Featuring 21 Papers as of March 20, 2017
Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 Analyst Paper
by John Pescatore - March 20, 2017
- Associated Webcasts: 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security
Attackers are always changing their methods, but some cybersecurity trends are clear--and identifying these trends will help security professionals plan for addressing these issues in the coming year. Attacks will continue, and many will be successful. While security professionals should try to prevent a breach, it's far more critical to uncover breaches quickly and mitigate damage. Another significant trend for 2017: expanding current security measures to better protect data in the cloud and to address the security shortcomings of the Internet of Things. Even while fighting daily security fires, security managers can expect boards of directors to show more interest in their efforts. Board members are keenly aware that breaches can be high-profile catastrophes for companies, and they are also concerned that the organizations they oversee are in compliance with new and more stringent regulations. This whitepaper covers the latest and best security hygiene and common success patterns that will best keep your organization off the "Worst Breaches of 2017" lists.
Cloud Security Monitoring STI Graduate Student Research
by Balaji Balakrishnan - March 13, 2017
This paper discusses how to apply security log monitoring capabilities for Amazon Web Services (AWS) Infrastructure as a Service(IaaS) cloud environments. It will provide an overview of AWS CloudTrail and CloudWatch Logs, which can be stored and mined for suspicious events. Security teams implementing AWS solutions will benefit from applying security monitoring techniques to prevent unauthorized access and data loss. Splunk will be used to ingest all AWS CloudTrail and CloudWatch Logs. Machine learning models are used to identify the suspicious activities in the AWS cloud infrastructure. The audience for this paper are the security teams trying to implement AWS security monitoring.
Security Assurance of Docker Containers STI Graduate Student Research
by Stefan Winkle - November 22, 2016
With recent movements like DevOps and the conversion towards application security as a service, the IT industry is in the middle of a set of substantial changes with how software is developed and deployed. In the infrastructure space, we see the uptake of lightweight container technology, while application technologies are moving towards distributed micros services. There is a recent explosion in popularity of package managers and distributors like OneGet, NPM, RubyGems and PyPI. More and more software development becomes dependent on small, reusable components developed by many different developers and often distributed by infrastructures outside our control. In the midst of this all, we often find application containers like Docker, LXC, and Rocket to compartmentalize software components. The Notary project, recently introduced in Docker, is built upon the assumption the software distribution pipeline can no longer be trusted. Notary attempts to protect against attacks on the software distribution pipeline by association of trust and duty separation to Docker containers. In this paper, we explore the Notary service and take a look at security testing of Docker containers.
Security and Accountability in the Cloud Data Center: A SANS Survey Analyst Paper
by Dave Shackleford - October 10, 2016
- Associated Webcasts: Security and Accountability in the Cloud, the SANS 2016 Cloud Security Survey: Part 2 - Changes in Cloud Security Security and Accountability in the Cloud, the SANS 2016 Cloud Security Survey: Part 1 - Breach Landscape and the Top Threats and Challenges
- Sponsored By: McAfee Rapid7 Inc. IBM CloudPassage Bitglass
Despite risk that is higher than more controlled on-premises traditional non-cloud systems, this survey found that almost a quarter of respondents (24%) are in organizations adopting a “cloud first” strategy. Using public cloud or on-premises applications as appropriate led the way, chosen by 46% of respondents, and 30% of respondents said they prefer on-premises applications. Read on to learn more about the state of cloud security and what we need to do to improve it.
Changing the Perspective of Information Security in the Cloud: Cloud Access Security Brokers and Cloud Identity and Access Management STI Graduate Student Research
by Jennifer Johns - August 4, 2016
Businesses are leveraging cloud computing services at an exponential rate. Working in the information security industry during the cloud computing frenzy is exciting, but it is also proving to be challenging as cloud computing service providers (CSPs) have typically lacked industry standard security controls.
Full Packet Capture Infrastructure Based on Docker Containers STI Graduate Student Research
by Mauricio Espinosa Gomez - May 6, 2016
In today’s world, it is common to hear news about organizations being breached by malicious actors, even in highly protected environments; the risk of being exploited is always present, when an incident has already occurred, a full packet capture provides invaluable information to effectively backtrack the event in question.
