Free and Open Source Software
Featuring 8 Papers as of March 17, 2017
Auto-Nuke It from Orbit: A Framework for Critical Security Control Automation STI Graduate Student Research
by Jeremiah Hainly - March 15, 2017
Over 83% of security teams report that the use of automation in security needs to increase within the next three years (Algosec, 2016). With automation becoming a reality for a growing number of companies, there will also be an increased demand for open-sourced scripts to get started. This paper will provide a framework for prioritizing and developing security automation and will demonstrate this process by creating a script to automate a common information security response procedure - the reimaging of an infected endpoint. The primary function of the script will be to access the application program interface (API) of various enterprise software solutions to speed up the manual tasks involved in performing a reimage.
Full Packet Capture Infrastructure Based on Docker Containers STI Graduate Student Research
by Mauricio Espinosa Gomez - May 6, 2016
In today’s world, it is common to hear news about organizations being breached by malicious actors, even in highly protected environments; the risk of being exploited is always present, when an incident has already occurred, a full packet capture provides invaluable information to effectively backtrack the event in question.
ISE6100 GIAC Enterprises Final Lessons Learned STI Graduate Student Research
by - April 29, 2016
The following is Lessons Learned from the ISE 6100 project which commenced on March 22nd 2016. The objective of this project was to evaluate, select, and implement an open source Security Information and Event Management (SIEM) solution for the fictional corporation known as GIAC Enterprises. GIAC Enterprises is in the business of collecting fortunes from direct employees and contractors. These fortunes are GIAC Enterprises intellectual property. The ideal SIEM will enhance the detective capacity of GIAC Enterprises.
ISE6100 GIAC Enterprises Final Step By Step Description STI Graduate Student Research
by Alyssa Robinson, David Fletcher, and Wes Whitteker - April 29, 2016
GIAC Enterprises, a small to medium size business, has grown to a point where their current manual log analysis process is no longer efficient or effective. As such, GIAC Enterprises was forced to look for a SIEM solution that automates the correlation and analysis of system logs. GIAC Enterprises had a significant financial constraint, which required them to focus their investigation on several open source solution options. After investigation, GIAC Enterprises settled on AlienVault’s OSSIM product for their solution. The result of this research is the following OSSIM implementation guide.
ISE6100 GIAC Enterprises - Open Source SIEM - Read Me First STI Graduate Student Research
by - April 29, 2016
Forward by Stephen Northcutt. Three students from the SANS Technology Institute, (Alyssa Robinson, David Fletcher, and Wes Whitteker) were assigned the following project for their ISE-M 6100 coursework. There are three files, a Step by Step, a presentation, and a Lessons Learned document.
Security through Configuration Control at Scale – An Introduction to Ansible STI Graduate Student Research
by Patrick Neise - February 4, 2016
As new technologies and concepts are developed there is usually a noticeable change in the use and employment of existing technologies. For example, there is a current growth trend of concepts such as cloud computing, the merging of development and operations (DevOps), microservice based architectures, agile development, and continuous integration.
Security Systems Engineering Approach in Evaluating Commercial and Open Source Software Products STI Graduate Student Research
by Jesus Abelarde - January 29, 2016
Almost all systems currently in development leverage some type of commercial and/or free open source software (FOSS), either in the development environment or integrated into the system.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.