SANS Institute

the most trusted source for computer security training, certification and research

SANS InfoSec Reading Room - GIAC Honors Papers

<<Reading Room Home

Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Featuring 78 papers as of Oct 12, 2008

This category is made up of the GIAC Honors papers from approximately the past two years for all different GIAC certifications and certificates. These papers demonstrate "the best of the best" in student work on all aspects: technical, writing ability, and presentation.

Don’t Just Patch, Protect!: Richard Sillito; May 1, 2007; - download paper

XML Firewall Architecture and Best Practices for Configuration and Auditing: Don Patterson; April 30, 2007; - download paper

Stealth for Survival: Threat of the Unknown: Ken Dunham; April 30, 2007; - download paper

International Cybercrime Treaty: Looking Beyond Ratification: Daniel Robel; March 28, 2007; - download paper

Assumptions in Intrusion Detection - Blind Spots in Analysis: Rodney Caudle; March 28, 2007; - download paper

CyberLaw 101: A primer on US laws related to honeypot deployments: Jerome Radcliffe; March 16, 2007; - download paper

Secure use of LDAP for Naming Services with Solaris: Raymond Scott; March 15, 2007; - download paper

Using Oracle Forensics to determine vulnerability to Zero Day exploits: Paul Wright; February 28, 2007; - download paper

Server Security in a Citrix Presentation/Terminal Server Environment: Shane Wescott; February 14, 2007; - download paper

Sudo for Windows (sudowin): Andrew Kutz; February 14, 2007; - download paper

Phishing and Pharming - The Evil Twins: Tushar Srivastava; February 14, 2007; - download paper

VPNScan: Extending the Audit and Compliance Perimeter: Rob VandenBrink; February 12, 2007; - download paper

Pros and Cons of using Linux and Windows Live CDs in Incident Handling and Forensics: RickyD Smith; February 9, 2007; - download paper

Security Issues and Countermeasure for VoIP: Jianqiang Xin; February 7, 2007; - download paper

Visual Baselines - Maximizing Economies of Scale Using Round Robin Databases: Kirsten Hook; January 11, 2007; - download paper

Wireless Attacks from an Intrusion Detection Perspective: Gary Deckerd; December 11, 2006; - download paper

Secure Configuration of Apache in the Mac OS X Environment: Neil Fryer; December 7, 2006; - download paper

Discovering Rogue Wireless Access Points Using Kismet and Disposable Hardware: Larry Pesce; December 7, 2006; - download paper

The December Storm of WMF: Preparation, Identification, and Containment of Exploits: James Voorhees; November 17, 2006; - download paper

A Survey of Wireless Mesh Networking Security Technology and Threats: Anthony Gerkis; October 18, 2006; - download paper

Auditing a Systems Security Consultant's Laptop Running Fedora Core 2: Yolanda Martinez; May 11, 2005; - download paper

Computer Forensics Investigation - Analyze an Unknown Image: Raul Siles; April 28, 2005; - download paper

802.11i (How we got here and where are we headed): Elio Perez; November 17, 2004; - download paper

Getting Started: The Impacts of Privacy and Security Under HIPAA - A Case Study: Barbara Filkins; November 17, 2004; - download paper

A Practical Implementation of Defense In Depth and Concomitant Security Management Program: Dar Ning Kung; November 15, 2004; - download paper

The Yin and the Yang: A Sordid Tale of Information Security, OR DCOM, Netcat, and a Live Response, OH MY!: Dave Shackleford; November 15, 2004; - download paper

Macromedia ColdFusion RDS default condition exploit: David Bruno; November 15, 2004; - download paper

Building a Secured OS for a Root Certificate Authority: Don Murdoch; November 15, 2004; - download paper

An Ettercap Primer: Duane Norton; November 15, 2004; - download paper

SAN Security – beyond segmentation: Etienne De Burgh; November 15, 2004; - download paper

The Ins and Outs of System Logging Using Syslog: Ian Eaton; November 15, 2004; - download paper

Dead Linux Machines Do Tell Tales: James Fung; November 15, 2004; - download paper

Defeating Overflow Attacks: Jason Deckard; November 15, 2004; - download paper

USA PATRIOT Act Compliance Issues for Non-Financial Companies: Jeffrey Fenton; November 15, 2004; - download paper

Securing Wireless LANS in Microsoft Networks using Wireless Protected AccessTM and Digital Certificates: John Holmblad; November 15, 2004; - download paper

Greymatter Remote Command Execution Vulnerability: Ken Rode; November 15, 2004; - download paper

password Management: Awareness and Training: Neil Witek; November 15, 2004; - download paper

Implementing a Windows 2003 PKI from an Existing Windows 2000 Network: Norman Christopher Knight; November 15, 2004; - download paper

Network Security Architecture: Patrick Luce; November 15, 2004; - download paper

Slapper: Paul Elwell; November 15, 2004; - download paper

Linux kernel rootkits: protecting the system's: Raul Siles; November 15, 2004; - download paper

Mass-Mailing Worms: Prevention, Detection and Responce: Richard Gadsden; November 15, 2004; - download paper

Running a Secure Kerberos Server on FreeBSD: Roberto Sabbi; November 15, 2004; - download paper

Alternate Data Streams: Out of the Shadows and into the Light: Ryan Means; November 15, 2004; - download paper

Defence in Depth on the Home Front: Thomas Harbour; November 15, 2004; - download paper

Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach: Vilas Ankolekar; November 15, 2004; - download paper

Auditing a Corporate E-mail Gateway Running Postfix on Linux: an Administrator’s Perspective: William Karwisch; November 15, 2004; - download paper

Avaya INDeX PBX Security Audit: An Auditor’s Perspective: Alan Mercer; November 14, 2004; - download paper

Information Security Management System (7799) for an Internet Gateway: Amarottam Shrestha; November 14, 2004; - download paper

GIAC Enterprises' Expansion into China: Andrew Jones; November 14, 2004; - download paper

GIAC Certified Firewall Analyst Practical: Bang Shug Tan; November 14, 2004; - download paper

Procedures for Establishing User Access Controls to Electronic Protected Health Information: Barbara Filkins; November 14, 2004; - download paper

Auditing Borland‘s J2EE Application Server: An Auditor’s Perspective: Brenton Camac; November 14, 2004; - download paper

Quantum Encryption – A Means to Perfect Security?: Bruce Auburn; November 14, 2004; - download paper

Auditing a print and scan server protected by the VisNetic for Workstation firewall: Carmen Aubry; November 14, 2004; - download paper

empowering your IT Call Center as Information Security Advocates: Carrollynn Brown; November 14, 2004; - download paper

Framework for Secure Application Design and Development: Chris McCown; November 14, 2004; - download paper

Attacks Against The Mechanical Pin Tumbler Lock: Craig Kagawa; November 14, 2004; - download paper

Implementing a Project Security Review Process within Project Management Methodology: Darlene Hart Rodgers; November 14, 2004; - download paper

Case Study in Information Security: Suzy Clarke; October 31, 2003; - download paper

Auditing a Distributed Intrusion Detection System: An Auditors Perspective: Darrin Wassom; October 31, 2003; - download paper

How an Exploit in the Computer System of a Small Company Was Used to Gain Access to Two Major Govern: Adrienne Zago-Swart; October 31, 2003; - download paper

Intrusion Detection and Analysis: Theory, Techniques, and Tools: Tod Beardsley; October 31, 2003; - download paper

Securing MySQL Server on FreeBSD 4.5: Jason Lam; October 31, 2003; - download paper

GIAC Enterprise: Descriptions of the Company's Network, and Configuration of the Primary Router, Firewall and VPN Device: Emily Gladstone; October 31, 2003; - download paper

SuSE Linux on a PowerBook G4 Workstation: David F. Beck; October 31, 2003; - download paper

GIAC Enterprises: Stephen Carroll; October 31, 2003; - download paper

WU-FTPD Heap Corruption Vulnerability: Jennifer Allen; October 31, 2003; - download paper

Lions and Tigers and Layers (of security): David McLeod; October 31, 2003; - download paper

GIAC Enterprises Security Policies & Procedure: Simon Oliver; October 31, 2003; - download paper

Securing Unix Step By Step - Secure Mail Gateway: Maarten Hartsuijker; October 31, 2003; - download paper

Intrusion Detection In Depth: Kyle Haugsness; October 31, 2003; - download paper

Intrusion Detection In Depth: Hee So; October 31, 2003; - download paper

GIAC Enterprises: "Your Fortunes" Security Infrastructure: Mark Hofman; October 31, 2003; - download paper

GIAC Enterprises - Data Backup Security Policies and Procedures: Martin A. Reymer; October 31, 2003; - download paper

A Comprehensive Perimeter Security Architecture for GIAC Enterprises: Matt Briddell; October 31, 2003; - download paper

GIAC Enterprises: Peter Vestergaard; October 31, 2003; - download paper

Intrusion Analysis - The Director's Cut!: Les Gordon; October 31, 2003; - download paper

Check Them Out!

This is hands-down, the premiere training opportunity.
- Dan Mather, JICPAC