Commercial Software
Featuring 15 Papers as of July 23, 2018
-
Security Considerations for Team Based Password Managers by Matthew Schumacher - July 23, 2018
Password management applications are a common and practical way to store complex passwords. They use encryption to protect the passwords from attack, but like in any other cryptographic system, they rely on a secret key to encrypt the data. The typical approach is to derive the secret key used to the encrypt the password database from a master password. This eliminates the requirement to store it or protect the secret key; however, this approach doesn’t work well for multi-user password managers, as team based password management applications need to allow for each user having his/her own unique password, and may require other features such as password sharing, fine grained access control, or domain integration. This paper explores a few ways that different password management applications work in a team environment, and the strengths and weaknesses of their implementations. By learning about some of the underlying technologies and principles, then analyzing a few popular software applications, the reader should be better equipped to choose a solution that best fits their functionally and security requirements.
-
Application White-listing with Bit9 Parity STI Graduate Student Research
by Mike Weeks - October 29, 2014Antivirus is a requirement for a host of compliance standards and is championed to be a critical component for any security baseline (PCI-DSS 3.0-5.1). A recent google search for "Cyber Security Breaches" in Google News shows 16,700 results in Google News.
-
EnterpriseOne Security Solution for Real Estate Management by Ruben Amely-Velez - January 26, 2005
This paper will discuss the business request from Real Estate Management to Information Security to create a security model for production implementation.
-
Areas To Consider When Implementing PeopleSoft by Dirk Norman - March 2, 2004
This paper will address some of the basic principles of securing a PeopleSoft application and discuss some of the security features that can help secure the data.
-
Oracle Collaboration Suite Security by Chris Bennett - July 14, 2003
This paper discusses the Oracle Collaboration Suite, a collaborative communication platform that includes Email, IMAP, POP3, Webmail, Portal, Calendar, Oracle Files, Wireless, Voicemail and Fax services within a single framework.
-
Using MOM 2000 to Secure Servers by Wyatt Banks - June 5, 2002
The primary focus of this paper is to show how MOM 2000 out of the box can address many security issues and act as your eyes and ears on every managed machine.
-
Polycom Videoconferencing Endpoint Security and Configuration by Scott Christianson - June 3, 2002
This paper focuses on the security of videoconferencing endpoints made by Polycom Corporation
-
Understanding Lotus Notes Security & Execution Control List (ECL) Settings by Kurt Sanders - May 15, 2002
This article will prepare you, your system administrators and your clients for the next generation of hackers who will design "Email Neutral" viruses that can run freely on both Lotus Notes and Microsoft Outlook workstations.
-
Choosing Your Anti-virus Software by Jacqueline Castelli - April 2, 2002
The first step to choosing anti-virus software is to understand how they work.
-
Distributed Security Management for the Enterprise by William DiProfio - January 3, 2002
The focus of this paper is on managed security, specifically one product that has been on the market for almost a year, Spectrum Security Manager.
-
Anti-virus Software: The Challenge of Being Prepared for Tomorrow's MalWare Today by Lisa Galarneau - October 17, 2001
One of the common themes in this advice is to select and deploy at least one and possibly more Anti-virus Software packages.
-
Norton AntiVirus C.E 7.6 by Andre Botelho - October 10, 2001
This document covers most of the new fetchers of NavCE, and includes some URL's for further research of this product.
-
How To Implement Security in the MAX TNT RAS Server by Gilson Silva - October 3, 2001
This document intends to show the necessary configurations and cares to provide a more secure DIAL or ISDN (Integrated Service Digital Network) access network, based on equipments Lucent MAX TNT.
-
ElcomSoft vs. Adobe: How AEBPR cracked Adobe's Acrobat E-Book Reader by Austen Woods - August 24, 2001
This paper will look at this security model, and examine how a program such as AEPBR has been able to circumvent it.
-
Security Applications for Cisco NetFlow Data by Jana Dunn - July 23, 2001
During or after a security incident, the data collected with network monitoring tools can assist network managers in determining what has happened, what remediation needs to be done, and how to prevent future occurrences.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
STI Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.
