Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
Blackboard Learn (Bb Learn) is an application suite providing educational technology
to facilitate online, web based learning. It is typical to see Bb Learn hosting courses and
content. Common add-ons include the Community and Content systems which are
By: Angel Alonso-Parrizas (posted on September 23, 2011)
Nowadays it is necessary for most companies to provide e-mail/Internet access to employees outside of the office, hence many business provide their staff with BlackBerrys, iPhones, Android or other smartphones with Internet connectivity.
There is substantial industry documentation on web browser security because the web browser is currently a frequently used vector of attack. This paper investigates current literature discussing the threats present in today's environment.
The concepts behind application and operation system virtualization are not new concepte,they have been around long before server appliances and desktop PCs were readily available in our daily vocabulary.
Port knocking has recently become a popular and controversial topic in security. A basic overview of port knocking is given, and it is assumed that when carefully implemented, port knocking can be a useful tool in some situations.
One of the highly critical roles in computers security maintenance is patch management, this paper discusses the process of implementing softwares and measures in order successfully accomplish such role.
One of the highly critical roles in computers security maintenance is patch management, this paper discusses the process of implementing softwares and measures in order to successfully accomplish such role.
This paper aims to inform the reader on what metrics are, why metrics can be an important tool for controlling security systems; and, how metrics fit into the day to day IT operations to improve security by measuring, reporting and tracking key elements of systems that have an impact on security.
Today's network security issues not only involve the protection of the vital data of commerce, but also, whether by law, policy or common sense, the people and the parts of their lives that may be included in that data.
Mitigating the risk to critical systems from vulnerabilities in operating system builds is an important responsibility of any system administrator. In organisations with a large number of servers, running multiple applications and services, managing the state of production builds can be a time consuming exercise.
In this paper I have used my personal needs for password management as a starting point, trying to determine a solution which would work both for IT personnel, and which would also be suitable for use by the average computer user.
RBAC3, when properly implemented following a well-defined organizational policy, can allow for a very scaleable, logical, and secure means of distributing access to file systems, applications, sub-systems or the like.
This paper discusses some of the challenges associated with migrating a large, widely distributed Windows NT environment with widespread administrative access for the application and server support personnel to a native Windows 2000 environment which embraces the philosophy of the "Just-enough privilege" (JeP) security model to complete assigned job responsibilities.
By: Saffet G. Ozdemir (posted on October 31, 2003)
This paper examines how any backup solution must protect the enterprise and the individual users within the enterprise from lost productivity, lost or corrupted data, and time consumed in resuming normal operation.
This paper describes how we are just starting to feel the ramifications of the "ship first, patch later" methodology used in most IT projects, especially as they relate to security in a 24x7x365, ecommerce environment.
This paper details one possible solution to establishing an Emergency Vulnerability Alert (EVA) structure, the EVA process preparation; what will need to be in place prior to the implementation of the process, a complete layout of the EVA process detail, and finally what challenges (downfalls) may be faced with implementing the process proposed in this practical.
Most small businesses simply do not have the resources for even one full-time employee dedicated to Information Systems; however, four servers and thirty workstations can be a bit much without a good plan and the right tools to aid in the execution.
This paper addresses the current state of patch management, demonstrates what could happen to your network if you leave IE unpatched and provides information on how to mitigate the risk of IE being attacked through the application of strong security settings.
This paper attempts to outline the process an administrator should follow after a security patch has been released. Since this process is a consistently repeatable task, a Standard Operating Procedure (SOP) can be revised and enhanced as needed.