SANS InfoSec Reading Room - Encryption & VPNs

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Sandstorm Enterprises, Inc.

Featuring 92 papers as of Jun 20, 2013
PDF Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data
By: nuBridges, inc (posted on September 29, 2009)
Exploring the use of tokenization as a best practice in improving PCi dss compliance, while at the same time minimizing the cost and complexity of PCi dss compliance by reducing audit scope.
PDF The challenge of securely storing and transporting large files across a corporate Wide Area Network
By: Jeremy Gibb (posted on October 26, 2007)
PDF OpenVPN and the SSL VPN Revolution
By: Charlie Hosner (posted on August 25, 2004)
True SSL VPNs are beginning to appear in the market. One of the best, and definitely the least expensive, is the open source SSL VPN, OpenVPN.
PDF Securing Key Distribution with Quantum Cryptography
By: Bradford Bartlett (posted on August 15, 2004)
Quantum cryptography recently made headlines this year when European Union members announced their intention to invest $13 million in the research and development of a secure communications system based on this technology.
PDF Elliptic Curve Cryptography and Smart Cards
By: Ahmad Kayali (posted on April 8, 2004)
Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (for example, a 160 bit ECC has roughly the same security strength as 1024 bit RSA).
PDF Understanding and Configuring IPSec between Cisco Routers
By: Ryan Ettl (posted on March 25, 2004)
This paper will provide insight for a secure solution to address this business need using Virtual Private Networking.
PDF SSL Remote Access VPNs: Is this the end of IPSec?
By: Steven Ferrigni (posted on December 13, 2003)
This paper looks at the two VPN technologies with respect to remote access, discusses the advantages and disadvantages of each and whether they can co-exist.
PDF S-Box Modifications and Their Effect in DES-like Encryption Systems
By: Joe Gargiulo (posted on October 31, 2003)
This paper presents the substitution boxes (s-boxes) found in many block ciphers, and more specifically in DES-like encryption systems.
PDF Configuring Secure Shell with TCP Wrappers on Solaris 2.8
By: Jane Micheller (posted on October 31, 2003)
This paper shows how to setup the OpenSSH version 3.4 on Solaris 2.8 platform, beginning with the development of the product and illustrates packet captures.
PDF Issues When Using IPsec Over Geosynchronous Satellite Links
By: Greg Totsline (posted on October 31, 2003)
This paper describes the salient points of TCP over satellite links, performance enhancing proxies, IPsec, and the issues with the combined use of these technologies.
PDF Appropriate Use of Network Encryption Technologies
By: Kenneth Forward (posted on October 31, 2003)
This paper will describe virtual private networks and other network encryption technologies such as secure sockets layer - what they are, and what protections they provide.
PDF Network Based VPNs
By: Olivier Strahler (posted on October 31, 2003)
This paper focuses on this particular type of VPN. First, it provides a short history on the evolution of VPNs, then it explains what is meant by Network based VPNs.
PDF Using GPL Software For Email and File Encryption
By: David Tucker (posted on October 31, 2003)
Privacy is important, the security of information is sometimes legally required, and internet communication often does not provide this necessary security inherently.
PDF Attacks on PGP: A Users Perspective
By: Ryan Thomas (posted on October 31, 2003)
The focus of this paper is to inform users of the practical and theoretical strategies that may be used in an attempt to compromise PGP (Pretty Good Privacy), potentially exposing the contents of a PGP encrypted message to an attacker.
PDF IPSec Tunnel Creation
By: Chris Gutridge (posted on October 31, 2003)
The purpose of this paper is to detail, explain, and illustrate the specific processes that occur in creating an IPSec VPN tunnel.
PDF Instant Message Security - Analysis Of Cerulean Studios Trillian Application
By: Michael Murphy (posted on October 31, 2003)
This paper outlines the underlying security risks of Instant Messaging (IM) focusing on an analysis of Cerulean Studios' Trillian application.
PDF MPLS - VPN Services and Security
By: Ravi Sinha (posted on October 31, 2003)
The information will provide the foundation for the discussion on providing scalable VPN services in a MPLS environment.
PDF Randomness and Entropy - An Introduction
By: Chris Thorn (posted on October 31, 2003)
This paper will attempt to bring together information pertaining to concepts and definitions of randomness and entropy.
PDF No Single Killer App for PKI
By: Cliff Schiller (posted on October 31, 2003)
This paper presents the author's perspective on the real benefits of PKI as a technology.
PDF A Review of Chaffing and Winnowing
By: David Spence (posted on October 31, 2003)
This paper presents an overview of Chaffing and Winnowing as described by Ronald Rivest and a review of a secure Chaffing and Winnowing scheme called Chaffinch.
