Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
A security professional often performs security assessments for customers and will use many tools to collect data. Each tool stores data in a separate format; this requires the assessor to develop a proprietary automated process or use a manual process to correlate all the data.
The most important facet of protecting laptops is to understand the goals. Carefully building a Threat Model brings the goals into focus by selecting the assets to be protected and assigning an importance to each one in terms of the expected risk exposure of not protecting them. This concentrates limited resources on the critical areas. The information is transferred to the Master Protection Plan to select the most effective methods to achieve the goal. Next, the custom Protection Plan is implemented by installing products and configuring components. Lastly, the protected assets must be monitored and the plan adjusted to keep abreast of changing goals and new threats.
Winquisitor is a tool that facilitates the timely retrieval of information from multiple Windows systems enabling the administrator to respond in an appropriate amount of time. Unlike other command line tools, Winquisitor allows multiple types of queries in a single command
with several output formats.
There is substantial industry documentation on web browser security because the web browser is currently a frequently used vector of attack. This paper investigates current literature discussing the threats present in today's environment.
This document establishes a detailed scenario in which a given exploit is used to gain complete control of a targeted system. The attack will be demonstrated in phases which will include intelligence gathering, network information disclosures, and a vulnerability assessment.
This paper describes the process of implementing a secure remote file sharing system using WebDAV. It tells why a remote file sharing system is needed, how a secure solution is implemented and assesses the security of the solution.
By: Norman Christopher Knight (posted on April 8, 2004)
Group policy was first introduced with the release of Windows 2000 Server and Active Directory in the year 2000. With the introduction of Windows Server 2003, Microsoft has also released the Group Policy Management Console.
There are many ways to make users adhere to rules that are in their best interest. Local Policies and Domain policies are great for enforcing such rules. Forcing users to save data to a network drive is easily achievable through such policies. Enforcing these policies is another issue.
This paper is for those who have a Microsoft Windows computer attached to the Internet, and haven't installed the latest Microsoft security patches: the first section is where to get these patches and how to install them, and the second is why.
This paper examines how NetMeeting allows a system's firewall perimeter defense to be bypassed in three ways: via social engineering; holes or vulnerabilities created in the firewall configuration; and, bugs in the program itself can cause security issues.
This document describes issues to consider when setting up virus scanning software, using Microsoft tools to make patching operating systems easier, and a few specific tools that you can use to benchmark or monitor your operating system that might help you spot those abnormalities that should not be there.
This paper will focus on the shareware, freeware and low cost commercial security tools that one security administrator has found useful and has used to solve real time security issues for his company.
This paper is going to discuss the issue of null sessions in NT 4.0 and Windows 2000. It will investigate the uses and vulnerabilities of such sessions, and will show how to control and/or eliminate those vulnerabilities.
This paper reviews the literature on risks inherent in each of the active content technologies, and the very different ways in which they approach security, as well as the meanings and implications of all but one of IE's security zone settings. In addition, Microsoft's System Policy Editor tool for Windows NT is examined and a policy editor template for the IE security zones is suggested.
Following the large amount of often emotional debate surrounding the introduction of raw sockets into Microsoft Windows XP, and the relative lack of clarity on the issue, this paper is intended to provide a comprehensive review of all major aspects of the issue so as to permit the reader to formulate their own opinion on the issue. The author's personal conclusion is also included.
This paper will help one to completely automate the process of gathering, filtering and alerting when relevant events are found using inexpensive tools and resources already available. The goal is to prevent potential attacks or misusage by making it easy and cost effective to gather and review event logs.
This manuscript discusses procedures for regularly patching a Microsoft Windows environment, beginning with a discussion what vulnerabilities are, how they find their way into developers' code, and why they have become such an issue. The balance of the paper presents a number of options for patching the vulnerabilities, using either freely available tools or products that require purchasing licenses.
A large part of the technology industry is concerned with information security and trustworthy computing, and the purpose of this paper is to determine how the infrastructure and relationship between trust and security has evolved in technology.
The purpose of this paper is to cover the fundamental security considerations during the implementation of an Exchange 2000 Outlook Web Access (OWA) Front End (FE) server in a demilitarized zone (DMZ) using secure HTTP access.
I have attended many conferences/training sessions, and SANS by far has been the best. The instructors are the top in the industry, examples are from real life experiences - terrific! -Chris Bush, Novartis Pharmaceuticals