SANS InfoSec Reading Room - Case Studies

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 126 papers as of Nov 8, 2009

Mitigating Insider Sabotage

By: Joseph Garcia (posted on September 28, 2009)

How failing to create an effective termination policy and deploy correct user access controls to deter insider threats can be costly.

Capture the flag for education and mentoring

By: Jerome Radcliffe (posted on January 30, 2009)

A case study on the use of competitive games in computer security training.

Google Desktop Search as an Analysis Tool

By: Chris Poldervaart (posted on September 11, 2008)

Effectiveness of Antivirus in Detecting Metasploit Payloads

By: Mark Baggett (posted on March 28, 2008)

Your neighbor stops you at your curb. He knows you‟re a computer security guru and wants to know the secret to protecting his computer from hackers. You need to get back to mowing the lawn and don‟t really have time to explain log monitoring, patch management, vulnerability assessments, penetration testing, least required access, the CIA triad, and the finer points of risk management. Besides, you know you’re the only guy on the block with syslog servers, hardware firewalls, IDS and HIPS watching the one computer in your house that you only use for online banking. So what do you tell him? “Keep your patches and antivirus software up to date and don‟t run untrusted programs”. You know it’s not enough, but any more advice would commit you to hours of free consulting or get you uninvited to the neighborhood Christmas party. “Don‟t run untrusted programs”…good advice! The problem is most people trust everyone when it comes to free software.

Catching Phishers with Honey-Mail

By: Dennis Dragos (posted on February 7, 2008)

On the technical side, the tools and tactics employed to track and document the incident will be examined. In the broader scope, the high level of cooperation needed between law enforcement, corporate IT departments, and the various ISPs, email providers, and web hosting companies will be explained. Additionally, it will be shown that by taking a proactive approach, one can get a better insight to the incident, and actions of the phisher than by traditional reactionary investigation techniques.

Case Study in Information Security: Securing The Enterprise

By: Roger Benton (posted on May 17, 2005)

This practical is a case study of an Insurance Company's migration to an enterprise-wide security system. It is the intent of this practical to provide a path to follow when creating or migrating to a security system. Initially, a primitive online security system was the only mechanism to control access to corporate data.

Centralized Tracking and Risk Analysis of 3rd Party Firewall Connections

By: Neeta Maniar (posted on May 17, 2005)

The goal of this case study was to simplify the firewall ruleset validation process by creating a central database of rulesets that enables reporting on existing vendor connections. The overall impact included compliance with auditing requirements, a more robust risk assessment of firewall rulesets, and centralized visibility bringing about management response.

Simple Traffic Analysis With Ethereal

By: Neil Orlando (posted on May 17, 2005)

This paper describes how to use the Ethereal Display Filter to examine a capture log file. The data analyzed was recorded by port and the amount of packet traffic received.

GCFW Practical Assignment Critique

By: Bart Hubbs (posted on May 5, 2005)

Many companies are adopting a preference toward buying vendor software versus building software in-house to meet business needs. Some of the drivers for this preference are integration, scalability, outsourcing, support, speed-to market, process savings, and reducing the cost of information technology (IT).

GCFW Practical Assignment Critique

By: Bart Hubbs (posted on March 9, 2005)

The purpose of this practical is to critique a GIAC Certified Firewall Analyst (GCFW) practical to enable implementation in a public healthcare company.

Adding and securing a Public Wireless Access Point within a home network

By: Steven Christall (posted on February 19, 2005)

This project details the migration of a simple home wireless network to include a public wireless access point. This is done using open source products and utilising older, retired hardware.

Case Study: The Get Connected CD

By: David Greenberg (posted on February 19, 2005)

To protect the Indiana University network and student computers in the residence halls, we prevent new computers from connecting to the network before running our "Get Connected" CD-ROM.

Case Study: A Path towards a Secure, Multi-role Wireless LAN in a Higher Education Environment

By: Sean Malone (posted on January 28, 2005)

Network security is an issue for all businesses. The challenges faced by small-to-medium size businesses (SMBs) are unique and significant.

Seldom cry wolf: Tuning out false positives on Network Intrusion Detection Systems

By: Paul Leitao (posted on January 28, 2005)

The following document describes the tuning methodology design and implementation steps. It provides a step-by-step process of deployment within a medium size organization (all IP ranges have been changed to protect the innocent of course). The paper will focus on providing a methodology that may be used as a starting point to identify and minimize false positives.

