003
This paper provides a high-level discussion of some of the security considerations associated with SSH, as well as some potential methods of addressing those considerations.
-
Prime Numbers in Public Key Cryptography
Gerald Crow - October 31, 2003
This paper explores some of the basic properties of prime numbers and several theorems associated with them, and presents moderate detail on two of the most common asymmetric algorithms and the manner in which they employ prime numbers.
-
When Security Counts: Securing a Test Server with a VPN Connection
Patricia Hulsey - October 31, 2003
This paper describes the design choices of a deployment for a router-to-router VPN connection using the Windows 2000 platform VPN server.
-
Quantum Cryptography: Is Your Data Safe Even When Somebody Looks?
Tom Klitsner - October 31, 2003
While, for the most part, quantum computing devices are decades away (at least) from being practical, in the area of quantum cryptography - in particular the secure distribution of cryptographic keys - there exist strategies and systems that are feasible (perhaps even practical) today.
-
PGP: A Hybrid Solution
Jessica Benz - October 31, 2003
Symmetric and asymmetric cryptography both have advantages and disadvantages that will be discussed in this paper.
-
What Is an MPLS VPN Anyway?
Kelly DeGeest - October 31, 2003
This paper will give a basic understanding of how a MPLS VPN works.
-
Identification with Zero Knowledge Protocols
Annarita Giani - October 31, 2003
The idea of proving knowledge of some assertion without revealing any information about the assertion itself is very attractive. This paper discusses Zero-Knowledge protocols which allow this kind of scenario.
-
Quantum Encryption vs Quantum Computing: Will the Defense or Offense Dominate?
Bob Gourley - October 31, 2003
Quantum encryption will soon provide unbreakable ciphers and this paper examines these topics by providing a snapshot of current research.
-
Virtual Network Computing and Secure Shell
Damian Koziel - October 31, 2003
Many hightech professionals to work from home increasing the system administrator's challenge of maintaining and troubleshooting a company's heterogeneous and sprawling computing system from a central location through Virtual Network Computing.
-
The Day DES Died
Paul Zande - October 31, 2003
This paper takes a look at DES, the characteristics of the RSA challenges and compare DES to other cryptosystems to discover which ones are secure and why.
-
Encryption Regulation: A First Amendment Perspective
Linda Mickna - October 31, 2003
Through the use of cryptography, communications and information transmitted and stored by computers can be protected from unauthorized access.
-
Interoperability in PKI
Roger Pyon - October 31, 2003
This paper will introduce some of the interoperability issues in PKI which applies to processing and managing the establishment of those trust and the challenges it faces.
-
An Overview of Computer Security as Told Through War Stories
Ronald Seidl - October 31, 2003
This paper discusses awareness training by telling stories that show problems in way that most people can clearly see.
-
One Fish, Two Fish, Red Fish, Blowfish A History of Cryptography and it's Application in Soci
Joseph Kasten - October 31, 2003
Crypto sciences are used in almost every electronic device to ordinary computer based software on the home personal computer.
-
Securing Remote Users VPN Access to Your Company LAN
Klavs Klavsen - October 31, 2003
This paper is intended to be an introduction to the Security issues you face and the solutions you can choose between, when you want to give your remote users access to your Company Network via VPN.
-
A Business Perspective on PKI: Why Many PKI Implementations Fail, and Success Factors To Consider
Leslie Peckham - October 31, 2003
This paper is intended to provide an overview of PKI and how a PKI implementation affects the entire organization.
-
A Discussion of SSH Secure Shell
Shawn Lewis - October 31, 2003
The purpose of this paper is to build on the Introduction to SSH Secure Shell paper written by Damian Zwamborn (www.sans.org/infosecFAQ/encryption.intro_SSH.htm).
-
History of Encryption
Melis Jackob - October 31, 2003
This paper shows that the field of Cryptography has evolved tremendously since the Assyrian and Egyptian time, and as the technology progresses, it will be easier to cultivate the power of distributed processing and break the different encryption algorithms such DES or triple DES.
-
Quantum Encryption - A Means to Perfect Security?
Bruce Auburn - October 31, 2003
This paper addresses the issue of public key cryptography.
-
NAT Traversal: Peace Agreement Between NAT and IPSec
Haluk Aydin - October 31, 2003
After merging two different works from different vendors, NAT-T is the most promising solution for the near future so that some vendors started implementing it in their VPN products.
