Featuring the 25 most popular papers within the past year as of April 24, 2017
Packets Don't Lie: LogRythm NetMon Freemium Review Analyst Paper
by Dave Shackleford - January 18, 2017 in Intrusion Detection, Data Loss Prevention
- Associated Webcasts: Packets Don’t Lie: What’s Really Happening on Your Network?
- Sponsored By: LogRhythm
With more traffic than ever passing through our environments, and adversaries who know how to blend in, network security analysts need all the help they can get. At the same time, data is leaking out of our environments right under our noses. This paper investigates how LogRhythm’s Network Monitor Freemium (NetMon Freemium) Version 3.2.3 provides intelligent monitoring, and helps organizations to identify sensitive data leaving the network and to respond when loss occurs.
The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare STI Graduate Student Research
by Terrence OConnor - February 14, 2012 in Attacking Attackers, Information Warfare
We live in an era where a single soldier can digitally leak thousands of classified documents (possibly changing the course of war), attackers can compromise unmanned drone control software and intercept unencrypted video feeds, and recreational hackers can steal and release personal information from members of cyber think-tanks.
The DevSecOps Approach to Securing Your Code and Your Cloud Analyst Paper
by Dave Shackleford - February 7, 2017 in Security Trends, Threats/Vulnerabilities
- Sponsored By: CloudPassage
DevSecOps, at heart, is about collaboration. More specifically, it is continual collaboration between information security, application development and IT operations teams. Having all three teams immersed in all development and deployment activities makes it easier for information security teams to integrate controls into the deployment pipeline without causing delays or creating issues by implementing security controls after systems are already running. Despite the potential benefits, getting started with DevSecOps will likely require some cultural changes and considerable planning, especially when automating the configuration and security of assets in the cloud. To help the shift toward a more collaborative culture, security teams need to integrate with the developers who are promoting code to cloud-based applications to show they can bring quality conditions to bear on any production code push without slowing the process. Security teams should also work with QA and development to define the key qualifiers and parameters that need to be met before any code can be promoted. This paper also has an additional resource titled, "DevSecOps Transformation: The New DNA of Agile Business". The resource can be accessed by clicking this link.
Disaster Recovery Plan Strategies and Processes by Bryan Martin - March 5, 2002 in Disaster Recovery
This paper discusses the development, maintenance and testing of the Disaster Recovery Plan, as well as addressing employee education and management procedures to insure provable recovery capability.
Tracking Malware With Public Proxy Lists by James Powers - January 27, 2011 in Malicious Code, Tools
The Web was born on Christmas Day, 1990 when the CERN Web server (CERN httpd 1.0) went online. By version 2.0, released in 1993, CERN httpd, was also capable of performing as an application gateway. By 1994, content caching was added. With the publication of RFC 1945 two years later, proxy capabilities were forever embedded into the HTTP specification (Berners-Lee, Fielding, & Frystyk, 1996).
Countering Impersonation, Spearphishing and Other Email-Borne Threats: A Review of Mimecast Targeted Threat Protection Analyst Paper
by Jerry Shenk - January 24, 2017 in Data Loss Prevention, Social Engineering
The FBI estimates that between October 2013 and August 2015, more than 7,000 U.S.-based organizations lost a total of $748 million to business email scams. Such scams rely on the same tricks as confidence artists in the real world: the appearance of legitimacy and the tendency of victims to go along with requests that appear to be on the up-and-up, without checking to be sure. In this whitepaper, SANS senior analyst Jerry Shenk evaluates Targeted Threat Protect, an email-security service from Mimecast that is focused on stopping sophisticated phishing attacks. Among its most difficult targets: “whaling” attacks that spoof high-level executives asking for sensitive data, access or the transfer of money to accounts owned by scammers.
Attack and Defend: Linux Privilege Escalation Techniques of 2016 STI Graduate Student Research
by Michael Long II - January 30, 2017 in Linux Issues, Privilege Management, Penetration Testing
Recent kernel exploits such as Dirty COW show that despite continuous improvements in Linux security, privilege escalation vectors are still in widespread use and remain a problem for the Linux community. Linux system administrators are generally cognizant of the importance of hardening their Linux systems against privilege escalation attacks; however, they often lack the knowledge, skill, and resources to effectively safeguard their systems against such threats. This paper will examine Linux privilege escalation techniques used throughout 2016 in detail, highlighting how these techniques work and how adversaries are using them. Additionally, this paper will offer remediation procedures in order to inform system administrators on methods to mitigate the impact of Linux privilege escalation attacks.
Building a World-Class Security Operations Center: A Roadmap Analyst Paper
by Alissa Torres - April 15, 2015
- Sponsored By: RSA
Explore how you can build a world-class security operations center (SOC) by focusing on the triad of people, process and technology.
Windows Logon Forensics by Sunil Gupta - March 12, 2013 in Forensics
Digital forensics, also known as computer and network forensics, is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.
Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 Analyst Paper
by John Pescatore - March 20, 2017 in Cloud Computing, Data Protection
- Associated Webcasts: 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security
Attackers are always changing their methods, but some cybersecurity trends are clear--and identifying these trends will help security professionals plan for addressing these issues in the coming year. Attacks will continue, and many will be successful. While security professionals should try to prevent a breach, it's far more critical to uncover breaches quickly and mitigate damage. Another significant trend for 2017: expanding current security measures to better protect data in the cloud and to address the security shortcomings of the Internet of Things. Even while fighting daily security fires, security managers can expect boards of directors to show more interest in their efforts. Board members are keenly aware that breaches can be high-profile catastrophes for companies, and they are also concerned that the organizations they oversee are in compliance with new and more stringent regulations. This whitepaper covers the latest and best security hygiene and common success patterns that will best keep your organization off the "Worst Breaches of 2017" lists.
Back to Basics: Focus on the First Six CIS Critical Security Controls Analyst Paper
by John Pescatore - January 24, 2017 in Best Practices, Data Protection
- Sponsored By: Tripwire, Inc.
Rather than a lack of choices in security solutions, a major problem in cyber security is an inability to implement mature processes - many organizations lack a defined and repeatable process for selecting, implementing and monitoring the security controls that are most effective against real-world threats. This paper explores how the Center for Internet Security (CIS) Critical Security Controls has proven to be an effective framework for addressing that problem.
SANS 2016 Security Analytics Survey Analyst Paper
by Dave Shackleford - December 6, 2016 in Security Analytics and Intelligence
- Associated Webcasts: Security Analytics in Action: SANS Fourth Annual Security Analytics Survey - Part 1 Part 2 | SANS Security Analytics Survey Results: What\'s Working? What\'s Not?
- Sponsored By: LogRhythm Rapid7 Inc. AlienVault Lookingglass Cyber Solutions, Inc. Anomali
Survey respondents have become more aware of the value of analytics and have moved beyond using them simply for detection and response to using them to measure and aid in improving their overall risk posture. Still, we’ve got a long way to go before analytics truly progresses in many security organizations. Read on to learn more.
Forensication Education: Towards a Digital Forensics Instructional Framework STI Graduate Student Research
by J. Richard “Rick” Kiper - February 3, 2017 in Best Practices, Forensics, Training
The field of digital forensics is a diverse and fast-paced branch of cyber investigations. Unfortunately, common efforts to train individuals in this area have been inconsistent and ineffective, as curriculum managers attempt to plug in off-the-shelf courses without an overall educational strategy. The aim of this study is to identify the most effective instructional design features for a future entry-level digital forensics course. To achieve this goal, an expert panel of digital forensics professionals was assembled to identify and prioritize the features, which included general learning outcomes, specific learning goals, instructional delivery formats, instructor characteristics, and assessment strategies. Data was collected from participants using validated group consensus methods such as Delphi and cumulative voting. The product of this effort was the Digital Forensics Framework for Instruction Design (DFFID), a comprehensive digital forensics instructional framework meant to guide the development of future digital forensics curricula.
Preparing for Compliance with the General Data Protection Regulation (GDPR) A Technology Guide for Security Practitioners Analyst Paper
by Benjamin Wright - March 7, 2017 in Data Protection, Legal Issues
- Associated Webcasts: Complying with the General Data Protection Regulation: A Guide for Security Practitioners
- Sponsored By: Skybox Security, Inc.