Implementation of a Comprehensive Enterprise Virus Defense Infrastructure in a Global Company

By: Robert Doeden (posted on January 26, 2005)

This paper will follow a global corporation's move from traditional, client based and controlled virus defense to a centrally controlled and monitored system.

Away from home. Securing Internet Cafes whie maximizing customer freedom

By: Alex Tilley (posted on January 18, 2005)

This essay is a real world example of steps taken by the author when hired to redesign and manage the IT aspects of 2 medium sized (100 user PCs in total) Internet cafes in Europe in 2001.

Improving Firewall Security post Acquisition

By: Leona Conolly (posted on January 18, 2005)

This paper aims to discuss the challenges in putting together a secure Check Point Firewall-1 solution to protect our existing information and assets and that of our new acquisition. It is assumed that the reader will have a generic knowledge of firewalls, related terms and their use. In the paper the word 'policy' refers to the security document and the word 'rulebase' refers to the Check Point rules.

Endpoint Security Justification and Establishment

By: Samuel Ho (posted on January 18, 2005)

As the information security officer at a prominent utilities organization, I witnessed first hand the pitfalls of providing network security only at the network perimeter, the false sense of security, and the potential monetary, regulatory and credibility consequences this traditional solution provides.

Case Study: Providing malware outbreak protection for controlled and uncontrolled zones within a university

By: Christopher Jackson (posted on September 16, 2004)

Many environments find it difficult at best to ensure the security posture of the devices under their direct control. Universities and like organizations have to tackle this problem without the ability to administratively control many of the computers attached to the network.

Setting Up a Honeypot Using a Bait and Switch Router

By: Lorie Carter (posted on September 16, 2004)

While conducting research for this practical I found that there were many different arenas that warrant a closer look. I chose honeypots for this practical because they allow an administrator to track and learn from black-hats first hand without the attacker ever being aware that somebody is watching.

Case Study In Secure File Transfer: Implementing Secure FTP with SSL In a Healthcare Organization

By: Steve Tobias (posted on August 28, 2004)

Secure electronic file transfer between organizations has become essential for business transactions and communication. Healthcare organizations are no exception to this requirement.

Enhancing ABC Inc Security Strategy with IDS and Centralized Syslog

By: George Plytas (posted on August 25, 2004)

I am a Security Analyst/Administrator for a medium sized company, ABC Inc I, along with a team of System Administrators, am tasked with the responsibility of protecting our customer's confidential information, maintaining the integrity of our applications and keeping our systems available.

Sit, Fetch, Drop: Training the Clearswift anti-spam filter

By: Emma Sutcliffe (posted on August 15, 2004)

I wasn't quite drowning but was certainly tiring from treading water. Managing spam had become a daily task and I wanted a dynamic filter that could be customised to suit my environment.

A Model for Handling Security Issues within a Network Operations Center

By: Tonya Heath (posted on August 15, 2004)

The Network Operations Center uses numerous tools ranging from Intrusion Detection (Snort) and Intrusion Protection (Tipping Point) to simple SNMP monitors (Netsight Element Manager). I will discuss how they use these tools to maintain a secure IT environment and assist Network Administrators as well as protect the campus community.

Implementing Secure HTTP-to-HTTPS Redirection

By: Robert Hercey (posted on July 25, 2004)

I have found myself in the fortunate position of working for a company full of bright, hard working people. While standout individual performances are encouraged and recognized, what makes our company successful is the ability for everyone to come together as a team when a crisis happens.

Fighting Spam Proxies in a University Environment

By: Kevin Shivers (posted on July 25, 2004)

Spam is a huge annoyance for everyone. Fighting spam is difficult enough, but when spammers team up with hackers to produce ultra-sneaky Trojan horses that turn end-user computers into one stop proxies that allow spammers and hackers to hide their digital tracks, they've gone too far.

Removing Server Based Trust Relationships

By: Keith Gaughan (posted on July 25, 2004)

The goal of this project was to develop, implement and deploy solutions as well as supporting processes and standards to remediate and mitigate the risks that are inherent to utilizing UNIX server based trust relationships in a enterprise networked environment within 30 days.

Securing an Existing IIS 5.0 DMZ Infrastructure

By: Julius Fitzgerald (posted on July 25, 2004)

The task of designing a secure infrastructure for IIS 5.0 web servers within a DMZ is difficult enough. Securing an existing DMZ becomes exponentially more difficult due to the added requirement of retrofitting those currently working servers with more appropriate security settings, policies and operational procedures while not adversely affecting website or application availability and keep costs to a minimum throughout the process.

Acceptable Security on Public Access Computer Workstations in Public University Libraries

By: Cheryl Lytle (posted on July 25, 2004)

Providing highly secure workstations in public university libraries requires defining what is acceptable for the working environment and determining what types of security can be implemented to compensate for lesser security at lower layers at the workstation level.

CIRT, Through Conception Labor and Delivery

By: Peter Ridgley (posted on June 9, 2004)

The purpose of this case study is to show the efforts, successes and failures that a company, new to adopting a security posture, recently experienced.

Design and Deployment of a Rapid Response Security Vulnerability Scanning Infrastructure

By: Eliot Lim (posted on June 9, 2004)

A large research university presents a formidable challenge to computer security professionals. Among the hazards are a completely porous, non firewalled border and decentralized administration of computers.

System Certifications: An Administrative Makeover

By: John Modransky (posted on May 2, 2004)

Described in this paper are the administrative controls that were implemented to certify and accredit UNIX (herein referred to as UN*X) and Microsoft Windows (herein referred to as Windows) based computer systems for a financial institution (herein referred to as The Firm).

Corporate Governance and Information Security

By: Steve Loyd (posted on May 2, 2004)

Corporate governance has a long history of ups and downs within US corporations. With the recent streak of scandals affecting public companies, governance and related legislation has again been brought into focus.

Assessing the Impact of Unsolicited Commercial E-mail in a Large Corporation

By: Joseph McComb (posted on April 8, 2004)

Unsolicited commercial e-mail has become an increasing issue in corporate environments. This case study examines the impact of unsolicited commercial email (also known as spam) on the productivity of employees in the research division of a large global corporation.

A Secure By Numbers Approach To An All

By: Darrell Rodgers (posted on April 8, 2004)

These multi-functional devices are very simple to setup and use, but may not provide us with the layered Defense In Depth functionality that we desire nor will they provide the additional features of higher end components such as those made by Cisco.

Implementing Defense In-Depth at the Department Level

By: Sean Fahey (posted on April 8, 2004)

This case study describes the procedures used to improve computer security within my department by following the principles of defense in-depth. It presents a step-by-step approach for improving security by defining risks, assessing vulnerabilities, and implementing measures to reduce the likelihood that those vulnerabilities may be exploited.

A Policy to Prevent Outsider Attacks on the Local Network

By: Clarissa Brown (posted on April 8, 2004)

We used to be able to say, "If the laptop or computer is not owned by us, then it is not allowed to touch our network." However, over the last few years, business need has exceeded the desire to keep our network "pure" and many non-agency owned computers now have access to our local area network (LAN).

Introducing Information Security to a Cyber Cafe

By: Barry Basselgia (posted on April 8, 2004)

Due to growing concern over Information Security, I was approached by the director responsible for a company sponsored Cyber Cafe to evaluate the Cafe for Information Assurance and Network Security concerns. The director was concerned that a virus or other forms of cyber attack could cause extended downtime, which would have a negative impact on morale and productivity.

Securing Sensitive Data in a Research Environment

By: Tim VanAcker (posted on March 9, 2004)

Several years ago, staff on one of the research projects in my organization developed guidelines for disseminating sensitive data to researchers around the country.

The Impact of the Sarbanes Oxley Act on IT Security

By: Scott Byrum (posted on March 9, 2004)

This paper goes on to define the Sarbanes-Oxley Act and its requirements, a framework for compliance, and specific IT security areas that must be considered during compliance efforts.

Internet Service Providers:The Little Mans Firewall

By: Luke Dudney (posted on March 9, 2004)

There has recently been call for Internet Service Providers to begin filtering traffic related to the spread of malicious data traffic such as viruses, worms and open proxy abuse to and from their end-users. This case study outlines the planning, implementation, and results phase of such an endeavour by a medium sized national Australian ISP.