PDF Remote Access IPSec VPNs: Pros and Cons of 2 Common Clients
By: Jason Everard (posted on October 31, 2003)
This paper discusses two client options for creating this encrypted and authenticated connection, as well as options for working around the deficiencies of the current IPSec standard by combining IPSec with L2TP or by using proprietary functions to accomplish the same.
PDF Applied Encryption: Ensuring Integrity of Tactical Data
By: Jennifer Skalski-Pay (posted on October 31, 2003)
This paper will provide the reader with a low-level understanding of the Global Command and Control System-Maritime (GCCS-M), CST, Track Database Manager (Tdbm) and SIPRNet.
PDF An Overview of Cryptographic Hash Functions and Their Uses
By: John Silva (posted on October 31, 2003)
This paper provides a discussion of how the two related fields of encryption and hash functions are complementary, not replacement technologies for one another.
PDF BUSINESS PARTNER VPN: NEEDED NOW
By: Karen Duncanson (posted on October 31, 2003)
This paper takes a look at Business Partner VPN and focus on challenges now being dealt with in the face of requirements for a VPN that promises end to end security between two separate business entities and even between the users within those entities.
PDF Remote Access VPN - Security Concerns and Policy Enforcement
By: Mike Stines (posted on October 31, 2003)
The recommendations contained within this paper can assist in a secure and successful implementation of a remote-access VPN.
PDF The Risks Involved With Open and Closed Public Key Infrastructure
By: Philip Hlavaty (posted on October 31, 2003)
This paper will present some of the risks and liability issues involved with PKI, such as the enormous risks behind the open PKI model and why it never flourished in the marketplace.
PDF The mathematics behind the security features that the computing industry takes for granted
By: Ricky Wald (posted on October 31, 2003)
This paper aims to explain mathematical/encryption concepts that are fundamental to security as it was in the past, as it is today and my vision for the future.
PDF A Consumer Guide for Personal File and Disk Encryption Programs
By: Scott Baldwin (posted on October 31, 2003)
This paper will give you the knowledge to select an encryption product that matches your needs.
PDF Is the future of cryptography in qubits
By: Wayne Redmond (posted on October 31, 2003)
In a beautiful irony, quantum computers may break current cryptography but quantum mechanics also offer hope to cryptography in quantum key distribution.
PDF Cryptography: What is secure?
By: Willy Jiang (posted on October 31, 2003)
This paper looks at how security is achieved by discussing basic substitution and transposition operations, to get an appreciation of security in cryptography and recommend basic approach to implement cryptography.
PDF PGP for Everyday Use
By: Jeremy Hoel (posted on October 31, 2003)
This paper has shown how to get PGP, protect files on your drive, protect your e-mail messages and manipulate your key ring.
PDF IPSec Interoperability between OpenBSD, Linux and Sonicwall
By: Daniel de Young (posted on October 31, 2003)
This paper discusses OpenBSD project, Linux FreeS/WAN project and Sonicwall Inc., each providing cost effective IPSec implementations with excellent reliability and some of the issues surrounding their interoperability.
PDF Demystifying DSS: The Digital Signature Standard
By: Richard Brehove (posted on October 31, 2003)
This paper examines the requirements of signatures, outlines the technologies involved in creating digital signatures, and describes the components of the Digital Signature Standard (DSS).
PDF Security Implications of SSH
By: Bill Pfeifer (posted on October 31, 2003)
This paper provides a high-level discussion of some of the security considerations associated with SSH, as well as some potential methods of addressing those considerations.
PDF Prime Numbers in Public Key Cryptography
By: Gerald Crow (posted on October 31, 2003)
This paper explores some of the basic properties of prime numbers and several theorems associated with them, and presents moderate detail on two of the most common asymmetric algorithms and the manner in which they employ prime numbers.
PDF When Security Counts: Securing a Test Server with a VPN Connection
By: Patricia Hulsey (posted on October 31, 2003)
This paper describes the design choices of a deployment for a router-to-router VPN connection using the Windows 2000 platform VPN server.
PDF Quantum Cryptography: Is Your Data Safe Even When Somebody Looks?
By: Tom Klitsner (posted on October 31, 2003)
While, for the most part, quantum computing devices are decades away (at least) from being practical, in the area of quantum cryptography - in particular the secure distribution of cryptographic keys - there exist strategies and systems that are feasible (perhaps even practical) today.
PDF PGP: A Hybrid Solution
By: Jessica J. Benz (posted on October 31, 2003)
Symmetric and asymmetric cryptography both have advantages and disadvantages that will be discussed in this paper.
