Register TODAY to Save $350 on Security West, Jan 24 - Feb 1 >> More Info
the most trusted source for computer security training, certification and research


SANS InfoSec Reading Room - Case Studies

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Click Here

Featuring 123 papers as of Dec 2, 2008
Google Desktop Search as an Analysis Tool
Chris Poldervaart
September 11, 2008
- download paper PDF
Effectiveness of Antivirus in Detecting Metasploit Payloads
Mark Baggett
March 28, 2008
- download paper PDF
Catching Phishers with Honey-Mail
Dennis Dragos
February 7, 2008
- download paper PDF
Case Study in Information Security: Securing The Enterprise
Roger Benton
May 17, 2005
- download paper PDF
Centralized Tracking and Risk Analysis of 3rd Party Firewall Connections
Neeta Maniar
May 17, 2005
- download paper PDF
Simple Traffic Analysis With Ethereal
Neil Orlando
May 17, 2005
- download paper PDF
GCFW Practical Assignment Critique
Bart Hubbs
May 5, 2005
- download paper PDF
GCFW Practical Assignment Critique
Bart Hubbs
March 9, 2005
- download paper PDF
Adding and securing a Public Wireless Access Point within a home network
Steven Christall
February 19, 2005
- download paper PDF
Case Study: The Get Connected CD
David Greenberg
February 19, 2005
- download paper PDF
Case Study: A Path towards a Secure, Multi-role Wireless LAN in a Higher Education Environment
Sean Malone
January 28, 2005
- download paper PDF
Seldom cry wolf: Tuning out false positives on Network Intrusion Detection Systems
Paul Leitao
January 28, 2005
- download paper PDF
Implementation of a Comprehensive Enterprise Virus Defense Infrastructure in a Global Company
Robert Doeden
January 26, 2005
- download paper PDF
Away from home. Securing Internet Cafes whie maximizing customer freedom
Alex Tilley
January 18, 2005
- download paper PDF
Improving Firewall Security post Acquisition
Leona Conolly
January 18, 2005
- download paper PDF
Endpoint Security Justification and Establishment
Samuel Ho
January 18, 2005
- download paper PDF
Case Study: Providing malware outbreak protection for controlled and uncontrolled zones within a university
Christopher Jackson
September 16, 2004
- download paper PDF
Setting Up a Honeypot Using a Bait and Switch Router
Lorie Carter
September 16, 2004
- download paper PDF
Case Study In Secure File Transfer: Implementing Secure FTP with SSL In a Healthcare Organization
Steve Tobias
August 28, 2004
- download paper PDF
Enhancing ABC Inc Security Strategy with IDS and Centralized Syslog
George Plytas
August 25, 2004
- download paper PDF
Sit, Fetch, Drop: Training the Clearswift anti-spam filter
Emma Sutcliffe
August 15, 2004
- download paper PDF
A Model for Handling Security Issues within a Network Operations Center
Tonya Heath
August 15, 2004
- download paper PDF
Implementing Secure HTTP-to-HTTPS Redirection
Robert Hercey
July 25, 2004
- download paper PDF
Fighting Spam Proxies in a University Environment
Kevin Shivers
July 25, 2004
- download paper PDF
Removing Server Based Trust Relationships
Keith Gaughan
July 25, 2004
- download paper PDF
Securing an Existing IIS 5.0 DMZ Infrastructure
Julius Fitzgerald
July 25, 2004
- download paper PDF
Acceptable Security on Public Access Computer Workstations in Public University Libraries
Cheryl Lytle
July 25, 2004
- download paper PDF
CIRT, Through Conception Labor and Delivery
Peter Ridgley
June 9, 2004
- download paper PDF
Design and Deployment of a Rapid Response Security Vulnerability Scanning Infrastructure
Eliot Lim
June 9, 2004
- download paper PDF
System Certifications: An Administrative Makeover
John Modransky
May 2, 2004
- download paper PDF
Corporate Governance and Information Security
Steve Loyd
May 2, 2004
- download paper PDF
Assessing the Impact of Unsolicited Commercial E-mail in a Large Corporation
Joseph McComb
April 8, 2004
- download paper PDF
A Secure By Numbers Approach To An All
Darrell Rodgers
April 8, 2004
- download paper PDF
Implementing Defense In-Depth at the Department Level
Sean Fahey
April 8, 2004
- download paper PDF
A Policy to Prevent Outsider Attacks on the Local Network
Clarissa Brown
April 8, 2004
- download paper PDF
Introducing Information Security to a Cyber Cafe
Barry Basselgia
April 8, 2004
- download paper PDF
Securing Sensitive Data in a Research Environment
Tim VanAcker
March 9, 2004
- download paper PDF
The Impact of the Sarbanes Oxley Act on IT Security
Scott Byrum
March 9, 2004
- download paper PDF
Internet Service Providers:The Little Mans Firewall
Luke Dudney
March 9, 2004
- download paper PDF
Implementing Vulnerability Assessment with eEyes EVA Suite
Kevin Austin
March 4, 2004
- download paper PDF
Personal Media Devices: The Cool Threat Vector
Keith Daly
March 2, 2004
- download paper PDF
Information Security
Eric Rupprecht
February 26, 2004
- download paper PDF
Study: Improving Security in Corporate (SMTP) E-Mail Delivery
Brian Sommers
February 26, 2004
- download paper PDF
Circumventing Access Control Lists by Transparent Proxy - A Case Study
Robert Gannon
January 11, 2004
- download paper PDF
The Unintentional Criminal: DDoS from the inside!
