Welcome to SecurityDocs

A collection of 7,815 IT security white papers, carefully curated by professionals like yourself

MIPS Malware Analysis

by Muhammad Junaid Bohio Oct. 3, 2017

Malware functionalities have been evolving and so are their target platforms and architectures. Non-PC appliances of different architectures have not traditionally been frequent targets of malware. However, many of those appliances, due to their enhanced processing power and/or low maintenance, provide ideal targets for malware. Moreover, due to the lack of security for home routers, they often remain infected until replaced, thereby providing longer persistence for a malware. Recently, there...

A Handbook for Incident Handling

by Patrick Kral Oct. 14, 2017

One of the greatest challenges facing today’s IT professionals is planning and preparing for the unexpected, especially in response to a security incident. An incident is described as any violation of policy, law, or unacceptable act that involves information assets, such as computers, networks, smartphones, etc (Bejtlich, 2005). The scope of this document is limited to the six phases of the incident handling process ("Incident handling step-­‐by-­‐step," 2011) and providing the basic informa...

Scanning Webservers with Nikto for vulnerabilities

Oct. 8, 2017 via Hacking Tutorials

Nikto is a very popular and easy to use webserver assessment tool to find potential problems and vulnerabilities very quickly. This tutorial shows you how to scan webservers for vulnerabilities using Nikto in Kali Linux. Nikto comes standard as a tool with Kali Linux and should be your first choice when pen testing webservers and web applications. Nikto is scanning for 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems o...

Managing Physical Security

Oct. 7, 2017 via INFOSEC Institute

According to the security expert S. Harris, “physical security protects people, data, equipment, systems, facilities and company assets.” She also enumerates various means through which this protection is managed: “site design and layout, environmental components, emergency response readiness, training, access control, intrusion detection, and power and fire protection.” The emphasis of this writing is on physical security through training of personnel based on a proper security awareness tra...

Top 5 Free Intrusion Detection Tools for Enterprise Network

by Irfan Shakeel Oct. 7, 2017 via INFOSEC Institute

Due to the complexity of today’s data breaches and intrusions, deploying and maintaining network security more frequently requires a promising system to defend against intruders and other security threats as well. Organizations securing their networks often use a combination of technologies to combat the countless cyber attack, intrusion, and compromise methods available to cyber criminals today. Although a wide range of tools and methodologies exists, the two widespread fundamentals to all ...

Cloud Based IDS and IPS solutions

by Frank Siemons Oct. 7, 2017 via INFOSEC Institute

Defense-In-Depth is a term used to describe the practice of creating a multi-layered defense system within a network. Each layer should be covered by one or more different security controls. This will build towards a secure environment without leaving any gaps that an attacker could leverage to compromise a targeted network. A well configured and properly placed Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) should not be missing from the array of security controls. An...

Detection and Prevention of DNS Anomalies

by Irfan Shakeel Oct. 7, 2017 via INFOSEC Institute

Malware and Botnets have been a threat to systems and networks for several years. The usual methods of detecting a virus with a local virus scanner or their spreading with intrusion detection system (IDS) will not mitigate the complete threat. The characteristics of traffic could be used to detect different threats. Most Internet communication starts with one or more Domain Name System (DNS) lookups. DNS (Domain Name System) The DNS delegates the responsibility of conveying domain names and ...

Penetration Testing: Covering Tracks

by Dimitar Kostadinov Oct. 7, 2017 via INFOSEC Institute

“Covering Tracks” is the final stage of a penetration test as a process – all the rest is paperwork. In a nutshell, its goal is to erase the digital signs left out by the pen tester during the earlier stages of the test. These digital signs, in essence, prove the pen tester’s presence in the targeted computer system. Whereas in the phases previous to this one the pen tester successfully managed to avoid detection by firewalls and intrusion detection systems, the purpose of this phase is to c...

Is your Security Awareness Program Culturally Sensitive? (And does it matter?)

by Daniel Brecht Oct. 7, 2017 via INFOSEC Institute

A security awareness program is probably the first line of defense against modern threats to IT systems and company data. Although more and more advanced technical measures must always be in place to ensure the detection and, if possible, the prevention of intrusions, it is extremely important for businesses to make sure employees are aware of possible threats and of how some of their actions could result in severe vulnerabilities for their employer. Companies are already doing much regardin...

Implementation of a Virtual IDS Device in Passive Mode

by Frank Siemons Oct. 7, 2017 via INFOSEC Institute

The arrival of server, desktop and network virtualization has brought along enormous flexibility in configuration options and a huge drop in installation and operating costs of IT networks. Due to this enhanced flexibility, the configuration of what was previously easy or at least well known, can now be a little more daunting. An Intrusion detection or prevention device (IDS / IPS) for instance, used to be connected either inline or via a span port with physical cables. This can still be do...

