Featuring 16 Papers as of May 6, 2016
Full Packet Capture Infrastructure Based on Docker Containers
by Mauricio Espinosa Gomez - May 6, 2016
In todays world, it is common to hear news about organizations being breached by malicious actors, even in highly protected environments; the risk of being exploited is always present, when an incident has already occurred, a full packet capture provides invaluable information to effectively backtrack the event in question.
Cloud Security Framework Audit Methods
by Diana Salazar - April 27, 2016
Users have become more mobile, threats have evolved, and actors have become smarter. Users distribute information across multiple locations, many of which are not currently within the organizations infrastructure.
Incident Response in Amazon EC2: First Responders Guide to Security Incidents in the Cloud
by Tom Arnold - April 21, 2016
As Head of Digital Forensics for Payment Software Company Inc. (PSC), a company that focuses exclusively on Clients that accept or process payments,1 weve responded to sites operating within cloud environments, most notably Amazon EC2.
Implementing the Critical Security Controls in the Cloud
by Jon Mark Allen - February 10, 2016
Amazon refers to cloud computing as the on-demand delivery of IT resources and applications via the Internet with pay-as-you-go pricing (Amazon Web Services, 2015).
Moving Legacy Software and FOSS to the Cloud, Securely
by Larry Llewellyn - December 28, 2015
Frequently, organizations inherit source code written by a development team, which has long since moved on to other projects. Without fail, business requirements drive software modifications due to market evolution and developing, competitive business strategies.
Cloud Assessment Survival Guide
by Edward Zamora - November 10, 2015
The time has come where the society at large is living in the cloud. Many have questioned the security of information in the cloud and many have been told that information is safe there. But how can one be sure that information is indeed safe in the cloud? In this day and age where there is an increased dependence on such complex technology as cloud systems, there are needs for methodologies to test cloud deployments. For organizations that have or seek to implement cloud technology in their environment, this paper will present a brief background on cloud technology and a methodology for assessing the security of their cloud implementation based on penetration testing principles.
Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud
by Michael Hoehl - April 1, 2015
Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.
Its 10PM...Do you know where your cloud is?
by Robert J. Mavretich - August 11, 2014
From the time that Dr. Gordon Moore, the legendary founder of Intel postulated his theory that the number of transistors on an integrated circuit would double approximately every two years, the far off 21st century always seemed to hold the promise of flying cars and robotics making individual's lives easier.
The Security Onion Cloud Client Network Security Monitoring for the Cloud
by Joshua Brower - September 17, 2013
Network Security Monitoring (NSM) is the "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
Simplifying Cloud Access Without Sacrificing Corporate Control: A Review of McAfees Integrated Web and Identity Solutions
by Dave Shackleford - August 21, 2013
- Associated Webcasts: Managing Identities in the Cloud Without Sacrificing Corporate Control: A Review of McAfee
- Sponsored By: Intel Security
Review of McAfee Web Gateway version 7.3, McAfee Cloud Single Sign On (CSSO) version 4.0 and McAfee One Time Password version 4.0, with Pledge Software Token (Pledge) version 2.0.
An Introduction To Securing a Cloud Environment
by Todd Steiner - November 27, 2012
As government and private industry budgets continue to shrink, executives are plotting new strategies to become more efficient and cost effective.
Diskless Cluster Computing: Security Benefit of oneSIS and Git
by Aron Warren - April 16, 2012
This paper introduces the joining of two software packages, oneSIS and Git. Each package by itself is meant to tackle only a certain class of problem.
Cloud Computing - Maze in the Haze
by Godha Iyengar - October 18, 2011
In recent days, Cloud Computing has become a great topic of debate in the IT field. Clouds, like solar panels, appear intriguingly simple at first but the details turn out to be more complex than simple pictures and schematics suggest.
Following Incidents into the Cloud
by Jeff Reed - March 1, 2011
The availability and use of cloud computing continues to grow. Discussions of and references to its benefits and issues grow at a similar pace. As it continues to move from a sort of SOA of the Wild West into the mainstream, more companies will face the myriad questions arising from its use. When, why, where and how should integration with the cloud occur? How can one be certain that a cloud provider will survive through an organizations technology integration lifecycle?
Cloud Security and Compliance: A Primer
by Dave Shackleford - August 6, 2010
A quick guide to cloud computing that address areas of mobility and multi-tenancy, identity and access management, data protection and incident response and assessment.
A Guide to Virtualization Hardening Guides
by Dave Shackleford - May 20, 2010
- Sponsored By: VMWare, Inc
A guide to the virtualization hardening guides that includes key configuration and system security settings for VMware ESX and vSphere/Virtual Infrastructure with key control areas organizations need to consider.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.