-
Who's Who in AES?
Kyle Jones - October 31, 2003
This paper is going to introduce the new Advanced Encryption Standard, or AES, the winning algorithm, its competitors, the specifications set forth, and decision making process of NIST.
-
Implementing NAT on Checkpoint Firewall-1
Eugene Ng - October 31, 2003
This paper addresses implementing secure NAT rules and policies and excellent documentation on network topologies.
-
Protecting Sensitive Data in Secure Domains
Mikael Trosell - October 31, 2003
The basic idea of Secure Domains is to move parts of the network into secure zones, either based on the classification of the data or their being part of a project that can be centralized in a specific zone and are considered as sensitive.
-
Key and Certificate Management in Public Key Infrastructure Technology
Sriram Ranganathan - October 31, 2003
The intent of this paper is to provide an overview and briefly discuss the various phases involved in Key and Certificate management.
-
The Advanced Encryption System (AES) Development Effort: Overview and Update
William Tatun - October 31, 2003
The purpose and objective of this paper is to provide a brief overview of where we've been and an update of where we are headed in the United States Department of Commerce's quest for a suitable standard algorithm that can be used to protect sensitive data in the future.
-
Implementing PKI in a Heterogeneous Environment A Primer on Digital Certificate And Key Formats
Tim Sills - October 31, 2003
This document will discuss the various file formats for both X.509 digital certificates and encryption keys.
-
The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem
Bradley Fulton - October 31, 2003
This paper highlights the need for security professionals and management to not overlook the weakest link in security systems - that being the human factor.
-
E-Mail Security with S/MIME
George Kuzmowycz - October 31, 2003
The intent of this paper is to present an overview of the history, design, usage and the current state of market and community acceptance of S/MIME while contrasting it, where appropriate, to PGP.
-
AES: The Making of a New Encryption Standard
Mitch Richards - October 31, 2003
This paper describes the issues, programs, and processes related to the development of standards.
-
Public Key Infrastructure Issues in an Academic Healthcare Setting
Liviu Groza - October 31, 2003
The paper intends to give a general overview several specific issues related to the PKI deployment process emphasizing the particularities of a mixed environment.
-
IPsec's Role in Network Security: Past, Present, Future
Christopher Smith - October 31, 2003
IPSec is used to create tunnels for Virtual Private Networks (VPN), and also provide confidentiality, authenticity, and integrity of data through use of encryption algorithms.
-
Implementing "Dual-Sided" VPN's
Kenneth Boudreaux - October 31, 2003
This paper discusses a solution for using a public network for data communications that could satisfy the security requirements for data transmission.
-
Integrate HMAC Capable Token into User Authentication Mechanism and Public Key Infrastructure
Shanhui Tan - October 31, 2003
This paper describes using a HMAC capable token in user authentication or public key infrastructure (PKI) to derive user private key or produce message digest for digital signature scheme.
-
Using SSL with Client Access Express for AS/400
Jose Guerrero - October 31, 2003
This paper is meant to help those who are in need of securing a Client Access connection with their AS/400.
-
Analysis of a Secure Time Stamp Device
Chris Russell - October 31, 2003
This paper discusses the design of a Secure Time Stamp device used to securely timestamp digital data, such as computer documents, files, and raw binary data of arbitrary format.
-
Strong Authentication and Authorization model Using PKI, PMI, and Directory
Jong Lee - October 31, 2003
This paper presents a strong authentication and authorization model using three standard frameworks.
-
Securing Certificate Revocation List Infrastructures
Eddie Turkaly - October 31, 2003
This paper takes a closer look at the security issues when implementing a secure CRL infrastructure.
-
Cryptographic Services - A Brief Overview
Larry Bennett - October 31, 2003
This paper examines the use of cryptography in implementing the services of authentication, integrity, non-repudiation, and confidentiality.
-
PKI and Information Security Awareness: Opportunity and Obligation
Jerry Brown - October 31, 2003
This paper discusses the single most difficult criterion for a successful PKI rollout: user acceptance.
-
Cryptanalysis of RSA: A Survey
Carlos Cid - October 31, 2003
In this paper we give a survey of the main methods used in attacks against the RSA cryptosystem. We describe the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of the algorithm.