PDF What Is an MPLS VPN Anyway?
By: Kelly DeGeest (posted on October 31, 2003)
This paper will give a basic understanding of how a MPLS VPN works.
PDF Identification with Zero Knowledge Protocols
By: Annarita Giani (posted on October 31, 2003)
The idea of proving knowledge of some assertion without revealing any information about the assertion itself is very attractive. This paper discusses Zero-Knowledge protocols which allow this kind of scenario.
PDF Quantum Encryption vs Quantum Computing: Will the Defense or Offense Dominate?
By: Bob Gourley (posted on October 31, 2003)
Quantum encryption will soon provide unbreakable ciphers and this paper examines these topics by providing a snapshot of current research.
PDF Virtual Network Computing and Secure Shell
By: Damian Koziel (posted on October 31, 2003)
Many hightech professionals to work from home increasing the system administrator's challenge of maintaining and troubleshooting a company's heterogeneous and sprawling computing system from a central location through Virtual Network Computing.
PDF The Day DES Died
By: Paul Van De Zande (posted on October 31, 2003)
This paper takes a look at DES, the characteristics of the RSA challenges and compare DES to other cryptosystems to discover which ones are secure and why.
PDF Encryption Regulation: A First Amendment Perspective
By: Linda K. Mickna (posted on October 31, 2003)
Through the use of cryptography, communications and information transmitted and stored by computers can be protected from unauthorized access.
PDF Interoperability in PKI
By: Roger Pyon (posted on October 31, 2003)
This paper will introduce some of the interoperability issues in PKI which applies to processing and managing the establishment of those trust and the challenges it faces.
PDF An Overview of Computer Security as Told Through War Stories
By: Ronald Seidl (posted on October 31, 2003)
This paper discusses awareness training by telling stories that show problems in way that most people can clearly see.
PDF One Fish, Two Fish, Red Fish, Blowfish A History of Cryptography and it's Application in Soci
By: Joseph Kasten (posted on October 31, 2003)
Crypto sciences are used in almost every electronic device to ordinary computer based software on the home personal computer.
PDF Securing Remote Users VPN Access to Your Company LAN
By: Klavs Klavsen (posted on October 31, 2003)
This paper is intended to be an introduction to the Security issues you face and the solutions you can choose between, when you want to give your remote users access to your Company Network via VPN.
PDF A Business Perspective on PKI: Why Many PKI Implementations Fail, and Success Factors To Consider
By: Leslie Peckham (posted on October 31, 2003)
This paper is intended to provide an overview of PKI and how a PKI implementation affects the entire organization.
PDF A Discussion of SSH Secure Shell
By: Shawn Lewis (posted on October 31, 2003)
The purpose of this paper is to build on the Introduction to SSH Secure Shell paper written by Damian Zwamborn (www.sans.org/infosecFAQ/encryption.intro_SSH.htm).
PDF History of Encryption
By: Melis Jackob (posted on October 31, 2003)
This paper shows that the field of Cryptography has evolved tremendously since the Assyrian and Egyptian time, and as the technology progresses, it will be easier to cultivate the power of distributed processing and break the different encryption algorithms such DES or triple DES.
PDF Quantum Encryption - A Means to Perfect Security?
By: Bruce Auburn (posted on October 31, 2003)
This paper addresses the issue of public key cryptography.
PDF NAT Traversal: Peace Agreement Between NAT and IPSec
By: Haluk Aydin (posted on October 31, 2003)
After merging two different works from different vendors, NAT-T is the most promising solution for the near future so that some vendors started implementing it in their VPN products.
PDF Who's Who in AES?
By: Kyle Jones (posted on October 31, 2003)
This paper is going to introduce the new Advanced Encryption Standard, or AES, the winning algorithm, its competitors, the specifications set forth, and decision making process of NIST.
PDF Implementing NAT on Checkpoint Firewall-1
By: Eugene Ng (posted on October 31, 2003)
This paper addresses implementing secure NAT rules and policies and excellent documentation on network topologies.
PDF Protecting Sensitive Data in Secure Domains
By: Mikael Trosell (posted on October 31, 2003)
The basic idea of Secure Domains is to move parts of the network into secure zones, either based on the classification of the data or their being part of a project that can be centralized in a specific zone and are considered as sensitive.
PDF Key and Certificate Management in Public Key Infrastructure Technology
By: Sriram Ranganathan (posted on October 31, 2003)
The intent of this paper is to provide an overview and briefly discuss the various phases involved in Key and Certificate management.
PDF The Advanced Encryption System (AES) Development Effort: Overview and Update
By: William M. Tatun (posted on October 31, 2003)