Implementing Vulnerability Assessment with eEyes EVA Suite

By: Kevin Austin (posted on March 4, 2004)

Vulnerability assessment is an important part of any Defense in Depth implementation. I discovered that in my company vulnerability assessment was not being used to its full advantage inside the perimeter. My team was continually fighting the same battles against unpatched and vulnerable systems as they would acquire various viruses from the network.

Personal Media Devices: The Cool Threat Vector

By: Keith Daly (posted on March 2, 2004)

This paper discusses the use of personal media devices as a potential threat vector towards corporations.

Information Security

By: Eric Rupprecht (posted on February 26, 2004)

This paper describes how a packet will flow through these tools to provide a better understanding of these technologies and enabling the administrator to write firewall rules with fewer errors.

Study: Improving Security in Corporate (SMTP) E-Mail Delivery

By: Brian Sommers (posted on February 26, 2004)

For this case study, I will examine one of these Internet services, e-mail over SMTP (Simple Mail Transfer Protocol), and what was done to improve the security of that system.

Circumventing Access Control Lists by Transparent Proxy - A Case Study

By: Robert Gannon (posted on January 11, 2004)

This paper describes a method used in an actual case to circumvent seemingly adequate access controls by using the transparent caching mechanism of the WCCP protocol to abuse an otherwise protected network for the purposes of sending spam and connecting anonymously to unsavory sites.

The Unintentional Criminal: DDoS from the inside!

By: Miguel Dilaj (posted on January 11, 2004)

This paper will highlight the IT Security problems resulting from the economic constraints on an ISP in a developing country and of their impact everywhere.

Government Financial Architecture: A Focus on Centralized Security and Continuity of Operations

By: Matthew Mickelson (posted on January 11, 2004)

The primary focus of this paper addresses security issues laid out by the CFO; specifically the following key areas for improvement which include: De-Centralized Architecture, Disaster Recovery, Continuity of Operations, Network and Server Availability.

An intrusion, in an outsourcing data center, that works in spite of security

By: Rick Kryger (posted on December 21, 2003)

No matter how secure the architecture, how complete the procedures, or how diligent and skilled the network support team is, nothing short of knowing and analyzing all changes inside and outside of the solution can protect an environment completely.

Introducing Defense-in-Depth to a Small ISP

By: Rodney Anderson (posted on December 21, 2003)

This paper presents a case study about a rural Internet Service Provider (ISP) who requested some assistance in assessing the security of their production server and network environment.

Using LDAP to solve one companys problem of uncontrolled user data and passwords

By: Andres Andreu (posted on December 21, 2003)

This case study will analyze a massive undertaking of centrally consolidating user data, and in particular passwords, from numerous sources

Case Study: Implementing a Secure Wireless Network using WPA

By: Randy Hensel (posted on December 13, 2003)

Wireless network cards are becoming quite common at my company especially in notebook computers. With this proliferation of wireless network cards have come requests from the users of these computers to access the corporate network using a wireless connection.

Implementing Identity Management with BMC Control-SA

By: Adrian Grigore (posted on December 13, 2003)

This paper is a case study describing how the organization I work for implemented Identity Management using BMC Control-SA product.

Reducing the Risk associated with Authentication and Authorization through the deployment of SUDO and Powerbroker: A Case Study in Information Securit

By: Steve Mancini (posted on December 13, 2003)

This case study explores sudo and Powerbroker, discussing their strengths and weaknesses as they apply to a large scale work environments and their implications in considering your authentication - authorization process, and offer one possible solution which uses both applications in a manner to minimize some of the risks known to exist with shared accounts, both traditional and super-user.

Architecting, Designing and Building a Secure Information Technology Infrastructure, a case study

By: John Johnston (posted on December 13, 2003)

This case study follows the building of an Information Technology Infrastructure with an integrated Security Architecture.

Defense in Depth For Private Wireless Communications Networks: A Case Study

By: Walt Andserson (posted on November 6, 2003)

This paper examines the threats and vulnerabilities of private wireless communications infrastructures, discusses the selection and prioritization of security countermeasures, and describes the security enforcing equipment and security management services that are now being introduced.