The General Data Protection Regulation (GDPR) is the latest data security legislation in the European Union. When it goes into effect, it can apply widely to various organizations, including those without a physical presence in the European Union. What does this complex regulation mean and what does your organization need to do to comply? This paper explains these as well as how to identify a Data Protection Officer and what this person needs to know to be effective. It also provides a checklist for compliance with concise, practical information your organization can begin using now.
Penetration Testing: Assessing Your Overall Security Before Attackers Do Analyst Paper
by Stephen Northcutt, Jerry Shenk, Dave Shackleford, Tim Rosenberg, Raul Sile, Steve Mancini - November 17, 2006 in Penetration Testing
- Sponsored By: Core Security Technologies
CORE IMPACT provides a stable, quality-assured testing tool that can be used to accurately assess systems by penetrating existing vulnerabilities.
An Introduction to Information System Risk Management by Steve Elky - June 6, 2006 in Auditing & Assessment
Key elements of information security risk, offering insight into risk assessment methodologies.
Tor Browser Artifacts in Windows 10 STI Graduate Student Research
by Aron Warren - February 24, 2017 in Forensics
The Tor network is a popular, encrypted, worldwide, anonymizing virtual network in existence since 2002 and is used by all facets of society such as privacy advocates, journalists, governments, and criminals. This paper will provide a forensic analysis of the Tor Browser version 5 client on a Windows 10 host for an individual or group interested in remnants left by the software. This paper will utilize various free and commercial tools to provide a detailed analysis of filesystem artifacts as well as a comparison between pre- and post- connection to the Tor network using memory analysis.
Building and Maintaining a Denial of Service Defense for Businesses STI Graduate Student Research
by Matt Freeman - January 25, 2017 in Critical Controls, Getting Started/InfoSec, Security Trends
Distributed Denial of Service (DDoS) attacks have been around for decades but still cause problems for most businesses. While easy to launch, DDoS attacks can be difficult to sustain and even more difficult to monetize for attackers. From the business perspective, a DDoS attack might result in lost revenue but is unlikely to have the same long term impact that a data breach may have. Recent changes in the IT landscape have made DDoS a more attractive attack vector for hackers. The industry trend to connect more and more devices to the Internet (often with minimal to no security), dubbed the "Internet of Things" has created a new marketplace for bad actors to sell their resource exhaustion services. Businesses need to consider all options when planning and implementing a defensive posture against denial of service attacks. As security vendors continue to offer new (and expensive) options to defend against these attacks, how does an InfoSec manager know which is best for their business. Using an "Offense informs the Defense" approach, this paper will analyze the methods used during DDoS attacks in order to determine the most appropriate defensive postures.
Obfuscation and Polymorphism in Interpreted Code by Kristopher L. Russo - February 10, 2017 in Active Defense, Forensics, Malicious Code
Malware research has operated primarily in a reactive state to date but will need to become more proactive to bring malware time to detection rates down to acceptable levels. Challenging researchers to begin creating their own code that defeats traditional malware detection will help bring about this change. This paper demonstrates a sample code framework that is easily and dynamically expanded on. It shows that it is possible for malware researchers to proactively mock up new threats and analyze them to test and improve malware mitigation systems. The code sample documented within demonstrates that modern malware mitigation systems are not robust enough to prevent even the most basic of threats. A significant amount of difficult to detect malware that is in circulation today is evidence of this deficiency. This paper is designed to demonstrate how malware researchers can approach this problem in a way that partners researchers with vendors in a way that follows code development from ideation through design to implementation and ultimately on to identification and mitigation.
DevSecOps Transformation: The New DNA of Agile Business Analyst Paper
by Dave Shackleford - February 21, 2017 in Security Trends, Threats/Vulnerabilities
This is an additional resource that accompanies the analyst paper, "The DevSecOps Approach to Securing Your Code and Your Cloud". To view the paper please click this link.
All papers are copyrighted. No re-posting or distribution of papers is permitted.