SANS Information Security Reading Room 25 Computer Security Papers added to the Reading RoomKohanaPHPBlueprint for CIS Control Application: Securing the SAP Landscape data breach can be expensive, but the potential cost rises with the value or exploitability of the data targeted in an attack.Thu, 26 May 2016 00:00:00 +0000Critical Security Controls: Software Designed Inventory, Configuration, and Governance events of September 11, 2001, show us how isolated communication and the inability to share intelligence could paralyze decision making (Johnston, 2003).Tue, 24 May 2016 00:00:00 +0000Assessing Application Security: A Buyer's Guide realize that application security (AppSec) is key to protecting their data and the IT assets that contain it.Mon, 23 May 2016 00:00:00 +0000Managing Accepted Vulnerabilities day a new vulnerability is discovered in a piece of code or software and shortly afterwards the news of a new virus, malware, or hack is being used to exploit the vulnerability.Fri, 20 May 2016 00:00:00 +0000An Approach to Reducing Federal Data Breaches July of 2015, The United States Office of Personnel Management (OPM) disclosed a series of data breaches, collectively referred to as the OPM data breach, that exposed the personally identifiable information (PII) of more than 20 million of American citizens (Bisson, 2015). Tue, 17 May 2016 00:00:00 +0000Extending your Business Network through a Virtual Private Network (VPN)’s safe to assume that most individuals reading this paper have leveraged a Virtual Private Network (VPN) at some point in their life, many on a daily basis. Tue, 17 May 2016 00:00:00 +0000Basic Reverse Engineering with Immunity Debugger Engineering is an intriguing art, but also one of the most difficult topics in Security and Malware Analysis. Skilled reverse engineers have an in-depth knowledge of Assembly language, of processor architectures and a great familiarity with the most important debuggers. However, there is a lot of information that can be gathered with an even essential knowledge of debuggers and Assembler. This paper shows some very basic, but very useful, reverse engineering steps carried out with a great debugger, Immunity Debugger.Mon, 09 May 2016 00:00:00 +0000Full Packet Capture Infrastructure Based on Docker Containers today’s world, it is common to hear news about organizations being breached by malicious actors, even in highly protected environments; the risk of being exploited is always present, when an incident has already occurred, a full packet capture provides invaluable information to effectively backtrack the event in question.Fri, 06 May 2016 00:00:00 +0000Methods for Understanding and Reducing Social Engineering Attacks engineering is arguably the easiest way for an attacker to penetrate the defenses of an organization. Tue, 03 May 2016 00:00:00 +0000Tagging Data to Prevent Data Leakage (Forming Content Repositories) order to protect sensitive data, it must be secured at rest, during transit and when in use (Aaron, 2013).Tue, 03 May 2016 00:00:00 +0000Enterprise Survival Guide for Ransomware Attacks or cryptolocker is a type of malware that can be covertly installed on a computer without knowledge or intention of the user.Tue, 03 May 2016 00:00:00 +0000Case Study: How CIS Controls Can Limit the Cascading Failures During an Attack day it seems that new information becomes public about the latest data breach. Tue, 03 May 2016 00:00:00 +0000ISE6100 GIAC Enterprises - Open Source SIEM - Read Me First by Stephen Northcutt. Three students from the SANS Technology Institute, (Alyssa Robinson, David Fletcher, and Wes Whitteker) were assigned the following project for their ISE-M 6100 coursework. There are three files, a Step by Step, a presentation, and a Lessons Learned document.Fri, 29 Apr 2016 00:00:00 +0000ISE6100 GIAC Enterprises Final Step By Step Description Enterprises, a small to medium size business, has grown to a point where their current manual log analysis process is no longer efficient or effective. As such, GIAC Enterprises was forced to look for a SIEM solution that automates the correlation and analysis of system logs. GIAC Enterprises had a significant financial constraint, which required them to focus their investigation on several open source solution options. After investigation, GIAC Enterprises settled on AlienVault’s OSSIM product for their solution. The result of this research is the following OSSIM implementation guide.Fri, 29 