Retain control of Security (even in the wake of an IT Outsource)

By: Leslie Martinez (posted on November 5, 2003)

This paper provides a case study and serves as a methodology for dealing with any outsource where security is of concern; sighting actual problems encountered and the solutions that were deployed, along with the tools used, and the policies implemented.

Case Study: A Risk Audit of a Very Small Business

By: Douglas Browne (posted on November 5, 2003)

This paper describes a security audit of a small business, focusing on the discovery and risk analysis process and provide technical details in appendices.

Programmatic Management of Active Directory Groups

By: Don Quigley (posted on November 5, 2003)

This paper provides detail on an automated group provisioning/deprovisioning process developed for the management of security group membership requests and includes the Perl code designed to work with Critical Path's MetaConnect product as a constructed attribute.

RBAC In The Real World

By: Christine Occhipinti (posted on October 31, 2003)

This paper discusses Role-Based Access Control (RBAC), a type of non-discretionary access control, was chosen as the best solution to mitigate the risk from vulnerabilities on a system I worked on.

Lessons Learned in Securing Blackboard

By: Peter Benedict (posted on October 31, 2003)

This paper details the efforts taken to secure Blackboard, a Course Management System (CMS), at an educational institution.

Securing an IIS 4.0 Web Server, Machine and All

By: Marshall S. Heilman (posted on October 31, 2003)

The objective of this paper is to show how I secured my organization's web server, which fatally crashed earlier this year.

A Secure Implementation of HP OpenView Web Transaction Observer

By: Matthew Patterson (posted on October 31, 2003)

This paper discusses an actual implementation of the product HP OpenView Web Transaction Observer 3.0 (WTO) as a repeatable service offering within an Outsourcing environment.

Forced Evolution of Security on Redhat Linux Server due to System Compromise

By: Alec Wood (posted on October 31, 2003)

This paper describes my experiences in setting up the office computer network system for a small engineering company in Hong Kong and handling the system when it was compromised.

Help We Just Fired Our Only IT Person!

By: Doug Cox (posted on October 31, 2003)

This study covers about 18 months of activity at the pace that could be absorbed by the organization. It is not meant to be universal solution, but lessons taken from a real event.

Securing the Perimeter: A Case Study

By: George Kelschenbach (posted on October 31, 2003)

The Linux, Help Desk, Mail server and the two Active Directory servers had direct network links to both the internal network and the Internet making them prime targets for intruders.

The Value of Risk Assessment - A Case Study

By: Elton Pierce (posted on October 31, 2003)

This paper will examine the application of the security risk assessment process to a rather complex project from the initial phases of its design prior to security risk assessment to its production state. It will discuss how risks were assessed and identified and show how the risk assessment process changed the final outcome of the project.

The Logbook of The World

By: Ted Demopoulos (posted on October 31, 2003)

This paper describes the Logbook of The World (LoTW) project to create electronic confirmations of contact (eQSLs) for amateur radio operators worldwide.

SSL Web Proxy - A Secure and Inexpensive Remote Access Implementation

By: David Culp (posted on October 31, 2003)

The objective of this system is to allow external clients without any configuration changes to securely access our internal web applications via the Internet.

Case Study for Understanding the 30,000 Foot View Before Diving In

By: Bill Baker (posted on October 31, 2003)

The goal of this paper will be to provide some insight to help the reader become a bit more business-savvy, where gearing solutions to the needs of the organization will help raise acceptance rates.

Recovering From a Failed Security Audit - A Case Study

By: Wayne Fielder (posted on October 31, 2003)

This case study opens with recognition of the security and privacy issues within the Agency and walks through the process of remediation, securing the use of sensitive data, development and implementation of strong policies, and initiating a solid monitoring system at very low cost due to a deteriorating budget scenario.

I-VPN - Porting a corporate network to Internet

By: Thorstein Oeverby (posted on October 31, 2003)

This paper describes the process of implementing a corporate business network over Internet that replaces a variety of communication solutions developed over the years.

Implementing Vulnerability Scanning in a Large Organisation

By: Richard Grime (posted on October 31, 2003)

This paper describes how our security group now uses vulnerability scanning to demonstrably improve the security posture of our organization.

Label Controlled File Transfer Server - Case Study

By: Don Weber (posted on October 31, 2003)

The following discussion provides the process that I used to configure my portion of the label controlled file transfer system, touching on Trusted Solaris (TSOL), the secure operating system, Washington University File Transfer Protocol Daemon (wuftpd), file transfer program, and a chroot jail, along with the suggested direction of implementation.

Securing a University Environment; An Evolutionary Case Study

By: James Mayne (posted on October 31, 2003)

This case study outlines the steps that my university took to transition from an open network to one that balances the needs of faculty doing teaching and research, students needing to learn as well as be entertained and staff that require a secure and stable network environment to perform their business functions.

Remote Access using Telstra Dial IP

By: Jamie Rossato (posted on October 31, 2003)

This paper will demonstrate how the real-world security problem of remote access to an Enterprise network was addressed and validated (post-implementation) through the Internet Security Alliance's (ISA) Common Sense Guide for Senior Mangers.

VPN Project: Remote Access to a Novell Network

By: John Porter (posted on October 31, 2003)

As a senior network administrator, I became project leader and was responsible for directing our security initiative to replace our existing remote access facilities with encrypted Virtual Private Networking (VPN) technology.

Case Study - Windows 2000 ISA Proxy Server Authentication Inside a DMZ

By: Michael Kerr (posted on October 31, 2003)

This paper describes the investigation process and implementation of IPSec policies to manage a wide range of communication traffic between two Windows 2000 servers.

Small-site Information Security on a (very loose) shoestring - a case study

By: Michael Millow (posted on October 31, 2003)

This paper will describe the lack of information security within a small company and the corrective actions (and their limitations) that significantly enhanced the overall security posture.

IMPLEMENTING sudo TO REPLACE su

By: Robert D' Agnolo (posted on October 31, 2003)

This paper discusses the implementation of sudo to replace su access on two key Sun/Solaris servers used by a small group of scientists who do research and development for a major US manufacturer

Benefits Of Implementing Secure Computing'S Sidewinder Firewall Appliance At A U.S. Army Mil

By: Andrew Rafla (posted on October 31, 2003)

This paper addresses the added protection mechanisms supplied by the implementation of a Sidewinder firewall appliance, along with strict "least privilege" access control policies would assist the Designated Approval Authority in accepting the new minimized level of risk and, therefore, approve the site's new DITSCAP accreditation.

Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network

By: Clay Risenhoover (posted on October 31, 2003)

This paper examine how automating information security audit procedures at a university had the effect of increasing security through increased policy compliance.

Case Study: Transforming a Traditional Windows Client/Server Application

By: David Strubbe (posted on October 31, 2003)

Our software firm's financial application was developed on a traditional clientserver model and this paper explores some of security issues and the process that we (the software vendor) and our client (the ASP provider) used to securely implement a solution.

Wireless Security Protection In a Logistic Environment Case Study

By: Ferran Gallego (posted on October 31, 2003)

This case study is based on a Logistic Company where they have implemented wireless LANs (WLANs) to all their Warehouse sites.

Adventures in implementing a strong password policy

By: Marsha Williams (posted on October 31, 2003)

This paper explores the issues we had to negotiate in strengthening our passwords, some of the of the special situations which had to be handled as exceptions to the policy, and our planned future directions.

Wireless Security Protection In a Logistic Environment Case Study

By: Ferran Gallego (posted on October 31, 2003)

This project is proposing a way to secure the wireless LANs, allowing authorized and authenticated wireless users to gain access to their host application.

Detailed Forensic Procedure for Laptop computers

By: Matt Pierce (posted on October 31, 2003)

This document will discuss what forensic analysis is, why it is important and how laptop computers affect forensic analysis.

Achieving Executive Buy-in: The Case For Security

By: Chad Boeckmann (posted on October 31, 2003)

This paper conveys a real world approach to selling security to upper management and creating a foundation to build security upon.

Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection

By: Kevin Knox (posted on October 31, 2003)

This paper will discuss the processes and actions taken to provide 24X7 fault tolerant and highly available systems with physical as well as cyber security in the forefront.

Deploying a website built using Oracle9iAS Portal

By: Stephen Coates (posted on October 31, 2003)

This paper is a case study of the deployment of a website built using the Portal component of Oracle9i Application Server (Oracle9iAS) in 2001.