Cloud Security Framework Audit Methods STI Graduate Student Research
by Diana Salazar - April 27, 2016
Users have become more mobile, threats have evolved, and actors have become smarter. Users distribute information across multiple locations, many of which are not currently within the organization’s infrastructure.
Incident Response in Amazon EC2: First Responders Guide to Security Incidents in the Cloud by Tom Arnold - April 21, 2016
As Head of Digital Forensics for Payment Software Company Inc. (“PSC”), a company that focuses exclusively on Clients that accept or process payments,1 we’ve responded to sites operating within cloud environments, most notably Amazon EC2.
Implementing the Critical Security Controls in the Cloud STI Graduate Student Research
by Jon Mark Allen - February 10, 2016
Amazon refers to cloud computing as “the on-demand delivery of IT resources and applications via the Internet with pay-as-you-go pricing” (Amazon Web Services, 2015).
Moving Legacy Software and FOSS to the Cloud, Securely by Larry Llewellyn - December 28, 2015
Frequently, organizations inherit source code written by a development team, which has long since moved on to other projects. Without fail, business requirements drive software modifications due to market evolution and developing, competitive business strategies.
Cloud Assessment Survival Guide STI Graduate Student Research
by Edward Zamora - November 10, 2015
The time has come where the society at large is living in the cloud. Many have questioned the security of information in the cloud and many have been told that information is safe there. But how can one be sure that information is indeed safe in the cloud? In this day and age where there is an increased dependence on such complex technology as cloud systems, there are needs for methodologies to test cloud deployments. For organizations that have or seek to implement cloud technology in their environment, this paper will present a brief background on cloud technology and a methodology for assessing the security of their cloud implementation based on penetration testing principles.
Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud STI Graduate Student Research
by Michael Hoehl - April 1, 2015
Cloud computing services provide many technology and business opportunities that were simply unavailable a few years ago.
Its 10PM...Do you know where your cloud is? STI Graduate Student Research
by Robert J. Mavretich - August 11, 2014
From the time that Dr. Gordon Moore, the legendary founder of Intel postulated his theory that the number of transistors on an integrated circuit would double approximately every two years, the far off 21st century always seemed to hold the promise of flying cars and robotics making individual's lives easier.
The Security Onion Cloud Client Network Security Monitoring for the Cloud STI Graduate Student Research
by Joshua Brower - September 17, 2013
Network Security Monitoring (NSM) is the "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
Simplifying Cloud Access Without Sacrificing Corporate Control: A Review of McAfees Integrated Web and Identity Solutions Analyst Paper
by Dave Shackleford - August 21, 2013
- Associated Webcasts: Managing Identities in the Cloud Without Sacrificing Corporate Control: A Review of McAfee
- Sponsored By: McAfee
Review of McAfee Web Gateway version 7.3, McAfee Cloud Single Sign On (CSSO) version 4.0 and McAfee One Time Password version 4.0, with Pledge Software Token (Pledge) version 2.0.
An Introduction To Securing a Cloud Environment by Todd Steiner - November 27, 2012
As government and private industry budgets continue to shrink, executives are plotting new strategies to become more efficient and cost effective.
Diskless Cluster Computing: Security Benefit of oneSIS and Git STI Graduate Student Research
by Aron Warren - April 16, 2012
This paper introduces the joining of two software packages, oneSIS and Git. Each package by itself is meant to tackle only a certain class of problem.
Cloud Computing - Maze in the Haze by Godha Iyengar - October 18, 2011
In recent days, “Cloud Computing” has become a great topic of debate in the IT field. Clouds, like solar panels, appear intriguingly simple at first but the details turn out to be more complex than simple pictures and schematics suggest.
Following Incidents into the Cloud by Jeff Reed - March 1, 2011
The availability and use of cloud computing continues to grow. Discussions of and references to its benefits and issues grow at a similar pace. As it continues to move from a sort of ‘SOA of the Wild West’ into the mainstream, more companies will face the myriad questions arising from its use. When, why, where and how should integration with the cloud occur? How can one be certain that a cloud provider will survive through an organization’s technology integration lifecycle?
A Guide to Virtualization Hardening Guides Analyst Paper
by Dave Shackleford - May 20, 2010
- Sponsored By: VMWare, Inc
A guide to the virtualization hardening guides that includes key configuration and system security settings for VMware ESX and vSphere/Virtual Infrastructure with key control areas organizations need to consider.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.