Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
The FIX Protocol website defines The Financial Information eXchange ("FIX") Protocol as “a series of messaging specifications for the electronic communication of trade-related messages” (FIX Protocol Ltd, 2012).
A recent report on botnet threats (Dhamballa, 2010) provides a sobering read for any security professional. According to its authors, the number of computers that fell victim to botnets grew at the rate of 8%/week in 2010, which translates to more than a six-fold increase over the course of the year.
Software patching for IT Departments across the organizational landscape has always been an integral part of maintaining functional, usable and stable software. Historically the traditional patch cycle has been focused on fixing or resolving issues which affect functionality. In recent years, with the advancement of more sophisticated and targeted threats which are occurring in quicker cycles, this focus is dramatically changing. (Risk Assessment – Cisco, n.d.; Executive Office of The United States, 2005) . Corporations and Government now have a greater understanding of potential losses and expenses incurred by not maintaining application security and are moving towards an increased focus on patching and security (Epstein, Grow & Tschang, 2008). With organizations’ reputations, consumer confidence and corporate secrets at risk, corporations and government are recognizing the need to shift and address vulnerabilities at a much faster pace than they historically have done so (Chan, 2004). Over roughly the last ten years, the length of time between the documentation of a given vulnerability in a piece of software and the development of an actual exploit that can take advantage of the weakness in the application, has decreased tremendously. According to Andrew Jaquith, senior analyst at Yankee Group, the average time between vulnerability discovery and the release of exploit code is less than one week. (“Shrinking time from,” 2006). It has also been identified that “99% of intrusions result from exploitation of known vulnerabilities or configuration errors where countermeasures were available” ("Risk reduction and.," 2010) . Clearly these statistics alone can prove daunting for many businesses trying to keep pace and maintain proper defenses against the bad guys.
Android is an open-source mobile operating system, based upon a modified version of the Linux kernel, initially developed by Android Inc., a firm purchased by Google in 2005.
A Gartner study released on November 2010 outlined that Android has become the second-most popular OS in the world (Gartner, 11/2010). The growth of Android has exceeded their previous study, released last year, in which they had predicted that Android will be the No.2 worldwide mobile operating system in 2012 (The H, 08/10/2009). According to another Gartner study (Gartner, 08/2010)., there will be only a slight difference between Symbian and Android market share in 2014: 30.2% for Symbian against 29.6% for Android.
The Universal Serial Bus (USB) is an omnipresent data and peripheral communication port that poses a security threat in any modern computing environment. Proposed is a holistic approach to USB port-security, examining the problem from user requirements definition to organizational threat-risk assessment and finally technical and procedural-based risk mitigation.
The ISO 17799/27001 standard provides a good minimum description of what organizations should be doing to protect themselves, but it should not be the sole focus of your security and audit control design. A better approach is to allow your information-security management-system subcommittees or technical specialists to analyze the threats your organization is likely to face. Then, design your controls around those threats, balancing the cost to mitigate a threat versus the cost of a threat occurring in your environment. Finally, after you have analyzed the threats, you can double check your policies and procedures against a regulatory or management framework, such as ISO17799, SOX, GLBA, HIPPA or PCI.
This study has suggested that an additional course of action step be added to the incident handling process. This addition would require that an incident handler identify the effects of his action before disrupting ongoing commercial or military operations.
This early and evil "Santa Claus" present caused some serious havoc for administrators of phpBB bulletin board software around Christmas 2004, defacing almost 40 thousand phpBB sites in a short period.
Since 1992 active Radio Frequency Identification (RFID) tags have been used in vehicles to automate the toll process on toll roads, bridges, and tunnels in a process called Electronic Toll Collection (ETC). These tags are mounted to the windshield or externally surrounding the license plate on a vehicle and read as the vehicle proceeds without stopping through special lanes at the toll plaza.
An enterprise risk management workflow model is presented to illustrate the `big picture' of risk management, the key to developing a "keen eye" for IT security risks as a part of the overall IT management doctrine.
What I have learned in my research has truly amazed me and I endeavor to share some of that information in this paper. I will define skimming, describe what a skimming device may look like, discuss how skimming is done, provide some statistical information and provide some pointers on how to avoid being skimmed and what to do if it happens.
This paper offers a "defense-in-depth" solution for large enterprises and corporations where there may be thousands of entry points through which viruses can enter, causing possible system damage and information theft or loss.
This paper looks at the vulnerabilities exposed by Windows services, how and why these risks occur, identify the tools for manipulating Windows services, and provide solutions to secure these identified vulnerabilities.
These limitations inspired two new proposals: AVDL (Application Vulnerability Description Language) and VulnXML. With them it will be possible to directly import a describing XML document into a scanning tool and the tool will generate and launch the vulnerability scan. AVDL and VulnXML will be described and discussed in this paper.
This paper explores key issues related to threat assessment, including essential elements, methodologies, and common pitfalls, along with a recommended approach for completing and documenting this activity.
This document starts with a brief look at basic system and network security principles, continues with the revealing of some printer threats and vulnerabilities, and ends with a discussion about how to deal with the issue.
This paper explores some key events in vulnerability disclosure, the conceptual differences between full disclosure, nondisclosure, limited disclosure and responsible disclosure, then examines some existing disclosure policies and proposed standards.
This white paper will discuss the benefits and pitfalls of Vulnerability Scanning and will suggest an approach suitable for small and medium-sized businesses, as well as discussing the possibility of buying this as a service from a specialist agency.
This paper reviews traditional best practices and tools for DDoS mitigation, discusses the inherent weaknesses of these best practices, the developing legal issues and trends that may soon be forcing change on how DDoS attacks are combated, and looks at the new generation of tools becoming available for mitigating these attacks.
This paper Demonstrates how historical lessons can be used as a platform for management to understand the technology solutions we are proposing and how historical lessons can improve our skills as InfoSec professionals.
This paper cover the risks associated with insider threat, and provides practical counter-measures, which should challenge the reader to focus on the people and processes that protect information rather than technology.
In this paper, the security threats posed by the use of consumer grade instant messaging clients in the enterprise, including privacy and identity issues are discussed, along with malware and bug vulnerabilities.
This paper tries to fill the gap between Buffer Overflows and errors within program source code, providing an in-depth discussion on stack smashing, frame pointer overwrite, return-into-libc, heap based overflow techniques and possible countermeasures.
This paper is neither for nor against the use of Timbuktu software as a Windows Remote Access /Remote Control solution, however, there are a number of potentially serious vulnerabilities that may be encountered through the use of the product.
This paper gives: an overview of the BIOS and its functions; a detailed discussion of known threats to the BIOS and the hardware of a PC - as well as how they could be exploited; and, finally, countermeasures that can mitigate the risks