Apr 2016 00:00:00 +0000ISE6100 GIAC Enterprises Final Presentation SIEM PILOT IMPLEMENTATION PROJECTFri, 29 Apr 2016 00:00:00 +0000ISE6100 GIAC Enterprises Final Lessons Learned following is Lessons Learned from the ISE 6100 project which commenced on March 22nd 2016. The objective of this project was to evaluate, select, and implement an open source Security Information and Event Management (SIEM) solution for the fictional corporation known as GIAC Enterprises. GIAC Enterprises is in the business of collecting fortunes from direct employees and contractors. These fortunes are GIAC Enterprises intellectual property. The ideal SIEM will enhance the detective capacity of GIAC Enterprises.Fri, 29 Apr 2016 00:00:00 +0000Creating a Secure and Compliant Digital Forensics and Incident Response Network with Remote Access stories involving data breaches, cybercrime, and conversely, crimes solved with digital forensics, are becoming daily occurrences. Fri, 29 Apr 2016 00:00:00 +0000Cloud Security Framework Audit Methods have become more mobile, threats have evolved, and actors have become smarter. Users distribute information across multiple locations, many of which are not currently within the organization’s infrastructure. Wed, 27 Apr 2016 00:00:00 +00002016 State of Application Security: Skills, Configurations and Components results reveal that it is critical for an overall enterprise security program to coordinate efforts among developers, architects and system administrators—particularly since many software vulnerabilities are rooted in configuration issues or third-party components, not just in code written by the development team. Read on to learn more.Tue, 26 Apr 2016 00:00:00 +0000Improving Application and Privilege Management: Critical Security Controls Update, 25 Apr 2016 00:00:00 +0000Using Sulley to Protocol Fuzz for Linux Software Vulnerabilities Fuzzers are useful for discovering vulnerabilities in software services. Sulley is a common fuzzer with an ability to fuzz network protocols. This paper will describe the process for using Sulley to fuzz for a vulnerability in an implementation of the unencrypted telnet protocol. Specifically, Sulley will be used to detect the vulnerability that was found in CVE-2011-4862 implemented on the RedHat Enterprise Linux 3 distribution.Mon, 25 Apr 2016 00:00:00 +0000Incident Response in Amazon EC2: First Responders Guide to Security Incidents in the Cloud Head of Digital Forensics for Payment Software Company Inc. (“PSC”), a company that focuses exclusively on Clients that accept or process payments,1 we’ve responded to sites operating within cloud environments, most notably Amazon EC2. Thu, 21 Apr 2016 00:00:00 +0000Catching Flies: A Guide to the Various Flavors of Honeypots the concept of baiting adversaries in order to monitor their activities is nothing new, honeypotting has evolved into a critical tool in information security analysis. Recent years have given rise to advances in the detection of network intrusions such as honeynets, honeytokens and adaptive honeypots. This paper will explore modern applications, as well as the legal and technical considerations behind emerging honeypot solutions in the dynamic blockage of emerging attack vectors and the potential exploitation of advanced persistent threats. Tue, 19 Apr 2016 00:00:00 +0000Neutrino Exploit Kit Analysis and Threat Indicators Kits are powerful and modular digital weapons that deliver malware in an automated fashion to the endpoint. Exploit Kits take advantage of client side vulnerabilities. These threats are not new and have been around for the past 10 years at least. Nonetheless, they evolved and are now more sophisticated than ever. The malware authors behind them enforce sophisticated capabilities that evade detection, thwart analysis and deliver reliable exploits. These properties make detection and analysis difficult. This paper demonstrates a set of tools and techniques to perform analysis of the Neutrino Exploit Kit. The primary goal is to grow security expertise and awareness about these types of threats. Those empowered to defend users and corporations should not only study these threats, they must also be deeply involved in their analysis.Wed, 13 Apr 2016 00:00:00 +0000BitTorrent & Digital Contraband is a popular peer-to-peer file transfer program that allows participants in a swarm to exchange pieces with each other during the downloading process. Wed, 13 Apr 2016 00:00:00 +0000