Case Studies
Featuring 145 Papers as of June 3, 2020
-
Remote Workers Poll Analyst Paper (requires membership in SANS.org community)
by Heather Mahalik - June 3, 2020- Associated Webcasts: How Are Remote Workers Working? A SANS Poll
- Sponsored By: Infoblox Menlo Security Pulse Secure ExtraHop
Remote work has quickly become the "new normal" with the COVID-19 pandemic. Organizations have been forced to rethink how they will get work done with their employees mandated to stay home. How are organizations handling working from home? How well were companies prepared for remote work? How have technological needs changed with this shift? How are teams communicating? How are devices and communications being secured? When a time like this does not allow for the mission to halt, employees and employers have scrambled to keep the work going. Ensuring that teams are equipped, communicating, and are safe at home is key during this time. This webinar, led by Heather Mahalik SANS Senior Instructor, Author and Senior Director of Digital Intelligence at Cellebrite, covers how companies have adjusted to this new landscape as a workforce. How have things changed and how are we coping and keeping the ball rolling forward from home.
-
Bill Gates and Trustworthy Computing: A Case Study in Transformational Leadership by Preston S. Ackerman - September 20, 2016
The notion that IT security is a serious issue is non-controversial. The market for cybersecurity spending topped $75 billion in 2015, and analysts expect it to exceed $170 billion by 2020 (Morgan 2016). With the advent of cloud computing, the explosion of mobile devices, and the emergence of increasingly sophisticated adversaries from organized crime and nation-state actors, businesses and the industry as a whole will require the vision of great leaders to keep pace with the threats. We can look to the industry's rich history to see examples of such transformational leadership in the past. An enlightening case study is the Microsoft Trustworthy Computing initiative, launched by an insightful and stimulating memo Bill Gates sent on January 15, 2002. The initiative would not only transform culture, procedures, and policy surrounding security at Microsoft, but would in fact cause a dramatic shift for the entire industry. The idealized influence in the leadership shown by Gates can serve as a model for today's leaders.
-
An Approach to Reducing Federal Data Breaches SANS.edu Graduate Student Research
by David Thomas - May 17, 2016In July of 2015, The United States Office of Personnel Management (OPM) disclosed a series of data breaches, collectively referred to as the OPM data breach, that exposed the personally identifiable information (PII) of more than 20 million of American citizens (Bisson, 2015).
-
Case Study: How CIS Controls Can Limit the Cascading Failures During an Attack SANS.edu Graduate Student Research
by Bill Knaffl - May 3, 2016Every day it seems that new information becomes public about the latest data breach.
-
The Nightmare on Cryptville Street: 20 Pills for a Night of Sleep SANS.edu Graduate Student Research
by Oleg Bogomolniy - January 12, 2016According to Center for Strategic and International Studies, by the year 2014, cybercrime has grown into its own $400+ billion industry and has plenty of room for growing potential (2014).
-
There's No Going it Alone: Disrupting Well Organized Cyber Crime SANS.edu Graduate Student Research
by John Garris - November 23, 2015On July 8th, 2015, Vladimir Tsastsin pled guilty to charges relating to his development and long-term management of a criminal enterprise that conducted a complex, highly profitable Internet fraud scheme involving millions of compromised computers located in over 100 countries.
-
Case Study: The Home Depot Data Breach SANS.edu Graduate Student Research
by Brett Hawkins - October 27, 2015The theft of payment card information has become a common issue in today's society. Even after the lessons learned from the Target data breach, Home Depot's Point of Sale systems were compromised by similar exploitation methods. The use of stolen third-party vendor credentials and RAM scraping malware were instrumental in the success of both data breaches. Home Depot has taken multiple steps to recover from its data breach, one of them being to enable the use of EMV Chip-and-PIN payment cards. Is the use of EMV payment cards necessary? If P2P (Point-to-Point) encryption is used, the only method available to steal payment card data is the installation of a payment card skimmer. RAM scraping malware grabbed the payment card data in the Home Depot breach, not payment card skimmers. However, the malware would have never been installed on the systems if the attackers did not possess third-party vendor credentials and if the payment network was segregated properly from the rest of the Home Depot network. The implementation of P2P encryption and proper network segregation would have prevented the Home Depot data breach.
-
DevOps Rescuing White Lodging from Breaches SANS.edu Graduate Student Research
by Tobias Mccurry - August 18, 2015For the second time in fourteen months, multiple financial institutions lodged complaints of fraud on customer credit and debit cards recently used at White Lodging Services’ locations (Krebs, Hotel Franchise Firm White Lodging Investigates Breach, 2014). White Lodging, along with others, was attacked to gain access to the highly profitable credit card data in their financial systems. Companies are faced with the threat of many different malware specialized in Point of Sale systems. This paper will take a case study approach to examine the White Lodging breaches and show how adopting the Development Operations (DevOps) mindset could have worked to mitigate the breaches. This approach can provide an organization a systematic method to quickly implement the Sans Critical Controls.
-
Following a Breach Simulating and Detecting a Common Attack SANS.edu Graduate Student Research
by Dale Daugherty - August 14, 2015Modern networks are designed with multiple layers of preventive and detective controls. Even with these controls, networks continue to be breached and these breaches can go unnoticed for months. While preventive measures cannot stop all attacks and exploits, detective measures should be able to identify intrusions and malicious activity in a timely manner. The ability to detect this activity depends on the kinds of intrusion monitoring systems in place and the analysts’ ability to recognize and act on the alerts. This paper will outline the anatomy of a common attack, simulate the steps in an attack; including elements from the recent breach of Sally Beauty Supply, and determine how an attack can be detected.