Miguel Dilaj
January 11, 2004
- download paper PDF
Government Financial Architecture: A Focus on Centralized Security and Continuity of Operations
Matthew Mickelson
January 11, 2004
- download paper PDF
An intrusion, in an outsourcing data center, that works in spite of security
Rick Kryger
December 21, 2003
- download paper PDF
Introducing Defense-in-Depth to a Small ISP
Rodney Anderson
December 21, 2003
- download paper PDF
Using LDAP to solve one companys problem of uncontrolled user data and passwords
Andres Andreu
December 21, 2003
- download paper PDF
Case Study: Implementing a Secure Wireless Network using WPA
Randy Hensel
December 13, 2003
- download paper PDF
Implementing Identity Management with BMC Control-SA
Adrian Grigore
December 13, 2003
- download paper PDF
Reducing the Risk associated with Authentication and Authorization through the deployment of SUDO and Powerbroker: A Case Study in Information Securit
Steve Mancini
December 13, 2003
- download paper PDF
Architecting, Designing and Building a Secure Information Technology Infrastructure, a case study
John Johnston
December 13, 2003
- download paper PDF
Defense in Depth For Private Wireless Communications Networks: A Case Study
Walt Andserson
November 6, 2003
- download paper PDF
Retain control of Security (even in the wake of an IT Outsource)
Leslie Martinez
November 5, 2003
- download paper PDF
Case Study: A Risk Audit of a Very Small Business
Douglas Browne
November 5, 2003
- download paper PDF
Programmatic Management of Active Directory Groups
Don Quigley
November 5, 2003
- download paper PDF
University Security
Douglas P. Brown
October 31, 2003
- download paper PDF
How to Identify and "Contain" Some of the Information Security Problems Created by Unique
John Cupps
October 31, 2003
- download paper PDF
Security Considerations in the Merger/Acquisition Process
Anita Hartman
October 31, 2003
- download paper PDF
Information and Network Resource Administration and Security in an Education Network Environment
Ryan W. Davis
October 31, 2003
- download paper PDF
Secure Password Storage
Shelby Reeves
October 31, 2003
- download paper PDF
Connecting a Classified Network to the Internet. A case study.
Henrik Kram
October 31, 2003
- download paper PDF
Case Study: Security Assessment at a Small Technology Corporation
Ryan L. Reiber
October 31, 2003
- download paper PDF
Establishing and Verifying the Stunnel SSL Encryption of Pine IMAP Email Sessions
Christopher Ursich
October 31, 2003
- download paper PDF
Unique Security Challenges in Higher Education - Securely Integrating Student-owned Computers into Y
Kerry Vosswinkel
October 31, 2003
- download paper PDF
Securing Information within SAP v4.6b
Lori A. Kirk
October 31, 2003
- download paper PDF
Network Security Concepts and Essentials: A University Overview
Matthew Wu Leng
October 31, 2003
- download paper PDF
Twists in Security for Law Enforcement
Conrad Larkin
October 31, 2003
- download paper PDF
eVoting - A Perspective on Security
Damon J. Small
October 31, 2003
- download paper PDF
Tackling Malicious Code in a University Environment: A Case Study
Sandy Goldston
October 31, 2003
- download paper PDF
Application of the Survivable Network Analysis Method to Secure My Office System
Dale Wutz
October 31, 2003
- download paper PDF
Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities
William Geimer
October 31, 2003
- download paper PDF
Can Microsoft .NET Deliver "Trustworthy Computing"?
Nikhil Viswanathan
October 31, 2003
- download paper PDF
Steps to Secure a Law Enforcement Network
David Brown
October 31, 2003
- download paper PDF
Protecting Your Internal Systems from a Compromised Host
Michael Nancarrow
October 31, 2003
- download paper PDF
Designing Secure IT Environments for Pharmaceutical Clinical Trial Data Systems
Paul Drapeau
October 31, 2003
- download paper PDF
Is IEEE 802.1X Ready for General Deployment?