Computer Forensics: Snort Logs Analysis

by Keatron Evans Oct. 7, 2017 via INFOSEC Institute

Sometimes the best evidence of a network intrusion resides in network or traffic logs. Snort is a well known open-source traffic analysis and network intrusion detection tool. However, using the logs from Snort we can also see how the intrusion happened, rather than just that an intrusion happened. We’ll use Snort to show how we can piece together what happened and when it happened without depending on traditional hard drive forensics. Computer forensics investigations are often described as...

Interview: Chris Rouland

by InfoSec Resources Oct. 7, 2017 via INFOSEC Institute

Chris Rouland is a 25-year veteran of the information security industry and a valued member of the Atlanta technology community. Chris has founded several companies focused on providing cyber security to Fortune 500 corporations and government establishments earning him the distinction of one of Atlanta’s most respected technology entrepreneurs. Most recently, Chris founded Bastille, the only company focused exclusively on providing intrusion detection and vulnerability assessment for the In...

Why Artificial Neural Networks (ANN) Technology Offers a Promising Future in IDS/IPS

by Daniel Brecht Oct. 7, 2017 via INFOSEC Institute

Intrusion systems have been the subject of considerable research for decades to improve the inconsistencies and inadequacies of existing methods, from basic detectability of an attack to the prevention of computer misuse. It remains a challenge still today to detect and classify known and unknown malicious network activities through identification of intrusive behavioral patterns (anomaly detection) or pattern matching (misuse or signature-based detection). Meanwhile, the number of network at...

Configuring the ModSecurity Firewall with OWASP Rules

by Nikhil Kumar Oct. 7, 2017 via INFOSEC Institute

In today’s world, over 70% of all attacks carried out over are done so at the web application level, so we need to implement security at multiple levels, as organizations need all the help they can get in making their systems secure. Web application firewalls are deployed to establish an external security layer that increases security and detects and prevents attacks before they reach the web application. One of the more commonly used application layer firewalls is ModSecurity, which is an op...

Network Design: Firewall, IDS/IPS

by Ajay Yadav Oct. 7, 2017 via INFOSEC Institute

There are many different types of devices and mechanisms within the security environment to provide a layered approach of defense so that if an attacker is able to bypass one layer, another layer stands in the way to protect the network. Two of the most popular and significant tools used to secure networks are firewalls and intrusion detection systems. The rudimentary functionality of a firewall is to screen network traffic for the purpose of preventing unauthorized access between computer ne...

Introduction to Controlling the Integrity of the File System

by Adrian Stolarski Oct. 7, 2017 via INFOSEC Institute

Do you remember my article about physical security? If so, this article can be seen as its development. If there it is more focused on the security of an organization, I think I now will give two, maximum three articles on physical security of our own PC. However, I have a modest and quiet hope that they are useful for administrators to Linux and Unix, and not just their regular users. Introduction Sometimes it happens that an attacker manages to take control of our system. Then their first...

Virtual DMZs in the Cloud

by Dejan Lukan Oct. 7, 2017 via INFOSEC Institute

DMZ or DeMilitarized Zone is primarily used to separate the network into multiple blocks to enhance security. The name is derived from the same term used to define an area between two nations where military actions are prohibited. When managing a network, we usually want to have some services or systems accessible to the outside world, while others are kept in a secure internal environment which isn’t accessible from the outside. Normally, we want to expose one of the following services: htt...

HIDS—A Simplified Design Construct

by Amar Nath Oct. 7, 2017 via INFOSEC Institute

This article will briefly discuss the host-based intrusion detection system (HIDS) and an abstract approach that can be used to design an application firewall. As per OSSEC, HIDS is an application-level firewall that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response. This is installed on a single server machine and its agents are deployed on the server that needs the service (protection). Simple Deployment Scenario ...

OSSEC

by Dejan Lukan Oct. 7, 2017 via INFOSEC Institute

In this article we’ll present the open source host-based intrusion detection system, which is needed if we would like to detect host-based attacks on our computer. First of all, we should emphasize that OSSEC is supported on most platforms including Linux, MAC, Windows, Solaris, HP-UX, ESX, etc and is completely open source. OSSEC supports both kinds of monitoring: agent-based and agentless, which is needed in case we’re not allowed to install the agent on some systems, like the network switc...

Anti- Reverse Engineering (Assembly Obfuscation)

by Ajay Yadav Oct. 7, 2017 via INFOSEC Institute

The purpose of this paper is to demystify the .NET assembly obfuscation as a way to deter reverse engineering. The primary concern for organizations is typically protecting their source code (as intellectual property) from reverse engineering. Obfuscation is a tactic that provides unified retitling of symbols in assemblies as well as other tricks in order to foil decompilers. Properly applied obfuscation increases protection against disassembling and decompilation by orders of magnitude, whil...

Subscribe

We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.