The purpose and objective of this paper is to provide a brief overview of where we've been and an update of where we are headed in the United States Department of Commerce's quest for a suitable standard algorithm that can be used to protect sensitive data in the future.
PDF Implementing PKI in a Heterogeneous Environment A Primer on Digital Certificate And Key Formats
By: Tim R. Sills (posted on October 31, 2003)
This document will discuss the various file formats for both X.509 digital certificates and encryption keys.
PDF The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem
By: Bradley Fulton (posted on October 31, 2003)
This paper highlights the need for security professionals and management to not overlook the weakest link in security systems - that being the human factor.
PDF E-Mail Security with S/MIME
By: George Kuzmowycz (posted on October 31, 2003)
The intent of this paper is to present an overview of the history, design, usage and the current state of market and community acceptance of S/MIME while contrasting it, where appropriate, to PGP.
PDF AES: The Making of a New Encryption Standard
By: Mitch Richards (posted on October 31, 2003)
This paper describes the issues, programs, and processes related to the development of standards.
PDF Public Key Infrastructure Issues in an Academic Healthcare Setting
By: Liviu Groza (posted on October 31, 2003)
The paper intends to give a general overview several specific issues related to the PKI deployment process emphasizing the particularities of a mixed environment.
PDF IPsec's Role in Network Security: Past, Present, Future
By: Christopher Smith (posted on October 31, 2003)
IPSec is used to create tunnels for Virtual Private Networks (VPN), and also provide confidentiality, authenticity, and integrity of data through use of encryption algorithms.
PDF Implementing "Dual-Sided" VPN's
By: Kenneth Boudreaux (posted on October 31, 2003)
This paper discusses a solution for using a public network for data communications that could satisfy the security requirements for data transmission.
PDF Integrate HMAC Capable Token into User Authentication Mechanism and Public Key Infrastructure
By: Shanhui Tan (posted on October 31, 2003)
This paper describes using a HMAC capable token in user authentication or public key infrastructure (PKI) to derive user private key or produce message digest for digital signature scheme.
PDF Using SSL with Client Access Express for AS/400
By: Jose Guerrero (posted on October 31, 2003)
This paper is meant to help those who are in need of securing a Client Access connection with their AS/400.
PDF Analysis of a Secure Time Stamp Device
By: Chris Russell (posted on October 31, 2003)
This paper discusses the design of a Secure Time Stamp device used to securely timestamp digital data, such as computer documents, files, and raw binary data of arbitrary format.
PDF Strong Authentication and Authorization model Using PKI, PMI, and Directory
By: Jong Wook Lee (posted on October 31, 2003)
This paper presents a strong authentication and authorization model using three standard frameworks.
PDF Securing Certificate Revocation List Infrastructures
By: Eddie Turkaly (posted on October 31, 2003)
This paper takes a closer look at the security issues when implementing a secure CRL infrastructure.
PDF Cryptographic Services - A Brief Overview
By: Larry D Bennett (posted on October 31, 2003)
This paper examines the use of cryptography in implementing the services of authentication, integrity, non-repudiation, and confidentiality.
PDF PKI and Information Security Awareness: Opportunity and Obligation
By: Jerry K Brown (posted on October 31, 2003)
This paper discusses the single most difficult criterion for a successful PKI rollout: user acceptance.
PDF Cryptanalysis of RSA: A Survey
By: Carlos Cid (posted on October 31, 2003)
In this paper we give a survey of the main methods used in attacks against the RSA cryptosystem. We describe the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of the algorithm.
PDF A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols
By: David A. Carts (posted on October 31, 2003)
This paper will present an overview of the Diffie-Hellman Key Exchange algorithm and review several common cryptographic techniques in use on the Internet today that incorporate Diffie-Hellman.
PDF Basic Cryptanalysis Techniques
By: Craig Smith (posted on October 31, 2003)
Because of the complexity involved with cryptanalysis work, this paper focuses on the basic techniques needed to decipher monoalphabetic encryption ciphers and cryptograms.
PDF Implementing Site-to-Site IPSec Between a Cisco Router and Linux FreeS/WAN
By: Neil L. Cleveland (posted on October 31, 2003)
This paper begins by providing a brief overview of IPSec, the features, differences, issues surrounding Cisco's IOS IPSec offering versus the FreeS/WAN offering and then describes an example implementation.
PDF Stunnel: SSLing Internet Services Easily
By: Wesley Wong (posted on October 31, 2003)