-
A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols
David Carts - October 31, 2003
This paper will present an overview of the Diffie-Hellman Key Exchange algorithm and review several common cryptographic techniques in use on the Internet today that incorporate Diffie-Hellman.
-
Basic Cryptanalysis Techniques
Craig Smith - October 31, 2003
Because of the complexity involved with cryptanalysis work, this paper focuses on the basic techniques needed to decipher monoalphabetic encryption ciphers and cryptograms.
-
Implementing Site-to-Site IPSec Between a Cisco Router and Linux FreeS/WAN
Neil Cleveland - October 31, 2003
This paper begins by providing a brief overview of IPSec, the features, differences, issues surrounding Cisco's IOS IPSec offering versus the FreeS/WAN offering and then describes an example implementation.
-
Stunnel: SSLing Internet Services Easily
Wesley Wong - October 31, 2003
This paper provides a method to securely use existing clear-text protocols under SSL without any need to modify the existing software or source code.
-
Knock Knock...Who's there? Do you know who is accessing your VPN?
Norma Schaefer - October 31, 2003
Although VPNs secure data across public networks, potential information security risks include remote users' networks, PCs, systems, and this paper focuses on the need for strong authentication.
-
Comparing BGP/MPLS and IPSec VPNs
Gary Alterson - October 31, 2003
This paper gives an overview of MPLS and then discusses the mechanisms used to provide VPNs based upon BGP/MPLS and IPSec.
-
An Overview of Hardware Security Modules
Jim Attridge - October 31, 2003
This paper intends to introduce the concept of a cryptographic hardware device. It will describe its functions, uses and implementations.
-
Multiprotocol Label Switching Virtual Private Networks and the enterprise - Do they fit in the security model?
Michael Stoos - October 31, 2003
Multiprotocol label switching virtual private networks have gained press as a new service provider method to provide a secure path in the public Internet space.
-
Roll Your Own Crypto Services (Using Open Source and Free Cryptography)
Edward Donahue - October 31, 2003
This paper surveys the open source software available to secure the most common applications: email and file encryption, web access and server oriented services, IPsec and VPNs, and finally, remote session encryption.
-
Secure Access of Network Resources by Remote Clients
Glendon MacDonald - October 31, 2003
This paper will identify the threats that remote access poses to corporate network security including those involving hackers, malicious applications and the use of weak access and physical controls.
-
Vulnerability's of IPSEC: A Discussion of Possible Weaknesses in IPSEC Implementation and Pro
Daniel Clark - October 31, 2003
This paper will discuss the protocol suite IPSEC, with a view to analyzing the various weaknesses have been or could be identified within the protocol.
-
Decommissioning Certification Authorities
Claudia Lukas - October 31, 2003
This paper reviews these guidelines and discusses terminating a Certification Authority.
-
The Ease of Steganography and Camouflage
John Bartlett - October 31, 2003
In this paper we will look at the ease of use of one particular program, and the ability to detect steganographic material created by the program.
-
A Vulnerability Assessment of Roaming Soft Certificate PKI Solutions
Stephen Wilson - October 31, 2003
This paper highlights the security engineering and deployment considerations by presenting a systematic vulnerability assessment of the common roaming architecture.
-
PKI, The What, The Why, and The How
Duncan Wood - October 31, 2003
This paper discusses Public Key Architecture (PKI) and why governments are introducing legislation for information privacy.
-
VPN-1 SecureClient - Check Point's Solution for Secure Intranet Extension
Ryan Gibbons - October 31, 2003
This paper addresses why SecureClient is widely compatible and has a small footprint, making it appealing to organizations that use Check Point products and are considering such functionality.
-
Infrastructure Design Considerations When Using Client Certificates
Tim Hollingshead - October 31, 2003
This paper will investigate some of the considerations that should be evaluated when looking to bring a new technology into the design of an application.
-
Creating a Secure VPN with Cisco Concentrator and ACE Radius/SecurID
Nathan Lasnoski - October 31, 2003
Using a VPN, companies can expand the reach of their corporate network beyond their expensive leased lines by using the assets provided by the Internet.
-
Cryptography - Business Value Behind the Myth
Jeff Christianson - October 31, 2003
The purpose of this paper is to help information technology professionals make informed decisions about using cryptographic solutions to secure electronic business transactions.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
Masters This paper was created by a SANS Technology Institute student as part of their Master's curriculum.
