Save $200 on Cyber Security Training at SANS Miami 2018. Ends 12/27.

Reading Room

SANS eNewsletters

Receive the latest security threats, vulnerabilities, and news with expert commentary

Getting Started/InfoSec

Featuring 18 Papers as of November 3, 2017

  • Building the Airplane in Mid-Flight: Bringing Cyber Security Structure to Special Operations Units STI Graduate Student Research
    by Adam Baker - November 3, 2017 

    Special operations units, born in the fire of urgency and required to be dynamically flexible, may operate for many years without a single cyber security representative. Once hired mid-stream into such a construct, a cyber security professional can be immediately overwhelmed with the breadth of the challenge before him or her: how to overcome cultural and technical challenges to introduce a comprehensive cyber security program into the ad-hoc structure of multi-classification, multi-network, multi-agency information systems and personnel. However, when armed with the lessons from cyber professionals from similar units who were thrown into a similar cauldron and succeeded, a newly-hired information security officer or manager can bring order to the unconventional chaos and ensure continued mission success. This paper will examine the experiences of cyber security professionals who overcame the challenges of securing information systems and personnel in units decidedly different from the rigid DoD structure or the corporate world. After reading, new information security professionals will have practical principles for securing their systems and soldiers, staying out of jail, and enjoying their jobs!


  • Building and Maintaining a Denial of Service Defense for Businesses STI Graduate Student Research
    by Matt Freeman - January 25, 2017 

    Distributed Denial of Service (DDoS) attacks have been around for decades but still cause problems for most businesses. While easy to launch, DDoS attacks can be difficult to sustain and even more difficult to monetize for attackers. From the business perspective, a DDoS attack might result in lost revenue but is unlikely to have the same long term impact that a data breach may have. Recent changes in the IT landscape have made DDoS a more attractive attack vector for hackers. The industry trend to connect more and more devices to the Internet (often with minimal to no security), dubbed the "Internet of Things" has created a new marketplace for bad actors to sell their resource exhaustion services. Businesses need to consider all options when planning and implementing a defensive posture against denial of service attacks. As security vendors continue to offer new (and expensive) options to defend against these attacks, how does an InfoSec manager know which is best for their business. Using an "Offense informs the Defense" approach, this paper will analyze the methods used during DDoS attacks in order to determine the most appropriate defensive postures.


  • Detecting and Preventing Attacks Earlier in the Kill Chain by Chris Velazquez - August 31, 2015 

    Most organizations place a strong focus on intrusion prevention technologies and not enough effort into detective technologies. Prevention of malicious attacks is ideal, but detection is mandatory in combatting cyber threats. Security vendors will only provide blocking signatures when there is a near zero false-positive rate. Because of this, there are signatures that are not implemented resulting in false-negatives from one’s security devices. This paper provides a look at tools that can be used to improve the detection of attackers at every phase of their attack. The intelligence learned from these attacks allows one to defend against these known attack vectors. This paper will look at a variety of open-source network IDS capabilities and other analysis tools to look at preventing and detecting attacks earlier in the cyber kill chain.


  • Getting Started with the Internet Storm Center Webhoneypot STI Graduate Student Research
    by Mason Pokladnik - December 12, 2013 

    The DShield/Internet Storm Center (ISC) Webhoneypot is a new project from DShield--a distributed intrusion detection system--that extends its logging capabilities from layer 3 and 4 network traffic further up the OSI layers to help study application layer attacks.


  • Introduction to the OWASP Mutillidae II Web Pen-Test Training Environment by Jeremy Druin - October 22, 2013 

    Web application security has become increasingly important to organizations.


  • Information Risks & Risk Management by John Wurzler - May 1, 2013 

    In a relatively short period of time, data in the business world has moved from paper files, carbon copies, and filing cabinets to electronic files stored on very powerful computers.


  • Information Security: Starting Out by Stewart James - December 7, 2009 

    Going from technical guru to Information Security Manager can be a bigger step than you might think. Taking on the role of IT Security Officer in an enterprise that treats information security as an IT problem can offer many challenges and many opportunities to learn.


  • Innovative Technologies and Guidelines Securing 21Century Telecommunications by Joseph Cronin - August 18, 2006 

    This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.


  • Secure Perimeter Network Design for GIAC Enterprises by Ted Franger - May 17, 2005 

    This paper puts forth a secure perimeter network design for the fictional company GIAC Enterprises, which is in the business of brokering fortune cookie sayings. The paper consists of three assignments and is completed in fulfillment of the requirements of a practical exam for the GIAC Certified Firewall Analysis Certification.


  • Possible Points of Failure in the Information Security Environment by Marion Qualls - July 25, 2004 

    The task of designing a secure infrastructure for IIS 5.0 web servers within a DMZ is difficult enough. Securing an existing DMZ becomes exponentially more difficult due to the added requirement of retrofitting those currently working servers with more appropriate security settings, policies and operational procedures while not adversely affecting website or application availability and keep costs to a minimum throughout the process.


  • Information Security: Managing Risk with Defense in Depth by Kenneth Straub - October 9, 2003 

    This paper provides a detailed overview of risk/risk management & data classification and why we need the Defense in Depth strategy.


  • Digital Signature and Multiple Signature: Different Cases for Different Purposes by Chafic Moussa - August 8, 2003 

    This paper will discuss digital signatures, how the security properties of integrity, authentication, and non-repudiation are respected and present the purposes of multiple signature schemes.


  • A Primer on OpenVMS (VMS) Security by Steven Bourdon - May 13, 2002 

    This paper provides an overview of the VMS operating system, security concepts and features, and several recent vulnerabilities affecting VMS.


  • Anti-Virus Strategy in a Public K-12 Educational Environment by Shawn Wyman - December 6, 2001 

    This paper discusses virus protection within a K-12 educational environment


  • Pockets of Chaos: Management Theory for the Process of Computer Security by Jason Collins - November 12, 2001 

    This paper discusses Computer Security as an ongoing journey, not simply a destination and outlines a flexible security framework that manages "pockets of chaos" to better help organizations achieve their security goals.


  • Ways To Become An Effective Information Security Professional - From A GIAC Wannabe Perspectives by Asmuni Yusof - October 1, 2001 

    This paper will examine the requirements necessary to become an effective Information Security Officer (ISO).


  • Security Education for Users: A Starting Place for Network Administrators by Blou Baker - July 23, 2001 

    This paper provides a simple outline of conducting basic computer security training within organizations.


  • Improving Defense in Depth for NASA's Mission Network by Mary Foote - July 11, 2001 

    This paper discusses the defense building blocks used by NASA which include increasing network capabilities, continued examination of network capabilities, assessment of new technologies and tools, increased security awareness for NASA non-security professionals, and training of the Mission Network security team members.


Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

STI Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.