This paper provides a method to securely use existing clear-text protocols under SSL without any need to modify the existing software or source code.
PDF Knock Knock...Who's there? Do you know who is accessing your VPN?
By: Norma Jean Schaefer (posted on October 31, 2003)
Although VPNs secure data across public networks, potential information security risks include remote users' networks, PCs, systems, and this paper focuses on the need for strong authentication.
PDF Comparing BGP/MPLS and IPSec VPNs
By: Gary Alterson (posted on October 31, 2003)
This paper gives an overview of MPLS and then discusses the mechanisms used to provide VPNs based upon BGP/MPLS and IPSec.
PDF An Overview of Hardware Security Modules
By: Jim Attridge (posted on October 31, 2003)
This paper intends to introduce the concept of a cryptographic hardware device. It will describe its functions, uses and implementations.
PDF Multiprotocol Label Switching Virtual Private Networks and the enterprise - Do they fit in the security model?
By: Michael Stoos (posted on October 31, 2003)
Multiprotocol label switching virtual private networks have gained press as a new service provider method to provide a secure path in the public Internet space.
PDF Roll Your Own Crypto Services (Using Open Source and Free Cryptography)
By: Edward C. Donahue (posted on October 31, 2003)
This paper surveys the open source software available to secure the most common applications: email and file encryption, web access and server oriented services, IPsec and VPNs, and finally, remote session encryption.
PDF Secure Access of Network Resources by Remote Clients
By: Glendon MacDonald (posted on October 31, 2003)
This paper will identify the threats that remote access poses to corporate network security including those involving hackers, malicious applications and the use of weak access and physical controls.
PDF Vulnerability's of IPSEC: A Discussion of Possible Weaknesses in IPSEC Implementation and Pro
By: Daniel Clark (posted on October 31, 2003)
This paper will discuss the protocol suite IPSEC, with a view to analyzing the various weaknesses have been or could be identified within the protocol.
PDF Decommissioning Certification Authorities
By: Claudia N. Lukas (posted on October 31, 2003)
This paper reviews these guidelines and discusses terminating a Certification Authority.
PDF The Ease of Steganography and Camouflage
By: John Bartlett (posted on October 31, 2003)
In this paper we will look at the ease of use of one particular program, and the ability to detect steganographic material created by the program.
PDF A Vulnerability Assessment of Roaming Soft Certificate PKI Solutions
By: Stephen Wilson (posted on October 31, 2003)
This paper highlights the security engineering and deployment considerations by presenting a systematic vulnerability assessment of the common roaming architecture.
PDF PKI, The What, The Why, and The How
By: Duncan Wood (posted on October 31, 2003)
This paper discusses Public Key Architecture (PKI) and why governments are introducing legislation for information privacy.
PDF VPN-1 SecureClient - Check Point's Solution for Secure Intranet Extension
By: Ryan Gibbons (posted on October 31, 2003)
This paper addresses why SecureClient is widely compatible and has a small footprint, making it appealing to organizations that use Check Point products and are considering such functionality.
PDF Infrastructure Design Considerations When Using Client Certificates
By: Tim Hollingshead (posted on October 31, 2003)
This paper will investigate some of the considerations that should be evaluated when looking to bring a new technology into the design of an application.
PDF Creating a Secure VPN with Cisco Concentrator and ACE Radius/SecurID
By: Nathan Lasnoski (posted on October 31, 2003)
Using a VPN, companies can expand the reach of their corporate network beyond their expensive leased lines by using the assets provided by the Internet.
PDF Cryptography - Business Value Behind the Myth
By: Jeff Christianson (posted on October 31, 2003)
The purpose of this paper is to help information technology professionals make informed decisions about using cryptographic solutions to secure electronic business transactions.
SANS Reading Room

I have attended many conferences/training sessions, and SANS by far has been the best. The instructors are the top in the industry, examples are from real life experiences - terrific!
-Chris Bush, Novartis Pharmaceuticals

SANS Critical Security Controls Summit 2013 - Washington

Latest Whitepapers

Web Application Injection Vulnerabilities: A Web App&#039;s Security Nemesis?
By Erik Couture

Electronic Medical Records: Success Requires an Information Security Culture
By Thomas Roberts

Analyzing Polycom&reg; Video Conference Traffic
By Chris Cain

Latest Tweets

#windowssecurity "Windows Security Course: Las Vegas in Sept [...]
June 7, 2013 - 5:47 AM

New Blog Post: Windows Memory Analysis In-Depth - Discount C [...]
June 7, 2013 - 12:37 AM

Save $500 through 6/12 on important cybersecurity courses at [...]
June 6, 2013 - 10:05 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU