SANS InfoSec Reading Room - Network Devices

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

FireEye

Featuring 31 papers as of Jun 18, 2013
PDF Shedding Light on Security Incidents Using Network Flows
By: Kevin Gennuso (posted on May 16, 2012)
Incident handlers, and information security teams in general, face significant challenges when dealing with incidents in modern networks.
PDF The Afterglow effect and Peer 2 Peer networks
By: Jerome Radcliffe, (posted on August 25, 2010)
Overall there is room to grow in the area of P2P connection research. This limited study only looked at a small area of P2P interactions. There are an ever&#8208; growing number of BitTorrent clients and all of them handle the protocol differently. These differences could greatly impact every area of P2P communications, all of which are areas that could be grounds for research. Further research of how P2P clients interact could provide additional ways to increase efficiency and provide enhanced security.
PDF An Open Source Layer 2 Switch
By: Jim Wilson (posted on May 4, 2010)
Small networks tend to grow and often times the growth is unplanned. The result is a network of daisy-chained switches, not the most reliable solution for a multi switch environment. What is needed is a solution which integrates all switches into a single collision domain or IP space. Most administrators would look at a Cisco solution at this point, but maybe we can use a Linux box instead. The Linux bridging software allows us to create a single LAN segment and combined with other Open Source software provide management and monitoring capabilities.
PDF Hey Dude! I Can Do a Great Humphrey Bogart!
By: Lee Peterson (posted on November 11, 2009)
This paper will present a fictitious router impersonation scenario wherein a router is duped into believing an imposter is a router that is already known and trusted. As a result, his routing tables are overwritten and traffic gets re-routed.
PDF Are Network Designs Ready for a Pandemic?
By: Alan R. Mercer (posted on April 27, 2009)
This paper will investigate the network planning and design considerations that would be affected by the operational impacts of an avian flu pandemic upon a typical organization
PDF Auditing and Securing Multifunction Devices
By: Charles Scott (posted on October 15, 2007)
PDF Packet Sniffing In a Switched Environment
By: Tom King (posted on January 18, 2007)
This paper focuses on the threat of packet sniffing in a switched environment, briefly explores the effect in a non-switched environment, and covers ways to mitigate the threat of network sniffing in both non-switched and switched environments.
PDF A Survey of Wireless Mesh Networking Security Technology and Threats
By: Anthony Gerkis (posted on October 18, 2006)
This paper will summarize the technologies and challenges related to wireless mesh networks.
PDF Wired 802.1x Security
By: Mohammed Younus (posted on July 27, 2006)
This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.
PDF GIAC Certified Firewall Analyst (GCFW)
By: Matthew Sullivan (posted on May 17, 2005)
In this paper, I will be introducing the technology of Private VLANs (PVLANs) and VLAN ACLs (VACLs) and discussing how they can add security to the defense in depth model.
PDF Security improvement of a wide and heterogeneous set of network devices: a global approach
By: Jean-Marc Millet (posted on February 19, 2005)
This case study describes the most interesting steps of a project to improve the security of a wide set (about one thousand) of network devices (switches, routers, firewalls) originated from many manufacturers. It is intended to describe a global approach which could be reused to tackle such situations.
PDF Egress Filtering For a Better Internet
By: Jason Pierce (posted on January 22, 2005)
During recent years, there has emerged a necessity for all internet users to try to stop inbound threats. Since most internet security is done from a defensive point of view, the questions is left, "Can proactive internet security provide viable solutions to some of the most serious problems facing the internet today?
PDF Security and Vulnerability Analysis of an Ethernet-based attack on Cisco IOS
By: Robert Foxworth (posted on June 9, 2004)
We note the recent attack on Cisco routers, publicized in July 2003, and analyze this work and expand upon it. This exploit used crafted packets to overflow the input buffer on Cisco devices and caused a Denial of Service, making the device unavailable for legitimate users, leading to loss of network connectivity.
PDF Securing SNMP: A Look at Net-SNMP (SNMPv3)
By: Michael Stump (posted on October 31, 2003)
This paper addresses the many improvements, enhancements, and additions that comprise net-snmp, as well as the benefits of using SNMP to monitor network devices and computers.
PDF Implementing a Secure Internal Network
By: Ken Creekmore (posted on October 31, 2003)
This paper presents how-to options and suggestions for designing and securing an internal network. Scenarios are provided concerning designs that may currently be in place and discussions and analysis on the risks involved and the vulnerabilities presented are included.
