White Papers

Welcome to our library of technical white papers, articles and case studies from leading technology vendors, analysts, consulting groups and corporations. We hope that these resources will help you make smart enterprise IT decisions. Click on a subject below to read papers in that category.

Passwords

  • Simple Formula for Strong Passwords (SFSP) Tutorial (Bernie Thomas, Giac) - Passwords are plagued with problems and vulnerabilities that make them inadequate for many of the authentication roles for which they are used. Cost and complexity issues have slowed multi-factor authentication’s adoption. Consequently most of us are still left to make the best use of what we currently have. Passwords.
  • The Demise of Passwords: Have Rumors Been Exaggerated? (C. Warren Axelrod, ISSA Journal, requires ISSA member logon) -Have new threats and technologies passed passwords by? Are longheld rules regarding forming and managing strong passwords obsolete? Are replacement technologies better on balance or are we just trading one set of problems for another?

SMB Security

  • Network Security- A Guide for Small and Mid-sized Businesses (Jim Hietala, SANS)  - The objective of this paper is to educate both IT staff and senior management for small-medium sized businesses (SMB’s) as to the network security threats that exist. The paper presents a digest of industry best practices for network security, which will hopefully assist SMB’s in setting priorities for securing the perimeter of a typical SMB network
  • Common Sense Guide to Cyber Security for Small Businesses (US-Cert) – This paper addresses security practices for non-technical managers, and gives details of small businesses that were adversely affected by cyber crimes.

Hacking

  • Hacking the Hacker: How a consultant shut down a malicious user on a client's FTP server (John Verry) - This article was originally published on TechRepublic in August 2003. It was the most widely read piece of content on the site for the next three month period, and one of the most highly rated articles ever published on TechRepublic.
  • Red Teaming: The Art of Ethical Hacking (Chris Peake, GIAC) - Red Teaming is a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access. Although this paper discusses the methodology and tools used to perform Red Teaming, its purpose is to discusses the overall role of Red Teaming in evaluating a system's/network's security posture.
  • Penetration Studies – A Technical Overview (Timothy P. Layton, Sr., SANS) - This paper takes the position of an unauthorized external user with no specific knowledge of the target network other then what is available via public information and what the malicious user can glean from the output of his tools and applications.
  • Penetration Testing on 802.11b Networks (Benjamin S. Huey, SANS) - This document will cover the fundamentals on how to deter a WarDriving attack by performing controlled penetration tests on a wireless network. These fundamentals will consist of an overview of 802.11.

Wireless Security

  • A Guide to Wardriving and Detecting Wardrivers (Andrew Etter, SANS) - This paper will discuss the components needed to construct a wardriving rig and suggest methods for detecting wardrivers as they drive past your wireless network.
  • Understanding Wireless Attacks & Detection (Christopher Low, GIAC) - This paper introduces wireless attacks from a OSI layer 2 perspective and attempts to understand how wireless attacks can be detected by looking at wireless frames at these layers.
  • Security Vulnerabilities and Wireless LAN Technology (SANS) - Although the main focus of the paper is wireless LAN security vulnerabilities, some information on current and future trends in wireless LANs is also included. The paper concludes that wireless LANs can be used safely, if safety measures are taken to secure them.

Incident Response

  • Computer Security Incident Response Planning: Preparing for the Inevitable (Internet Security Systems) - Given the certainty that attempts will be made to compromise system and network security, and the likelihood that these attempts will succeed, every company, large or small, must be prepared to respond effectively to security incidents when they occur.
  • A New Approach To Intrusion Detection: Intrusion Prevention (Okena) - This paper will examine the current state of the intrusion detection technology landscape, analyze critical weaknesses and provide an overview of Cisco Security Agent Intrusion Prevention security software, which serves as a realistic host-based replacement strategy for those processing environments that require proactive and preventive security measures in the face of attacks directed at today’s open networks.
  • Experiences Benchmarking Intrusion Detection Systems (Marcus Ranum, NFR) - This paper discusses the topic of IDS benchmarking and presents a few examples of poor benchmarks and how they can be fixed.  It also presents some guidelines on how to design and test IDS effectively.
  • Risk Exposure through Instant Messaging and Peer-To-Peer (P2P) Networks (Paul Piccard, Internet Security Systems) - The popularity of instant messaging and peer-to-peer networking technologies has risen dramatically in recent years. As these services become increasingly popular, an increased risk emerges as well. This white paper outlines technical countermeasures that can help you reduce security risks posed by a variety of instant messaging applications and peer-to-peer networks.

Windows Security

Windows XP: Surviving the First Day (SANS) - This guide will show how to install Windows XP securely, without being infected by worms during the patching process.

  • Top 25 Security Patches You Must Have for the Windows Environment (Chris Roberge, Ecora) The most pressing task facing IT organizations today is keeping current with the deployment of security patches, particularly in the Windows environment. The reason is simple: systems missing the latest patches are vulnerable to security breaches. Missing patches are a hacker’s hall-pass through your company’s mission critical corridors.
  • Hackers Beware: Keep Bad Guys at Bay with the Advanced Security Features in SQL Server 2005 (Don Kiely, Microsoft) – This article explores the most interesting security enhancements in SQL Server 2005 from a developer's viewpoint, including dev-specific security enhancements such as endpoint authentication and support for the security context of managed code that executes on the server.
  • Understanding Web Site Certificates (US-Cert) - You may have been exposed to web site, or host, certificates if you have ever clicked on the padlock in your browser or, when visiting a web site, have been presented with a dialog box claiming that there is an error with the name or date on the certificate. Understanding what these certificates are may help you protect your privacy.

Firewall/VPN Security

  • ICSA Firewall Buyer's Guide - The ICSA firewall analysts test the security of commercially available firewall products. This is a large PDF but an excellent resource.
  • Thinking About Firewalls (Marcus J. Ranum) - This paper describes some of the considerations and tradeoffs in designing firewalls. A vocabulary for firewalls and their components is offered, to provide a common ground for discussion.
  • Design the firewall system (CERT Coordination Center. Carnegie Mellon University) - A practice from the CERT® Security Improvement Modules.
  • SSL VPN Security, Secure Remote Access from Any Web Browser (Whale Communications, SANS) - SSL VPN is an exciting new technology that allows remote access to applications and files from standard web browsers. Because they require no client-side software other than a web browser, SSL VPNs offers great convenience, and promise to provide a much lower TCO than IPSEC VPNs. Yet, at the same time, this novel technology presents new challenges in the realm of security. This article explains how to deploy an SSL VPN securely – exploring both the security issues and proposed solutions.
  • IPSec versus Clientless VPNs for Remote Access (Check Point) - This white paper discusses the general applicability of IPSec/IKE versus HTTPS-based secure remote access services, as well as specific applicability of VPN-1 clients (i.e. VPN-1 SecuRemote and VPN-1 SecureClient) versus HTTPS-based approaches.

Troubleshooting

  • Simple Traffic Analysis With Ethereal (GIAC) - This paper describes how to use the Ethereal Display Filter to examine a capture log file. The data analyzed was recorded by port and the amount of packet traffic received. The attack patterns that emerged from the data analysis generally correspond with well published vulnerabilities from expected open ports on a server. Attackers also seem to have a variety of ways to get a server and/or firewall to acknowledge traffic and verify a potential target.
  • Hardening the Soft Middle: Securing your IT Infrastructure through Configuration Baselining (Ecora) This paper examines how organizations can strengthen security "inside the perimeter" by developing security templates, establishing performance baselines with an automated solution, and initiating a "Cycle of Control" to enforce compliance.

Regulatory Compliance

  • HIPAA Considerations for Anatomic Pathology Information Systems (Pivot Point Security) - HIPAA has significantly changed the requirements for the successful operation of a pathology laboratory and has necessitated the reconsideration of many operational elements of key processes including the handling of anatomic pathology data. This paper introduces these considerations and provides an initial level of guidance to the lab in ensuring HIPAA compliance for an outsourced Anatomic Pathology System.
  • Practical Guide to Implementing HIPAA IT Security Standards (Ecora) - Do you need to implement corporate policies regarding security and confidential health information? Learn: How to use IT documentation to prepare for and pass Security audits; What IT data is critical for Security Standards; What is the difference between Security and IT Audits. You can implement a sustainable HIPAA Security Standard – Read this paper to learn more.

  • Security Best Practices for the Gramm-Leach-Bliley Act (Internet Security Systems) - The Gramm-Leach-Bliley Act mandates that all financial institutions establish appropriate security standards to protect customer data from internal and external threats and unauthorized access through online systems and networks. This white paper summarizes how Internet Security Systems has helped public organizations achieve security best practices that meet the requirements of the Gramm-Leach-Bliley Act quickly and simply.

Cisco Security

  • Understanding and Configuring IPSec between Cisco Routers (Ryan Ettl, SANS) In today's corporate business network infrastructure there are many needs to securely transfer data across the internet. This can be a company's top secret information regarding product designs, product release dates, patent information, HR employee investigations, etc. In many cases, these examples require a secure means of data transfer to third party companies specializing in a field of engineering or legal subject matter. This paper provides insight for a secure solution to address this business need using virtual private networking.
  • Metro IP Technology and Architectures (Cisco) - Tremendous technology developments are transforming the dynamics of the metropolitan area network (MAN). These include the explosion of bandwidth in local-area networks (LANs), the deployment of low-cost Gigabit Ethernet

Gigabit Networking

  • Gigabit Ethernet: Accelerating the Standard for Speed (Gigabit Ethernet Alliance) - This paper presents an overview of Gigabit Ethernet, including Ethernet's current position in the industry, applications driving the need for more bandwidth, Gigabit Ethernet as a strategic evolution for networks, Gigabit Ethernet technology fundamentals.
  • Ga-Ga Over GigE (Rob Howald, Motorola's Broadband Communications) - Gigabit Ethernet is set to reshape desktop computing as we know it, but then again, so was ATM.
  • Statement of Direction: 10 Gigabit Ethernet Position Statement (Cisco Systems) - Cisco Announces Support of the IEEE 802.3ae 10 Gigabit Ethernet Standard Effort and co-founds 10 Gigabit Ethernet Alliance.

VoIP

  • The Strategic and Financial Justification for IP Communications (Cisco Systems) - The intent of this white paper is to provide senior managers with the necessary strategic and financial justifications to make effective decisions regarding investments in IP Communications.
  • Securing Voice in an IP Environment (Cisco Systems) - Integrating voice services and systems with data IP networks has become increasingly critical for enterprises. Information in voice calls can be just as proprietary or damaging if intercepted as that in data - no enterprise or service provider can afford a denial-of-service attack that shuts down voice communications. This white paper outlines key defense-in-depth strategies for enterprises to make voice as secure as any other mission-critical application.