4 days to save $500 for SANS Rocky Mountain 2013

SANS InfoSec Reading Room - Threats/Vulnerabilities

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Sandstorm Enterprises, Inc.

Featuring 68 papers as of May 26, 2013
PDF Implementing a Vulnerability Management Process
By: Tom Palmaers (posted on April 16, 2013)
A vulnerability is defined in the ISO 27002 standard as "A weakness of an asset or group of assets that can be exploited by one or more threats" (International Organization for Standardization, 2005).
PDF Exploiting Financial Information Exchange (FIX) Protocol?
By: Darren DeMarco (posted on July 3, 2012)
The FIX Protocol website defines The Financial Information eXchange ("FIX") Protocol as “a series of messaging specifications for the electronic communication of trade-related messages” (FIX Protocol Ltd, 2012).
PDF Covert Channels Over Social Networks
By: Jose Selvi (posted on June 4, 2012)
Today we live in a malware age, with the malware industry growing exponentially (AV-Test, 2012).
PDF Robots.txt
By: Jim Lehman (posted on May 31, 2012)
Every minute of every day the web is searched, indexed and abused by web Robots; also known as Web Wanderers, Crawlers and Spiders.
PDF BYOB: Build Your Own Botnet
By: Francois Begin (posted on August 17, 2011)
A recent report on botnet threats (Dhamballa, 2010) provides a sobering read for any security professional. According to its authors, the number of computers that fell victim to botnets grew at the rate of 8%/week in 2010, which translates to more than a six-fold increase over the course of the year.
PDF Reducing Organizational Risk Through Virtual Patching
By: Joseph Faust (posted on January 11, 2011)
Software patching for IT Departments across the organizational landscape has always been an integral part of maintaining functional, usable and stable software. Historically the traditional patch cycle has been focused on fixing or resolving issues which affect functionality. In recent years, with the advancement of more sophisticated and targeted threats which are occurring in quicker cycles, this focus is dramatically changing. (Risk Assessment – Cisco, n.d.; Executive Office of The United States, 2005) . Corporations and Government now have a greater understanding of potential losses and expenses incurred by not maintaining application security and are moving towards an increased focus on patching and security (Epstein, Grow & Tschang, 2008). With organizations’ reputations, consumer confidence and corporate secrets at risk, corporations and government are recognizing the need to shift and address vulnerabilities at a much faster pace than they historically have done so (Chan, 2004). Over roughly the last ten years, the length of time between the documentation of a given vulnerability in a piece of software and the development of an actual exploit that can take advantage of the weakness in the application, has decreased tremendously. According to Andrew Jaquith, senior analyst at Yankee Group, the average time between vulnerability discovery and the release of exploit code is less than one week. (“Shrinking time from,” 2006). It has also been identified that “99% of intrusions result from exploitation of known vulnerabilities or configuration errors where countermeasures were available” ("Risk reduction and.," 2010) . Clearly these statistics alone can prove daunting for many businesses trying to keep pace and maintain proper defenses against the bad guys.
PDF Malicious Android Applications: Risks and Exploitation
By: Joany Boutet (posted on December 22, 2010)
Android is an open-source mobile operating system, based upon a modified version of the Linux kernel, initially developed by Android Inc., a firm purchased by Google in 2005. A Gartner study released on November 2010 outlined that Android has become the second-most popular OS in the world (Gartner, 11/2010). The growth of Android has exceeded their previous study, released last year, in which they had predicted that Android will be the No.2 worldwide mobile operating system in 2012 (The H, 08/10/2009). According to another Gartner study (Gartner, 08/2010)., there will be only a slight difference between Symbian and Android market share in 2014: 30.2% for Symbian against 29.6% for Android.
PDF USB - Ubiquitous Security Backdoor
By: EErik Couture (posted on August 25, 2009)
The Universal Serial Bus (USB) is an omnipresent data and peripheral communication port that poses a security threat in any modern computing environment. Proposed is a holistic approach to USB port-security, examining the problem from user requirements definition to organizational threat-risk assessment and finally technical and procedural-based risk mitigation.
PDF Threat Analysis of Allowing Employee Internet Access
By: Mason Pokladnik (posted on March 28, 2008)
The ISO 17799/27001 standard provides a good minimum description of what organizations should be doing to protect themselves, but it should not be the sole focus of your security and audit control design. A better approach is to allow your information-security management-system subcommittees or technical specialists to analyze the threats your organization is likely to face. Then, design your controls around those threats, balancing the cost to mitigate a threat versus the cost of a threat occurring in your environment. Finally, after you have analyzed the threats, you can double check your policies and procedures against a regulatory or management framework, such as ISO17799, SOX, GLBA, HIPPA or PCI.
PDF Attack vs. Defense on an Organizational Scale
By: Omar Fink (posted on December 11, 2007)
PDF ANI vulnerability: History repeats
By: Shashank Gonchigar (posted on October 24, 2007)
PDF A System of Persistent Baseline Automated Vulnerability Scanning and Response in a Distributed University Environment
By: Chet Langin (posted on September 18, 2007)
PDF Malware Analysis: Environment Design and Artitecture
By: Adrian Sanabria (posted on August 2, 2007)
PDF Visually Assessing Possible Courses of Action for a Computer Network Incursion
By: Grant Vandenberghe (posted on June 15, 2007)
This study has suggested that an additional course of action step be added to the incident handling process. This addition would require that an incident handler identify the effects of his action before disrupting ongoing commercial or military operations.
PDF A Survey of Wireless Mesh Networking Security Technology and Threats
By: Anthony Gerkis (posted on October 18, 2006)
This paper will summarize the technologies and challenges related to wireless mesh networks.
PDF Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks
By: Robert Wagner (posted on August 11, 2006)
This paper is designed to introduce and explain ARP spoofing.
PDF Exploiting BlackICE When a Security Product has a Security Flaw
By: Peter Gara (posted on July 9, 2005)
This paper contains a fictional story about a computer expert who gets into evil ways and tries to denigrate his ex-colleague at her new workplace.
PDF A Spyware Survival Toolkit
By: Peter McGranaghan (posted on May 17, 2005)
This paper will discuss the sources of spyware, the types of spyware, and methods of prevention, detection, and removal of spyware.
PDF What is Santy bringing you this year?
By: Pieter Danhieux (posted on May 5, 2005)
This early and evil "Santa Claus" present caused some serious havoc for administrators of phpBB bulletin board software around Christmas 2004, defacing almost 40 thousand phpBB sites in a short period.
PDF Electronic Toll Collection
By: Don Flint (posted on July 25, 2004)
Since 1992 active Radio Frequency Identification (RFID) tags have been used in vehicles to automate the toll process on toll roads, bridges, and tunnels in a process called Electronic Toll Collection (ETC). These tags are mounted to the windshield or externally surrounding the license plate on a vehicle and read as the vehicle proceeds without stopping through special lanes at the toll plaza.
PDF Phishing: An Analysis of a Growing Problem
By: Anthony Elledge (posted on July 25, 2004)
Email has become an invaluable communication tool for both business and personal use. Among the many security issues that now affect computer users, there is a growing threat known as "phishing".
PDF Risk-Eye for the IT Security Guy
By: Thomas Siu (posted on May 2, 2004)
An enterprise risk management workflow model is presented to illustrate the `big picture' of risk management, the key to developing a "keen eye" for IT security risks as a part of the overall IT management doctrine.
PDF Skimming and Its Side Effects
By: Nobie Cleaver (posted on March 9, 2004)
What I have learned in my research has truly amazed me and I endeavor to share some of that information in this paper. I will define skimming, describe what a skimming device may look like, discuss how skimming is done, provide some statistical information and provide some pointers on how to avoid being skimmed and what to do if it happens.
