Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
It wasn’t long ago when simply placing a firewall in between your clients, servers, and the Internet was considered a good information security measure. For some organizations the firewall was put in place to simply check a box on a security audit without giving it much attention as to what the firewall was actually protecting, or not protecting. For many the firewall was viewed as a burden and tunneling protocols were developed to make applications work with firewalls.
DDoS (Distributed Denial of Service) attacks have been an ever increasing concern in the Internet world. As technologies becomes less expensive and the Internet grows it is becoming easier and profitable for criminal organizations and the naive vandal to launch destructive attacks on organizations (Mikovic et al., 2005). DDoS attacks are also becoming common tools for governments or activist groups to help serve political agendas (Ristic, 2005). Security professionals will likely always be one step behind new attack methods. In order to understand how Load Balancing technologies can be used to help mitigate DDoS attacks a quick DDoS and Load Balancing primer is needed.
Allocating the investment for perimeter protection and detection mechanisms can be an unique challenge with the budget of a smaller community bank. This paper’s purpose is to raise awareness of the external threats present to confidential customer information held on the private network of community banks, and recommend technologies and designs to protect the perimeter of the network, while taking heed of the limited resources of community banks.
My paper will briefly discuss Enterprise Web Services and the uses of Enterprise Service Buses, but will concentrate on potential threats and vulnerabilities to these and suggest suitable means to mitigate risks.
Over the course of this document, the reader will learn what to do to use the ASA security device for perimeter security, why these choices would be made, what best practices are, and business justifications for each of these decisions.
It is possible to clean up the back yard with Free Open Source Software and a little design. Using off the shelf components and Open Source software the family geek can deploy a more multilayered security stance that will provide far more visibility and control over the network. This is not to say that large swaths of the Internet can be cleaned up just by plugging in a box, but to say that if anything should be a safe haven on the internet, it should be the family network, the backyard. It makes sense to clean up the backyard before taking on the world’s trash.
This paper will discuss the building blocks of Web services, Web services threats and security requirements, the XML firewall for first-line perimeter defense, best practices for configuring an XML security gateway device, and industry recommended security testing procedures for ensuring the effectiveness of thsi security control.
This paper shows how to leverage pre-install analysis data collection systems for post-install response via a selfservice security information application. This application was useful in securing and retaining the open community's good will for future security projects (without the motivation of a incident).
This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.
No matter how much time or money some corporations spend on securing their network, once they allow mobile (laptop) users to connect to their internal network; they are exposing that network to a wide variety of security risks. Their once-secure network has now potentially become a hacker's playground.
Network administrators have several tools in their arsenal for thwarting such attacks such as firewalls and intrusion detection systems. A relatively recent concept developed to compliment existing network defense tools is the Honeypot.
In this paper we discuss the benefits of Secure Sockets Layer (SSL) bridging, also known as SSL initiation, a practice that allows Internet security professionals to successfully proxy encrypted traffic, thus enabling intrusion detection and/or prevention, virus detection, and content filtering of encrypted communications.
Many network installations today consist of a firewall to provide security between the increasing hostile environment of the Internet and the corporate network. This paper examines utilizing Access Control Lists to implement static packet filters at a network perimeter to enhance security in any sized network.
As the Internet community becomes more skilled in their use of attack tools, we are seeing an increase in the number and severity of Internet attacks. Internet neophytes and professionals alike are asking the same question "There are hundreds of thousands of computers on the Internet, why was my computer attacked?"
The three main categories of routers in use at companies today are Internet Gateway routers, Corporate Internal routers and B2B routers which should all be given careful consideration from a security perspective, as each pose unique security problems that are addressed in this paper.
A sound security perimeter today requires more than a single firewall connected at the Internet router. By segmenting the network with multiple firewalls, we can achieve the holy grail of network security - Defense-In-Depth.
The firewall's ability to decide what is and what is not allowed are configurations that are setup by the system administrator as policies or rules and define what traffic the firewall will or will not allow to enter the network.
This paper is intended to be a how-to for IPv6 firewalls running on OpenBSD 3.0. It will cover the basics of installing OpenBSD, setting up a tunnel to the 6Bone, and configuring the Packet Filter firewall included with OpenBSD.
For the user that is evaluating inexpensive perimeter firewall solutions, this paper discusses the features and security implications amongst three of the more popular choices available, providing an understanding of floppy disk-based firewalls and some of the technologies they employ.
This paper will explain the benefits of using IPFilter on a unix host by detailing its configuration and implementation on a Solaris 8 SPARC box, and providing examples users can follow to safeguard their machines against some of the more popular remote exploits.
This paper will present one solution to securing a large number of extranet connections. In particular, the focus will be on the corporation who is the extranet network provider, or at the hub of a large extranet.
The objective of this paper is to give a review of DoS / DDoS attacks, provide a list of basic network attack prevention techniques, provide a brief comparison of current and emerging Intrusion Prevention devices available and to give an example implementation scenario using one of these products.
The following paper describes the different tools that can be used in setting up an appropriate router and firewall combination using Linux that offers the necessary functionality and security to its users as well as the means to monitor it by an administrator.
This paper describes, hopefully, a fairly typical small office/business scenario and one method to connect it securely to the Internet using a commercially available firewall/router, the Cisco 837 ADSL router.
This paper provides a detailed account of the pre-existing insecurity, a brief note of the catalytic event precipitating the actual changes to the firewall, a discussion of the implementation, and the results and ultimate success of the procedure 'hardening' the corporate firewall.
In my first job position after college, I was hired to design and implement a firewall as well as a virus scanning mail solution and this paper addresses the processes I went through that increased security at this company.
SANS provides the best up to date training relating to security issues. The sessions are relevant and well presented with well written manuals. -Ravindranath Goswami, The Power Generation Company of Trinidad and Tobago Ltd.