Featuring the 25 most popular papers within the past week as of April 30, 2016
2016 State of Application Security: Skills, Configurations and Components
by Johannes Ullrich, PhD - April 26, 2016 in Application and Database Security, Best Practices
- Associated Webcasts: Managing Applications Securely: A SANS Survey
- Sponsored By: WhiteHat Security Veracode Checkmarx Inc.
Survey results reveal that it is critical for an overall enterprise security program to coordinate efforts among developers, architects and system administratorsparticularly since many software vulnerabilities are rooted in configuration issues or third-party components, not just in code written by the development team. Read on to learn more.
Incident Response in Amazon EC2: First Responders Guide to Security Incidents in the Cloud
by Tom Arnold - April 21, 2016 in Cloud Computing, Forensics, Incident Handling
As Head of Digital Forensics for Payment Software Company Inc. (PSC), a company that focuses exclusively on Clients that accept or process payments,1 weve responded to sites operating within cloud environments, most notably Amazon EC2.
Improving Application and Privilege Management: Critical Security Controls Update
by John Pescatore - April 25, 2016
- Associated Webcasts: Overcome Privilege Management Obstacles with CSC v. 6
- Sponsored By: Appsense
Neutrino Exploit Kit Analysis and Threat Indicators
by Luis Rocha - April 13, 2016 in Intrusion Detection, Malicious Code
Exploit Kits are powerful and modular digital weapons that deliver malware in an automated fashion to the endpoint. Exploit Kits take advantage of client side vulnerabilities. These threats are not new and have been around for the past 10 years at least. Nonetheless, they evolved and are now more sophisticated than ever. The malware authors behind them enforce sophisticated capabilities that evade detection, thwart analysis and deliver reliable exploits. These properties make detection and analysis difficult. This paper demonstrates a set of tools and techniques to perform analysis of the Neutrino Exploit Kit. The primary goal is to grow security expertise and awareness about these types of threats. Those empowered to defend users and corporations should not only study these threats, they must also be deeply involved in their analysis.
SSL and TLS: A Beginners Guide
by Holly McKinley - May 12, 2003 in Protocols
This paper particularly serves as a resource to those who are new to the information assurance field, and provides an insight to two common protocols used in Internet security.
Cloud Security Framework Audit Methods
by Diana Salazar - April 27, 2016 in Cloud Computing
Users have become more mobile, threats have evolved, and actors have become smarter. Users distribute information across multiple locations, many of which are not currently within the organizations infrastructure.
Using Sulley to Protocol Fuzz for Linux Software Vulnerabilities
by Aron Warren - April 25, 2016 in Penetration Testing
Fuzzers are useful for discovering vulnerabilities in software services. Sulley is a common fuzzer with an ability to fuzz network protocols. This paper will describe the process for using Sulley to fuzz for a vulnerability in an implementation of the unencrypted telnet protocol. Specifically, Sulley will be used to detect the vulnerability that was found in CVE-2011-4862 implemented on the RedHat Enterprise Linux 3 distribution.
Penetration Testing: Assessing Your Overall Security Before Attackers Do
by Stephen Northcutt, Jerry Shenk, Dave Shackleford, Tim Rosenberg, Raul Sile, Steve Mancini - November 17, 2006 in Penetration Testing
- Sponsored By: Core Security Technologies
CORE IMPACT provides a stable, quality-assured testing tool that can be used to accurately assess systems by penetrating existing vulnerabilities.
Incident Handler's Handbook
by Patrick Kral - February 21, 2012 in Incident Handling
An incident is a matter of when, not if, a compromise or violation of an organization's security will happen.
Threat Hunting: Open Season on the Adversary
by Dr. Eric Cole - April 12, 2016 in Best Practices, Threats/Vulnerabilities
- Associated Webcasts: Open Season on Cyberthreats: Part 2- Threat Hunting Methodologies and Tools Open Season on Cyberthreats: Part I- Threat Hunting 101
- Sponsored By: Hewlett Packard Enterprise Carbon Black DomainTools Endgame Sqrrl Data, Inc. Malwarebytes
Nearly 86% of organizations responding to the survey want to be doing the hunting, albeit informally, as more than 40% do not have a formal threat hunting program in place. Results indicate that hunting is providing benefits, including finding previously undetected threats, reducing attack surfaces and enhancing the speed and accuracy of response by using threat hunting. They also suggest that organizations want to improve their threat-hunting programs and realize more benefits from threat hunting.
Disaster Recovery Plan Strategies and Processes
by Bryan Martin - March 5, 2002 in Disaster Recovery
This paper discusses the development, maintenance and testing of the Disaster Recovery Plan, as well as addressing employee education and management procedures to insure provable recovery capability.
Catching Flies: A Guide to the Various Flavors of Honeypots
by Scott Smith - April 19, 2016 in Attacking Attackers
While the concept of baiting adversaries in order to monitor their activities is nothing new, honeypotting has evolved into a critical tool in information security analysis. Recent years have given rise to advances in the detection of network intrusions such as honeynets, honeytokens and adaptive honeypots. This paper will explore modern applications, as well as the legal and technical considerations behind emerging honeypot solutions in the dynamic blockage of emerging attack vectors and the potential exploitation of advanced persistent threats.
BYOB: Build Your Own Botnet
by Francois Begin - August 17, 2011 in Covert Channels, Malicious Code, Threats/Vulnerabilities
A recent report on botnet threats (Dhamballa, 2010) provides a sobering read for any security professional. According to its authors, the number of computers that fell victim to botnets grew at the rate of 8%/week in 2010, which translates to more than a six-fold increase over the course of the year.
An Introduction to Information System Risk Management
by Steve Elky - June 6, 2006 in Auditing & Assessment
Key elements of information security risk, offering insight into risk assessment methodologies.
Building a World-Class Security Operations Center: A Roadmap
by Alissa Torres - April 15, 2015
- Sponsored By: RSA
Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.
The Importance of Security Awareness Training
by Cindy Brodie - January 14, 2009 in Security Awareness
One of the greatest threats to information security could actually come from within your company or organization. Inside attacks have been noted to be some of the most dangerous since these people are already quite familiar with the infrastructure. It is not always disgruntled workers and corporate spies who are a threat. Often, it is the non-malicious, uninformed employee (CTG, 2008).
An Overview of Threat and Risk Assessment
by James Bayne - January 22, 2002 in Auditing & Assessment
The purpose of this document is to provide an overview of the process involved in performing a threat and risk assessment
Windows Logon Forensics
by Sunil Gupta - March 12, 2013 in Forensics
Digital forensics, also known as computer and network forensics, is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
Implementing a Vulnerability Management Process
by Tom Palmaers - April 9, 2013 in Threats/Vulnerabilities
A vulnerability is defined in the ISO 27002 standard as "A weakness of an asset or group of assets that can be exploited by one or more threats" (International Organization for Standardization, 2005).
Conducting a Penetration Test on an Organization
by Chan Wai - October 4, 2001 in Auditing & Assessment
A methodology for executing penetration testing.
The Fall of SS7 How Can the Critical Security Controls Help?
by Hassan Mourad - August 31, 2015 in Critical Controls
For decades, the security of one of the fundamental protocols in telecommunications networks, Signaling System No. 7 (SS7), has been solely based on the mutual trust between the interconnecting operators. Operators relied on their trust in other operators to play by the rules, and the SS7 network has been regarded as a closed trusted network. This notion of trust and security has recently changed after several security researchers announced major vulnerabilities in the SS7 protocol that threatens the users privacy and can lead to user location tracking, fraud, denial of service, or even call interception. In this paper we will discuss each individual attack and examine the possibility of using the critical security controls to protect against such attacks and enhance the security of SS7 interconnections.
Creating a Secure and Compliant Digital Forensics and Incident Response Network with Remote Access
by Scott Perry - April 29, 2016 in Critical Controls, Forensics, Incident Handling
News stories involving data breaches, cybercrime, and conversely, crimes solved with digital forensics, are becoming daily occurrences.
Easy Steps to Cisco Extended Access List
by Nancy Navato - July 5, 2001 in Network Devices
The purpose of this document is to explain in simple words how you can easily create an Extended Access List and apply it to your Cisco Router interface.
Wireless LAN: Security Issues and Solutions
by Rafidah Hamid - May 8, 2003 in Wireless Access
This paper gives brief information on the WLAN components and its architecture and examines the WLAN security threats (Denial of Service, Spoofing, and Eavesdropping); also discussed is how Wired Equivalent Privacy (WEP) works, (the IEEE 802.11b/WiFi standard encryption for wireless networking.)
Designing a Secure Local Area Network
by Daniel Oxenhandler - January 30, 2003 in Best Practices
This paper examines of some of the issues in designing a secure Local Area Network (LAN) and some of the best practices suggested by security experts.
All papers are copyrighted. No re-posting or distribution of papers is permitted.