Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 123 papers as of Dec 2, 2008

Google Desktop Search as an Analysis Tool

Chris Poldervaart

September 11, 2008

- download paper

Effectiveness of Antivirus in Detecting Metasploit Payloads

Mark Baggett

March 28, 2008

- download paper

Catching Phishers with Honey-Mail

Dennis Dragos

February 7, 2008

- download paper

Case Study in Information Security: Securing The Enterprise

Roger Benton

May 17, 2005

- download paper

Centralized Tracking and Risk Analysis of 3rd Party Firewall Connections

Neeta Maniar

May 17, 2005

- download paper

Simple Traffic Analysis With Ethereal

Neil Orlando

May 17, 2005

- download paper

GCFW Practical Assignment Critique

Bart Hubbs

May 5, 2005

- download paper

GCFW Practical Assignment Critique

Bart Hubbs

March 9, 2005

- download paper

Adding and securing a Public Wireless Access Point within a home network

Steven Christall

February 19, 2005

- download paper

Case Study: The Get Connected CD

David Greenberg

February 19, 2005

- download paper

Case Study: A Path towards a Secure, Multi-role Wireless LAN in a Higher Education Environment

Sean Malone

January 28, 2005

- download paper

Seldom cry wolf: Tuning out false positives on Network Intrusion Detection Systems

Paul Leitao

January 28, 2005

- download paper

Implementation of a Comprehensive Enterprise Virus Defense Infrastructure in a Global Company

Robert Doeden

January 26, 2005

- download paper

Away from home. Securing Internet Cafes whie maximizing customer freedom

Alex Tilley

January 18, 2005

- download paper

Improving Firewall Security post Acquisition

Leona Conolly

January 18, 2005

- download paper

Endpoint Security Justification and Establishment

Samuel Ho

January 18, 2005

- download paper

Case Study: Providing malware outbreak protection for controlled and uncontrolled zones within a university

Christopher Jackson

September 16, 2004

- download paper

Setting Up a Honeypot Using a Bait and Switch Router

Lorie Carter

September 16, 2004

- download paper

Case Study In Secure File Transfer: Implementing Secure FTP with SSL In a Healthcare Organization

Steve Tobias

August 28, 2004

- download paper

Enhancing ABC Inc Security Strategy with IDS and Centralized Syslog

George Plytas

August 25, 2004

- download paper

Sit, Fetch, Drop: Training the Clearswift anti-spam filter

Emma Sutcliffe

August 15, 2004

- download paper

A Model for Handling Security Issues within a Network Operations Center

Tonya Heath

August 15, 2004

- download paper

Implementing Secure HTTP-to-HTTPS Redirection

Robert Hercey

July 25, 2004

- download paper

Fighting Spam Proxies in a University Environment

Kevin Shivers

July 25, 2004

- download paper

Removing Server Based Trust Relationships

Keith Gaughan

July 25, 2004

- download paper

Securing an Existing IIS 5.0 DMZ Infrastructure

Julius Fitzgerald

July 25, 2004

- download paper

Acceptable Security on Public Access Computer Workstations in Public University Libraries

Cheryl Lytle

July 25, 2004

- download paper

CIRT, Through Conception Labor and Delivery

Peter Ridgley

June 9, 2004

- download paper

Design and Deployment of a Rapid Response Security Vulnerability Scanning Infrastructure

Eliot Lim

June 9, 2004

- download paper

System Certifications: An Administrative Makeover

John Modransky

May 2, 2004

- download paper

Corporate Governance and Information Security

Steve Loyd

May 2, 2004

- download paper

Assessing the Impact of Unsolicited Commercial E-mail in a Large Corporation

Joseph McComb

April 8, 2004

- download paper

A Secure By Numbers Approach To An All

Darrell Rodgers

April 8, 2004

- download paper

Implementing Defense In-Depth at the Department Level

Sean Fahey

April 8, 2004

- download paper

A Policy to Prevent Outsider Attacks on the Local Network

Clarissa Brown

April 8, 2004

- download paper

Introducing Information Security to a Cyber Cafe

Barry Basselgia

April 8, 2004

- download paper

Securing Sensitive Data in a Research Environment

Tim VanAcker

March 9, 2004

- download paper

The Impact of the Sarbanes Oxley Act on IT Security

Scott Byrum

March 9, 2004

- download paper

Internet Service Providers:The Little Mans Firewall

Luke Dudney

March 9, 2004

- download paper

Implementing Vulnerability Assessment with eEyes EVA Suite

Kevin Austin

March 4, 2004

- download paper

Personal Media Devices: The Cool Threat Vector

Keith Daly

March 2, 2004

- download paper

Information Security

Eric Rupprecht

February 26, 2004

- download paper

Study: Improving Security in Corporate (SMTP) E-Mail Delivery

Brian Sommers

February 26, 2004

- download paper

Circumventing Access Control Lists by Transparent Proxy - A Case Study

Robert Gannon

January 11, 2004

- download paper

The Unintentional Criminal: DDoS from the inside!

Miguel Dilaj

January 11, 2004

- download paper

Government Financial Architecture: A Focus on Centralized Security and Continuity of Operations

Matthew Mickelson

January 11, 2004

- download paper

An intrusion, in an outsourcing data center, that works in spite of security

Rick Kryger

December 21, 2003

- download paper

Introducing Defense-in-Depth to a Small ISP

Rodney Anderson

December 21, 2003

- download paper

Using LDAP to solve one companys problem of uncontrolled user data and passwords

Andres Andreu

December 21, 2003

- download paper

Case Study: Implementing a Secure Wireless Network using WPA

Randy Hensel

December 13, 2003

- download paper

Implementing Identity Management with BMC Control-SA

Adrian Grigore

December 13, 2003

- download paper

Reducing the Risk associated with Authentication and Authorization through the deployment of SUDO and Powerbroker: A Case Study in Information Securit

Steve Mancini

December 13, 2003

- download paper

Architecting, Designing and Building a Secure Information Technology Infrastructure, a case study

John Johnston

December 13, 2003

- download paper

Defense in Depth For Private Wireless Communications Networks: A Case Study

Walt Andserson

November 6, 2003

- download paper

Retain control of Security (even in the wake of an IT Outsource)

Leslie Martinez

November 5, 2003

- download paper

Case Study: A Risk Audit of a Very Small Business

Douglas Browne

November 5, 2003

- download paper

Programmatic Management of Active Directory Groups

Don Quigley

November 5, 2003

- download paper

University Security

Douglas P. Brown

October 31, 2003

- download paper

How to Identify and "Contain" Some of the Information Security Problems Created by Unique

John Cupps

October 31, 2003

- download paper

Security Considerations in the Merger/Acquisition Process

Anita Hartman

October 31, 2003

- download paper

Information and Network Resource Administration and Security in an Education Network Environment

Ryan W. Davis

October 31, 2003

- download paper

Secure Password Storage

Shelby Reeves

October 31, 2003

- download paper

Connecting a Classified Network to the Internet. A case study.

Henrik Kram

October 31, 2003

- download paper

Case Study: Security Assessment at a Small Technology Corporation

Ryan L. Reiber

October 31, 2003

- download paper

Establishing and Verifying the Stunnel SSL Encryption of Pine IMAP Email Sessions

Christopher Ursich

October 31, 2003

- download paper

Unique Security Challenges in Higher Education - Securely Integrating Student-owned Computers into Y

Kerry Vosswinkel

October 31, 2003

- download paper

Securing Information within SAP v4.6b

Lori A. Kirk

October 31, 2003

- download paper

Network Security Concepts and Essentials: A University Overview

Matthew Wu Leng

October 31, 2003

- download paper

Twists in Security for Law Enforcement

Conrad Larkin

October 31, 2003

- download paper

eVoting - A Perspective on Security

Damon J. Small

October 31, 2003

- download paper

Tackling Malicious Code in a University Environment: A Case Study

Sandy Goldston

October 31, 2003

- download paper

Application of the Survivable Network Analysis Method to Secure My Office System

Dale Wutz

October 31, 2003

- download paper

Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities

William Geimer

October 31, 2003

- download paper

Can Microsoft .NET Deliver "Trustworthy Computing"?

Nikhil Viswanathan

October 31, 2003

- download paper

Steps to Secure a Law Enforcement Network

David Brown

October 31, 2003

- download paper

Protecting Your Internal Systems from a Compromised Host

Michael Nancarrow

October 31, 2003

- download paper

Designing Secure IT Environments for Pharmaceutical Clinical Trial Data Systems

Paul Drapeau

October 31, 2003

- download paper

Is IEEE 802.1X Ready for General Deployment?

