Featuring 42 Papers as of December 10, 2015
Advancing Endpoint Protection and Compliance with Promisec Endpoint Manager
by Jake Williams - December 10, 2015
- Associated Webcasts: Ensuring Compliance and Detecting Suspicious Activity with Promisec Endpoint Manager
- Sponsored By: Promisec
A review by SANS analyst and instructor Jake Williams of Promisec Endpoint Manager (PEM). It discusses PEMs effectiveness in detecting and remediating endpoint issues.
Validating Security Configurations and Detecting Backdoors in New Network Devices
by Christoph Eckstein - September 30, 2014
With the discovery of admin (root level) backdoors in network devices of Barracuda in January last year, it once again has become apparent that internet-facing network devices are vulnerable to unauthorized remote access (Goodin, Secret backdoors found in firewall, VPN gear from Barracuda Networks, 2013).
The Case for Endpoint Visibility
by Jacob Williams - March 13, 2014
- Associated Webcasts: Visibility at the Endpoint: The SANS 2014 Survey of Endpoint Intelligence
- Sponsored By: Guidance Software
Information to help security professionals track trends in endpoint protection and identify how their organizations capabilities compare with the survey base.
Server Security: A Reality Check
by Jake Williams - March 11, 2014
Why servers are still vulnerable despite layers of security in place today.
Protecting Virtual Endpoints with McAfee Server Security Suite Essentials
by Dave Shackleford - February 14, 2014
- Associated Webcasts: Security Without Scanning for Today's Hybrid Datacenter
- Sponsored By: Intel Security
A review of McAfees Server Security Suite Essentials that address some of the emerging challenges of securing virtual platforms and cloud environments.
by Scott Christie - December 16, 2013
Wardriving requires a computer system with the proper tools installed and a Wi-Fi receiver. Locating Wi-Fi access points has evolved from lugging large computers around in cars, to wardriving apps on smartphones such as WiGLE Wi-Fi Service for Android devices (WiGLE, 2013).
SOHO Remote Access VPN. Easy as Pie, Raspberry Pi...
by Eric Jodoin - December 4, 2013
Free, unencrypted Wireless Access Points (WAPs) have proliferated and are now found in various locations including restaurants, libraries, schools, hotels, airports, etc.
Comparative Risk Analysis Between GPON Optical LAN and Traditional LAN Technologies
by Jason Young - November 11, 2013
Gigabit Passive Optical Networks or "GPON" as promoted by vendors like Tellabs and Zhone Technologies operates quite differently from traditional Ethernet when providing LAN communications in a fiber to the desktop (FTTD) architecture (Tellabs, n.d.b).
Securing Data Center Servers: A Review of McAfee Data Center Security Suite Products
by Jim Hietala - August 18, 2012
- Sponsored By: Intel Security
This paper explores threats to data center servers, along with key security controls required to electively protect them, and reviews how the McAfee portfolio of server products aligns with these controls.
Shedding Light on Security Incidents Using Network Flows
by Kevin Gennuso - May 16, 2012
Incident handlers, and information security teams in general, face significant challenges when dealing with incidents in modern networks.
The Afterglow effect and Peer 2 Peer networks
by Jerome Radcliffe, - August 25, 2010
Overall there is room to grow in the area of P2P connection research. This limited study only looked at a small area of P2P interactions. There are an ever‐ growing number of BitTorrent clients and all of them handle the protocol differently. These differences could greatly impact every area of P2P communications, all of which are areas that could be grounds for research. Further research of how P2P clients interact could provide additional ways to increase efficiency and provide enhanced security.
McAfee Total Protection for Server Review
by Dave Shackleford - June 17, 2010
- Sponsored By: Intel Security
This paper is a review of the type of security and compliance coverage McAfee Total Protection for Server provides for server endpoints.
An Open Source Layer 2 Switch
by Jim Wilson - May 4, 2010
Small networks tend to grow and often times the growth is unplanned. The result is a network of daisy-chained switches, not the most reliable solution for a multi switch environment. What is needed is a solution which integrates all switches into a single collision domain or IP space. Most administrators would look at a Cisco solution at this point, but maybe we can use a Linux box instead. The Linux bridging software allows us to create a single LAN segment and combined with other Open Source software provide management and monitoring capabilities.
Hey Dude! I Can Do a Great Humphrey Bogart!
by Lee Peterson - November 11, 2009
This paper will present a fictitious router impersonation scenario wherein a router is duped into believing an imposter is a router that is already known and trusted. As a result, his routing tables are overwritten and traffic gets re-routed.
Application Whitelisting: Enhancing Host Security
by Dave Shackleford - October 7, 2009
- Sponsored By: Intel Security
Whitelisting provides a lighter means to protect end points, is useful for securing legacy applications and systems, as well as embedded systems and kiosks, and a helpful addition for any robust end point security plan.
Are Network Designs Ready for a Pandemic?
by Alan R. Mercer - April 27, 2009
This paper will investigate the network planning and design considerations that would be affected by the operational impacts of an avian flu pandemic upon a typical organization
Auditing and Securing Multifunction Devices
by Charles Scott - October 15, 2007
It used to be that a printer was connected directly to a computer via a serial or parallel interface, while fax machines and copiers did not connect to a computer at all. You knew where these devices were in your buildings and securing their physical output was your primary concern. In today's all-in-one world, you can now obtain single devices that are not only printers, but also copiers, scanners, and fax machines. These networked multifunction devices (MFDs) are increasingly common in enterprise environments and are manufactured by vendors such as Canon, HP, Kyocera, Xerox, and many others.
A Survey of Wireless Mesh Networking Security Technology and Threats
by Anthony Gerkis - October 18, 2006
This paper will summarize the technologies and challenges related to wireless mesh networks.