-
Data Loss Prevention and a Point of Sales Breach SANS.edu Graduate Student Research
by Nicholas Kollasch - August 10, 2015Target could have used a data loss prevention solution to mitigate the success of its infamous data breach. However, organizations typically deploy data loss prevention with simple policies and rules that detect 15- or 16-digit number strings that might represent a credit card number; this strategy, would not be effective in the case of the Target attack due to the attackers packaging the “loot” with Base64 encoding directly on the point of sales systems. Therefore, a security practitioner requires alternative detection measures to detect this type of anomalous activity. Data loss prevention can support an organization’s ability to implement the Critical Security Controls, thereby providing the capability to detect such a sophisticated attack during the key stage of the Kill Chain model: Actions on Objective. Data loss prevention, when implemented with robust rules that reflect current attack tactics, techniques, and procedures, can reduce the likelihood of success by making it a bit more difficult to extract the valuable data.
-
Case Study: Critical Controls that Sony Should Have Implemented by Gabriel Sanchez - June 22, 2015
What would soon characterize one of the worst hacks in recent history began when screenwriter Evan Goldberg and actor Seth Rogen joked about making a comedy about assassinating the leader of North Korea, Kim Jong-un.
-
eAUDIT: Designing a generic tool to review entitlements SANS.edu Graduate Student Research
by Francois Begin - June 22, 2015In a perfect world, identity and access management would be handled in a fully automated way.
-
Lenovo and the Terrible, Horrible, No Good, Very Bad Week by Shaun McCullough - May 21, 2015
For one week in February of 2015, the largest personal computer manufacturer in the world had a “Terrible, Horrible, No Good, Very Bad Week.” Lenovo’s customers discovered that the company had been selling computers with pre-installed adware based software from a company called Superfish. Security researchers discovered that Superfish was not just annoying, but opened up the customers to significant vulnerabilities.
-
Honeytokens and honeypots for web ID and IH SANS.edu Graduate Student Research
by Rich Graves - May 14, 2015Honeypots and honey tokens can be useful tools for examining follow-up to phishing attacks.
-
Minimizing Damage From J.P. Morgan's Data Breach by Allen Jeng - March 17, 2015
How did a mega bank like J.P. Morgan get hacked? It all started in June 2014 when one of their employee's personal computer was infected with malware which resulted in stolen login credential (Sjouwerman, 2014).
-
Application White-listing with Bit9 Parity SANS.edu Graduate Student Research
by Mike Weeks - October 29, 2014Antivirus is a requirement for a host of compliance standards and is championed to be a critical component for any security baseline (PCI-DSS 3.0-5.1). A recent google search for "Cyber Security Breaches" in Google News shows 16,700 results in Google News.
-
Case Study: Critical Controls that Could Have Prevented Target Breach SANS.edu Graduate Student Research
by Teri Radichel - September 12, 2014Target shoppers got an unwelcome holiday surprise in December 2013 when the news came out 40 million Target credit cards had been stolen (Krebs, 2013f) by accessing data on point of sale (POS) systems (Krebs, 2014b).
-
Creating Robust IT Security and Efficiency by Reducing Infrastructure Complexity in Higher Education by Keith Lard - November 17, 2010
Recent economic conditions have created a business problem unique to higher education and its IT infrastructure. In the past ten years, IT systems and infrastructure have experienced a rapid change in complexity as a result of moving from mainframes to web services (Weinschenk, 2003). The technical landscape continues to become more complex as technology advances and application sophistication increases more rapidly, creating a greater dependency on IT services. To stay competitive and efficient, private and for-profit businesses have spent the last ten years keeping up with technology and training their staff. However, the university has been insulated in its own microcosm, having the luxury of ignoring business cycles, as the product offered has not changed drastically. Now, recent economic conditions and rapid advancement in technology have created the perfect storm within the university setting.
-
Smart IDS - Hybrid LaBrea Tarpit by Cristian Ruvalcaba - December 28, 2009
The importance of IDS in corporate defense is seen as an ever growing necessity. Major strides have been made for numerous IDS tools, but some have seen a stalemate. The next evolutionary step in IDS would involve the concept of a 'Smart Intrusion Detection System (IDS)', one that generates signatures. The question of how to generate these signatures becomes instrumental, and can involve a number of different components. In this case, it could involve a tool that uses a hybrid LaBrea concept.
-
Mitigating Insider Sabotage by Joseph Garcia - September 28, 2009
How failing to create an effective termination policy and deploy correct user access controls to deter insider threats can be costly.
-
Inside a Phish SANS.edu Graduate Student Research
by John Brozycki - June 25, 2009This paper will document both sides of a phishing campaign, the phisher and the phished, providing a unique view as best as I’m able to recreate it from the phisher’s own emails and information from the phished financial institution.
-
Capture the flag for education and mentoring by Jerome Radcliffe - January 30, 2009
A case study on the use of competitive games in computer security training.
-
Google Desktop Search as an Analysis Tool by Chris Poldervaart - September 11, 2008
-
Effectiveness of Antivirus in Detecting Metasploit Payloads SANS.edu Graduate Student Research
by Mark Baggett - March 28, 2008Your neighbor stops you at your curb. He knows you‟re a computer security guru and wants to know the secret to protecting his computer from hackers. You need to get back to mowing the lawn and don‟t really have time to explain log monitoring, patch management, vulnerability assessments, penetration testing, least required access, the CIA triad, and the finer points of risk management. Besides, you know you’re the only guy on the block with syslog servers, hardware firewalls, IDS and HIPS watching the one computer in your house that you only use for online banking. So what do you tell him? “Keep your patches and antivirus software up to date and don‟t run untrusted programs”. You know it’s not enough, but any more advice would commit you to hours of free consulting or get you uninvited to the neighborhood Christmas party. “Don‟t run untrusted programs”…good advice! The problem is most people trust everyone when it comes to free software.
-
Catching Phishers with Honey-Mail by Dennis Dragos - February 7, 2008
On the technical side, the tools and tactics employed to track and document the incident will be examined. In the broader scope, the high level of cooperation needed between law enforcement, corporate IT departments, and the various ISPs, email providers, and web hosting companies will be explained. Additionally, it will be shown that by taking a proactive approach, one can get a better insight to the incident, and actions of the phisher than by traditional reactionary investigation techniques.
-
Case Study in Information Security: Securing The Enterprise by Roger Benton - May 17, 2005
This practical is a case study of an Insurance Company's migration to an enterprise-wide security system. It is the intent of this practical to provide a path to follow when creating or migrating to a security system. Initially, a primitive online security system was the only mechanism to control access to corporate data.
-
Centralized Tracking and Risk Analysis of 3rd Party Firewall Connections by Neeta Maniar - May 17, 2005
The goal of this case study was to simplify the firewall ruleset validation process by creating a central database of rulesets that enables reporting on existing vendor connections. The overall impact included compliance with auditing requirements, a more robust risk assessment of firewall rulesets, and centralized visibility bringing about management response.
-
Simple Traffic Analysis With Ethereal by Neil Orlando - May 17, 2005
This paper describes how to use the Ethereal Display Filter to examine a capture log file. The data analyzed was recorded by port and the amount of packet traffic received.
-
GCFW Practical Assignment Critique by Bart Hubbs - May 5, 2005
Many companies are adopting a preference toward buying vendor software versus building software in-house to meet business needs. Some of the drivers for this preference are integration, scalability, outsourcing, support, speed-to market, process savings, and reducing the cost of information technology (IT).
-
GCFW Practical Assignment Critique by Bart Hubbs - March 9, 2005
The purpose of this practical is to critique a GIAC Certified Firewall Analyst (GCFW) practical to enable implementation in a public healthcare company.
-
Adding and securing a Public Wireless Access Point within a home network by Steven Christall - February 19, 2005
This project details the migration of a simple home wireless network to include a public wireless access point. This is done using open source products and utilising older, retired hardware.
-
Case Study: The Get Connected CD by David Greenberg - February 19, 2005
To protect the Indiana University network and student computers in the residence halls, we prevent new computers from connecting to the network before running our "Get Connected" CD-ROM.
-
Case Study: A Path towards a Secure, Multi-role Wireless LAN in a Higher Education Environment by Sean Malone - January 28, 2005
Network security is an issue for all businesses. The challenges faced by small-to-medium size businesses (SMBs) are unique and significant.
-
Seldom cry wolf: Tuning out false positives on Network Intrusion Detection Systems by Paul Leitao - January 28, 2005
The following document describes the tuning methodology design and implementation steps. It provides a step-by-step process of deployment within a medium size organization (all IP ranges have been changed to protect the innocent of course). The paper will focus on providing a methodology that may be used as a starting point to identify and minimize false positives.
-
Implementation of a Comprehensive Enterprise Virus Defense Infrastructure in a Global Company by Robert Doeden - January 26, 2005
This paper will follow a global corporation's move from traditional, client based and controlled virus defense to a centrally controlled and monitored system.
-
Away from home. Securing Internet Cafes whie maximizing customer freedom by Alex Tilley - January 18, 2005
This essay is a real world example of steps taken by the author when hired to redesign and manage the IT aspects of 2 medium sized (100 user PCs in total) Internet cafes in Europe in 2001.
-
Improving Firewall Security post Acquisition by Leona Conolly - January 18, 2005
This paper aims to discuss the challenges in putting together a secure Check Point Firewall-1 solution to protect our existing information and assets and that of our new acquisition. It is assumed that the reader will have a generic knowledge of firewalls, related terms and their use. In the paper the word 'policy' refers to the security document and the word 'rulebase' refers to the Check Point rules.
-
Endpoint Security Justification and Establishment by Samuel Ho - January 18, 2005
As the information security officer at a prominent utilities organization, I witnessed first hand the pitfalls of providing network security only at the network perimeter, the false sense of security, and the potential monetary, regulatory and credibility consequences this traditional solution provides.
-
Setting Up a Honeypot Using a Bait and Switch Router by Lorie Carter - September 16, 2004
While conducting research for this practical I found that there were many different arenas that warrant a closer look. I chose honeypots for this practical because they allow an administrator to track and learn from black-hats first hand without the attacker ever being aware that somebody is watching.
-
Case Study: Providing malware outbreak protection for controlled and uncontrolled zones within a university by Christopher Jackson - September 16, 2004
Many environments find it difficult at best to ensure the security posture of the devices under their direct control. Universities and like organizations have to tackle this problem without the ability to administratively control many of the computers attached to the network.
-
Case Study In Secure File Transfer: Implementing Secure FTP with SSL In a Healthcare Organization by Steve Tobias - August 28, 2004
Secure electronic file transfer between organizations has become essential for business transactions and communication. Healthcare organizations are no exception to this requirement.
-
Enhancing ABC Inc Security Strategy with IDS and Centralized Syslog by George Plytas - August 25, 2004
I am a Security Analyst/Administrator for a medium sized company, ABC Inc I, along with a team of System Administrators, am tasked with the responsibility of protecting our customer's confidential information, maintaining the integrity of our applications and keeping our systems available.
-
A Model for Handling Security Issues within a Network Operations Center by Tonya Heath - August 15, 2004
The Network Operations Center uses numerous tools ranging from Intrusion Detection (Snort) and Intrusion Protection (Tipping Point) to simple SNMP monitors (Netsight Element Manager). I will discuss how they use these tools to maintain a secure IT environment and assist Network Administrators as well as protect the campus community.
-
Sit, Fetch, Drop: Training the Clearswift anti-spam filter by Emma Sutcliffe - August 15, 2004
I wasn't quite drowning but was certainly tiring from treading water. Managing spam had become a daily task and I wanted a dynamic filter that could be customised to suit my environment.
-
Acceptable Security on Public Access Computer Workstations in Public University Libraries by Cheryl Lytle - July 25, 2004
Providing highly secure workstations in public university libraries requires defining what is acceptable for the working environment and determining what types of security can be implemented to compensate for lesser security at lower layers at the workstation level.
-
Securing an Existing IIS 5.0 DMZ Infrastructure by Julius Fitzgerald - July 25, 2004
The task of designing a secure infrastructure for IIS 5.0 web servers within a DMZ is difficult enough. Securing an existing DMZ becomes exponentially more difficult due to the added requirement of retrofitting those currently working servers with more appropriate security settings, policies and operational procedures while not adversely affecting website or application availability and keep costs to a minimum throughout the process.
-
Removing Server Based Trust Relationships by Keith Gaughan - July 25, 2004
The goal of this project was to develop, implement and deploy solutions as well as supporting processes and standards to remediate and mitigate the risks that are inherent to utilizing UNIX server based trust relationships in a enterprise networked environment within 30 days.
-
Fighting Spam Proxies in a University Environment by Kevin Shivers - July 25, 2004
Spam is a huge annoyance for everyone. Fighting spam is difficult enough, but when spammers team up with hackers to produce ultra-sneaky Trojan horses that turn end-user computers into one stop proxies that allow spammers and hackers to hide their digital tracks, they've gone too far.
-
Implementing Secure HTTP-to-HTTPS Redirection by Robert Hercey - July 25, 2004
I have found myself in the fortunate position of working for a company full of bright, hard working people. While standout individual performances are encouraged and recognized, what makes our company successful is the ability for everyone to come together as a team when a crisis happens.
-
Design and Deployment of a Rapid Response Security Vulnerability Scanning Infrastructure by Eliot Lim - June 9, 2004
A large research university presents a formidable challenge to computer security professionals. Among the hazards are a completely porous, non firewalled border and decentralized administration of computers.
-
CIRT, Through Conception Labor and Delivery by Peter Ridgley - June 9, 2004
The purpose of this case study is to show the efforts, successes and failures that a company, new to adopting a security posture, recently experienced.
-
Corporate Governance and Information Security by Steve Loyd - May 2, 2004
Corporate governance has a long history of ups and downs within US corporations. With the recent streak of scandals affecting public companies, governance and related legislation has again been brought into focus.
-
System Certifications: An Administrative Makeover by John Modransky - May 2, 2004
Described in this paper are the administrative controls that were implemented to certify and accredit UNIX (herein referred to as UN*X) and Microsoft Windows (herein referred to as Windows) based computer systems for a financial institution (herein referred to as The Firm).
-
Introducing Information Security to a Cyber Cafe by Barry Basselgia - April 8, 2004
Due to growing concern over Information Security, I was approached by the director responsible for a company sponsored Cyber Cafe to evaluate the Cafe for Information Assurance and Network Security concerns. The director was concerned that a virus or other forms of cyber attack could cause extended downtime, which would have a negative impact on morale and productivity.
-
A Policy to Prevent Outsider Attacks on the Local Network by Clarissa Brown - April 8, 2004
We used to be able to say, "If the laptop or computer is not owned by us, then it is not allowed to touch our network." However, over the last few years, business need has exceeded the desire to keep our network "pure" and many non-agency owned computers now have access to our local area network (LAN).
-
Implementing Defense In-Depth at the Department Level by Sean Fahey - April 8, 2004
This case study describes the procedures used to improve computer security within my department by following the principles of defense in-depth. It presents a step-by-step approach for improving security by defining risks, assessing vulnerabilities, and implementing measures to reduce the likelihood that those vulnerabilities may be exploited.
-
A Secure By Numbers Approach To An All by Darrell Rodgers - April 8, 2004
These multi-functional devices are very simple to setup and use, but may not provide us with the layered Defense In Depth functionality that we desire nor will they provide the additional features of higher end components such as those made by Cisco.
-
Assessing the Impact of Unsolicited Commercial E-mail in a Large Corporation by Joseph McComb - April 8, 2004
Unsolicited commercial e-mail has become an increasing issue in corporate environments. This case study examines the impact of unsolicited commercial email (also known as spam) on the productivity of employees in the research division of a large global corporation.
-
The Impact of the Sarbanes Oxley Act on IT Security by Scott Byrum - March 9, 2004
This paper goes on to define the Sarbanes-Oxley Act and its requirements, a framework for compliance, and specific IT security areas that must be considered during compliance efforts.
-
Securing Sensitive Data in a Research Environment by Tim VanAcker - March 9, 2004
Several years ago, staff on one of the research projects in my organization developed guidelines for disseminating sensitive data to researchers around the country.
-
Internet Service Providers:The Little Mans Firewall by Luke Dudney - March 8, 2004
There has recently been call for Internet Service Providers to begin filtering traffic related to the spread of malicious data traffic such as viruses, worms and open proxy abuse to and from their end-users. This case study outlines the planning, implementation, and results phase of such an endeavour by a medium sized national Australian ISP.
-
Implementing Vulnerability Assessment with eEyes EVA Suite by Kevin Austin - March 4, 2004
Vulnerability assessment is an important part of any Defense in Depth implementation. I discovered that in my company vulnerability assessment was not being used to its full advantage inside the perimeter. My team was continually fighting the same battles against unpatched and vulnerable systems as they would acquire various viruses from the network.
-
Personal Media Devices: The Cool Threat Vector by Keith Daly - March 1, 2004
This paper discusses the use of personal media devices as a potential threat vector towards corporations.
-
Study: Improving Security in Corporate (SMTP) E-Mail Delivery by Brian Sommers - February 26, 2004
For this case study, I will examine one of these Internet services, e-mail over SMTP (Simple Mail Transfer Protocol), and what was done to improve the security of that system.
-
Information Security by Eric Rupprecht - February 26, 2004
This paper describes how a packet will flow through these tools to provide a better understanding of these technologies and enabling the administrator to write firewall rules with fewer errors.
-
Government Financial Architecture: A Focus on Centralized Security and Continuity of Operations by Matthew Mickelson - January 11, 2004
The primary focus of this paper addresses security issues laid out by the CFO; specifically the following key areas for improvement which include: De-Centralized Architecture, Disaster Recovery, Continuity of Operations, Network and Server Availability.
-
The Unintentional Criminal: DDoS from the inside! by Miguel Dilaj - January 11, 2004
This paper will highlight the IT Security problems resulting from the economic constraints on an ISP in a developing country and of their impact everywhere.
-
Circumventing Access Control Lists by Transparent Proxy - A Case Study by Robert Gannon - January 11, 2004
This paper describes a method used in an actual case to circumvent seemingly adequate access controls by using the transparent caching mechanism of the WCCP protocol to abuse an otherwise protected network for the purposes of sending spam and connecting anonymously to unsavory sites.
-
Using LDAP to solve one companys problem of uncontrolled user data and passwords by Andres Andreu - December 21, 2003
This case study will analyze a massive undertaking of centrally consolidating user data, and in particular passwords, from numerous sources
-
Introducing Defense-in-Depth to a Small ISP by Rodney Anderson - December 21, 2003
This paper presents a case study about a rural Internet Service Provider (ISP) who requested some assistance in assessing the security of their production server and network environment.
-
An intrusion, in an outsourcing data center, that works in spite of security by Rick Kryger - December 21, 2003
No matter how secure the architecture, how complete the procedures, or how diligent and skilled the network support team is, nothing short of knowing and analyzing all changes inside and outside of the solution can protect an environment completely.
-
Architecting, Designing and Building a Secure Information Technology Infrastructure, a case study by John Johnston - December 13, 2003
This case study follows the building of an Information Technology Infrastructure with an integrated Security Architecture.
-
Reducing the Risk associated with Authentication and Authorization through the deployment of SUDO and Powerbroker: A Case Study in Information Securit by Steve Mancini - December 13, 2003
This case study explores sudo and Powerbroker, discussing their strengths and weaknesses as they apply to a large scale work environments and their implications in considering your authentication - authorization process, and offer one possible solution which uses both applications in a manner to minimize some of the risks known to exist with shared accounts, both traditional and super-user.
-
Implementing Identity Management with BMC Control-SA by Adrian Grigore - December 13, 2003
This paper is a case study describing how the organization I work for implemented Identity Management using BMC Control-SA product.
-
Case Study: Implementing a Secure Wireless Network using WPA by Randy Hensel - December 13, 2003
Wireless network cards are becoming quite common at my company especially in notebook computers. With this proliferation of wireless network cards have come requests from the users of these computers to access the corporate network using a wireless connection.
-
Defense in Depth For Private Wireless Communications Networks: A Case Study by Walt Andserson - November 6, 2003
This paper examines the threats and vulnerabilities of private wireless communications infrastructures, discusses the selection and prioritization of security countermeasures, and describes the security enforcing equipment and security management services that are now being introduced.
-
Programmatic Management of Active Directory Groups by Don Quigley - November 5, 2003
This paper provides detail on an automated group provisioning/deprovisioning process developed for the management of security group membership requests and includes the Perl code designed to work with Critical Path's MetaConnect product as a constructed attribute.
-
Case Study: A Risk Audit of a Very Small Business by Douglas Browne - November 5, 2003
This paper describes a security audit of a small business, focusing on the discovery and risk analysis process and provide technical details in appendices.
-
Retain control of Security (even in the wake of an IT Outsource) by Leslie Martinez - November 5, 2003
This paper provides a case study and serves as a methodology for dealing with any outsource where security is of concern; sighting actual problems encountered and the solutions that were deployed, along with the tools used, and the policies implemented.
-
Case Study in Automating Branches of a Bank by Tim Rhome - October 10, 2003
This case study will highlight points that were addressed while automating 85 locations for a bank.
-
Case Study: Implementing a Centralized Logging Facility by Richard DuClos - September 26, 2003
This paper provides a discussion on implementing a centralized logging server.
-
Comprehensive Anomaly Detection (CAD) by Niles Mills - September 26, 2003
This paper provides a discussion on Comprehensive Anomaly Detection (CAD).
-
Discovery, Eradication and Analysis of an attack on an open system: Welcome to the Jungle by Steve Terrell - August 22, 2003
This paper relates the procedures and policies that were put into effect to increase the security of the system, post attack, and how those procedures might affect the way the system will be used in the future to conduct the business of the school.
-
Securing the Gold through Better Network Design: A Case Study by Todd Sheppard - August 22, 2003
The purpose of this research was to introduce new technologies to the sales force in order to enhance the solutions-based selling approach for a marketing and office equipment servicing company.
-
Deploying a website built using Oracle9iAS Portal by Stephen Coates - August 14, 2003
This paper is a case study of the deployment of a website built using the Portal component of Oracle9i Application Server (Oracle9iAS) in 2001.
-
Case Study: Transforming a Traditional Windows Client/Server Application by David Strubbe - August 8, 2003
Our software firm's financial application was developed on a traditional clientserver model and this paper explores some of security issues and the process that we (the software vendor) and our client (the ASP provider) used to securely implement a solution.
-
Wireless Security Protection In a Logistic Environment Case Study by Ferran Gallego - August 8, 2003
This case study is based on a Logistic Company where they have implemented wireless LANs (WLANs) to all their Warehouse sites.
-
Adventures in implementing a strong password policy by Marsha Williams - August 8, 2003
This paper explores the issues we had to negotiate in strengthening our passwords, some of the of the special situations which had to be handled as exceptions to the policy, and our planned future directions.
-
Wireless Security Protection In a Logistic Environment Case Study by Ferran Gallego - August 8, 2003
This project is proposing a way to secure the wireless LANs, allowing authorized and authenticated wireless users to gain access to their host application.
-
Detailed Forensic Procedure for Laptop computers by Matt Pierce - August 8, 2003
This document will discuss what forensic analysis is, why it is important and how laptop computers affect forensic analysis.
-
Achieving Executive Buy-in: The Case For Security by Chad Boeckmann - August 8, 2003
This paper conveys a real world approach to selling security to upper management and creating a foundation to build security upon.
-
Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection by Kevin Knox - August 8, 2003
This paper will discuss the processes and actions taken to provide 24X7 fault tolerant and highly available systems with physical as well as cyber security in the forefront.
-
Implementing Vulnerability Scanning in a Large Organisation by Richard Grime - June 27, 2003
This paper describes how our security group now uses vulnerability scanning to demonstrably improve the security posture of our organization.
-
Recovering From a Failed Security Audit - A Case Study by Wayne Fielder - June 19, 2003
This case study opens with recognition of the security and privacy issues within the Agency and walks through the process of remediation, securing the use of sensitive data, development and implementation of strong policies, and initiating a solid monitoring system at very low cost due to a deteriorating budget scenario.
-
I-VPN - Porting a corporate network to Internet by Thorstein Oeverby - June 19, 2003
This paper describes the process of implementing a corporate business network over Internet that replaces a variety of communication solutions developed over the years.
-
Case Study for Understanding the 30,000 Foot View Before Diving In by Bill Baker - June 3, 2003
The goal of this paper will be to provide some insight to help the reader become a bit more business-savvy, where gearing solutions to the needs of the organization will help raise acceptance rates.
-
SSL Web Proxy - A Secure and Inexpensive Remote Access Implementation by David Culp - May 30, 2003
The objective of this system is to allow external clients without any configuration changes to securely access our internal web applications via the Internet.
-
The Logbook of The World by Ted Demopoulos - May 23, 2003
This paper describes the Logbook of The World (LoTW) project to create electronic confirmations of contact (eQSLs) for amateur radio operators worldwide.
-
Securing the Perimeter: A Case Study by George Kelschenbach - May 12, 2003
The Linux, Help Desk, Mail server and the two Active Directory servers had direct network links to both the internal network and the Internet making them prime targets for intruders.
-
The Value of Risk Assessment - A Case Study by Elton Pierce - May 12, 2003
This paper will examine the application of the security risk assessment process to a rather complex project from the initial phases of its design prior to security risk assessment to its production state. It will discuss how risks were assessed and identified and show how the risk assessment process changed the final outcome of the project.
-
Wireless and Moneyless by Ryan Blake - May 8, 2003
This is a study of how one organization met the challenge of deploying a reasonably secure WLAN with virtually no capitol.
-
Integrating Real-Time Services on the Web by Pete Kobak - May 8, 2003
This paper describes the development of technical processes and analysis models that enable the institution to quickly and safely integrate new business services into the institution's web site.
-
Lessons Learned in Securing Blackboard by Peter Benedict - April 9, 2003
This paper details the efforts taken to secure Blackboard, a Course Management System (CMS), at an educational institution.
-
Benefits Of Implementing Secure Computing'S Sidewinder Firewall Appliance At A U.S. Army Mil by Andrew Rafla - April 4, 2003
This paper addresses the added protection mechanisms supplied by the implementation of a Sidewinder firewall appliance, along with strict "least privilege" access control policies would assist the Designated Approval Authority in accepting the new minimized level of risk and, therefore, approve the site's new DITSCAP accreditation.
-
Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network by Clay Risenhoover - March 18, 2003
This paper examine how automating information security audit procedures at a university had the effect of increasing security through increased policy compliance.
-
Label Controlled File Transfer Server - Case Study by Don Weber - February 28, 2003
The following discussion provides the process that I used to configure my portion of the label controlled file transfer system, touching on Trusted Solaris (TSOL), the secure operating system, Washington University File Transfer Protocol Daemon (wuftpd), file transfer program, and a chroot jail, along with the suggested direction of implementation.
-
IMPLEMENTING sudo TO REPLACE su by Robert Agnolo - February 27, 2003
This paper discusses the implementation of sudo to replace su access on two key Sun/Solaris servers used by a small group of scientists who do research and development for a major US manufacturer
-
Securing a University Environment; An Evolutionary Case Study by James Mayne - February 22, 2003
This case study outlines the steps that my university took to transition from an open network to one that balances the needs of faculty doing teaching and research, students needing to learn as well as be entertained and staff that require a secure and stable network environment to perform their business functions.
-
Small-site Information Security on a (very loose) shoestring - a case study by Michael Millow - February 20, 2003
This paper will describe the lack of information security within a small company and the corrective actions (and their limitations) that significantly enhanced the overall security posture.
-
CASE STUDY ON IMPROVING THE SECURITY OF A FIRM IN A LEGACY APPLICATION SETTING by Susan Bradley - January 27, 2003
This paper documents the steps that were taken by me to increase the security within my firm's computer network system, a system that includes Windows XP workstations and Windows 2000 Server systems.
-
Remote Access using Telstra Dial IP by Jamie Rossato - January 13, 2003
This paper will demonstrate how the real-world security problem of remote access to an Enterprise network was addressed and validated (post-implementation) through the Internet Security Alliance's (ISA) Common Sense Guide for Senior Mangers.
-
Case Study - Windows 2000 ISA Proxy Server Authentication Inside a DMZ by Michael Kerr - December 23, 2002
This paper describes the investigation process and implementation of IPSec policies to manage a wide range of communication traffic between two Windows 2000 servers.
-
VPN Project: Remote Access to a Novell Network by John Porter - December 15, 2002
As a senior network administrator, I became project leader and was responsible for directing our security initiative to replace our existing remote access facilities with encrypted Virtual Private Networking (VPN) technology.
-
Help We Just Fired Our Only IT Person! by Doug Cox - November 7, 2002
This study covers about 18 months of activity at the pace that could be absorbed by the organization. It is not meant to be universal solution, but lessons taken from a real event.
-
Forced Evolution of Security on Redhat Linux Server due to System Compromise by Alec Wood - September 30, 2002
This paper describes my experiences in setting up the office computer network system for a small engineering company in Hong Kong and handling the system when it was compromised.
-
A Secure Implementation of HP OpenView Web Transaction Observer by Matthew Patterson - September 26, 2002
This paper discusses an actual implementation of the product HP OpenView Web Transaction Observer 3.0 (WTO) as a repeatable service offering within an Outsourcing environment.
-
Securing an IIS 4.0 Web Server, Machine and All by Marshall Heilman - September 20, 2002
The objective of this paper is to show how I secured my organization's web server, which fatally crashed earlier this year.
-
RBAC In The Real World by Christine Occhipinti - September 16, 2002
This paper discusses Role-Based Access Control (RBAC), a type of non-discretionary access control, was chosen as the best solution to mitigate the risk from vulnerabilities on a system I worked on.
-
Using IDS to Evaluate Outbound Port Usage for Security and Reduction of IDS Alerts A Case Study by Kenneth Underwood - September 2, 2002
Knowing" what traffic is leaving your network, is like turning on the light, where there was once darkness. This paper will give examples of what I found in our corporate network, and what I did about it.
-
Full Lifecycle Security Assessment - A Case Study by Gregory Golightly - August 5, 2002
This paper presents a 'before and after' look at helping a non-profit organization with assets of over a billion dollars secure their infrastructure using a best practice approach, expert knowledge, along with vulnerability assessment tools by ISS.
-
Practical Implementation of Syslog in Mixed Windows Environments for Secure Centralized Audit Loggin by Frederick Garbrecht - July 17, 2002
This paper presents some of the options available to access the Windows Event log and demonstrate how to implement a versatile centralized remote logging solution using a commercially available Win32 implementation of the Syslog protocol.
-
Implementation of a Secure Web Environment for a Government Agency by Chad Steel - July 10, 2002
This paper details the decision making process and implementation of a secure, multi-site redundant web hosting environment for a large government agency.
-
Securing a Small Community College - A Case Study by Bobby Hoyle - May 14, 2002
This paper identifies critical computing resources used in a small community college, develops a method of defining risk, presents a network design, as well as, implements security policies to address risks, and formulates a long term strategy for securing vital campus resources.
-
Is IEEE 802.1X Ready for General Deployment? by Scott Baily - April 7, 2002
This paper examines the suitability of deploying IEEE 802.1X as the principal authentication mechanism for Colorado State University's wireless network.
-
Defense In Depth: A Small University Takes Up the Challenge by David Robinson - April 7, 2002
This paper briefly explores the vital network security design concept of Defense in Depth (DiD).
-
Designing Secure IT Environments for Pharmaceutical Clinical Trial Data Systems by Paul Drapeau - April 2, 2002
Pharmaceutical companies are subject to regulations imposed by the FDA (Food and Drug Administration), and this paper details the relevant regulations for security professionals and the special concerns they pose.
-
Protecting Your Internal Systems from a Compromised Host by Michael Nancarrow - March 26, 2002
The concept for this paper came from a recent incident when one of our customer machines was compromised.
-
Steps to Secure a Law Enforcement Network by David Brown - March 16, 2002
This paper addresses several common issues such as training for system administrators, risk assessment, physical security, security policies, and proper system administration.
-
Can Microsoft .NET Deliver "Trustworthy Computing"? by Nikhil Viswanathan - March 11, 2002
The aim of this paper was to analyze the security framework of Microsoft .NET, and examine whether its components and features will deliver Microsoft chairman Bill Gates, his ambition of transforming Microsoft into the leading software provider of web services and "trustworthy computing".
-
Is Your Personal Financial Information Safe? Practical Lessons in Quicken Password Vulnerabilities by William Geimer - February 27, 2002
This paper examines password encryption and authentication techniques applied to the file-level protection of personal documents and databases.
-
Tackling Malicious Code in a University Environment: A Case Study by Sandy Goldston - January 28, 2002
This paper is a case study of malicious code incidents in a large public university as seen through the eyes of the security liaison over a one-and-a-half year period.
-
eVoting - A Perspective on Security by Damon Small - January 10, 2002
This paper will discuss how technology can be used to improve the voting process in the United States, and what should be done to get from current state to "eVoting."
-
Twists in Security for Law Enforcement by Conrad Larkin - January 3, 2002
This paper is an attempt to not only briefly cover the basics of computer security that should be in use by everyone, but also an attempt to introduce to those unfamiliar with the extra challenges of supporting law enforcement what additional computer security precautions need to be addressed.
-
Application of the Survivable Network Analysis Method to Secure My Office System by Dale Wutz - December 28, 2001
This paper addresses the results of applying the Survivable Network Analysis method to my office system.
-
Network Security Concepts and Essentials: A University Overview by Matthew Leng - September 28, 2001
Using my experience from working at an Australian university, this paper addresses how the number of internal and external threats is increasing and providing intruders with a vast array of "ways to compromise university machines.
-
Securing Information within SAP v4.6b by Lori Kirk - September 27, 2001
The following thoughts and best practices are the end result of an upgrade, experience with the necessary clean up after the cutover and review of best practices offered by third parties.
-
Unique Security Challenges in Higher Education - Securely Integrating Student-owned Computers into Y by Kerry Vosswinkel - September 26, 2001
This paper addresses basic areas of information security such as policy, security awareness training, restricting access, monitoring and intrusion detection, and incident response that can keep your networks as secure as possible.
-
Case Study: Security Assessment at a Small Technology Corporation by Ryan Reiber - September 10, 2001
The following independent security assessment included the areas of its ASP, internal network infrastructure, and firewalls.
-
Connecting a Classified Network to the Internet. A case study. by Henrik Kram - August 21, 2001
The purpose of this document is to point out some common elements from the guidelines published to regulate computer security and suggest administrative action and technical solutions to build a network that may be connected to the Internet, and still obtain/retain a classification up to and including NATO RESTRICTED.
-
Establishing and Verifying the Stunnel SSL Encryption of Pine IMAP Email Sessions by Christopher Ursich - August 17, 2001
This paper documents one method for establishing and verifying the operation of SSL encryption using Stunnel for Pine IMAP email sessions.
-
Secure Password Storage by Shelby Reeves - August 14, 2001
This paper addresses secure methods to archive and retrieve passwords.
-
Information and Network Resource Administration and Security in an Education Network Environment by Ryan Davis - August 12, 2001
The goal of this document is to discuss and apply knowledge of Information Security to common security problems and concerns in an educational environment.
-
Security Considerations in the Merger/Acquisition Process by Anita Hartman - August 11, 2001
This document will focus on the high-level security issues that if included in the due diligence process, can help facilitate integration of the companies involved.
-
How to Identify and "Contain" Some of the Information Security Problems Created by Unique by John Cupps - August 10, 2001
Several aspects of the university's business environment are unique only to universities and this paper explores the effect of the student user group within the environment and the problems they can create for information security initiatives.
-
University Security by Douglas Brown - July 11, 2001
By using a combination of security tools and procedures, universities can provide a more secure computing environment than has generally been available.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.