PDF Vulnerability Management: Tools, Challenges and Best Practices
By: Cathleen Brackin (posted on December 13, 2003)
This paper will outline the key steps to Vulnerability Management, and provide an in-depth look at the tools, challenges and best practices of each part of the VM lifecycle.
PDF Corporate Anti-Virus Protection - A Layered Approach
By: Elizabeth Peyton (posted on November 6, 2003)
This paper offers a "defense-in-depth" solution for large enterprises and corporations where there may be thousands of entry points through which viruses can enter, causing possible system damage and information theft or loss.
PDF Managing vulnerabilities exposed by Windows services.
By: James Williams (posted on November 6, 2003)
This paper looks at the vulnerabilities exposed by Windows services, how and why these risks occur, identify the tools for manipulating Windows services, and provide solutions to secure these identified vulnerabilities.
PDF Vulnerability naming schemes and description languages: CVE, Bugtraq, AVDL and VulnXML
By: Michael Rohse (posted on October 31, 2003)
These limitations inspired two new proposals: AVDL (Application Vulnerability Description Language) and VulnXML. With them it will be possible to directly import a describing XML document into a scanning tool and the tool will generate and launch the vulnerability scan. AVDL and VulnXML will be described and discussed in this paper.
PDF Spoofing: An Overview of Some the Current Spoofing Threats
By: Neil B. Riser (posted on October 31, 2003)
This paper introduces and explains four forms of information spoofing: IP, ARP, Web, and DNS.
PDF Anatomy of an IP Fragmentation Vulnerability in Linux IPChains: Investigating Common Vulnerabilities and Exposures (CVE) Candidate Vulnerability CAN-1
By: Karim Sobhi (posted on October 31, 2003)
This paper investigates a potential IP fragmentation vulnerability in Linux IPChains.
PDF Assessing Threats To Information Security In Financial Institutions
By: Cynthia Bonnette (posted on October 31, 2003)
This paper explores key issues related to threat assessment, including essential elements, methodologies, and common pitfalls, along with a recommended approach for completing and documenting this activity.
PDF Printer Insecurity: Is it Really an Issue?
By: Vernon Vail (posted on October 31, 2003)
This document starts with a brief look at basic system and network security principles, continues with the revealing of some printer threats and vulnerabilities, and ends with a discussion about how to deal with the issue.
PDF A New Generation of File Sharing Tools
By: Dan Klinedinst (posted on October 31, 2003)
Excessive file sharing can have serious effects on a variety of organizations, from lost revenue to lost productivity and wasted resources.
PDF Security for Online Transaction Processing in a White Label Financial Switch
By: Fabian Soler (posted on October 31, 2003)
White label financial switches have introduced automatic banking machines (ABMs) in niche markets by taking advantage of cheap modern network and PC technology.
PDF Large Scale Network Incidents - What Can We Do?
By: Jay Garden (posted on October 31, 2003)
This paper looks into the similarities between the two types of attacks and discusses ways to mitigate the risk from an Internet-wide perspective.
PDF Worms as Attack Vectors: Theory, Threats, and Defenses
By: Matthew Todd (posted on October 31, 2003)
This paper provides a brief discussion of what constitutes a typical worm, along with a brief history, reasons they may be released, and who might gain from their use.
PDF Beyond Conventional Terrorism...The Cyber Assault
By: Rajeev Puran (posted on October 31, 2003)
The text presented in this practical write up is established to review the various intents, events, acts and possibilities of computing technology based terrorism and warfare.
PDF How do we define Responsible Disclosure?
By: Stephen Shepherd (posted on October 31, 2003)
This paper explores some key events in vulnerability disclosure, the conceptual differences between full disclosure, nondisclosure, limited disclosure and responsible disclosure, then examines some existing disclosure policies and proposed standards.
PDF Vulnerabilities &; Vulnerability Scanning
By: Ken Houghton (posted on October 31, 2003)