Wired 802.1x Security
by Mohammed Younus - July 27, 2006
This paper defines the fundamentals of 802.1x authentication, explains how the authentication process works in 802.1x, and provides the detailed steps to implement 802.1x in a switched LAN environment using Cisco's Implementation of 802.1x.
GIAC Certified Firewall Analyst (GCFW)
by Matthew Sullivan - May 17, 2005
In this paper, I will be introducing the technology of Private VLANs (PVLANs) and VLAN ACLs (VACLs) and discussing how they can add security to the defense in depth model.
Security improvement of a wide and heterogeneous set of network devices: a global approach
by Jean-Marc Millet - February 19, 2005
This case study describes the most interesting steps of a project to improve the security of a wide set (about one thousand) of network devices (switches, routers, firewalls) originated from many manufacturers. It is intended to describe a global approach which could be reused to tackle such situations.
Egress Filtering For a Better Internet
by Jason Pierce - January 22, 2005
During recent years, there has emerged a necessity for all internet users to try to stop inbound threats. Since most internet security is done from a defensive point of view, the questions is left, "Can proactive internet security provide viable solutions to some of the most serious problems facing the internet today?
Security and Vulnerability Analysis of an Ethernet-based attack on Cisco IOS
by Robert Foxworth - June 9, 2004
We note the recent attack on Cisco routers, publicized in July 2003, and analyze this work and expand upon it. This exploit used crafted packets to overflow the input buffer on Cisco devices and caused a Denial of Service, making the device unavailable for legitimate users, leading to loss of network connectivity.
A Security Assessment of the Ricoh Afcio 450E Multifunction Device
by David Garrard - September 26, 2003
This paper provides a Security Assessment of the Ricoh Afcio 450E multifunction device.
Virtual LAN Security: weaknesses and countermeasures
by Steve Rouiller - June 19, 2003
In this paper we have presented some attacks on VLAN and how to avoid these attacks.
Securing SNMP: A Look at Net-SNMP (SNMPv3)
by Michael Stump - May 30, 2003
This paper addresses the many improvements, enhancements, and additions that comprise net-snmp, as well as the benefits of using SNMP to monitor network devices and computers.
Implementing a Secure Internal Network
by Ken Creekmore - May 30, 2003
This paper presents how-to options and suggestions for designing and securing an internal network. Scenarios are provided concerning designs that may currently be in place and discussions and analysis on the risks involved and the vulnerabilities presented are included.
Implementing Secure Access to Cisco Devices using TACACS+ and SSH
by Paul Asadoorian - May 20, 2003
The goal of this paper is to provide an easy guide for network administrators to implement secure remote access for all Cisco networking equipment.
Securing out-of-band device management
by Marc Kolaks - December 23, 2002
This paper will outline vulnerabilities of out-of-band managed systems and devices, provide worksheets for helping to ensure security and give examples of possible architectures for secure remote access.
IPv4 Multicast Security: A Network Perspective
by Tom Bachert - August 30, 2002
This paper examines the security implications of multicast communications as they relate to network management.
HOW-TO Securely Use SNMP on a BGP/MPLS VPN Network
by Guillaume Tamboise - August 6, 2002
This papers discusses how SNMP can be successful in network management.
Packet Sniffing In a Switched Environment
by Tom King - August 4, 2002
This paper focuses on the threat of packet sniffing in a switched environment, briefly explores the effect in a non-switched environment, and covers ways to mitigate the threat of network sniffing in both non-switched and switched environments.
Securing The Network With Cisco Router
by Bang Tan - May 18, 2002
This paper discusses the steps of and security features available on a Cisco router for enhancing the security of a network. Topics covered include: the securing of routing updates through neighbor router authentication and route filtering, using IPSec to secure remote administration of Cisco routers; an overview of reflexive access list and content-based application control; combating code red with network-based application recognition; and, performing integrity checking on routers.
Securing Your Network With An Internet Access Router (or Getting Your Money's Worth From Your Cisco Gear)
by Mark Degner - April 4, 2002
In this document, we will cover the configurations that should be applied to nearly any Cisco router, and routers deployed for Internet access in particular
Router Audit Tool: Securing Cisco Routers Made Easy!
by Brian Stewart - March 29, 2002
This document will discuss the need for a tool such as the CIS Router Audit Tool and it's function in confirming that routers are securely configured in a large network environment.
How to Install IC Radius and Extend via Custom Perl Script
by Michael Meacle - March 15, 2002
In this HOW TO I will investigate how for a typical company you can install and extend a freely available radius server. In addition, detailed steps also show how the extended radius server can be configured to authenticate a selection of different network elements.
Securing the Cisco Local Director
by Scott Ambrose - December 18, 2001
This paper documents specific implementation steps required to secure a well-known, widely implemented network appliance load balancer: The Cisco LocalDirector.
Understanding and Implementing TACACS+
by Randy Feliz - October 14, 2001
This paper will focus on understanding and implementing TACACS+
Securing IP Routing and Remote Access on Cisco Routers
by Mohammed Hatta - September 20, 2001
This paper examines the ways to secure a Cisco router as the first step of defending your network.
Disabling Unneeded Features and Services on Cisco Internet Gateway Routers
by Toon Mordijck - August 13, 2001
The focus of this document is on closing down services and features as part of the hardening of the router.
Easy Steps to Cisco Extended Access List
by Nancy Navato - July 5, 2001
The purpose of this document is to explain in simple words how you can easily create an Extended Access List and apply it to your Cisco Router interface.
Nortel Instant Internet 100-S VPN Configuration
by Lloyd Ardoin - June 28, 2001
This paper will discuss the configuration and use of the Nortel Instant Internet 100-S as a VPN client in one organization's network environment.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.