Scott Baily
October 31, 2003
- download paper PDF
Defense In Depth: A Small University Takes Up the Challenge
David W. Robinson
October 31, 2003
- download paper PDF
Securing a Small Community College - A Case Study
Bobby Hoyle
October 31, 2003
- download paper PDF
Implementation of a Secure Web Environment for a Government Agency
Chad M. Steel
October 31, 2003
- download paper PDF
Practical Implementation of Syslog in Mixed Windows Environments for Secure Centralized Audit Loggin
Frederick Garbrecht
October 31, 2003
- download paper PDF
Full Lifecycle Security Assessment - A Case Study
Gregory J. Golightly
October 31, 2003
- download paper PDF
Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts A Case Study
Kenneth Underwood
October 31, 2003
- download paper PDF
RBAC In The Real World
Christine Occhipinti
October 31, 2003
- download paper PDF
Lessons Learned in Securing Blackboard
Peter Benedict
October 31, 2003
- download paper PDF
Securing an IIS 4.0 Web Server, Machine and All
Marshall S. Heilman
October 31, 2003
- download paper PDF
A Secure Implementation of HP OpenView Web Transaction Observer
Matthew Patterson
October 31, 2003
- download paper PDF
Forced Evolution of Security on Redhat Linux Server due to System Compromise
Alec Wood
October 31, 2003
- download paper PDF
Help We Just Fired Our Only IT Person!
Doug Cox
October 31, 2003
- download paper PDF
Label Controlled File Transfer Server - Case Study
Don Weber
October 31, 2003
- download paper PDF
Securing a University Environment; An Evolutionary Case Study
James Mayne
October 31, 2003
- download paper PDF
Remote Access using Telstra Dial IP
Jamie Rossato
October 31, 2003
- download paper PDF
VPN Project: Remote Access to a Novell Network
John Porter
October 31, 2003
- download paper PDF
Case Study - Windows 2000 ISA Proxy Server Authentication Inside a DMZ
Michael Kerr
October 31, 2003
- download paper PDF
Small-site Information Security on a (very loose) shoestring - a case study
Michael Millow
October 31, 2003
- download paper PDF
IMPLEMENTING sudo TO REPLACE su
Robert D' Agnolo
October 31, 2003
- download paper PDF
Benefits Of Implementing Secure Computing'S Sidewinder Firewall Appliance At A U.S. Army Mil
Andrew Rafla
October 31, 2003
- download paper PDF
Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network
Clay Risenhoover
October 31, 2003
- download paper PDF
CASE STUDY ON IMPROVING THE SECURITY OF A FIRM IN A LEGACY APPLICATION SETTING
Susan Bradley
October 31, 2003
- download paper PDF
Wireless and Moneyless
Ryan Blake
October 31, 2003
- download paper PDF
Integrating Real-Time Services on the Web
Pete Kobak
October 31, 2003
- download paper PDF
Securing the Perimeter: A Case Study
George Kelschenbach
October 31, 2003
- download paper PDF
The Value of Risk Assessment - A Case Study
Elton Pierce
October 31, 2003
- download paper PDF
The Logbook of The World
Ted Demopoulos
October 31, 2003
- download paper PDF
SSL Web Proxy - A Secure and Inexpensive Remote Access Implementation
David Culp
October 31, 2003
- download paper PDF
Case Study for Understanding the 30,000 Foot View Before Diving In
Bill Baker
October 31, 2003
- download paper PDF
Recovering From a Failed Security Audit - A Case Study
Wayne Fielder
October 31, 2003
- download paper PDF
I-VPN - Porting a corporate network to Internet
Thorstein Oeverby
October 31, 2003
- download paper PDF
Implementing Vulnerability Scanning in a Large Organisation
Richard Grime
October 31, 2003
- download paper PDF
Case Study: Transforming a Traditional Windows Client/Server Application
David Strubbe
October 31, 2003
- download paper PDF
Wireless Security Protection In a Logistic Environment Case Study
Ferran Gallego
October 31, 2003
- download paper PDF
Adventures in implementing a strong password policy
Marsha Williams
October 31, 2003
- download paper PDF
Wireless Security Protection In a Logistic Environment Case Study
Ferran Gallego
October 31, 2003
- download paper PDF
Detailed Forensic Procedure for Laptop computers
Matt Pierce
October 31, 2003
- download paper PDF
Achieving Executive Buy-in: The Case For Security
Chad Boeckmann
October 31, 2003
- download paper PDF
Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection
Kevin Knox
October 31, 2003
- download paper PDF
Deploying a website built using Oracle9iAS Portal
Stephen Coates
October 31, 2003
- download paper PDF
Discovery, Eradication and Analysis of an attack on an open system: Welcome to the Jungle
Steve Terrell
October 31, 2003
- download paper PDF
Securing the Gold through Better Network Design: A Case Study
Todd Sheppard
October 31, 2003
- download paper PDF
Case Study: Implementing a Centralized Logging Facility
Richard DuClos
October 31, 2003
- download paper PDF
Comprehensive Anomaly Detection (CAD)
Niles Mills
October 31, 2003
- download paper PDF
Case Study in Automating Branches of a Bank
Tim Rhome
October 31, 2003
- download paper PDF

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT