SANS InfoSec Reading Room - System Administration

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Core_1

Featuring 35 papers as of May 21, 2013
PDF Systems Engineering: Required for Cost-Effective Development of Secure Products
By: Dan Lyon (posted on October 8, 2012)
Security of data and systems is critical to consider during development of a complex system, and by taking a systems approach, secure design can be achieved in a cost effective manner.
PDF Securing Blackboard Learn on Linux
By: David Lyon (posted on December 1, 2011)
Blackboard Learn (Bb Learn) is an application suite providing educational technology to facilitate online, web based learning. It is typical to see Bb Learn hosting courses and content. Common add-ons include the Community and Content systems which are licensed separately.
PDF Securely Deploying Android Devices
By: Angel Alonso-Parrizas (posted on September 23, 2011)
Nowadays it is necessary for most companies to provide e-mail/Internet access to employees outside of the office, hence many business provide their staff with BlackBerrys, iPhones, Android or other smartphones with Internet connectivity.
PDF Application Whitelisting: Panacea or Propaganda
By: Jim Beechey (posted on January 18, 2011)
Every day, organizations of all sizes struggle to protect their endpoints from a constant barrage of malware. The number of threats continues to increase dramatically each year.
PDF Preventing Incidents with a Hardened Web Browser
By: Chris Crowley (posted on December 15, 2009)
There is substantial industry documentation on web browser security because the web browser is currently a frequently used vector of attack. This paper investigates current literature discussing the threats present in today's environment.
PDF Is Internet Explorer More Secure than FireFox?
By: Larry Fortier (posted on October 1, 2007)
PDF OS and Application Fingerprinting Techniques
By: Jon Mark Allen (posted on September 27, 2007)
PDF Security Implications of the Virtualized Data Center
By: Alan Murphy (posted on June 19, 2007)
The concepts behind application and operation system virtualization are not new concepte,they have been around long before server appliances and desktop PCs were readily available in our daily vocabulary.
PDF Port Knocking: Beyond the Basics
By: Dawn Isabel (posted on May 17, 2005)
Port knocking has recently become a popular and controversial topic in security. A basic overview of port knocking is given, and it is assumed that when carefully implemented, port knocking can be a useful tool in some situations.
PDF Linux Repository Server: Implementing and Hardening Step by Step
By: Alexandre Teixeira (posted on May 5, 2005)
One of the highly critical roles in computers security maintenance is patch management, this paper discusses the process of implementing softwares and measures in order successfully accomplish such role.
PDF Linux Repository Server: Implementing and Hardening Step by Step
By: Alexandre Teixeira (posted on March 9, 2005)
One of the highly critical roles in computers security maintenance is patch management, this paper discusses the process of implementing softwares and measures in order to successfully accomplish such role.
PDF Meeting the challenges of automated patch management
By: John Walther (posted on September 16, 2004)
According to the CERT(R) Coordination Center (CERT(R)/CC), 95 percent of all network intrusions could be avoided by keeping systems up-to-date.
PDF Metrics for Operational Security Control
By: Richard Cambra (posted on August 15, 2004)
This paper aims to inform the reader on what metrics are, why metrics can be an important tool for controlling security systems; and, how metrics fit into the day to day IT operations to improve security by measuring, reporting and tracking key elements of systems that have an impact on security.
PDF Protecting Students in the Public School Environment
By: John Decker (posted on July 25, 2004)
Today's network security issues not only involve the protection of the vital data of commerce, but also, whether by law, policy or common sense, the people and the parts of their lives that may be included in that data.
PDF Operating System Build Management in the Enterprise
By: Duncan Beattie (posted on April 8, 2004)
Mitigating the risk to critical systems from vulnerabilities in operating system builds is an important responsibility of any system administrator. In organisations with a large number of servers, running multiple applications and services, managing the state of production builds can be a time consuming exercise.
PDF Options for Secure Personal Password Management
By: Hugh Ranalli (posted on December 14, 2003)
In this paper I have used my personal needs for password management as a starting point, trying to determine a solution which would work both for IT personnel, and which would also be suitable for use by the average computer user.
PDF Role-Based Access Control: The NIST Solution
By: Hazen Weber (posted on December 13, 2003)
RBAC3, when properly implemented following a well-defined organizational policy, can allow for a very scaleable, logical, and secure means of distributing access to file systems, applications, sub-systems or the like.
PDF Implementing the "Just-enough Privilege" Security Model
By: Tom Martzahn (posted on November 19, 2003)
This paper discusses some of the challenges associated with migrating a large, widely distributed Windows NT environment with widespread administrative access for the application and server support personnel to a native Windows 2000 environment which embraces the philosophy of the "Just-enough privilege" (JeP) security model to complete assigned job responsibilities.
PDF Backup Rotations - A Final Defense
By: Stephen Lennon (posted on October 31, 2003)
This paper examines various rotation strategies that can be applied to protecting data stored on an organization's computer system.
PDF The Divine Right of Kings: Domain Administrators and your (In)secure Network
By: Mark Austin (posted on October 31, 2003)
This paper will focus on access control of network resources, and how it relates to information theft and sabotage.
PDF Non-Malicious Destruction of Data
By: Saffet G. Ozdemir (posted on October 31, 2003)
This paper examines how any backup solution must protect the enterprise and the individual users within the enterprise from lost productivity, lost or corrupted data, and time consumed in resuming normal operation.
PDF Some of the Dangers of Connecting your AS/400 to a Network
By: Michael Walsh (posted on October 31, 2003)
from lost productivity, lost or corrupted data, and time consumed in resuming normal operation.
PDF Systems Administrators: The First Line of Defense
By: Elizabeth Frank (posted on October 31, 2003)
This paper examines the role of systems administrators, those people responsible for the defense of a company's cyber structure.
PDF Patch DoS
By: Chad Oleary (posted on October 31, 2003)
This paper describes how we are just starting to feel the ramifications of the "ship first, patch later" methodology used in most IT projects, especially as they relate to security in a 24x7x365, ecommerce environment.
PDF Proposal for Managing System Security Patches in an Enterprise Network
By: Karenda Bernal (posted on October 31, 2003)
This paper details one possible solution to establishing an Emergency Vulnerability Alert (EVA) structure, the EVA process preparation; what will need to be in place prior to the implementation of the process, a complete layout of the EVA process detail, and finally what challenges (downfalls) may be faced with implementing the process proposed in this practical.
PDF Slogging (syslog-ging) through the Mud
By: Michael Sullivan (posted on October 31, 2003)
This paper focuses on what the author feels are some of the most important -- but often taken for granted - mechanisms of defense in depth: logging and auditing.
PDF Steps Toward a Secure Windows XP Stand Alone Workstation Abstract
By: Patrick Grace (posted on October 31, 2003)
These pages constitute a "how to" guide for configuring public access computers to protect them from user alterations.
PDF Protecting Insecure Programs
By: Shawn Instenes (posted on October 31, 2003)
This document examines several strategies to protect programs from malicious input, so that they will, in the worst case, abort processing rather than cause malicious code to be executed.
PDF Systems Security Management: Small Business Style
By: Nathaniel Dean (posted on October 31, 2003)
Most small businesses simply do not have the resources for even one full-time employee dedicated to Information Systems; however, four servers and thirty workstations can be a bit much without a good plan and the right tools to aid in the execution.
PDF Security Administration Solution or Why We Implemented An Identity Management/Account Provisioning T
By: Suzette Franklin (posted on October 31, 2003)
This paper presents a case study of how our company took the challenge and implemented an account provisioning solution.
PDF Keeping Red Hat Linux Systems Secure with up2date
By: John Mravunac (posted on October 31, 2003)
In this paper I will give an in depth overview of the software update mechanisms used by the Red Hat Network from Red Hat Inc.
PDF Securing Internet Explorer Through Patch Management
By: Ben Meader (posted on October 31, 2003)
This paper addresses the current state of patch management, demonstrates what could happen to your network if you leave IE unpatched and provides information on how to mitigate the risk of IE being attacked through the application of strong security settings.
PDF Using Fport on Windows NT to Map Applications to Open Ports
By: Teena J. Henson (posted on October 31, 2003)
To develop defense-in-depth computer security, an understanding of various vulnerabilities must be realized before a protection strategy is developed.
PDF Methodologically Upgrading A Production System
By: Otan Ayan (posted on June 27, 2003)
This paper attempts to outline the process an administrator should follow after a security patch has been released. Since this process is a consistently repeatable task, a Standard Operating Procedure (SOP) can be revised and enhanced as needed.
PDF Password Security in NIS Systems
By: Eric Gallagher (posted on July 19, 2001)
This material begins with a dual survey of NIS security and password security and goes beyond the initial reading into an attempt to advance password security practice in NIS.
SANS Reading Room

The Best Information Security conference I have attended yet.
-Chris Bimson, Compass Systems, Inc.

SANS Virginia Beach 2013

Latest Whitepapers

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Setting Up a Database Security Logging and Monitoring Program
By Jim Horwath

Latest Tweets

DFIR Webcast starts in 75 minutes - 50 Shades of Hidden - Di [...]
May 17, 2013 - 3:46 PM

New blog post by @yorikv on pen test tips for file analysis. [...]
May 16, 2013 - 5:07 PM

New Blog Post: SANS EU #DFIR Summit in Prague - Call for Spe [...]
May 16, 2013 - 12:33 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd