Featuring 36 Papers as of September 14, 2016
Practical Approach to Detecting and Preventing Web Application Attacks over HTTP/2 Masters
by Russel Van Tuyl - April 11, 2016
The Hypertext Transfer Protocol (HTTP) was first defined in 1991 by the World Wide Web initiative as method to retrieve hypertext markup language (HTML) messages (Berners-Lee).
How to Leverage PowerShell to Create a User- Friendly Version of WinDump Masters
by Robert Adams - January 18, 2016
Security professionals rely on a myriad of tools to accomplish their job. This is no different than the toolboxes that plumbers, electricians, and other trade professionals carry with them every day.
Securing SSH with the CIS Critical Security Controls Analyst Paper
by Barbara Filkins - November 30, 2015
- Associated Webcasts: Securing SSH Itself with the Critical Security Controls
- Sponsored By: Venafi, Inc
A SANS Analyst Program whitepaper by Barb Filkins. It discusses how the Critical Security Controlscoupled with good configuration management processescan support the effort required to avoid the risks inherent to SSH.
Fingerprinting Windows 10 Technical Preview by Jake Haaksma - September 17, 2015
Understanding the intricacies of a network is powerful information for security professionals and malicious attackers alike. Operating system (OS) fingerprinting is the process of determining the OS of a remote computer. This can be primarily accomplished by passively sniffing network packets between hosts or actively sending crafted packets to the ports of a target host in order to analyze its response. This paper attempts to fingerprint Windows 10 Technical Preview for the purpose of OS identification and to improve Nmap's OS detection database.
IPv6 and Open Source IDS Masters
by Jon Mark Allen - May 14, 2015
This paper will examine the current support of IPv6 amongst three of the most popular open source intrusion detection systems: Snort, Suricata, and Bro. It will also examine support of the IPv6 protocol within the publicly available signatures and rules for each system, where applicable.
Differences between HTML5 or AJAX web applications by Sven Thomassin - August 27, 2014
Today's web application content is loaded to the web browser by means of the HyperText Transfer Protocol (HTTP).
Analyzing Polycom® Video Conference Traffic by Chris Cain - March 28, 2013
Most businesses and hospitals have relied on videoconferencing (VC) hardware to perform meetings, interviews, presentations or even tele-medicine procedures for many years.
Analyzing Network Traffic With Basic Linux Tools by Travis Green - November 16, 2012
When examining network traffic, one may examine the packets individually with Tcpdump, or reconstruct it with sophisticated and sometimes expensive tools.
A Complete Guide on IPv6 Attack and Defense by Atik Pilihanto - March 19, 2012
Based on RFC 791, “the internet protocol is designed for use in interconnected systems of packet switched computer communication networks.
Using SNORT® for intrusion detection in MODBUS TCP/IP communications by Javier Jimenez Diaz - December 19, 2011
Not long ago, analog and purpose built communications systems use to be prevalent technologies on industrial plants. It wasn’t common to find either interoperability or compatibility among them. In the 70s communication Networking began to be used in Direct Digital Control (Berge Jonas, 2004).
Using SSL to Secure LDAP Traffic to Microsoft Domain Controllers by Andrew Reid - September 21, 2011
When deploying application servers there is often a choice to be made regarding the authentication of user credentials. In most cases this is to use an internal account database or an LDAP directory such as Microsoft Active Directory Domain Services.
Scoping Security Assessments - A Project Management Approach by Ahmed Abdel-Aziz - June 7, 2011
Security assessments can mean different things to different people. This paper will explore what a security assessment is, why it should be done, and how it is different than a security audit.
OS and Application Fingerprinting Techniques Masters
by Jon Mark Allen - September 27, 2007
This paper will attempt to describe what application and operating system (OS) fingerprinting are and discuss techniques and methods used by three of the most popular fingerprinting applications: nmap, Xprobe2, and p0f. I will discuss similarities and differences between not only active scanning and passive detection, but also the differences between the two active scanners as well. We will conclude with a brief discussion of why successful application or OS identification might be a bad thing for an administrator and offer suggestions to avoid successful detection.
Well It's About Time by Vance Rider - January 19, 2005
This document describes the role time plays in a networked environment. Specifically it introduces the reader to the Network Time Protocol (NTP) and how it is used to synchronize computer clocks together via a hierarchical master slave relationship in a secure manner.
The Next Internet Privacy in Internet Protocol Version 6 (IPv6) by Kevin Scott - June 9, 2004
This paper addresses the aspect of privacy relating to Internet Protocol version 6 (IPv6). It analyzes both the security features implemented in IPv6 as well as privacy-relevant concerns of capabilities implemented within IPv6 such as automatic configuration.
Monitoring The ARP Protocol On Local Area Networks by David Fuselier - January 11, 2004
This document is a research paper on how to use the ARP protocol to monitor local area networks.