Discovery, Eradication and Analysis of an attack on an open system: Welcome to the Jungle

By: Steve Terrell (posted on October 31, 2003)

This paper relates the procedures and policies that were put into effect to increase the security of the system, post attack, and how those procedures might affect the way the system will be used in the future to conduct the business of the school.

University Security

By: Douglas P. Brown (posted on October 31, 2003)

By using a combination of security tools and procedures, universities can provide a more secure computing environment than has generally been available.

How to Identify and "Contain" Some of the Information Security Problems Created by Unique

By: John Cupps (posted on October 31, 2003)

Several aspects of the university's business environment are unique only to universities and this paper explores the effect of the student user group within the environment and the problems they can create for information security initiatives.

Security Considerations in the Merger/Acquisition Process

By: Anita Hartman (posted on October 31, 2003)

This document will focus on the high-level security issues that if included in the due diligence process, can help facilitate integration of the companies involved.

Securing the Gold through Better Network Design: A Case Study

By: Todd Sheppard (posted on October 31, 2003)

The purpose of this research was to introduce new technologies to the sales force in order to enhance the solutions-based selling approach for a marketing and office equipment servicing company.

Information and Network Resource Administration and Security in an Education Network Environment

By: Ryan W. Davis (posted on October 31, 2003)

The goal of this document is to discuss and apply knowledge of Information Security to common security problems and concerns in an educational environment.

Secure Password Storage

By: Shelby Reeves (posted on October 31, 2003)

This paper addresses secure methods to archive and retrieve passwords.

Case Study: Implementing a Centralized Logging Facility

By: Richard DuClos (posted on October 31, 2003)

This paper provides a discussion on implementing a centralized logging server.

Connecting a Classified Network to the Internet. A case study.

By: Henrik Kram (posted on October 31, 2003)

The purpose of this document is to point out some common elements from the guidelines published to regulate computer security and suggest administrative action and technical solutions to build a network that may be connected to the Internet, and still obtain/retain a classification up to and including NATO RESTRICTED.

Case Study: Security Assessment at a Small Technology Corporation

By: Ryan L. Reiber (posted on October 31, 2003)

The following independent security assessment included the areas of its ASP, internal network infrastructure, and firewalls.

Establishing and Verifying the Stunnel SSL Encryption of Pine IMAP Email Sessions

By: Christopher Ursich (posted on October 31, 2003)

This paper documents one method for establishing and verifying the operation of SSL encryption using Stunnel for Pine IMAP email sessions.

Unique Security Challenges in Higher Education - Securely Integrating Student-owned Computers into Y

By: Kerry Vosswinkel (posted on October 31, 2003)

This paper addresses basic areas of information security such as policy, security awareness training, restricting access, monitoring and intrusion detection, and incident response that can keep your networks as secure as possible.

Securing Information within SAP v4.6b

By: Lori A. Kirk (posted on October 31, 2003)

The following thoughts and best practices are the end result of an upgrade, experience with the necessary clean up after the cutover and review of best practices offered by third parties.

Comprehensive Anomaly Detection (CAD)

By: Niles Mills (posted on October 31, 2003)

This paper provides a discussion on Comprehensive Anomaly Detection (CAD).

Network Security Concepts and Essentials: A University Overview

By: Matthew Wu Leng (posted on October 31, 2003)

Using my experience from working at an Australian university, this paper addresses how the number of internal and external threats is increasing and providing intruders with a vast array of "ways to compromise university machines.

Twists in Security for Law Enforcement

By: Conrad Larkin (posted on October 31, 2003)

This paper is an attempt to not only briefly cover the basics of computer security that should be in use by everyone, but also an attempt to introduce to those unfamiliar with the extra challenges of supporting law enforcement what additional computer security precautions need to be addressed.

eVoting - A Perspective on Security

By: Damon J. Small (posted on October 31, 2003)

This paper will discuss how technology can be used to improve the voting process in the United States, and what should be done to get from current state to "eVoting."

Tackling Malicious Code in a University Environment: A Case Study

By: Sandy Goldston (posted on October 31, 2003)

This paper is a case study of malicious code incidents in a large public university as seen through the eyes of the security liaison over a one-and-a-half year period.

Application of the Survivable Network Analysis Method to Secure My Office System

By: Dale Wutz (posted on October 31, 2003)

This paper addresses the results of applying the Survivable Network Analysis method to my office system.

Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities

By: William Geimer (posted on October 31, 2003)

This paper examines password encryption and authentication techniques applied to the file-level protection of personal documents and databases.

Can Microsoft .NET Deliver "Trustworthy Computing"?

By: Nikhil Viswanathan (posted on October 31, 2003)

The aim of this paper was to analyze the security framework of Microsoft .NET, and examine whether its components and features will deliver Microsoft chairman Bill Gates, his ambition of transforming Microsoft into the leading software provider of web services and "trustworthy computing".

Steps to Secure a Law Enforcement Network

By: David Brown (posted on October 31, 2003)

This paper addresses several common issues such as training for system administrators, risk assessment, physical security, security policies, and proper system administration.

Protecting Your Internal Systems from a Compromised Host

By: Michael Nancarrow (posted on October 31, 2003)

The concept for this paper came from a recent incident when one of our customer machines was compromised.

Designing Secure IT Environments for Pharmaceutical Clinical Trial Data Systems

By: Paul Drapeau (posted on October 31, 2003)

Pharmaceutical companies are subject to regulations imposed by the FDA (Food and Drug Administration), and this paper details the relevant regulations for security professionals and the special concerns they pose.

Is IEEE 802.1X Ready for General Deployment?

By: Scott Baily (posted on October 31, 2003)

This paper examines the suitability of deploying IEEE 802.1X as the principal authentication mechanism for Colorado State University's wireless network.

Defense In Depth: A Small University Takes Up the Challenge

By: David W. Robinson (posted on October 31, 2003)

This paper briefly explores the vital network security design concept of Defense in Depth (DiD).

CASE STUDY ON IMPROVING THE SECURITY OF A FIRM IN A LEGACY APPLICATION SETTING

By: Susan Bradley (posted on October 31, 2003)

This paper documents the steps that were taken by me to increase the security within my firm's computer network system, a system that includes Windows XP workstations and Windows 2000 Server systems.

Securing a Small Community College - A Case Study

By: Bobby Hoyle (posted on October 31, 2003)

This paper identifies critical computing resources used in a small community college, develops a method of defining risk, presents a network design, as well as, implements security policies to address risks, and formulates a long term strategy for securing vital campus resources.

Implementation of a Secure Web Environment for a Government Agency

By: Chad M. Steel (posted on October 31, 2003)

This paper details the decision making process and implementation of a secure, multi-site redundant web hosting environment for a large government agency.

Practical Implementation of Syslog in Mixed Windows Environments for Secure Centralized Audit Loggin

By: Frederick Garbrecht (posted on October 31, 2003)

This paper presents some of the options available to access the Windows Event log and demonstrate how to implement a versatile centralized remote logging solution using a commercially available Win32 implementation of the Syslog protocol.

Full Lifecycle Security Assessment - A Case Study

By: Gregory J. Golightly (posted on October 31, 2003)

This paper presents a 'before and after' look at helping a non-profit organization with assets of over a billion dollars secure their infrastructure using a best practice approach, expert knowledge, along with vulnerability assessment tools by ISS.

Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts A Case Study

By: Kenneth Underwood (posted on October 31, 2003)

Knowing" what traffic is leaving your network, is like turning on the light, where there was once darkness. This paper will give examples of what I found in our corporate network, and what I did about it.

Case Study in Automating Branches of a Bank

By: Tim Rhome (posted on October 31, 2003)

This case study will highlight points that were addressed while automating 85 locations for a bank.

Wireless and Moneyless

By: Ryan Blake (posted on October 31, 2003)

This is a study of how one organization met the challenge of deploying a reasonably secure WLAN with virtually no capitol.

Integrating Real-Time Services on the Web

By: Pete Kobak (posted on October 31, 2003)

This paper describes the development of technical processes and analysis models that enable the institution to quickly and safely integrate new business services into the institution's web site.

Inside a Phish

By: John Brozycki (posted on )

This paper will document both sides of a phishing campaign, the phisher and the phished, providing a unique view as best as I’m able to recreate it from the phisher’s own emails and information from the phished financial institution.