This white paper will discuss the benefits and pitfalls of Vulnerability Scanning and will suggest an approach suitable for small and medium-sized businesses, as well as discussing the possibility of buying this as a service from a specialist agency.
PDF Big Brother is Watching: An Update on Web Bugs
By: Steve Nichols (posted on October 31, 2003)
This paper discusses various types of script and executable web bugs that can retrieve almost any information the programmer wishes to obtain from the user's computer.
PDF Aspects of Biological Evolution and Their Implications for Unix Computer Security
By: Michael Folsom (posted on October 31, 2003)
This paper presents aspects of biological evolution and their implications for Unix computer security.
PDF Introduction to IP Spoofing
By: Victor Velasco (posted on October 31, 2003)
This paper describes the use of IP spoofing as a method of attacking a network in order to gain unauthorized access.
PDF Kernel Rootkits
By: Dino Dai Zovi (posted on October 31, 2003)
This paper provides an in-depth discussion on kernel rootkits.
PDF Examining the RPC DCOM Vulnerability: Developing a Vulnerability-Exploit Cycle
By: Kevin OShea (posted on October 31, 2003)
This paper proposes to build on the vulnerability life-cycle work first proposed by Arbaugh, Fithen and McHughi to establish a detailed framework for vulnerability analysis.
PDF Vulnerability Assessments: The Pro-active Steps to Secure Your Organization
By: Robert Boyce (posted on October 31, 2003)
This paper provides an in-depth look at vulnerability assessments and discusses pro-active steps to secure your organization.
PDF An Overview of Gnutella
By: Brenda L. Batkins (posted on October 31, 2003)
This document addresses origins of Gnutella, what it is and how it works as well as some Gnutella-compatible software, along with possible security concerns.
PDF Cyber-stalking, Privacy Intrusion at It's Scariest
By: Pamela Valentine (posted on October 31, 2003)
This paper describes Cyber-stalking and what you can do, or not do, to prevent it.
PDF Unicode Vulnerability - How & Why?
By: Andrew Brannan (posted on October 31, 2003)
This paper discusses the power and flexibility of the Unicode vulnerability make it one of the most popular, and therefore dangerous, vulnerabilities currently used by attackers today.
PDF Defending Against Code Red II Using Symantec NetProwler and Intruder Alert, ddos
By: Kenneth Donze (posted on October 31, 2003)
In this paper I will address the use of Symantec's NetProwler, network based IDS (NIDS), and Intruder Alert, host based IDS (HIDS), to detect and react to the Code Red II worm.today.
PDF The Changing Face of Distributed Denial of Service Mitigation
By: Justin Stephen (posted on October 31, 2003)
This paper reviews traditional best practices and tools for DDoS mitigation, discusses the inherent weaknesses of these best practices, the developing legal issues and trends that may soon be forcing change on how DDoS attacks are combated, and looks at the new generation of tools becoming available for mitigating these attacks.
PDF Instant Messaging: How Secure Is It?
By: Susan Willner (posted on October 31, 2003)
This paper describes Instant Messaging, a popular method of communication, although there are some security issues that should be considered.
PDF FTP and the Warez Scene
By: Shelli Crocker (posted on October 31, 2003)
Although software theft via FTP is very common, the risk of FTP abuse can be reduced by scanning networks for anonymous FTP sites, monitoring FTP activity, and securing FTP server configuration.
PDF Peer-to-Peer Security and Intel's Peer-to-Peer Trusted Library
By: Chris McKean (posted on October 31, 2003)
Intel has released a code library that software developers can use to strengthen the security of, and add "trust" to new peer-to-peer applications, examined in this paper.
PDF Spoofed IP Address Distributed Denial of Service Attacks: Defense-in-Depth
By: Steven H. Bass (posted on October 31, 2003)
The purpose of this paper is to look at a defense-in-depth approach to spoofed IP address DDoS attacks, including known defenses, new techniques, and recent developments.
PDF Outsourcing and the Increased Dangers of 'Dial Up' Access
By: Paul Jenkinson (posted on October 31, 2003)
The objective this paper is to highlight how the current trend of outsourcing support services can dangerously augment the already well-known issues surrounding dial up access to a corporate network.
PDF Analysis of FTP Hijack
By: Phong Huynh (posted on October 31, 2003)
This paper demonstrates how historical lessons can improve our skills as InfoSec professionals and can be used as a platform for management to understand the technology solutions we are proposing.
PDF Free InfoSec Training, Compliments of History
By: Chris Bachmann (posted on October 31, 2003)
This paper Demonstrates how historical lessons can be used as a platform for management to understand the technology solutions we are proposing and how historical lessons can improve our skills as InfoSec professionals.
PDF Internal Threat - Risks and Countermeasures
By: Jarvis Robinson (posted on October 31, 2003)
This paper cover the risks associated with insider threat, and provides practical counter-measures, which should challenge the reader to focus on the people and processes that protect information rather than technology.
PDF Remote Access White Paper
By: Ken Stasiak (posted on October 31, 2003)
This paper looks at remote access security issues, pointing to how remote access solution can reduce administration time and increase security.
PDF ICMP Attacks Illustrated
By: Christopher Low (posted on October 31, 2003)
This paper shows how ICMP can and has been used in many phases of an attacker's advance in a system compromise.
PDF Cross-Sight Scripting Vulnerabilities
By: Mark Shiarla (posted on October 31, 2003)
This paper states that cross-site scripting is a potential risk for most Web servers.
PDF The Instant Messaging Menace: Security Problems in the Enterprise and Some Solutions
By: Dan Frase (posted on October 31, 2003)
In this paper, the security threats posed by the use of consumer grade instant messaging clients in the enterprise, including privacy and identity issues are discussed, along with malware and bug vulnerabilities.
PDF SSL Man-in-the-Middle Attacks
By: Peter Burkholder (posted on October 31, 2003)
This paper examines the mechanics of the SSL protocol attack, then focuses on the greater risk of SSL attacks when the client is not properly implemented or configured.
PDF Buffer Overflows for Dummies
By: Josef Nelißen (posted on October 31, 2003)
This paper tries to fill the gap between Buffer Overflows and errors within program source code, providing an in-depth discussion on stack smashing, frame pointer overwrite, return-into-libc, heap based overflow techniques and possible countermeasures.
PDF Cyber Scam Artists: A New Kind of .con
By: Robert Fried (posted on October 31, 2003)
This paper will closely examine the emergence of the fraudster into cyberspace and analyze the steps being taken to help deal with the issue of online fraud.
PDF Potential Vulnerabilities of Timbuktu Remote Control Software
By: David Batz (posted on October 31, 2003)
This paper is neither for nor against the use of Timbuktu software as a Windows Remote Access /Remote Control solution, however, there are a number of potentially serious vulnerabilities that may be encountered through the use of the product.
PDF 10 Vulnerabilities a Scanner Might Not Find
By: Jeffrey King (posted on May 12, 2003)
This paper particularly serves as a resource to those who are new to the information assurance field, and provides an insight to two common protocols used in Internet security.
PDF Electromagnetic Attack: Is Your Infrastructure and Data at Risk?
By: Michael B. Hayden (posted on August 10, 2001)
Attack of the infrastructure by way of radio frequency devices is technically possible and has been demonstrated on a small scale.
PDF Why Bother About BIOS Security?
By: Robert Allgeuer (posted on )
This paper gives: an overview of the BIOS and its functions; a detailed discussion of known threats to the BIOS and the hardware of a PC - as well as how they could be exploited; and, finally, countermeasures that can mitigate the risks
SANS Reading Room

SANS is the fastest way to go from an Information Security beginner to an Information Security guru.
-Dave Howard, Emerson

Forensics 526

Latest Whitepapers

Securing BYOD With Network Access Control, a Case Study
By Lawrence Orans

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Latest Tweets

SANS San Francisco 2013 offers 7 courses to boost your Cyber [...]
May 23, 2013 - 3:06 PM

Excellent blog post by @MarkBaggett on pen testing MS SQL vi [...]
May 22, 2013 - 7:39 PM

#appsec "WhatWorks in AppSec: Log Forging" http://t.co/Gsq91O7UAH
May 22, 2013 - 10:00 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU