Sorry! The requested paper could not be found.
Encryption & VPNs
Featuring 106 Papers as of July 28, 2020
-
Benefits and Adoption Rate of TLS 1.3 SANS.edu Graduate Student Research
by Ben Weber - July 28, 2020The cybersecurity industry is often reluctant to adopt new technologies due to perceived complications, assumed dependencies, and unclear information about the benefits. Digital communication protections are not exempt from this phenomenon and are often overlooked when maintaining a secure environment. Adopting new technologies is essential to utilize recent advancements in speed, security, and other newly available features. RFC 8446, better known as TLS 1.3, was released in August of 2018 and included enhancements to the speed and security of a TLS session. Older versions of TLS that still exist, however, fall short when compared to TLS 1.3. This paper provides data testing the speed and security of TLS 1.3 compared to TLS 1.2 across major TLS libraries and a point-in-time measurement of TLS 1.3 adoption across the top 500 websites in the business, retail, technology, and news sectors.
-
Learning CBC Bit-flipping Through Gamification by Jeremy Druin - April 24, 2018
Cryptanalysis concepts like CBC Bit-flipping can be difficult to grasp through study alone. Working through "hands-on" exercises is a common teaching technique intended to assist, but freely available training tools may not be readily available for advanced web application penetration testing practice. To this end, this paper will describe CBC bit-flipping and offer instruction on trying this cryptanalysis technique. Also, a CBC bit-flipping game will be provided within the OWASP Mutillidae II web application. Mutillidae is a large collection of deliberately vulnerable web application challenges designed to teach web security in a stand-alone, local environment.
-
Learning Cryptography by Doing It Wrong: Cryptanalysis of the Vigenere Cipher by Jeremy Druin - February 3, 2018
When studying complex ideas, it may help to begin with a simpler example to better understand its concepts. Modern cryptography and cryptanalysis are exceptionally complex, so a case study from classical cryptography can aid understanding. The Vigenere Cipher is a good example. Vigenere was widely considered to be a secure cipher for three centuries. It is non-trivial to cryptanalyze, offering a stretch goal for beginners, but not impossible to comprehend. Vigenere provides practice of multiple techniques such as statistical analysis, histograms, and Index of Coincidence. Statistical properties of files before and after encryption can be compared to show attributes that allow encrypted files to be detected. A method of detecting the encryption key length for a Vigenre cipher will be introduced. Ultimately, a strategy to recover the key for JPEG encrypted files will be demonstrated. To help the reader follow this analysis, open source software will be provided that performs encryption, decryption, and cryptanalysis. Besides learning about classical ciphers and having fun, we will reinforce the importance of proper cipher choice for the modern InfoSec professional.
-
HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare SANS.edu Graduate Student Research
by Dallas Haselhorst - September 12, 2017Ask healthcare IT professionals where the sensitive data resides and most will inevitably direct attention to a hardened server or database with large amounts of protected health information (PHI). The respondent might even know details about data storage, backup plans, etc. Asked the same question, a penetration tester or security expert may provide a similar answer before discussing database or operating system vulnerabilities. Fortunately, there is likely nothing wrong with the data at that point in its lifetime. It potentially sits on a fully encrypted disk protected by usernames, passwords, and it might have audit-level tracking enabled. The server may also have some level of segmentation from non-critical servers or access restrictions based on source IP addresses. But how did those bits and bytes of healthcare data get to that hardened server? Typically, in a way no one would ever expect... 100% unencrypted and unverified. HL7 is the fundamentally flawed, insecure standard used throughout healthcare for nearly all system-to-system communications. This research examines the HL7 standard, potential attacks on the standard, and why medical records require better protection than current efforts provide.
-
HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille's Heel of Healthcare SANS.edu Graduate Student Research
by Dallas Haselhorst - September 12, 2017On any given day, a hospital operating room can be chaotic. The atmosphere can make one’s head spin with split-second decisions. In the same hospital environment, medical data also whizzes around, albeit virtually. Beyond the headlines involving medical device insecurities and hospital breaches, healthcare communication standards are equally as insecure. This fundamental design flaw places patient data at risk in nearly every hospital worldwide. Without protections in place, a hospital visit today could become a patient’s worst nightmare tomorrow. Could an attacker collect the data and sell it to the highest bidder for credit card or tax fraud? Or perhaps they have far more malicious plans such as causing bodily harm? Regardless of their intentions, healthcare data is under attack and it is highly vulnerable. This research focuses on attacking and defending HL7, the unencrypted and unverified data standard used in healthcare for nearly all system-to-system communications.
-
Snort and SSL/TLS Inspection by Yousef Bakhdlaghi - April 20, 2017
An intrusion detection system (IDS) can analyze and alert on what it can see, but if the traffic is tunneled into an encrypted connection, the IDS cannot perform its analysis on that traffic. The difficulty of looking into the packet payload makes the encrypted traffic one of the challenging issues to IDS. In Snort, the encrypted traffic inspector is available optionally and can only inspect connections’ handshakes with no further inspection of the payload after the connection has established. However, encrypted traffic can be entirely decrypted using the private key (decryption key), but there are some issues associated with SSL/TLS key exchanges that could increase the difficulty of decrypting traffic provided the private key.
-
The Age of Encryption by Wes Whitteker - November 7, 2016
Over the last few years, there has been an increasing movement toward encrypting Internet communication. Though this movement increases the confidentiality of transmitted information, it also severely limits the ability of security tools to analyze Internet traffic for malicious content. This paper investigates the growth of encrypted Internet traffic (i.e. HTTPS) and its impact on Cybersecurity. This paper also proposes an open source solution for decrypting and inspecting Internet traffic accommodating IPv4 and v6 for both home and small-to-medium sized business (SMB) use.
-
Extending your Business Network through a Virtual Private Network (VPN) SANS.edu Graduate Student Research
by Kaleb Fornero - May 17, 2016It’s safe to assume that most individuals reading this paper have leveraged a Virtual Private Network (VPN) at some point in their life, many on a daily basis.
-
Encryption Solutions for Small Networks by David Reed - November 20, 2015
Data is being created faster than ever before. Every minute in 2014 users created 2.5 million pieces of Facebook content, 300,000 Tweets, and 220,000 Instagram photos (Gunelius, 2014). Each swipe of a credit card, scan of a loyalty card, and launch of a smartphone app creates even more data.
-
PKI Trust Models: Whom do you trust? SANS.edu Graduate Student Research
by Blaine Hein - July 28, 2015There has been a substantial amount of attention in the media recently regarding Public Key Infrastructures (PKI). Most often, secure web server exploits and signed malware have generated this attention and have led to the erosion of trust in PKI. Despite this negative media attention, there has been very little detailed discussion of the topic of PKI Trust proliferation and control. PKI is an integral part of our daily lives even though, for the most part, we never notice it. Europe is several years ahead of North America in the ubiquitous deployment of PKI to its citizens, but North America has begun to catch up. This paper covers four major areas including the definition of trust and trust models, implementation of trust, auditing of trust, and managing trust. The paper provides proof of concept tools to allow administrators to understand their current level of PKI trust and techniques manage trust.
-
Implementing Hardware Roots of Trust: The Trusted Platform Module Comes of Age Analyst Paper (requires membership in SANS.org community)
by Gal Shpantzer - June 18, 2013- Associated Webcasts: Implementing Hardware Roots of Trust
- Sponsored By: Trusted Computing Group
Discussion of trends that are driving adoption of TPM, with advice on how to take advantage of this increasingly commonplace technology without disrupting your security infrastructure.
-
Transparent Data Encryption: New Technologies and Best Practices for Database Encryption Analyst Paper (requires membership in SANS.org community)
by Tanya Baccam - April 7, 2010- Sponsored By: Oracle
A look at the basics of encryption with a discussion the pros and cons of leading encryption architectures available today.
-
Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data by nuBridges, inc - September 29, 2009
Exploring the use of tokenization as a best practice in improving PCi dss compliance, while at the same time minimizing the cost and complexity of PCi dss compliance by reducing audit scope.
-
Regulations and Standards: Where Encryption Applies Analyst Paper (requires membership in SANS.org community)
by Dave Shackleford - November 17, 2007- Sponsored By: Utimaco
This paper describes the types of data under protection regulation and basic best practices for implementing appropriate encryption technologies.
-
The challenge of securely storing and transporting large files across a corporate Wide Area Network by Jeremy Gibb - October 26, 2007
The majority of organizations that use Wide Area Networks (WAN’s) to connect Local Area Network’s (LAN’s) together have a requirement to transfer large amounts of data “across the wire”, between different locations. A number of widely available desktop applications such as Microsoft Outlook and Windows Explorer provide built-in functionality that support the basic data transfer needs of most users (e.g. attaching a file to an email, creating a “share” on a remote machine and mapping a local drive to that share), but such solutions have limitations when there is a requirement from backend applications or system administrators to reliably transfer large files that are often numerous Gigabytes (Gig), or more, in size. This challenge is further complicated when the data is of a sensitive nature and needs to be transported securely, on a repetitive (i.e. automated) basis, and must be held in a secure format before and after transmission.
-
Hardware Versus Software: A Usability Comparison of Software-Based Encryption with Seagate Secure™ Hardware-Based Encryption Analyst Paper (requires membership in SANS.org community)
by Jim D. Hietala - September 10, 2007- Sponsored By: Seagate Technology
This paper explores the factors driving adoption of encryption in laptop and desktop systems and then compares two different approaches to providing encryption, software-based and hardware-based.
-
Encryption Procurement: Setting a Standard Analyst Paper (requires membership in SANS.org community)
by Stephen Northcutt, Barbara Filkins - June 6, 2007- Sponsored By: Utimaco
Information and checklist to help organizations develop an RFP for enterprise encryption.
-
OpenVPN and the SSL VPN Revolution by Charlie Hosner - August 25, 2004
True SSL VPNs are beginning to appear in the market. One of the best, and definitely the least expensive, is the open source SSL VPN, OpenVPN.
-
Securing Key Distribution with Quantum Cryptography by Bradford Bartlett - August 15, 2004
Quantum cryptography recently made headlines this year when European Union members announced their intention to invest $13 million in the research and development of a secure communications system based on this technology.
-
Elliptic Curve Cryptography and Smart Cards by Ahmad Kayali - April 8, 2004
Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (for example, a 160 bit ECC has roughly the same security strength as 1024 bit RSA).
-
Understanding and Configuring IPSec between Cisco Routers by Ryan Ettl - March 25, 2004
This paper will provide insight for a secure solution to address this business need using Virtual Private Networking.
-
SSL Remote Access VPNs: Is this the end of IPSec? by Steven Ferrigni - December 13, 2003
This paper looks at the two VPN technologies with respect to remote access, discusses the advantages and disadvantages of each and whether they can co-exist.
-
Cryptography - Business Value Behind the Myth by Jeff Christianson - October 31, 2003
The purpose of this paper is to help information technology professionals make informed decisions about using cryptographic solutions to secure electronic business transactions.
-
Demystifying DSS: The Digital Signature Standard by Richard Brehove - August 22, 2003
This paper examines the requirements of signatures, outlines the technologies involved in creating digital signatures, and describes the components of the Digital Signature Standard (DSS).
-
Security Implications of SSH by Bill Pfeifer - August 22, 2003
This paper provides a high-level discussion of some of the security considerations associated with SSH, as well as some potential methods of addressing those considerations.
-
IPSec Interoperability between OpenBSD, Linux and Sonicwall by Daniel Young - August 8, 2003
This paper discusses OpenBSD project, Linux FreeS/WAN project and Sonicwall Inc., each providing cost effective IPSec implementations with excellent reliability and some of the issues surrounding their interoperability.
-
Instant Message Security - Analysis Of Cerulean Studios Trillian Application by Michael Murphy - July 14, 2003
This paper outlines the underlying security risks of Instant Messaging (IM) focusing on an analysis of Cerulean Studios' Trillian application.
-
MPLS - VPN Services and Security by Ravi Sinha - July 14, 2003
The information will provide the foundation for the discussion on providing scalable VPN services in a MPLS environment.
-
IPSec Tunnel Creation by Chris Gutridge - July 11, 2003
The purpose of this paper is to detail, explain, and illustrate the specific processes that occur in creating an IPSec VPN tunnel.
-
Using GPL Software For Email and File Encryption by David Tucker - June 19, 2003
Privacy is important, the security of information is sometimes legally required, and internet communication often does not provide this necessary security inherently.
-
Attacks on PGP: A Users Perspective by Ryan Thomas - June 19, 2003
The focus of this paper is to inform users of the practical and theoretical strategies that may be used in an attempt to compromise PGP (Pretty Good Privacy), potentially exposing the contents of a PGP encrypted message to an attacker.
-
Network Based VPNs by Olivier Strahler - May 23, 2003
This paper focuses on this particular type of VPN. First, it provides a short history on the evolution of VPNs, then it explains what is meant by Network based VPNs.
-
Cryptanalysis of RSA: A Survey by Carlos Cid - May 8, 2003
In this paper we give a survey of the main methods used in attacks against the RSA cryptosystem. We describe the main factoring methods, attacks on the underlying mathematical function, as well as attacks that exploit details in implementations of the algorithm.
-
Multiprotocol Label Switching Virtual Private Networks and the enterprise - Do they fit in the security model? by Michael Stoos - May 8, 2003
Multiprotocol label switching virtual private networks have gained press as a new service provider method to provide a secure path in the public Internet space.
-
When Security Counts: Securing a Test Server with a VPN Connection by Patricia Hulsey - March 25, 2003
This paper describes the design choices of a deployment for a router-to-router VPN connection using the Windows 2000 platform VPN server.
-
The Risks Involved With Open and Closed Public Key Infrastructure by Philip Hlavaty - March 22, 2003
This paper will present some of the risks and liability issues involved with PKI, such as the enormous risks behind the open PKI model and why it never flourished in the marketplace.
-
Remote Access VPN - Security Concerns and Policy Enforcement by Mike Stines - March 16, 2003
The recommendations contained within this paper can assist in a secure and successful implementation of a remote-access VPN.
-
A Review of Chaffing and Winnowing by David Spence - March 13, 2003
This paper presents an overview of Chaffing and Winnowing as described by Ronald Rivest and a review of a secure Chaffing and Winnowing scheme called Chaffinch.
-
PGP for Everyday Use by Jeremy Hoel - March 10, 2003
This paper has shown how to get PGP, protect files on your drive, protect your e-mail messages and manipulate your key ring.
-
Prime Numbers in Public Key Cryptography by Gerald Crow - March 9, 2003
This paper explores some of the basic properties of prime numbers and several theorems associated with them, and presents moderate detail on two of the most common asymmetric algorithms and the manner in which they employ prime numbers.
-
Remote Access IPSec VPNs: Pros and Cons of 2 Common Clients by Jason Everard - February 27, 2003
This paper discusses two client options for creating this encrypted and authenticated connection, as well as options for working around the deficiencies of the current IPSec standard by combining IPSec with L2TP or by using proprietary functions to accomplish the same.
-
Randomness and Entropy - An Introduction by Chris Thorn - February 26, 2003
This paper will attempt to bring together information pertaining to concepts and definitions of randomness and entropy.
-
Quantum Encryption - A Means to Perfect Security? by Bruce Auburn - February 26, 2003
This paper addresses the issue of public key cryptography.
-
Applied Encryption: Ensuring Integrity of Tactical Data by Jennifer Skalski-Pay - February 21, 2003
This paper will provide the reader with a low-level understanding of the Global Command and Control System-Maritime (GCCS-M), CST, Track Database Manager (Tdbm) and SIPRNet.
-
Cryptography: What is secure? by Willy Jiang - February 14, 2003
This paper looks at how security is achieved by discussing basic substitution and transposition operations, to get an appreciation of security in cryptography and recommend basic approach to implement cryptography.
-
An Overview of Cryptographic Hash Functions and Their Uses by John Silva - February 6, 2003
This paper provides a discussion of how the two related fields of encryption and hash functions are complementary, not replacement technologies for one another.
-
A Consumer Guide for Personal File and Disk Encryption Programs by Scott Baldwin - January 25, 2003
This paper will give you the knowledge to select an encryption product that matches your needs.
-
BUSINESS PARTNER VPN: NEEDED NOW by Karen Duncanson - January 1, 2003
This paper takes a look at Business Partner VPN and focus on challenges now being dealt with in the face of requirements for a VPN that promises end to end security between two separate business entities and even between the users within those entities.
-
No Single Killer App for PKI by Cliff Schiller - December 18, 2002
This paper presents the author's perspective on the real benefits of PKI as a technology.
-
Is the future of cryptography in qubits by Wayne Redmond - December 12, 2002
In a beautiful irony, quantum computers may break current cryptography but quantum mechanics also offer hope to cryptography in quantum key distribution.
-
Appropriate Use of Network Encryption Technologies by Kenneth Forward - September 20, 2002
This paper will describe virtual private networks and other network encryption technologies such as secure sockets layer - what they are, and what protections they provide.
-
Issues When Using IPsec Over Geosynchronous Satellite Links by Greg Totsline - August 12, 2002
This paper describes the salient points of TCP over satellite links, performance enhancing proxies, IPsec, and the issues with the combined use of these technologies.
-
Configuring Secure Shell with TCP Wrappers on Solaris 2.8 by Jane Micheller - August 8, 2002
This paper shows how to setup the OpenSSH version 3.4 on Solaris 2.8 platform, beginning with the development of the product and illustrates packet captures.
-
S-Box Modifications and Their Effect in DES-like Encryption Systems by Joe Gargiulo - July 25, 2002
This paper presents the substitution boxes (s-boxes) found in many block ciphers, and more specifically in DES-like encryption systems.
-
Creating a Secure VPN with Cisco Concentrator and ACE Radius/SecurID by Nathan Lasnoski - June 30, 2002
Using a VPN, companies can expand the reach of their corporate network beyond their expensive leased lines by using the assets provided by the Internet.
-
Infrastructure Design Considerations When Using Client Certificates by Tim Hollingshead - May 9, 2002
This paper will investigate some of the considerations that should be evaluated when looking to bring a new technology into the design of an application.
-
VPN-1 SecureClient - Check Point's Solution for Secure Intranet Extension by Ryan Gibbons - April 9, 2002
This paper addresses why SecureClient is widely compatible and has a small footprint, making it appealing to organizations that use Check Point products and are considering such functionality.
-
PKI, The What, The Why, and The How by Duncan Wood - March 26, 2002
This paper discusses Public Key Architecture (PKI) and why governments are introducing legislation for information privacy.
-
A Vulnerability Assessment of Roaming Soft Certificate PKI Solutions by Stephen Wilson - March 25, 2002
This paper highlights the security engineering and deployment considerations by presenting a systematic vulnerability assessment of the common roaming architecture.
-
The Ease of Steganography and Camouflage by John Bartlett - March 17, 2002
In this paper we will look at the ease of use of one particular program, and the ability to detect steganographic material created by the program.
-
Vulnerability's of IPSEC: A Discussion of Possible Weaknesses in IPSEC Implementation and Pro by Daniel Clark - March 14, 2002
This paper will discuss the protocol suite IPSEC, with a view to analyzing the various weaknesses have been or could be identified within the protocol.
-
Decommissioning Certification Authorities by Claudia Lukas - March 10, 2002
This paper reviews these guidelines and discusses terminating a Certification Authority.
-
Secure Access of Network Resources by Remote Clients by Glendon MacDonald - February 20, 2002
This paper will identify the threats that remote access poses to corporate network security including those involving hackers, malicious applications and the use of weak access and physical controls.
-
Roll Your Own Crypto Services (Using Open Source and Free Cryptography) by Edward Donahue - January 24, 2002
This paper surveys the open source software available to secure the most common applications: email and file encryption, web access and server oriented services, IPsec and VPNs, and finally, remote session encryption.
-
An Overview of Hardware Security Modules by Jim Attridge - January 14, 2002
This paper intends to introduce the concept of a cryptographic hardware device. It will describe its functions, uses and implementations.
-
Comparing BGP/MPLS and IPSec VPNs by Gary Alterson - January 9, 2002
This paper gives an overview of MPLS and then discusses the mechanisms used to provide VPNs based upon BGP/MPLS and IPSec.
-
Knock Knock...Who's there? Do you know who is accessing your VPN? by Norma Schaefer - December 1, 2001
Although VPNs secure data across public networks, potential information security risks include remote users' networks, PCs, systems, and this paper focuses on the need for strong authentication.
-
Stunnel: SSLing Internet Services Easily by Wesley Wong - November 24, 2001
This paper provides a method to securely use existing clear-text protocols under SSL without any need to modify the existing software or source code.
-
Implementing Site-to-Site IPSec Between a Cisco Router and Linux FreeS/WAN by Neil Cleveland - November 23, 2001
This paper begins by providing a brief overview of IPSec, the features, differences, issues surrounding Cisco's IOS IPSec offering versus the FreeS/WAN offering and then describes an example implementation.
-
Basic Cryptanalysis Techniques by Craig Smith - November 17, 2001
Because of the complexity involved with cryptanalysis work, this paper focuses on the basic techniques needed to decipher monoalphabetic encryption ciphers and cryptograms.
-
A Review of the Diffie-Hellman Algorithm and its Use in Secure Internet Protocols by David Carts - November 5, 2001
This paper will present an overview of the Diffie-Hellman Key Exchange algorithm and review several common cryptographic techniques in use on the Internet today that incorporate Diffie-Hellman.
-
Strong Authentication and Authorization model Using PKI, PMI, and Directory by Jong Lee - October 25, 2001
This paper presents a strong authentication and authorization model using three standard frameworks.
-
Analysis of a Secure Time Stamp Device by Chris Russell - October 17, 2001
This paper discusses the design of a Secure Time Stamp device used to securely timestamp digital data, such as computer documents, files, and raw binary data of arbitrary format.
-
PKI and Information Security Awareness: Opportunity and Obligation by Jerry Brown - October 15, 2001
This paper discusses the single most difficult criterion for a successful PKI rollout: user acceptance.
-
Cryptographic Services - A Brief Overview by Larry Bennett - October 10, 2001
This paper examines the use of cryptography in implementing the services of authentication, integrity, non-repudiation, and confidentiality.
-
Using SSL with Client Access Express for AS/400 by Jose Guerrero - October 9, 2001
This paper is meant to help those who are in need of securing a Client Access connection with their AS/400.
-
Integrate HMAC Capable Token into User Authentication Mechanism and Public Key Infrastructure by Shanhui Tan - October 1, 2001
This paper describes using a HMAC capable token in user authentication or public key infrastructure (PKI) to derive user private key or produce message digest for digital signature scheme.
-
Implementing "Dual-Sided" VPN's by Kenneth Boudreaux - September 21, 2001
This paper discusses a solution for using a public network for data communications that could satisfy the security requirements for data transmission.
-
Securing Certificate Revocation List Infrastructures by Eddie Turkaly - September 19, 2001
This paper takes a closer look at the security issues when implementing a secure CRL infrastructure.
-
IPsec's Role in Network Security: Past, Present, Future by Christopher Smith - September 17, 2001
IPSec is used to create tunnels for Virtual Private Networks (VPN), and also provide confidentiality, authenticity, and integrity of data through use of encryption algorithms.
-
Public Key Infrastructure Issues in an Academic Healthcare Setting by Liviu Groza - September 11, 2001
The paper intends to give a general overview several specific issues related to the PKI deployment process emphasizing the particularities of a mixed environment.
-
AES: The Making of a New Encryption Standard by Mitch Richards - September 5, 2001
This paper describes the issues, programs, and processes related to the development of standards.
-
E-Mail Security with S/MIME by George Kuzmowycz - August 31, 2001
The intent of this paper is to present an overview of the history, design, usage and the current state of market and community acceptance of S/MIME while contrasting it, where appropriate, to PGP.
-
The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem by Bradley Fulton - August 29, 2001
This paper highlights the need for security professionals and management to not overlook the weakest link in security systems - that being the human factor.
-
Implementing PKI in a Heterogeneous Environment A Primer on Digital Certificate And Key Formats by Tim Sills - August 27, 2001
This document will discuss the various file formats for both X.509 digital certificates and encryption keys.
-
The Advanced Encryption System (AES) Development Effort: Overview and Update by William Tatun - August 26, 2001
The purpose and objective of this paper is to provide a brief overview of where we've been and an update of where we are headed in the United States Department of Commerce's quest for a suitable standard algorithm that can be used to protect sensitive data in the future.
-
Key and Certificate Management in Public Key Infrastructure Technology by Sriram Ranganathan - August 20, 2001
The intent of this paper is to provide an overview and briefly discuss the various phases involved in Key and Certificate management.
-
Protecting Sensitive Data in Secure Domains by Mikael Trosell - August 17, 2001
The basic idea of Secure Domains is to move parts of the network into secure zones, either based on the classification of the data or their being part of a project that can be centralized in a specific zone and are considered as sensitive.
-
Who's Who in AES? by Kyle Jones - August 16, 2001
This paper is going to introduce the new Advanced Encryption Standard, or AES, the winning algorithm, its competitors, the specifications set forth, and decision making process of NIST.
-
Implementing NAT on Checkpoint Firewall-1 by Eugene Ng - August 16, 2001
This paper addresses implementing secure NAT rules and policies and excellent documentation on network topologies.
-
NAT Traversal: Peace Agreement Between NAT and IPSec by Haluk Aydin - August 12, 2001
After merging two different works from different vendors, NAT-T is the most promising solution for the near future so that some vendors started implementing it in their VPN products.
-
History of Encryption by Melis Jackob - August 8, 2001
This paper shows that the field of Cryptography has evolved tremendously since the Assyrian and Egyptian time, and as the technology progresses, it will be easier to cultivate the power of distributed processing and break the different encryption algorithms such DES or triple DES.
-
A Discussion of SSH Secure Shell by Shawn Lewis - August 4, 2001
The purpose of this paper is to build on the Introduction to SSH Secure Shell paper written by Damian Zwamborn (www.sans.org/infosecFAQ/encryption.intro_SSH.htm).
-
A Business Perspective on PKI: Why Many PKI Implementations Fail, and Success Factors To Consider by Leslie Peckham - August 2, 2001
This paper is intended to provide an overview of PKI and how a PKI implementation affects the entire organization.
-
Securing Remote Users VPN Access to Your Company LAN by Klavs Klavsen - July 29, 2001
This paper is intended to be an introduction to the Security issues you face and the solutions you can choose between, when you want to give your remote users access to your Company Network via VPN.
-
One Fish, Two Fish, Red Fish, Blowfish A History of Cryptography and it's Application in Soci by Joseph Kasten - July 27, 2001
Crypto sciences are used in almost every electronic device to ordinary computer based software on the home personal computer.
-
An Overview of Computer Security as Told Through War Stories by Ronald Seidl - July 26, 2001
This paper discusses awareness training by telling stories that show problems in way that most people can clearly see.
-
Interoperability in PKI by Roger Pyon - July 25, 2001
This paper will introduce some of the interoperability issues in PKI which applies to processing and managing the establishment of those trust and the challenges it faces.
-
Encryption Regulation: A First Amendment Perspective by Linda Mickna - July 23, 2001
Through the use of cryptography, communications and information transmitted and stored by computers can be protected from unauthorized access.
-
The Day DES Died by Paul Zande - July 22, 2001
This paper takes a look at DES, the characteristics of the RSA challenges and compare DES to other cryptosystems to discover which ones are secure and why.
-
Virtual Network Computing and Secure Shell by Damian Koziel - July 20, 2001
Many hightech professionals to work from home increasing the system administrator's challenge of maintaining and troubleshooting a company's heterogeneous and sprawling computing system from a central location through Virtual Network Computing.
-
Identification with Zero Knowledge Protocols by Annarita Giani - July 13, 2001
The idea of proving knowledge of some assertion without revealing any information about the assertion itself is very attractive. This paper discusses Zero-Knowledge protocols which allow this kind of scenario.
-
What Is an MPLS VPN Anyway? by Kelly DeGeest - July 12, 2001
This paper will give a basic understanding of how a MPLS VPN works.
-
PGP: A Hybrid Solution by Jessica Benz - July 11, 2001
Symmetric and asymmetric cryptography both have advantages and disadvantages that will be discussed in this paper.
-
Quantum Cryptography: Is Your Data Safe Even When Somebody Looks? by Tom Klitsner - July 3, 2001
While, for the most part, quantum computing devices are decades away (at least) from being practical, in the area of quantum cryptography - in particular the secure distribution of cryptographic keys - there exist strategies and systems that are feasible (perhaps even practical) today.
-
Quantum Encryption vs Quantum Computing: Will the Defense or Offense Dominate? by Bob Gourley -
Quantum encryption will soon provide unbreakable ciphers and this paper examines these topics by providing a snapshot of current research.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
SANS.edu Graduate Student Research - This paper was created by a SANS Technology Institute student as part of the graduate program curriculum.