Applying the OSI Seven Layer Network Model To Information Security by Damon Reed - January 11, 2004
Data networking is a critical area of focus in the study of information security. This paper focuses on reviewing a key area of data networking theory - The Open Systems Interconnect (OSI) Seven Layer Network Model.
Understanding Instant Messaging (IM) and its security risks by Sujata Chavan - November 5, 2003
This paper provides an overview of IM technology, vulnerabilities and related security issues.
Security Measures to couple mixed IPv4/IPv6 Networks over a pure IPv6 Infrastructure by making Use of NAT-PT by Thorsten Brikey - August 8, 2003
The scope of this paper is to present a European test installation where NAT-PT is used to couple national networks over an IPv6 backbone.
The Real Cost of Free Programs such as Instant Messaging and Peer-to-Peer File Sharing Applications by Sigrun Grabowski - August 8, 2003
This paper discusses specific technical details and security risks of the four most popular Instant Messaging clients as well as several peer-to-peer file sharing programs and examines specific threats that are present for both these types of programs.
Is The Border Gateway Protocol Safe? by Sargon Elias - May 23, 2003
This paper is about the security issues of organisations that are planning to run their own Border Gateway Protocol (BGP) router to provide a redundant internet connection. This paper includes the following sections; description of the scenario, a brief description of IP and interdomain routing, the risks when using BGP, mitigation steps and future developments.
SSL and TLS: A Beginners Guide by Holly McKinley - May 12, 2003
This paper particularly serves as a resource to those who are new to the information assurance field, and provides an insight to two common protocols used in Internet security.
Mobile IPv6 by Sudha Sudanthi - March 4, 2003
The purpose of the paper is to familiarize you with the Mobile IPv6 standard, its use, and associated security concerns.
SNMP and Potential ASN.1 Vulnerabilities by Edmund Whelan - January 8, 2003
This paper briefly describes the SNMP protocol, with emphasis on the underlying ASN.1 notation, discusses the vulnerabilities identified by Oulu and demonstrates the Oulu Protos SNMP testing tool.
Security Features in IPv6 by Penny Hermann-Seton - September 6, 2002
This paper will present an in-depth view of the new security features in Internet Protocol version 6 (IPv6), namely the use of the Authentication Header and Encapsulating Security Payload (ESP) Header and examine how these security features can prevent certain types of network attacks.
Border Gateway Protocol -The Language of the Internet by Yvonne Tracy - April 10, 2002
This paper is an examination of Border Gateway Protocol.
IPv6 Deployment in Malaysia: The Issues and Challenges by Raja Mahmood - April 4, 2002
This paper examines the IPv6 prominent features in details, discusses on the IPv6 deployment around the world and studies some of the transition mechanisms available today.
Securing an Anonymous FTP Server in Solaris 8 with WU-FTPD by Mansel Bell - March 30, 2002
This paper will present one method of securing an anonymous FTP server in an UNIX environment.
Understanding Security Using the OSI Model by Glenn Surman - March 20, 2002
This paper will provide a breakdown of the OSI (Open Source Interconnection) model, and using that model, explain some well-known vulnerabilities.
Your Greatest Strength can become your Greatest Weakness: Simple Network Management Protocol Vulnera by Amy Geiger - March 4, 2002
This paper will discuss some of the major vulnerabilities discovered in SNMP and their potential impact as well as some of the major vendors affected by these vulnerabilities and possible solutions and alternatives that can be implemented to protect systems from these vulnerabilities.
SNMP Alert 2002: What is it all about? by Brad Beckenhauer - February 21, 2002
This paper provides a brief history of Simple Network Management Protocol (SNMP) and discusses the tools and information that can be used to test for SNMP vulnerabilities and increase security on your networking infrastructure.
Securing FTP Authentication by Mike Gromek - February 12, 2002
This paper discusses File Transfer Protocol, or FTP, an industry standard method of data exchange between computers, addresses some security concerns and offers several different approaches to these concerns.
Digging Deeper Into TCP/IP by Leah Wilson - November 29, 2001
This paper takes a close look at TCP/IP as a reference for the security professional.
IP Security Protocol-based VPNs by Eddie Younker - October 9, 2001
IP Security Protocol (IPSec) defines a set of protocols and cryptographic algorithms for creating secure IP traffic sessions between IPSec gateways as discussed in this paper.
Securing Time - The Autokey Protocols by Robert Palko - August 22, 2001
This paper investigates the authentication protocols used with NTP-V4.
A Look at Automatic Protocol Generation & Security Protocols by Boris Vassall - July 16, 2001
This paper will attempt to describe automatic protocol generation, and security protocols. Automatic Protocol Generation, APG for short, is a mechanism to generate security protocols automatically.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.