iPad Air 2, Samsung Galaxy Tab A, or $350 Off with SANS Online Training Right Now!

Reading Room

SANS eNewsletters

Receive the latest security threats, vulnerabilities, and news with expert commentary

IPS

Featuring 3 Papers as of November 11, 2016

  • Network Inspection of Duplicate Packets by Randy Devlin - November 11, 2016 

    Network Intrusion Analysis enables a security analyst to review network traffic for protocol conformity and anomalous behavior. The analyst’s goal is to detect network intrusion activity in near-real time. The detection provides details as to who the attackers are, the attack type, and potential remediation responses. Is it possible that a network security stack could render the analyst “blind” to detecting intrusions? This paper will review architecture, traffic flow, and inspection processes. Architecture review validates proper sensor placement for inspection. Traffic flow analyzes sources and destinations, approved applications, and known traffic patterns. Inspection process evaluates protocols and packet specific details. The combination of these activities can reveal scenarios that potentially result in limitations of network security inspection and analysis.


  • Intrusion Detection and Prevention Systems Cheat Sheet: Choosing the Best Solution, Common Misconfigurations, Evasion Techniques, and Recommendations. Masters
    by Phillip Bosco - January 25, 2016 

    There are many decisions a company must make while choosing an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) for their infrastructure. Pricing questions will arise to determine if it will fit into their budget.


  • Network Security: Theory Versus Practice Analyst Paper
    by James Tarala - May 6, 2011 

    Survey makes it clear that network security personnel are not consistent about validating the resiliency – performance, security, and stability – of the devices and systems that go into their network and data center infrastructures.


Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

All papers are copyrighted. No re-posting or distribution of papers is permitted.

Masters - This paper was created by a SANS Technology Institute student as part of their Master's curriculum.