Scott Baily

October 31, 2003

- download paper

Defense In Depth: A Small University Takes Up the Challenge

David W. Robinson

October 31, 2003

- download paper

Securing a Small Community College - A Case Study

Bobby Hoyle

October 31, 2003

- download paper

Implementation of a Secure Web Environment for a Government Agency

Chad M. Steel

October 31, 2003

- download paper

Practical Implementation of Syslog in Mixed Windows Environments for Secure Centralized Audit Loggin

Frederick Garbrecht

October 31, 2003

- download paper

Full Lifecycle Security Assessment - A Case Study

Gregory J. Golightly

October 31, 2003

- download paper

Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts A Case Study

Kenneth Underwood

October 31, 2003

- download paper

RBAC In The Real World

Christine Occhipinti

October 31, 2003

- download paper

Lessons Learned in Securing Blackboard

Peter Benedict

October 31, 2003

- download paper

Securing an IIS 4.0 Web Server, Machine and All

Marshall S. Heilman

October 31, 2003

- download paper

A Secure Implementation of HP OpenView Web Transaction Observer

Matthew Patterson

October 31, 2003

- download paper

Forced Evolution of Security on Redhat Linux Server due to System Compromise

Alec Wood

October 31, 2003

- download paper

Help We Just Fired Our Only IT Person!

Doug Cox

October 31, 2003

- download paper

Label Controlled File Transfer Server - Case Study

Don Weber

October 31, 2003

- download paper

Securing a University Environment; An Evolutionary Case Study

James Mayne

October 31, 2003

- download paper

Remote Access using Telstra Dial IP

Jamie Rossato

October 31, 2003

- download paper

VPN Project: Remote Access to a Novell Network

John Porter

October 31, 2003

- download paper

Case Study - Windows 2000 ISA Proxy Server Authentication Inside a DMZ

Michael Kerr

October 31, 2003

- download paper

Small-site Information Security on a (very loose) shoestring - a case study

Michael Millow

October 31, 2003

- download paper

IMPLEMENTING sudo TO REPLACE su

Robert D' Agnolo

October 31, 2003

- download paper

Benefits Of Implementing Secure Computing'S Sidewinder Firewall Appliance At A U.S. Army Mil

Andrew Rafla

October 31, 2003

- download paper

Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network

Clay Risenhoover

October 31, 2003

- download paper

CASE STUDY ON IMPROVING THE SECURITY OF A FIRM IN A LEGACY APPLICATION SETTING

Susan Bradley

October 31, 2003

- download paper

Wireless and Moneyless

Ryan Blake

October 31, 2003

- download paper

Integrating Real-Time Services on the Web

Pete Kobak

October 31, 2003

- download paper

Securing the Perimeter: A Case Study

George Kelschenbach

October 31, 2003

- download paper

The Value of Risk Assessment - A Case Study

Elton Pierce

October 31, 2003

- download paper

The Logbook of The World

Ted Demopoulos

October 31, 2003

- download paper

SSL Web Proxy - A Secure and Inexpensive Remote Access Implementation

David Culp

October 31, 2003

- download paper

Case Study for Understanding the 30,000 Foot View Before Diving In

Bill Baker

October 31, 2003

- download paper

Recovering From a Failed Security Audit - A Case Study

Wayne Fielder

October 31, 2003

- download paper

I-VPN - Porting a corporate network to Internet

Thorstein Oeverby

October 31, 2003

- download paper

Implementing Vulnerability Scanning in a Large Organisation

Richard Grime

October 31, 2003

- download paper

Case Study: Transforming a Traditional Windows Client/Server Application

David Strubbe

October 31, 2003

- download paper

Wireless Security Protection In a Logistic Environment Case Study

Ferran Gallego

October 31, 2003

- download paper

Adventures in implementing a strong password policy

Marsha Williams

October 31, 2003

- download paper

Wireless Security Protection In a Logistic Environment Case Study

Ferran Gallego

October 31, 2003

- download paper

Detailed Forensic Procedure for Laptop computers

Matt Pierce

October 31, 2003

- download paper

Achieving Executive Buy-in: The Case For Security

Chad Boeckmann

October 31, 2003

- download paper

Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection

Kevin Knox

October 31, 2003

- download paper

Deploying a website built using Oracle9iAS Portal

Stephen Coates

October 31, 2003

- download paper

Discovery, Eradication and Analysis of an attack on an open system: Welcome to the Jungle

Steve Terrell

October 31, 2003

- download paper

Securing the Gold through Better Network Design: A Case Study

Todd Sheppard

October 31, 2003

- download paper

Case Study: Implementing a Centralized Logging Facility

Richard DuClos

October 31, 2003

- download paper

Comprehensive Anomaly Detection (CAD)

Niles Mills

October 31, 2003

- download paper

Case Study in Automating Branches of a Bank

Tim Rhome

October 31, 2003

- download paper