PDF Virtual LAN Security: weaknesses and countermeasures
By: Steve Rouiller (posted on October 31, 2003)
In this paper we have presented some attacks on VLAN and how to avoid these attacks.
PDF Securing out-of-band device management
By: Marc Kolaks (posted on October 31, 2003)
This paper will outline vulnerabilities of out-of-band managed systems and devices, provide worksheets for helping to ensure security and give examples of possible architectures for secure remote access.
PDF A Security Assessment of the Ricoh Afcio 450E Multifunction Device
By: David Garrard (posted on October 31, 2003)
This paper provides a Security Assessment of the Ricoh Afcio 450E multifunction device.
PDF Nortel Instant Internet 100-S VPN Configuration
By: Lloyd V. Ardoin (posted on October 31, 2003)
This paper will discuss the configuration and use of the Nortel Instant Internet 100-S as a VPN client in one organization's network environment.
PDF Easy Steps to Cisco Extended Access List
By: Nancy Navato (posted on October 31, 2003)
The purpose of this document is to explain in simple words how you can easily create an Extended Access List and apply it to your Cisco Router interface.
PDF Disabling Unneeded Features and Services on Cisco Internet Gateway Routers
By: Toon Mordijck (posted on October 31, 2003)
The focus of this document is on closing down services and features as part of the hardening of the router.
PDF Securing IP Routing and Remote Access on Cisco Routers
By: Mohammed Shafri Hatta (posted on October 31, 2003)
This paper examines the ways to secure a Cisco router as the first step of defending your network.
PDF Securing the Cisco Local Director
By: Scott Ambrose (posted on October 31, 2003)
This paper documents specific implementation steps required to secure a well-known, widely implemented network appliance load balancer: The Cisco LocalDirector.
PDF Router Audit Tool: Securing Cisco Routers Made Easy!
By: Brian Stewart (posted on October 31, 2003)
This document will discuss the need for a tool such as the CIS Router Audit Tool and it's function in confirming that routers are securely configured in a large network environment.
PDF Securing Your Network With An Internet Access Router (or Getting Your Money's Worth From Your Cisco Gear)
By: Mark Degner (posted on October 31, 2003)
In this document, we will cover the configurations that should be applied to nearly any Cisco router, and routers deployed for Internet access in particular
PDF Securing The Network With Cisco Router
By: Bang Shuh Tan (posted on October 31, 2003)
This paper discusses the steps of and security features available on a Cisco router for enhancing the security of a network. Topics covered include: the securing of routing updates through neighbor router authentication and route filtering, using IPSec to secure remote administration of Cisco routers; an overview of reflexive access list and content-based application control; combating code red with network-based application recognition; and, performing integrity checking on routers.
PDF HOW-TO Securely Use SNMP on a BGP/MPLS VPN Network
By: Guillaume Tamboise (posted on October 31, 2003)
This papers discusses how SNMP can be successful in network management.
PDF IPv4 Multicast Security: A Network Perspective
By: Tom Bachert (posted on October 31, 2003)
This paper examines the security implications of multicast communications as they relate to network management.
PDF Implementing Secure Access to Cisco Devices using TACACS+ and SSH
By: Paul Asadoorian (posted on May 20, 2003)
The goal of this paper is to provide an easy guide for network administrators to implement secure remote access for all Cisco networking equipment.
PDF How to Install IC Radius and Extend via Custom Perl Script
By: Michael T. Meacle (posted on March 15, 2002)
In this HOW TO I will investigate how for a typical company you can install and extend a freely available radius server. In addition, detailed steps also show how the extended radius server can be configured to authenticate a selection of different network elements.
PDF Understanding and Implementing TACACS+
By: Randy Feliz (posted on October 14, 2001)
This paper will focus on understanding and implementing TACACS+
SANS Reading Room

This is the best group of instructors I've ever been exposed to.
-Mark Jeanmougin, 53.com

Digital Forensics & Incident Response Summit 2013 - Austin

Latest Whitepapers

Web Application Injection Vulnerabilities: A Web App&#039;s Security Nemesis?
By Erik Couture

Electronic Medical Records: Success Requires an Information Security Culture
By Thomas Roberts

Analyzing Polycom&reg; Video Conference Traffic
By Chris Cain

Latest Tweets

#windowssecurity "Windows Security Course: Las Vegas in Sept [...]
June 7, 2013 - 5:47 AM

New Blog Post: Windows Memory Analysis In-Depth - Discount C [...]
June 7, 2013 - 12:37 AM

Save $500 through 6/12 on important cybersecurity courses at [...]
June 6, 2013 - 10:05 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee